How to avoid / prevent malware?
when we actively pay for/enroll in McAfee protection and are diligent about not letting it lapse, we very rarely have issues with viruses or malware. If you forget to renew, the viruses and malware show up almost immediately especially when you have kids on various video games.
1. Don't use Internet Explorer. It's a virus distribution system.
2. Don't use Windows if you can manage to do that. If you need to use Windows for one app or another, fine, use it for that, but don't use it for web browsing or email. Use a Mac or a Linux system.
3. If you must use your Windows computer for web browsing or email, learn about virtual machines and do your web browsing and email reading in a virtual machine that doesn't have access to your files and the real system. Destroy and replace the virtual machine frequently. Virtualbox is free virtual machine software, and you can install Windows or Linux in your virtual machine.
If number 3 sounds way too complicated, it probably is, but it costs less money. If you value your time more than a couple of hundred dollars a year, buy a second computer. You can put Linux on a cheap PC, and it will work well and cost a lot less than a Mac. Macs are expensive, and you pay a lot, but you also get a lot, especially considering how it uses your time more efficiently. You don't have to tinker with the computer often, you don't need anti-malware software, and it is made well physically and in its software, so it lasts longer than a PC.
I know I'm bigoted against Windows, but for malware, it really is that bad.
Also, learn what kinds of web sites dump trashy cookies and other nasty stuff. Avoid them. Trashy news sites and porn sites spew lots of crap into people's computers. There are probably trashy shopping web sites, too.
4. If you really are going to stick with one system and it really is going to run Windows all the time, consider creating a login account just for using the internet. Log in as the privileged user when you have to write your documents or work on your photos or listen to music. Log in as the ordinary user, the one who can't modify the system, to do your web stuff.
I have actively used & paid for McAfee Total Protection and these things waltz right by it. In fact, when the periodic McAfee scan runs, it usually doesn't even find them. SpeedyPC Pro also misses them - that's why eventually I started using malwarebytes freeware - it's the only software that seems to identify them (although it doesn't prevent them - maybe the paid version would).
conandrob240 said:
when we actively pay for/enroll in McAfee protection and are diligent about not letting it lapse, we very rarely have issues with viruses or malware. If you forget to renew, the viruses and malware show up almost immediately especially when you have kids on various video games.
Thanks Tom, although I'm pretty married to Windows. The malware I'm getting is annoying but not harmful enough to make any wholesale changes.
Huh, really? I haven't had any virus issues as long as the McAfee is active. And my niece beats up the computer, clicking on all kinds of pop-ups.
McAfee seems to get all the really bad stuff, but the annoying little guys that change my default search engine and web home page it seems to miss.
conandrob240 said:
Huh, really? I haven't had any virus issues as long as the McAfee is active. And my niece beats up the computer, clicking on all kinds of pop-ups.
I have the paid version of malware bytes, which blocks it initially, so additional removal is unnecessary.
That is helpful, thanks, I'll try it...
Jasmo said:
I have the paid version of malware bytes, which blocks it initially, so additional removal is unnecessary.
Check to see if you have a back-up copy of the malware that is not being removed by your anti-malware software. It may be that you have the same infection reactivating rather than a repeat infection from the internet.
I have had no malware issues, but I don't ever use Internet Explorer and I use the free Avast virus protection. Another issue might be the type of websites you are visiting. Some are more prone to be sources of infection than others.
You might find this blog post interesting. It is written by a colleague and aimed at people like me, i.e. people who work in IT.
joan_crystal said:
Check to see if you have a back-up copy of the malware that is not being removed by your anti-malware software. It may be that you have the same infection reactivating rather than a repeat infection from the internet.
Bingo.
How does one do that? I only back up to a cloud once per week and this (removal and reappearance) happens in between those back ups...
Jackson_Fusion said:
joan_crystal said:
Check to see if you have a back-up copy of the malware that is not being removed by your anti-malware software. It may be that you have the same infection reactivating rather than a repeat infection from the internet.
Bingo.
If it's recurring, then it's pretty possible that you're just not cleaning everything up. I have an office of about 100 computers, mostly Windows with people using Chrome. I maybe have to deal with Malware infections about 6 times a year.
About 1/2 of the incidents I can clean up reliably with a few different tools, but about 1/2 of them take enough time to troubleshoot that I just end up wiping the computer. Now granted this is a business, so I have a standard image so wiping isn't that hard, but with transferring all the users data it can still realistically take an hour or two to get the person back to their normal on their redone system.
If you want to try to avoid wiping your system, there is a forum out there called BleepingComputer.com where you can get help from experts, they can give you steps to follow and and examine logs from various tools to give you advice. I see entries there when researching infections, but I've never had too much interest in putting the time (especially since I'd think it could take days with the back and forth) since wiping is a relatively easy option.
As far as how these things get there, the times I've been able to track down the source of infection it's usually a web site that gets infected. The website will tell you that you need to upgrade Flash and will feed you a fake update. It looks like you're upgrading Flash, but you're really installing malware. It's a common misconception that it comes from porn websites, but it's more likely to come from websites of relatively small businesses that have an online presence that isn't central to their business. In one case we discovered that two technically proficient people managed to infect their computers because a specialist glass vendor from Italy (the office is architects, so they love specialist Italian glass vendors!) had an infected web site and the vendor seemed trusted enough that the people didn't think twice when they were prompted to upgrade Flash when visiting. Both of those computers had persistent enough infections that they eventually needed to be wiped.
Hope that helps some.
lanky said:
Aaaaaand the paid version is not preventing them...
lanky said:
That is helpful, thanks, I'll try it...
Jasmo said:
I have the paid version of malware bytes, which blocks it initially, so additional removal is unnecessary.
Lanky, sorry to hear.
Jasmo said:
I have the paid version of malware bytes, which blocks it initially, so additional removal is unnecessary.
Same here.
Oooh, I'm not a big updater..."if it ain't broke, don't fix it." Or at least don't fix it until they've discovered and worked out all the unexpected bugs in the update...
Tom_Reingold said:
Download stuff from http://ninite.com
Does it always occur when you are using one specific browser? It seems to me that you have some extension that is embedded that you need to remove. I suggest googling it and asking the Goog how to get rid of it.
I should have been clearer. Downloading software tools to improve your computer has become perilous because the formerly trustworthy sites have malware, even embedded in the anti-malware tools. Ninite is a trustworthy site, and downloading from it is a weird but efficient process.
I use avast for a Mac anti virus/malware. I pay something yearly, ($25? $30?) and it seems to work pretty well and doesn't pop up every second, it works more in the background. Not sure I they have a version for PC, but maybe it's worth looking into once you do clear up the problem. I've used it for five years now with no problems (pls let me not just jinx myself)
I may have spoken to soon. I seem to be bombarded by gstatic, a malicious website, that keeps being blocked by Malwarebytes, but doesn't go away. Anyone know what that's about?
Jasmo said:
I may have spoken to soon. I seem to be bombarded by gstatic, a malicious website, that keeps being blocked by Malwarebytes, but doesn't go away. Anyone know what that's about?
I'm getting that also so I went to the Malwarebytes site. Apparently it is a false positive and an update is expected soon. (later today)
This is the page that I used to clear out some recurring nastiness that one of our babysitters left behind.
https://www.reddit.com/r/techsupport/comments/320hsl/strange_adware/
Other things to avoid are third party toolbars, Yahoo, and Wildtangent(they may have gone legit as their company became big. But when they where up and coming the has some really shady software, and got sued for it).
You say you are not into updating software, right there is a problem. Updates don't only add features, they also fix security issues. Adobe reader for example, or ANY web browser constantly release security fixes and those vulnerabilities are usually the first to be exploited by malware.
Also, which version of Windows are you running? Do you have automatic updates installed? Make sure to let windows update itself and also perform the required reboots in a timely manner.
STOP using SpeedyPC Pro, all these registry cleaners are nothing but snake oil and too often just make things worse. Malwarebytes is GOOD, though.
As mentioned above, it does sound like you have something that is persistent and all you efforts fail to permanently remove it. Most likely a browser extension. Which browser are you using? Maybe wiping and re-installing windows would help?
As to your original question on where do you get this stuff from in the first place? 'Free' download sites for music, software, videos and especially porn. Internet forums with outdated versions of their software, or sites build on old versions of WordPress or similar. These sites get abused by malware distributors and infected so that they spread the malware. Hackers have also figured out how to embed images on these sites, so that when you click on an image in google image search you end up on an infected site, and voila, they got you. And finally, e-mails with malicious payloads.
Tom, as for you comments about windows, and using VM's. I have to disagree, a properly patched Windows machine, with a good virus scanner, or even just Microsofts build in AV enabled is plenty safe, unless you start surfing in the mud. As for IE, I would recommend to use chrome instead for most users, or firefox. But because chrome is running pages in sandboxes it is probably the safest browser right now outside of edge (which has functionality issues) on windows 10.
earlster, you know a lot about Windows than I do, so I defer to your expertise. In fact, I don't know much about Windows at all any more.
But you mention "browsing in the mud," i.e. browsing shady web sites. You have to be somewhat savvy to know the difference, and there is a slippery slope from, say, huffington post to shadier sides and so on.
Tom_Reingold said:
earlster, you know a lot about Windows than I do, so I defer to your expertise. In fact, I don't know much about Windows at all any more.
But you mention "browsing in the mud," i.e. browsing shady web sites. You have to be somewhat savvy to know the difference, and there is a slippery slope from, say, huffington post to shadier sides and so on.
One of the worst malware experiences I've had was in downloading a tools program from CNET, pretty shady 
.
Even many of the formerly trustworthy sites are now very shady.
Without fail, every couple of days my browsers are hijacked by / infected with the zwiiky / gosearch.me virus / malware. I run malwarebytes, it finds the file(s) and removes them; yay. My question is - how do I prevent the infection in the first place (since this keeps happening)? Googling the virus names yields 3,910 pages about how to remove the virus, but none about how I am getting it. Any thoughts / knowledge out there?