Cleaning your Computer from Malware with the Microsoft Malware Removal Starter Kit

Posted on January 8, 2009 by Daniel Petri in Security with 0 Comments

Every day, viruses, spyware, and other malware are triggered by employees, potential adversaries and/or malicious users. Some are sent to you by e-mail, others attempt to invade your computer after surfing to malicious websites or running macros that contain viruses.

As an IT professional focused on security, the first step toward containing the spread of malware is to understand the various technologies and techniques that malware authors can use to attack your computer. However, it is also important to know that the majority of threats come from malware that targets the user rather than the computer. If a user with administrator-level user rights can be tricked into launching an attack, the malicious code has more power to perform its tasks. Such an attack can frequently cause more damage than one that has to rely on a security hole or vulnerability in an application or the operating system.

How Does Malware Get In?

Malware uses many different methods to try and replicate among computers:

  • E-mail – E-mail is the transport mechanism of choice for many malware attacks.
  • Phishing – Phishing attacks try to trick people into revealing personal details such as credit card numbers or other financial or personal information.
  • Removable media – Including floppy disks, CD-ROM or DVD-ROM discs, USB drives, and memory cards, such as those used in digital cameras and mobile devices.
  • Internet downloads – Malware can be downloaded directly from Internet Web sites such as social networking sites, serial/keygens/hacks sites and p2p file sharing networks.
  • Instant messaging – Most instant messaging programs let users share files with members of their contact list, which provides a means for malware to spread. In addition, a number of malware attacks have targeted these programs directly.
  • Peer-to-peer (P2P) networks – Numerous P2P programs are readily available on the Internet (and include Kazaa, eMule and uTorrent and others). The P2P programs by themselves are not the malware, but they cause people to download files and programs from uncontrolled sources.
  • File shares – A computer that is configured to allow files to be shared through a network share provides another transport mechanism for malicious code.
  • Rogue Web sites – Malicious Web site developers can use the features of a Web site to attempt to distribute malware or inappropriate material.
  • Remote exploit – Malware might attempt to exploit a particular vulnerability in a service or application to replicate itself. Internet worms often use this technique.
  • Network scanning – Malware writers use this mechanism to scan networks for vulnerable computers that have open ports or to randomly attack IP addresses.
  • Dictionary attack – Malware writers use this method of guessing a user’s password by trying every word in the dictionary until they are successful.

How to mitigate the risks?

The next list provides some examples of tools that you can use to mitigate the danger of malware:

  • Spam filters
  • Real-time antivirus and antispyware scanners
  • User education
  • Pop-up blockers
  • Antiphishing filters
  • Browser security
  • Personal firewall
  • Restrict unauthorized programs
  • Strong password policy

Although you’ve installed antivirus software and you keep your protection updated, sometimes attacks are successful, and computers get infected. Once they are inside the organization, malware outbreaks can spread with alarming speed, compromising or destroying mission-critical data or personal information.

Check for Performance Issues

Your computer should already have real-time antivirus and antispyware programs running on it to alert you with a message if they detect an infection. However, if you notice unusual behavior or your system slows down, at any time you can run a full system scan. The following are a few primary performance issues that could indicate that your computer might be infected:

  • Your computer runs more slowly than normal.
  • Your computer often stops responding to program or system commands.
  • Your computer fails and requires you to restart it frequently.
  • Your computer restarts on its own and then fails to run normally.
  • You cannot correctly run applications on your computer.
  • You cannot access disks or disk drives on your computer.
  • You cannot print correctly.
  • You receive unusual error messages or popup windows.
  • You see distorted menus and dialog boxes.
  • Your Internet browser’s home page unexpectedly changes.
  • You cannot access administrator shares on the computer.
  • You notice an unexplained loss of disk space.

Although this is not a complete list, it describes the types of unusual behavior that might suggest that malware is present on your computer. If you encounter any of these performance issues, you can run a full scan to better determine if you have a malware problem.


Restore Infected PCs with the Malware Removal Starter Kit

When you discover PCs that have been infected with malware and your current antivirus tools can’t solve the problem, where do you turn next? Is there a way to restore infected PCs without completely rebuilding them from scratch?

Well, one of the first things to do is to download and install one of many freely (or otherwise) available malware removal tools. Some of these include tools such as Microsoft’s Defender (now built-in into Windows Vista), Ad-Aware, SpyBot Search and Destroy and others to name a few.

Now available from Microsoft, the Malware Removal Starter Kit, the newest Solution Accelerator from Microsoft, provides free, tested guidance to help you combat malware attacks and restore infected system so users can safely get back to work.

Note: The Malware Removal Starter Kit is NOT an executable file, or a one-click solution to your malware problems. Instead, it is a guide (which can also be viewed online – see link below), a Word document, describing the procedures that you should take in order to combat malware. Within the document (or online version) you will find instructions on how to download, extract, burn, and prepare, a Malware Removal Starter Kit to conduct offline scans.

The kit shows you how to use the Windows Preinstallation Environment (Windows PE) to discover malware by performing a thorough offline scan of your computers, uncovering malware that may be hiding in the operating system. And once malware is located and identified, it can be quickly removed from infected PCs with a number of free anti-malware tools, like the Malicious Software Removal Tool from Microsoft.

The Malware Removal Starter Kit answers questions like:

  • What are the keys to a reliable, effective response plan to remedy malware outbreaks?
  • How do I build a bootable CD that lets me perform offline virus scans?
  • How can I discover and remove viruses and other malware hiding in the operating system?
  • How does the Malware Removal Starter Kit augment Microsoft’s anti-malware strategy?

Key Benefits

The Malware Removal Starter Kit is:

  • Effective: Helps you to uncover malware that’s difficult to expose.
  • Flexible: Lets you use best approach for the specific problem you’re facing.
  • Reliable: Provides guidance thoroughly tested by Microsoft security experts.
  • Simple: Offers a solution that is easy to configure and use.
  • Free: The Malware Removal Starter Kit is a free download from TechNet.

Download the free Malware Removal Starter Kit

Malware Removal Starter Kit: Overview

Windows Automated Installation Kit (AIK)

Downloads – The home of Spybot-S&D!

Microsoft Malicious Software Removal Tool

Manual Spyware Removal Guides

avast! Virus Cleaner Free Download

Recent Security Forum threads

Got a question? Post it on our Security Forums!