Submitted by Ken Dwight on
Malware is the single most common problem faced today by computer users and IT support technicians. Whether it's a virus, worm, Trojan horse, rogue security program, rootkit, or whatever type of malicious software, these infections can be very difficult to find and remove.
Making the issue more complex is the wide variety of symptoms that may be exhibited by the malware. Some will pop up annoying messages; others will interfere with your connection to the Internet. Many will affect the performance of the computer, slowing it to a crawl.
Financially-motivated malware will demand payment to solve the problem they created; in some cases your computer or your data may be held hostage until you pay up. Viruses spread through e-mail may spam all of your contacts, and many others you don't even know.
Sometimes, though, the symptoms may be far more subtle; some of the more sophisticated malware won't show any obvious symptoms of infection at all. Frequently the challenge is to make the basic determination whether the observed problem is caused by malware or not.
Just as important as recognizing a malware infection and removing it is knowing when an issue is not malware-related and dealing with it accordingly. Two recent examples illustrate the effort that can be misdirected if this diagnosis is not correct.
In one case The Virus Doctor™ was brought in for consultation on a network-related problem. The in-house IT support person had been working for two weeks to resolve the issue. In the process of creating a work-around for the problem, he manually reconfigured the network, removing two wireless access points in the process.
This reconfiguration kept the most critical users functional but prevented guests from accessing the Internet. The nature of this client's business dictates such wireless access for many of their customers. Not having Internet access was a major inconvenience for them.
Upon closer examination it was determined that the problem was not malware-related at all. With the proper diagnosis the network was restored to normal functionality within two hours.
The other example involved a competent, qualified third-party outsourced IT support technician working with a small-business client. The symptom was multiple browser windows opening, apparently on their own, with no action by the user. This is an example of bizarre behavior that is sometimes caused by malware.
Before calling The Virus Doctor™ the tech had spent two full days running multiple scans with various anti-virus, anti-spyware, and anti-rootkit programs. None of them revealed any malware infection causing this problem.
Within a few minutes of reviewing the work that had been performed on this computer, the diagnosis was that this was not a malware issue, but one caused by a hardware failure. Shortly after that analysis the problem was resolved.
These examples serve as a reminder that all computer problems are not caused by malware. Before assuming that you are dealing with a malware issue, it is prudent to take a broader view of the symptoms and determine whether the machine is, in fact, infected.
The Virus Remediation Training workshop includes detailed procedures and tools to help the technician accurately diagnose an infected computer. Just as it's important to have a methodology for removing malware, it's equally important to know when that's not the issue and go back to traditional hardware and software troubleshooting.