ItsGeekToMe.co

Scenario: You suddenly realize that the file you just downloaded, and opened, and allowed to execute even after getting a warning from Windows Security is actually very likely some sort of malware or virus.  Oops.  How do you proceed? Is it safe to keep running the computer after this, or is it going to require some sort of nuclear option, such as a complete factory reset before you can feel safe again?  Let’s investigate.

We’ve all done it at some point.  You’re either in such a rush to get this new software, driver, or feature installed, or you’re going through all the motions and forgetting that you are actually making a change to your computer’s configuration. Either way, you click through all the dialogs that pop up without even reading them.  Dialogs that are designed to protect you, if you just took the time to read them and heed their warnings. Perhaps you noticed a command prompt pop-up and quickly disappear. Once you finally stop your headlong plunge, there are some steps you should definitely take to protect your personal data, and your future sessions using the computer.

First, let’s be clear: this is a serious scenario, and yes, you should be worried.  In fact, your threat meter should be at “Geek-Con 1” – the highest state of emergency.

When you allowed that executable file to run despite Windows Security screaming at you, you effectively bypassed the most important gatekeeper your computer has.  The fact that a command prompt window flashed makes it even worse.  What you can’t see is that behind the scenes in these prompts and windows opening and disappearing, a script is running that has only one purpose: to install its payload of malware, or worse, call home to a server to download in install the real malware.  All this happens either off-screen, or at speeds your human eye couldn’t catch even if you were staring right at it.

You might be thinking “I have a top-rated anti-malware suite installed.  I’ll just run a scan, and all the bad stuff will get removed.”  Ah, dear reader, if it were only that simple, malware wouldn’t be the ongoing problem that it is today.  Modern malware is a hugely complicated beast, and sophisticated malware is specifically designed to detect when this type of scan is running.  It has the ability to hide itself, even disabling parts of the security software so it simply skips over the infected files.  So much for your “top-rated” software.

Although a situation like this is important, it isn’t necessarily the doomsday scenario that I’m making it out to be.  My first recommendation is to not rely solely on Windows Security, or any other anti-malware suite to identify and remove threats.  Get a second and even third opinion from tools like Malwarebytes or the Emsisoft Emergency Kit.  Such tools often reveal things the in-built Windows tools miss because they scan for different behavioral signatures

Next, check your startup apps in Task Manager.  If you find anything there with a weird name, no publisher, or that resides in a temporary folder, that’s a red flag.

Finally, consider the nuclear option of a full-reinstall. Yes, it’s a painful process, but you put yourself in a painful situation.  The situation is even worse if you haven’t been following my advice and implementing best practices like performing regular data backups and using non-administrator accounts.  Imagine the havoc that can be wreaked by a piece of malware that’s running loose on your system with full administrator privileges!  I shudder to think about it. (*Shudder*) See?

If you have your data backed up (and if you don’t, why are you still reading this?  Go do it!) a factory reset is relatively easy, and just about the only way you can sleep soundly at night.  It wipes away all the junk and ensures that nothing is left lurking in the hidden corners of your hard drive.

Until next time, slow down and read, and if you don’t recognize something, don’t allow it to run!  And for heaven’s sake—send me some more questions!  This column doesn’t write itself you know.

---

To view additional content, comment on articles, or submit a question of your own, visit my website at ItsGeekToMe.co (not .com!)