Unfortunately, from time to time it can happen that an antivirus installed on a computer which has all the updates is unable to detect a new virus, worm or Trojan. It’s painful, but true: no virus protection software can offer a 100% security guarantee. If your computer becomes infected, it is necessary to determine the infection factor, identify the infected file and send it to the vendor whose product failed to detect the malicious program and consequently failed to protect the computer.
Symptoms of infection
An increase in outbound web traffic is usually a general indicator of an infection; This applies to individual computers as well as to corporate networks. If users are not working on the Internet in a specific period of time (for example, at night), but the web traffic continues, this could mean that someone else is active in the system, and most likely it is malicious activity. On a firewall, attempts to establish Internet connections by unknown applications can be an indicator of an infection. Also, the fact that numerous ad windows appear on every website you visit may be a sign that adware is present on the system.
On the other hand, if a computer freezes frequently, this may also be related to malware activities. While these malfunctions are usually due to system failures rather than virus activities, if symptoms occur simultaneously on multiple computers on the same network and these symptoms are accompanied by a dramatic increase in internal traffic, it is most likely that the flaw is being caused by a network worm or a backdoor Trojan.
What should we do in case of have Virus?
The first thing you should do is make sure that the antivirus database is up to date and then run a full scan of your PC. If this doesn’t help, third-party antivirus solutions can do the job. Many antivirus vendors offer free versions of their products so you can evaluate their performance. We recommend that you run one of these products on your machine. If the new product detects a virus or Trojan, it sends a copy of the infected file to the manufacturer of the antivirus solution, which could not detect that infected file.
If the alternative antivirus does not detect any malware, it is recommended that you disconnect the Internet cable (or turn off the Wi-Fi connection), before starting to search for the infected file. Don’t use the network unless absolutely necessary. Do not use web payment systems or online banking services. Also avoid entering any type of personal or confidential data and do not use any web service that requires entering a username and password.
Detecting a virus or a Trojan on your computer in some cases can be a complex problem that requires certain technical knowledge. However, in other cases that can be a fairly straightforward task. All of this depends on the complexity of the malware and the methods used to hide the malicious code embedded in the system. In difficult cases, when special methods are employed to disguise and conceal malicious code on the system (eg rootkit technologies), a non-professional person may not be able to locate the infected file. This problem may require utilities or special actions, such as connecting the hard disk to another computer or booting the system from a CD.
The vast majority of worms and Trojans seek to take control of the system startup. There are two ways to do this:
▸A link to the infected file is written to the autorun keys in the Windows registry.
▸The infected file is copied to an autorun folder in Windows.
The Windows “System” and “System 32” folders or directories are the most convenient place to host worms and Trojans. This is due to two factors: first, because the contents of these directories are not displayed by default in the browser, and second, these directories host a large number of system files and functions completely unknown to non-professional users. Even an experienced user would probably find it difficult to know whether a file called winkrnl386.exe is part of the operating system or not.
A recommended strategy is to use any file manager that allows you to sort the files by creation / modification date, in order to chronologically organize the files found within the previous catalogs. In this way, we can see at the top of the catalog all the files that were created or modified recently.
However, no one universal advice applies to all situations. The most advanced worms and Trojans are very difficult to locate. In this case, it is best to consult the technical service of the computer security company for your antivirus or ask for help in specialized forums.
