Hand to Hand Malware Combat
Does anybody else like to battle viruses and malware by hand? I use the free AVG Anti Virus and highly recommend it. But my kids play a lot of flash games that invariably come from sites designed to infect with the latest malware.
The free AutoRuns utility from Sys Internals (now Microsoft) is my chief weapon against malware. This utility simply shows you all the places (about 20) that viruses can hook into windows or internet explorer via the registry. I can quickly determine if anything has changed from the last legitimate set of hooks using AutoRuns. The utility can either remove the hook for you or navigate you to the registry setting in regedit to do it yourself.
Over the weekend, my home PC had a new twin malware attack…and a clever one. I quickly found its hooks into windows with AutoRuns, but the malware was savvy enough to rewrite its hook whenever the registry changed. It was not clear which process was doing the update, and I know you can hide from the process list, so I was forced to try something else to kill the process…
With a small amount of trial, I determined that the malware had some faulty logic. It only tested for the existence of its hook within the registry value…and not that it was both within the registry value and valid. All that was required to throw the malware off was to prefix the hook with a single character to make its file reference invalid. A quick reboot, and the malware was not loaded successfully, and the registry and files could be cleaned up.
I know there are free tools for handling malware like this, but I like taking them out by hand (and seeing how they work!). And my wife and kids think I’m a hero, naturally, the story they get about the battle is much more lurid!
