Dirty Tricks of the Malware Trade

As malware has grown more sophisticated in recent years, the challenge of removing it has grown more complex. Many of the tools and approaches that computer techs used in the past are no longer effective and may not even be available on an infected computer.

Here are some of the roadblocks you may face when dealing with the current generation of malware.

One defensive measure employed by malware for quite a few years has been to disable any of the popular anti-virus and anti-spyware programs found on the infected computer. In the process, they also block the user's ability to reinstall the software or download its current definition or signature file.

In the last few years a common malware practice has been to block execution of any security programs, such as MalwareBytes and many others. Going a step further, many of these programs, especially rogue security programs, prevent any .exe file from running.

While the experienced computer technician would normally use Task Manager to determine what malicious processes are active, that useful utility program may be disabled by malware. In a similar vein, other Microsoft-provided utilities are frequently disabled as well.

These programs include Regedit and Msconfig, among others. In many cases the Run command may not be available, or the Command Prompt. If the Desktop has been compromised, the malware may block the technician's ability to change the Desktop settings and restore its normal appearance.

Another technique used by modern malware is to monitor the activity of the malicious programs themselves. If the monitor process determines that the malware has been removed or deactivated, it will be restarted or regenerated if necessary.

When early viruses began making the rounds, there were only a handful of infection vectors they used. These vulnerabilities were well known to the anti-virus industry, so the security software of the time could effectively deal with these threats.

Today there are literally thousands of possible entry points for malicious software to enter a Windows-based computer. Many of these will bypass all installed security software and block most attempts to remove the infections.

The good news is that there are countermeasures for all of these defenses. But unlike long ago, there is no one program or automated procedure to "click here" and repair all the damage. Even so, the knowledgeable computer technician, armed with an updated methodology and a complete set of tools, should be able to remove any such infections.