12 Removing Malware

1. Verify malware symptoms

• Odd error messages

– Application failures, security alerts

• System performance issues

– Slow boot, slow applications

• Research the malware

– Know what you’re dealing with

2. Quarantine infected systems

• Disconnect from the network

– Keep it contained

• Isolate all removable media

– Everything should be contained

• Prevent the spread

– Don’t transfer files, don’t try to backup

– That ship sailed

3. Disable System Restore

• Restore points make it easy to rewind

– Malware infects restore points

• Disable System Protection

– No reason to save an infected config

• Delete all restore points

– Remove all infection locations

4a. Remediate: Update anti-virus

• Signature and engine updates

– The active anti-virus engine

– Signature updates

– A very, very tiny shelf life

4b. Remediate: Scan and remove

• Microsoft and others - The big anti-virus apps

• Malware-specific -

– Scan and remove difficult malware

• Stand-alone removal apps

– Check with your anti-virus company

• There’s really no way to know if it’s really gone

– Delete and rebuild

5. Schedule scans and run updates

• Built into the antivirus software

– Automated signature updates and scans

• Task scheduler

– Run any task

• Operating system updates

– Make sure its enabled and working

6. Enable System Protection

• Now you’re clean

– Put things as they were

• Create a restore point

– Start populating again

7. Educate the end user

• One on one

– Personal training

• Posters and signs

– High visibility

• Message board posting

– The real kind

• Login message

– These become invisible

• Intranet page

– Always available