Disinfecting a Windows Machine

I recently received a spam email from a family member with an unfamiliar, suspicious link. This prompted me to reach out to try to help clean up their computer. I recommended changing the email password from a clean, uninfected machine, but after a few attempts at that, the spam email continued. My next conclusion was that there must still be some malware on the machine. Following are some steps that I provided which may be useful to others who are trying to disinfect a Windows computer from a virus, rootkit, or other malware:

1. Go to Add/Remove programs and uninstall any "extraneous debris," or any software that you simply don't need. Additional software only increases the attack vector for hackers seeking to leverage known vulnerabilities in software.
2. Download the Windows Defender Offline tool and create a bootable CD or USB drive from a clean, uninfected computer. You will boot to this tool on the infected machine, which will run before Windows ever loads. What happens is that the malware is so sophisticated that it is able to hide itself from the antivirus scanners using what are called rootkits. The Windows Defender Offline tool should overcome that by booting first and rooting out the problem.
3. Consider running an additional offline scan using the Kaspersky Rescue Disk. Remember to create a bootable USB or CD from an uninfected computer. Follow the instructions to run an offline scan (meaning that you boot to the rescue disk before Windows loads).
4. If the above two steps are able to uncover any malware and clean it, then boot the machine as you would normally, and launch the Secunia Personal Software Inspector (online). This requires Java, which I normally recommend uninstalling unless you specifically need it for something, since many of the exploits in recent weeks have leveraged an un-patched flaw in the Java run-time environment. This will scan your computer for any vulnerable or outdated software. Apply the updates as recommended, and ensure that Windows Update is configured to automatically download and install any new updates from Microsoft. You should even launch Windows Update to make sure that there aren't any pending security patches.
5. If steps 2 and 3 fail to find any malware, consider backing up all of your important files to an external USB drive, then reformatting the computer with your system restore disk (Windows install disk). Sometimes, rather than spend hours and days trying to weed out malware, it is better to start with a clean slate. When you re-install Windows, make sure to load Microsoft Security Essentials before doing anything else.
6. Going forward, make sure to not click on any unfamiliar links in email or open any email attachments, unless it is something you are expecting--even then, open with extreme caution. Be careful about what software you install--is it something you really need, or are you just installing it for fun? Make sure to run files you download through VirusTotal, which scans the file using a large database of antivirus programs.

Mac Antivirus Alternatives

Here's an interesting discussion which features a summary of some good antivirus programs for Mac OS X from Mac.AppStorm. The alternatives mentioned include:

• ClamXAV: Free
• VirusBarrier X6: $119 (ouch!)
• Sophos Anti-Virus: Free. I use this and it has been great.
• Norton Anti-Virus for Mac: $49

Be safe!

Free Antivirus/Antimalware Software

It is recommended that you run only one antivirus program on your Windows machine at one time. The exception is Windows Defender, which is an antispyware application from Microsoft that is built into Windows Vista and Windows 7, and which runs alongside your antivirus application and detects spyware threats. All of these programs are free, and this list is by no means exhaustive. Please add comments relating to your experience with these programs as well as other recommendations.

Windows

• Microsoft Security Essentials: Free antivirus program from Microsoft, tightly integrated into Windows, and has excellent detection capabilities
• Windows Defender: Free antispyware application from Microsoft. Recommended if you use Windows XP or lower, already included in Windows Vista & Windows 7
• AVG Free: A robust, free antivirus package from Grisoft, one of the first popular free antimalware programs. AVG Free has come under fire lately for letting some malware fall through the cracks
• Avast! Home Edition: Free antivirus software that is lightweight and has good detection capabilities, although some have complained about the awkward user interface

Mac

• Sophos Anti-Virus for Mac Home Edition: Free antivirus software for Mac OS X.

Free Online Antivirus Scanning

If you suspect that your computer may be infected with a virus or other type of malware, it can be helpful to run a malware scan from one of the following web sites that offers free online scans. Usually, if your computer is infected with malware, especially a rootkit, it is recommended that you back up your data and reformat your system, starting over with a clean reinstall of the operating system.

• HouseCall: A free online virus and malware scan from Trend Micro USA
• Panda ActiveScan: From Panda Security
• Kaspersky: A free online malware scanner from Kaspersky Lab
• Symantec Security Check: A free online scan from Norton, although beware the advertisements pushing you to buy their products