What to do if the page is infected. What to do if your computer is infected with a virus? What to do after all malware is finally determined to be removed

What to do if the page is infected. What to do if your computer is infected with a virus? What to do after all malware is finally determined to be removed

27.08.2021
Archivers

Not the first year are the main activity of our company. And we can state with confidence that the infection of the site with viruses is a real pandemic.

Infection can occur by introducing malicious codes through various scripts on the site, through hacking access to the admin panel, through the theft of the FTP login and password, through holes, etc.

This leads to disastrous results:

  • infection of visitors;
  • violation of the site;
  • and perhaps the most terrible thing is that the site gets into the Blacklist of search robots such as Google or Yandex, which in turn leads to the loss of visitors, and in the case of a business site, to loss of profit and reputation.

Whether a site is infected can be found out in the following ways:

  • with the help of an antivirus;
  • infection can be determined by checking source, for example, in the browser by simultaneously pressing the Ctrl + U keys;
  • look at the index file - when was the last change made, if at that time you did not update the information, then ...
  • use the services of Yandex-Webmaster or Google-Webmasters.

Your site has been infected, what can I do?

Here everything will depend on the degree of infection, on your hosting provider, etc.

The first way to solve this problem is to seek help from specialists, this is especially true for beginners. So we are waiting for your call!

The second method depends on your hosting and account, whether you have access to a site backup and whether you did it regularly. If the answer is yes, feel free to “roll back” before infection. If the backup was made by the hosting, tell him your problem and a request to "roll back" your site to the date before the infection. But there is one thing here - how long has the site been infected? If for a long time, there is a very high probability that the backups contain a virus.

If the two previous solutions are not available, you will have to do this manually. It is possible that the virus did not cause significant damage and only a few files are infected, usually index.php and index.html. But it may be that other files were also infected. Block access to the site by putting the “.htaccess” file in the root of the site - this is in order to spoil your ranking in search engines. Next, download the contents of your site to your computer, preferably in an archive and run the antivirus, it will do at least half of the work. What he does not do, he will have to do it manually. But it's still better than restarting the site. Constantly monitor the security of your PC.

The problem of infection may be in your computer, do not forget about a decent anti-virus program on it.
If there is an infection, be sure to change all passwords from the site, both for access to the "admin panel" and for access to FTP, the password for your hosting account, etc. Since no one will tell you what information the attackers received.

Remember about the security of both the PC and the site, follow all the precautions and recommendations. And we hope that your experience will not be sad, good luck to you!

In this article, we will consider the situation when a message appears on the computer stating that a virus has been found on it, it is running slowly or with errors, and what actions the user should take in this case, and how to protect their data from loss.

In fact, if a user sees a message about a virus being detected, that's good. It means that antivirus program detected a virus and most likely will remove it without user intervention.

This message does not mean that the computer is infected with a virus. It's just that you downloaded or copied a virus-infected file to your computer and the antivirus program most likely deleted it before problems began to appear from it. In the same way, an anti-virus program can report that it has found a web page that is infected with viruses and the further use of which can lead to computer problems.

In other words, the message that a virus has been detected when the computer is used correctly does not mean at all that it is already infected or damaged. This means that you must not use an infected page or infected file. The system simply warns you of a possible problem if you use them.

You can also go to your antivirus program and check the quarantine or virus detection logs to see more detailed information about the virus and what actions were taken on it.


If your computer is not running an antivirus program

If your computer is not running an antivirus program and your computer starts to run slowly or has errors, there is a good chance that it is infected with viruses. Also, this situation can occur if you use an anti-virus program with an outdated anti-virus database.

If an antivirus program is not installed on the computer, then it must be installed as soon as possible. Of course, there are not so many high-quality free antivirus programs. You can consider one of them, provided by Microsoft- Microsoft Security Essentials. This antivirus program will protect and clean your computer from viruses.


But keep in mind that the use of this program will only be relevant for Windows versions up to 7 (inclusive). Starting with Windows 8, the operating system already provides for the use of built-in antivirus Windows programs Defender, which is already installed and ready to go.

If the antivirus program did not detect a virus

If you have anti-virus software installed on your computer, but you suspect that you have viruses, try installing another anti-virus program and scan your computer with it.

Some developers offer antivirus programs with a trial period of use or even online versions. Using such programs, you can scan your computer for viruses for free.


More complex cases of computer infection

Some viruses and other types of malicious software penetrate so deeply into the system that it becomes quite problematic to remove them from there. Especially antivirus programs that were installed after the computer was infected, as the viruses had enough time to multiply and download additional malware.

In this case, you can not do without booting in Safe Mode. When booting in Safe Mode, Windows does not load third-party applications (which also include viruses). In this way, you can run the anti-virus program without the interference of viruses.

To boot into Safe Mode, restart your computer while holding down the Shift key. Run the antivirus program after booting the computer in Safe Mode and restart it again after that.

If cleaning your computer from viruses with safe mode does not work, you can also try using the "Antivirus Rescue Disk" - used to scan and disinfect infected computers that cannot be cured using antivirus programs running under operating system. By downloading "Antivirus Rescue Disk", the antivirus program gets a clean space to work with the computer and clean it from viruses, which in this case will be idle.

As a rule, large companies developing anti-virus software have "Antivirus Rescue Disk" among their products.

If the malware has damaged the system so much that after removal Windows viruses does not boot or continues to work incorrectly, you can try resetting it to factory settings or performing a clean installation of the operating system.

But keep in mind that doing this on a computer will

Unfortunately, sometimes it happens that the antivirus installed in the system with the latest updates is not able to detect new virus, worm or Trojan. Alas, no one guarantees 100% security. antivirus protection. In this case, it is necessary to determine the fact of infection, detect the virus file and send it to an anti-virus company whose product "missed" the malicious program and could not protect the computer from infection.

However, in most cases it is rather difficult to notice the fact of computer infection on your own (without the help of anti-virus programs) - many worms and Trojans do not show their presence in any way. Of course, there are cases when Trojans explicitly inform the user that the computer is infected - for example, in cases of encrypting user files and then demanding a ransom for the decryption utility. But usually they secretly install themselves into the system, often use special methods of disguise and also secretly carry out their Trojan activities. It is possible to fix the fact of infection only by indirect signs.

Signs of infection

The main signs of infection include an increase in outgoing Internet traffic - a rule that is true both for individual users and for corporate networks. If at the same time there is no active Internet activity (for example, at night), then this means that someone else is doing it. And, most likely, for malicious purposes. In the presence of a firewall, attempts by unknown applications to open Internet connections can be a signal of infection. Numerous advertising "pop-ups" when visiting websites may signal that an advertising system (Adware) is present in the system.

Frequent freezes and crashes in the computer can also be caused by the fact of infection. However, in many cases, the cause of failures is not a virus, but hardware or software. If similar symptoms appear on several (many) computers on the network at once, if at the same time intranet traffic increases sharply, then the reason most likely lies in the spread of another network worm or backdoor Trojan through the network.

Indirect signs of the fact of infection may also be symptoms and not computer. For example, bills for phone calls or SMS messages that did not actually exist. This may indicate that on a computer or in mobile phone a "telephone Trojan" was wound up. If cases of unauthorized access to personal bank account or facts of use credit card, then this may be a signal of spyware embedded in the system.

It is possible that the set of anti-virus databases is outdated - you need to download Latest updates and check your computer. If this does not help, then antiviruses from other manufacturers may help. Most well-known antivirus companies produce free versions their products ( trial versions or disposable "cleaners") - it is recommended to use this service. If a virus or Trojan is detected by another antivirus, in any case, the infected file should be sent to the developer of the antivirus that did not detect it. This will help to add it to updates more quickly and protect other users of this antivirus from infecting.

If nothing is found, then before starting to search for an infected file, it is recommended to physically disconnect the computer from the Internet or from the local network, if it was connected to it, turn off the Wi-Fi adapter and modem (if any). In the future, use the network only in case of emergency. In no case should you use Internet payment systems and Internet banking services. Avoid accessing personal and any confidential data, do not use Internet services that require a username and password to access.

How to find an infected file

Detecting a virus or Trojan on a computer can be both a difficult task that requires high qualifications, and quite trivial - depending on the complexity of the virus or Trojan, on the methods used to hide malicious code in the system. In "severe cases", when special methods are used to mask and hide the infected code in the system (for example, rootkit technologies), it is not possible for a non-professional to find an infected file. This task will require special utilities, possibly - connection hard drive to another computer or booting the system from a CD. If you come across an ordinary worm or a Trojan, then you can sometimes find it in fairly simple ways.

The vast majority of worms and Trojans must be controlled at system startup. For this, in most cases, two main methods are used:

  • writing a link to an infected file in the autorun keys of the Windows system registry;
  • copying the file to the Windows startup directory.

The most "popular" autorun directories in Windows 2000 and XP are as follows:

  • \%Documents and Settings%\%user name%\Start Menu\Programs\Startup\
  • \%Documents and Settings%\All Users\Start Menu\Programs\Startup\

If suspicious files are found in these directories, it is recommended to immediately send them to the anti-virus developer with a description of the problem.

There are a lot of autorun keys in the system registry, the most "popular" of them are the Run, RunService, RunOnce and RunServiceOnce keys in the registry branches:

Most likely, there will be found several keys with vague names and paths to the corresponding files. Particular attention should be paid to files located in the Windows system or root directory. It is necessary to remember their name, it will be useful in further analysis.

Also "popular" entry in the following key:

The default value for this key is "%1" %*.

The most convenient places for placing worms and Trojans are the system (system, system32) and Windows root directories. This is due to the fact that, firstly, by default, the display of the contents of these directories in Explorer is disabled. And secondly, there are already a lot of various system files there, the purpose of which is absolutely unknown for the average user, and it is very problematic for an experienced user to understand whether a file named winkrnl386.exe is part of the operating system or something alien.

It is recommended to use any file manager with the ability to sort files by creation and modification date and sort files in the specified directories. As a result, all newly created and modified files will be shown at the top of the directory, and they will be of interest. The presence among them of files that have already been found in autorun keys is the first wake-up call.

More experienced users can also check open network ports using the standard netstat utility. It is also recommended to install a firewall and check the processes leading network activity. It is also recommended to check the list of active processes, while using non-standard Windows tools, and specialized utilities with advanced features - many Trojans successfully disguise themselves from standard Windows utilities.

But universal advice for all occasions does not exist. Often you have to deal with technically "advanced" worms and Trojans, which are not so easy to identify. In this case, you need to contact either the technical support service of the anti-virus company, protection against which is installed on the computer, or one of the companies specializing in computer help, or ask for help on the appropriate online forums. These resources include Russian-language www.virusinfo.info and anti-malware.ru, as well as English-language www.rootkit.com and www.gmer.net. By the way, many anti-virus companies also have similar forums specializing in helping users.

In the age of technology, we often have to deal not only with the convenience of using gadgets, but also with their malfunctions. The same can be said about the computer. The PC system is very complex. It is, unfortunately, susceptible to all sorts of cyber-attacks and How can you tell if your computer is infected with a virus or an adware worm?

Harm

What is the essence of the question? If you decide that your computer is infected with a virus, it is important to understand what exactly it is.

A computer virus is malicious software that can copy itself, infiltrate important codes, system areas, destroy boot sectors, as well as transfer to other systems over the network.

The main purpose of malware is to spread. The fact that a virus can remove something, hide it, add something, etc., is just its side effects.

It also happens that behind such an "evil" file there are no motives for programming malicious effects. But due to incompatibility or some subtleties of interaction, the system may fail.

Viruses can "live" on drives and absorb all resources from there.

advanced

To understand how to determine that a computer is infected, you need to understand the types of viruses and their interaction on the system.

Unfortunately, with the development of technology, malware has been actively improved. So, viruses can “cover” entire state systems that are protected by special methods. But even such a defense cannot resist some "villains".

Groups

Malicious software is distinguished by distribution methods and functionality. Previously, they could only be picked up through storage media such as a floppy disk. Now most of them come to our PC via the Internet.

There is no standardized classification of viruses because they sometimes have ambiguous characteristics. Therefore, it is not easy to assign them to any group.

There are programs that affect certain areas of the system. Viruses can get to files, boot services, source codes, scripts, etc.

There is also a classification according to the mechanism of infection. For example, there are "pests" that are added to an executable file, or those that corrupt a document that cannot be recovered. There are also viruses that "live" separately from everyone else, constantly affecting the PC system.

There are virtual "intruders" who can use special technologies inside your system. So it will even be difficult for you to understand how to determine that your computer is infected.

Specialists divide viruses according to the language in which they were written. And also there are softwares that use additional functions in system. They can spy, collect the necessary information, register user actions, etc.

Warning

You can prevent the occurrence of a notification that your computer is infected. What to do in this case?

Of course, the most popular antivirus programs have long become the main assistants. But recent malware developments have become so advanced that security programs can't handle everything. Therefore, it is important to follow some recommendations in order not to catch a virus and not to think later how to determine that your computer is infected.

Try not to use privileged Accounts without the need. This refers to an account such as a Windows administrator. If the virus gets his data, you can say goodbye to all your data and to the system as a whole.

Remember that running suspicious and little-known programs from unverified sources also leads to infection. You should be wary if the system tries to change its files on its own.

It is also worth taking care of potentially dangerous functionality of the system. Of course, it is better not to “climb” on unknown resources and look closely at the address bar. Use trusted distributions.

If you often work with important data, it is better to dump them on an external drive or do backups. You can capture an image of the entire system with deployment.

System in danger

Many people ask themselves: how to determine that your computer is infected. The answer is simple. You will definitely guess that something is wrong with the system according to the existing signs.

Alarm bells are:

  • Unexpected messages or images appear on the screen.
  • Regular playback of sounds that can randomly occur at any time.
  • Self-activation of programs.
  • Connecting some utilities to the Internet without your knowledge.
  • Sending incomprehensible messages (spam) from your email address to your friends.
  • System hang or slow operation.
  • A huge number of system errors and notifications.
  • Unable to boot the system.
  • Disappearance of personal data: files, folders and archives.
  • Incorrect browser operation.

Of course, these are not all the signs that can happen during infection. There are a lot of variations: from large pornographic banners to a complete shutdown of the PC.

First steps

What should I do if my computer is infected with a virus? If you were able to determine that a “worm” has settled in the system, then you need to immediately take a number of actions.

It is important to immediately abandon bank payments and electronic wallets. Do not go to any important accounts and financial systems.

If there is no antivirus program on the PC, it is advisable to use at least its online version. So you can quickly scan the system and find out what "surprises" are hidden there.

It is best to turn off the Internet and local network. So that the virus could not “call” someone to help itself, or “hide” on the World Wide Web for a while. If the antivirus finds malware, it will automatically decide what to do with it: it can immediately remove it or move it to quarantine.

By the way, often some security programs cannot cope with such problems, so you will have to install others. But this, in turn, is also not entirely safe. Therefore, try to take care in advance that the antivirus program "settled" on the computer. If it interferes with your work, you can turn it off. But it is he who knows how to determine that your computer is infected.

If none of the options helped, it is worth moving on to decisive action.

Additional Help

Of course, if you do not understand the computer at all, then it is better to immediately call the wizard who will “heal” your PC. If you have at least superficial knowledge about the system, you can try to find the virus file yourself. You can only come to this option if you are faced with a regular worm or Trojan.

If you understand that in front of you is a difficult malware, which is not so easy to pull out of the system yourself, you can try using third party programs. In some cases, you will need to connect the hard drive to another PC or boot the system from a disk.

conclusions

Viruses are a nuisance that must have happened to every user. Attackers around the world are trying to steal personal data or just play a trick on an inexperienced user.

If you have a simple malicious file, then most likely an antivirus program will be able to find it. She will heal or remove it on her own.

If you have got a Trojan or a worm, then you can deal with it yourself by finding it in system files or root directory. To search for it, use any file manager, which can sort all system files by date.

If a real “villain” is wound up in the system, then only real specialists can cope with it. So, they will help not only to remove it from the PC, but also to save your personal data. If documents are not important to you, or you have nothing on your computer, you can simply reinstall the operating system.

First aid

If you find that the site is infected or you receive a notification about the presence of malware on your account:

Why are there viruses on my site?

Common causes of site infection are:

  • vulnerability in the version of CMS used;
  • vulnerability in installed extension CMS (themes, plugins, modules);
  • viruses on the computer from which the site is managed.

Most often, attackers hack sites automatically using special programs. They collect big base sites from search engines according to certain criteria (sites installed on popular CMS and their plugins, subject to any known vulnerability). After that, malicious code is placed in the site files. Therefore, it is important to update CMS and plugins in a timely manner. From the hosting side, your sites are protected as much as possible. If another client's site is infected on the server, your site will be safe.

How can I secure the site?

To protect the site from hacking, you should follow simple rules:

  • Set the correct permissions for directories and site files. Avoid using "777" permissions as these attributes give any user full access to your account's files and directories. Use the rights "777" only in exceptional cases.
  • Follow the updates of the used CMS and its plugins on the official websites and install them in a timely manner.
  • Use only official CMS themes and plugins. Nulled versions of paid scripts often contain viruses.
  • Use complex passwords (at least 8 characters long, with mixed case numbers and letters). remember, that simple passwords very easy to pick up.
  • Use an antivirus software and regularly update anti-virus databases.
  • Use only up-to-date versions of browsers ( Mozilla Firefox, Google Chrome, Opera, Safari).
  • Do not store passwords in FTP clients. Very often, viruses take information from an FTP client.
Related Articles
More articles from this category
Sony PRS-T3 e-reader Sony PRS-T3 e-reader
Connecting the guitar to the computer Connecting the guitar to the computer
LG G4s test review: simplified flagship LG g4s description LG G4s test review: simplified flagship LG g4s description
Xiaomi Mi A2: Software Xiaomi Mi A2: Software
Good sound at an affordable price Good sound at an affordable price
TOP10 The best motherboards (10 photos) TOP10 The best motherboards (10 photos)

© 2022 hecc.ru - Computer technology news