ImaGonnaGetYou
Well-Known Member
Before I start, if anyone makes any reference to sexual innuendoes regarding the description, you're too late. I just pointed it out.
So, you have a virus/trojan/RAT/keylogger/etc., or want to prevent getting one? Hopefully, this guide will help you out.
First, the most obvious defense: common sense. If you lack this, this guide will not help you. No one on the internet will hold your hand 24/7, so you must be able to use your noggin when deciding the best course of action.
Second, do not reformat your hard drive or delete masses of files until you have exhausted all other options. I cannot describe how many people I've seen that have solved their problems by completely getting rid of their stored files and going back to square one. If you can, download a virtual sandbox drive, so you can test suspicious files for any harm they may cause to your actual computer's files. Also, burn a copy of Linux to a disc, so you can boot your computer from it if the need ever arrises.
Lastly, DO NOT USE NORTON OR MCAFEE. They have such terrible capabilities to detect viruses and malware that they will only slow your computer down. Anyone that creates their own malware in a programming application will bypass both of them with no problems at all (which is actually quite common). This is not speculation, guessing, or anything of that sort. It is FACT. Upload any heavily infected file to virustotal or a similar scanning site, and most other antivirus programs will far exceed them both in detection abilities.
Now, I'm going to cover each major type of common malware, and give some tips on how to prevent them.
1. Viruses: Probably the most commonly referred to malware on the internets, these are extremely easy to make, which explains how common they are. These can be anything from simple scripting pranks to computer-destroying deathtraps. How to avoid them? Somewhat simple.
First, NEVER download an .exe file unless it is from a trusted, official source, like Microsoft or a well-known developer. If you can't determine a well-known from a lesser-known developer, Google it. EXE files can be anything from a legitimate application to a virus to a keylogger to anything else. EXE's can also be easily converted into .jpg, .jpeg, and other popular image formats, as well as bound or linked to most other exe's, image files, and applications.
For those too illiterate or lazy to read the above, basically: USE YOUR BRAIN. Not that hard, right? Right.
Second, if an .exe file seems suspicious, there are two steps to take:
a. Scan it with AVG/Avast! (since they are EXTREMELY reliable with catching viruses, and free)
b. Upload the .exe to www.virustotal.com, and let it scan using most available antivirus softwares. An alternative to virustotal is www.novirusthanks.com.
Viruses are much more limited in use compared to other tools of evil on the internet (although that is not always true), so if a virus is doing a few things to your computer, don't expect it to do much else besides that. Keep on your toes regardless, but don't be surprised if the same symptoms constantly happen without anything new.
Finally, If you are already infected with a virus, download AVG Free/Avast!, install, and scan your entire computer. This will also catch a bunch of different mailcious files, such as tracking cookies and keyloggers, that you may not have known about. Both are very helpful (although AVG's Resident Shield is annoying, so I keep it turned off).
2. Trojans/RAT's: Both are very similar, for those inexperienced with hacking terminology. A trojan is used for simple things such as downloading or uploading files from the sender, or getting computer or IP details, or something similar. They can be advanced, but most aren't as flexible as an RAT, which gives the sender real-time control of your computer. They can upload or download files, delete files or folders, rearrange your desktop, open or close windows, readjust your settings, and endless other things.
First, both almost always require the victim to execute the server or trojan, so as stated above, make sure what you're downloading is safe before using it. The reason I say "almost always" is because of file archives (such as .zip and .rar files. The creator of these can make a program run upon extraction, sometimes including our friend Mr. Trojan Horse. If you're downloading compressed files from a torrent site or another forum, read the comments to make sure there is no doubt that it's a clean file.
Next is very important: IF YOU HAVE A ROUTER, MAKE SURE IT IS UP-TO-DATE AND RECENT. You may think you're safe, but there are many instances where one of your ports may be wide open and unprotected, and any lousy basement dweller can easily pop in and inject a file into that port and into your computer. If your router is not recent (less than 1-2 years old), some or most of your ports may be unprotected, which means anyone with the tools to do so can grab loads of information out of your computer, such as your hardware specs, the program's you're running, and even your operating system (which makes their job much easier).
If you suspect that you have a trojan or RAT (which you can tell if you have strange outgoing connection IP's, or are having unknown files appearing on your computer), you can check. First, open Command Prompt (CMD), and enter "netstat -n" (sans quotation marks), and you'll see a full list of the IP addresses connected to your computer. Use an online Whois tool to check any IP's you don't recognize. If you find one that is coming from a proxy server, you've most likely found the hacker.
Removing the infection is similar to most others, use AVG or Avast! to remove it. If that doesn't work, it's time to get a professional to help.
Simply put, these are some of the most harmful things on the web. As stated at the beginning, if you can't use common sense, you are bound to be infected by these. Think before you download, and then think again before running that program.
3. Keyloggers: Keyloggers are the very worst thing to get if you bank using online services. These log everything you type, and export them as a .txt file to the location of the hacker's choice. Maybe a Gmail account, maybe an FTP server, or maybe a personal webpage. As well, these can be very stealthy and use little computer resources, making them even harder to spot.
Again, pay attention before running a program or opening a picture or file. Even if it's from a friend, it could be infected. Use your head, that's what it's there for.
If you feel that you need added defense against these, try downloading a key-scrambler program, which completely randomizes the logs of exported keylogger .txt's. I have no experience with these, however I have heard they are quite effective.
AVG and Avast! are once again your friends in this situation. If you think that you may have a keylogger (especially if you bank or use PayPal online):
1. Do a full scan with the above scanners. If they find ANY keyloggers, then any information you've entered recently could be used by whoever infected you.
2. Change ALL of your information on any accounts that fit the bill of step 1. That means date of birth, location, ZIP Code, password, name, everything. If you don't, the hacker can call up costumer support of whatever website, tell them all of the correct information, and they will hand him the account right back.
3. If you bank online, it's time to make some calls. Speak with the bank(s), and choose between canceling the card, or having the bank try to work it out (although I don't trust banks, so I'd just cancel the card to be safe).
4. For PayPal, call them, and see what they can do to help prevent fraudulent spending from your account.
Common sense is again the deciding factor on whether you get screwed over or not. If money starts disappearing from your account, or your forum account starts posting without you on it, sit down, think about the possible courses of action, and decide based on logic. Otherwise, someone will be thanking God you're so stupid.
4. Bots/DDoS: A DoS is an acronym for Denial of Service, which means that your IP is flooded with packets to exceed your bandwidth limit, causing a denial of service from the ISP. A DDoS is a Distributed Denial of Service, which is a DoS caused by "bots" sending packets from many different IP's. While both accomplish the same, a DDoS is much harder to track down.
First, we'll start with bots. Bots are easy to spread around and are usually hard to notice. They don't activate until the creator tells them to, and you'll probably interpret the slowed connection speed as net lag. These are commonly bound to .exe files or hidden in file folders, so make sure you're careful, yet again, before running that infinitely cool application from a random website.
If you ever fall victim to a DoS/DDoS attack, just wait it out and call your ISP in the meantime. ISP's don't like people that ruin their connection, and usually have the police kicking down doors to find the culprit. Other than that, you can't do much at all to stop the attack, since checking the IP's connected to your computer will probably yield hundreds of IP's of random victims of bots.
If you ever hear the term "bot net", it is the term used to describe an army of bots that can be controlled by the creator.
And so concludes the guide to preventing infections. Questions? Comments? Criticism? Post away. Want to argue about Norton or McAfee's superiority? Don't post away. This is a guide, not a program discussion, and both of them cannot detect anything that was made after 2006 unless it is extremely notorious.
As with most other guides, I'll be updating with loads of extra information and help as soon as I hear it, or as soon as I have free time.
If you have anything to add, please post, and save a few computers here from infection. Also, if any mods need this moved or deleted, please tell me in advance so I can back it up for future use.
Also, no "tl;dr" posts. Read the whole thing or don't post.
Thanks for reading!
P.S: +Rep if you liked, thanks.
So, you have a virus/trojan/RAT/keylogger/etc., or want to prevent getting one? Hopefully, this guide will help you out.
First, the most obvious defense: common sense. If you lack this, this guide will not help you. No one on the internet will hold your hand 24/7, so you must be able to use your noggin when deciding the best course of action.
Second, do not reformat your hard drive or delete masses of files until you have exhausted all other options. I cannot describe how many people I've seen that have solved their problems by completely getting rid of their stored files and going back to square one. If you can, download a virtual sandbox drive, so you can test suspicious files for any harm they may cause to your actual computer's files. Also, burn a copy of Linux to a disc, so you can boot your computer from it if the need ever arrises.
Lastly, DO NOT USE NORTON OR MCAFEE. They have such terrible capabilities to detect viruses and malware that they will only slow your computer down. Anyone that creates their own malware in a programming application will bypass both of them with no problems at all (which is actually quite common). This is not speculation, guessing, or anything of that sort. It is FACT. Upload any heavily infected file to virustotal or a similar scanning site, and most other antivirus programs will far exceed them both in detection abilities.
Now, I'm going to cover each major type of common malware, and give some tips on how to prevent them.
1. Viruses: Probably the most commonly referred to malware on the internets, these are extremely easy to make, which explains how common they are. These can be anything from simple scripting pranks to computer-destroying deathtraps. How to avoid them? Somewhat simple.
First, NEVER download an .exe file unless it is from a trusted, official source, like Microsoft or a well-known developer. If you can't determine a well-known from a lesser-known developer, Google it. EXE files can be anything from a legitimate application to a virus to a keylogger to anything else. EXE's can also be easily converted into .jpg, .jpeg, and other popular image formats, as well as bound or linked to most other exe's, image files, and applications.
For those too illiterate or lazy to read the above, basically: USE YOUR BRAIN. Not that hard, right? Right.
Second, if an .exe file seems suspicious, there are two steps to take:
a. Scan it with AVG/Avast! (since they are EXTREMELY reliable with catching viruses, and free)
b. Upload the .exe to www.virustotal.com, and let it scan using most available antivirus softwares. An alternative to virustotal is www.novirusthanks.com.
Viruses are much more limited in use compared to other tools of evil on the internet (although that is not always true), so if a virus is doing a few things to your computer, don't expect it to do much else besides that. Keep on your toes regardless, but don't be surprised if the same symptoms constantly happen without anything new.
Finally, If you are already infected with a virus, download AVG Free/Avast!, install, and scan your entire computer. This will also catch a bunch of different mailcious files, such as tracking cookies and keyloggers, that you may not have known about. Both are very helpful (although AVG's Resident Shield is annoying, so I keep it turned off).
2. Trojans/RAT's: Both are very similar, for those inexperienced with hacking terminology. A trojan is used for simple things such as downloading or uploading files from the sender, or getting computer or IP details, or something similar. They can be advanced, but most aren't as flexible as an RAT, which gives the sender real-time control of your computer. They can upload or download files, delete files or folders, rearrange your desktop, open or close windows, readjust your settings, and endless other things.
First, both almost always require the victim to execute the server or trojan, so as stated above, make sure what you're downloading is safe before using it. The reason I say "almost always" is because of file archives (such as .zip and .rar files. The creator of these can make a program run upon extraction, sometimes including our friend Mr. Trojan Horse. If you're downloading compressed files from a torrent site or another forum, read the comments to make sure there is no doubt that it's a clean file.
Next is very important: IF YOU HAVE A ROUTER, MAKE SURE IT IS UP-TO-DATE AND RECENT. You may think you're safe, but there are many instances where one of your ports may be wide open and unprotected, and any lousy basement dweller can easily pop in and inject a file into that port and into your computer. If your router is not recent (less than 1-2 years old), some or most of your ports may be unprotected, which means anyone with the tools to do so can grab loads of information out of your computer, such as your hardware specs, the program's you're running, and even your operating system (which makes their job much easier).
If you suspect that you have a trojan or RAT (which you can tell if you have strange outgoing connection IP's, or are having unknown files appearing on your computer), you can check. First, open Command Prompt (CMD), and enter "netstat -n" (sans quotation marks), and you'll see a full list of the IP addresses connected to your computer. Use an online Whois tool to check any IP's you don't recognize. If you find one that is coming from a proxy server, you've most likely found the hacker.
Removing the infection is similar to most others, use AVG or Avast! to remove it. If that doesn't work, it's time to get a professional to help.
Simply put, these are some of the most harmful things on the web. As stated at the beginning, if you can't use common sense, you are bound to be infected by these. Think before you download, and then think again before running that program.
3. Keyloggers: Keyloggers are the very worst thing to get if you bank using online services. These log everything you type, and export them as a .txt file to the location of the hacker's choice. Maybe a Gmail account, maybe an FTP server, or maybe a personal webpage. As well, these can be very stealthy and use little computer resources, making them even harder to spot.
Again, pay attention before running a program or opening a picture or file. Even if it's from a friend, it could be infected. Use your head, that's what it's there for.
If you feel that you need added defense against these, try downloading a key-scrambler program, which completely randomizes the logs of exported keylogger .txt's. I have no experience with these, however I have heard they are quite effective.
AVG and Avast! are once again your friends in this situation. If you think that you may have a keylogger (especially if you bank or use PayPal online):
1. Do a full scan with the above scanners. If they find ANY keyloggers, then any information you've entered recently could be used by whoever infected you.
2. Change ALL of your information on any accounts that fit the bill of step 1. That means date of birth, location, ZIP Code, password, name, everything. If you don't, the hacker can call up costumer support of whatever website, tell them all of the correct information, and they will hand him the account right back.
3. If you bank online, it's time to make some calls. Speak with the bank(s), and choose between canceling the card, or having the bank try to work it out (although I don't trust banks, so I'd just cancel the card to be safe).
4. For PayPal, call them, and see what they can do to help prevent fraudulent spending from your account.
Common sense is again the deciding factor on whether you get screwed over or not. If money starts disappearing from your account, or your forum account starts posting without you on it, sit down, think about the possible courses of action, and decide based on logic. Otherwise, someone will be thanking God you're so stupid.
4. Bots/DDoS: A DoS is an acronym for Denial of Service, which means that your IP is flooded with packets to exceed your bandwidth limit, causing a denial of service from the ISP. A DDoS is a Distributed Denial of Service, which is a DoS caused by "bots" sending packets from many different IP's. While both accomplish the same, a DDoS is much harder to track down.
First, we'll start with bots. Bots are easy to spread around and are usually hard to notice. They don't activate until the creator tells them to, and you'll probably interpret the slowed connection speed as net lag. These are commonly bound to .exe files or hidden in file folders, so make sure you're careful, yet again, before running that infinitely cool application from a random website.
If you ever fall victim to a DoS/DDoS attack, just wait it out and call your ISP in the meantime. ISP's don't like people that ruin their connection, and usually have the police kicking down doors to find the culprit. Other than that, you can't do much at all to stop the attack, since checking the IP's connected to your computer will probably yield hundreds of IP's of random victims of bots.
If you ever hear the term "bot net", it is the term used to describe an army of bots that can be controlled by the creator.
And so concludes the guide to preventing infections. Questions? Comments? Criticism? Post away. Want to argue about Norton or McAfee's superiority? Don't post away. This is a guide, not a program discussion, and both of them cannot detect anything that was made after 2006 unless it is extremely notorious.
As with most other guides, I'll be updating with loads of extra information and help as soon as I hear it, or as soon as I have free time.
If you have anything to add, please post, and save a few computers here from infection. Also, if any mods need this moved or deleted, please tell me in advance so I can back it up for future use.
Also, no "tl;dr" posts. Read the whole thing or don't post.
Thanks for reading!
P.S: +Rep if you liked, thanks.
Last edited by a moderator:
