What are bots and Botnets?
By definition bot is a software application running automated tasks over the Internet like, for example, those best friends of SEO specialists: Google and Bing robot spiders/crawlers that index webpages. We however will be talking the removing of those bots that by About.com's definition aretype of malware which allows an attacker to gain complete control over the affected computer. Computers that are infected with a 'bot' are generally referred to as 'zombies'.Description of botnets by Securelist.com website pretty much sums up the answer to questions like, what is a purpose of developing botnets and why would anyone want to create trojan bots:
Special Trojans – ‘bots’ (from “robot”) are created for this kind of networks, centrally managed by the remote “master”. The Trojan intrudes into thousands, tens of thousands or even millions of computers. This enables the master of the “zombie network” (or “bot-network”) to access resources of all infected computers and use them to own benefits. Sometimes such networks of “zombie-machines” come into the black Internet-market where they are acquired by spammers or rented.
The following video by rynesandbergfan23 explains what malicious bots are capable of, what to look out for and how to secure your machine so that its chances of getting infected are greatly reduced. (Note: if you haven't got a software to monitor your network connections similar to one shown in the video, you can use Command Prompt (Start-->Run-->cmd) instead. For the list of network connections and associated software applications maintaining them, type netstat -b in the Command Prompt and hit Enter):
Spybot
Last year my machine, despite the full ZoneAlarm's protection it had, got infected with what was known as Google Redirector malware. That's how I got familiar with a freeware called Spybot S&D (or Spybot Search&Destroy), a software project that financially depends on PayPal donations. This freeware is able to identify more than 820,000 pests (including Win32/Zbot (also known as ZeuS), SpyEye and TDSS trojans) by basically doing what it calls a bot-check. The following video will show you what features Spybot has got as well as how to scan and clean your machine:
Now, from my experience, Spybot is very useful to get rid of spyware, adware and all kinds of sneaky pests but it cannot serve as a replacement for an anti-virus software. Handling of malicious Windows Registry entries is one thing Spybot is really good at. The picture that follows is a screenshot of Spybot's scan results:
If you click on it and take a closer look, you can see that (apart from 2 DoubleClick tracking cookies) there are only 3 objects expanded that are not Registry entries.
Malware and spyware removal method
Let's get back to the video at this point. The author of the video comes up with what I see as a generally good idea as to how a Windows machine has to be cleaned: if one malware detection software comes up with detected objects after the scan, it is recommended that after deleting those objects, a system scan is run again, this time by using the same type of software by different vendor. In the video the free Malwarebytes Anti-Malware (appears to be most trusted free malware detector for Windows environment) scanner is used to compare scan results however, unlike that of the video author, our point here is not to demonstrate a comparison because no software is absolutely perfect. The point is using what Hitman Pro (also used in the video) developers call a 'second opinion'. Now, lets see what I've got after following this sequence: free Emsisoft Anti-Malware (Scan settings: Scan type: Deep Scan Objects: Rootkits, Memory, Traces, C:\ Scan archives: On ADS Scan: On) -->Spybot scan --> free Malwarebytes Anti-Malware (Deep Scan) --> Hitman Pro (Default scan):
- Emsisoft Anti-Malware detects 387 objects each related to one of the following: mywebsearch toolbar, zwinky toolbar, funwebproducts, Trojan.Win32.AddUser and Trojan-Downloader.Agent. (No screenshot provided because of the amount of objects found yet the scan Report can be viewed by clicking here.)
- Spybot detects some MyWebSearch and FunWebProducts Windows Registry entries as seen in the screenshot above (the scan takes up to several hours)
- Malwarebytes Anti-malware still detects some MyWebSearch entries in Windows Registry and a Start Menu Hijack:
- Hitman Pro detects one remnant of malware in Windows Registry:
- Now the machine can be considered free of both, malware and spyware. Remember, before you start cleaning your machine, make sure you have:
- downloaded all the latest updates for the software you are going to use. If this doesn't work, the best thing to do is to obtain anti-malware software installation using other computer. Spybot for instance can be installed and run without the connection to Internet: latest updates is an optional step during the installation;
- disconnected the machine from the network either by removing cable or disabling/removing your wireless adapter. This is actually the first thing you want to do if you suspect your computer has been infected and you seem to have no control over running processes.
But speaking of Google Redirector... The only free tool that got rid of it was HitMan Pro (Google redirection infection is known as TDL3/TDL4 rootkit). Mind you, that was back in May 2011, and as we know, things constantly change.
|
|
No comments:
Post a Comment