Attack Plan Alex. Introduction This presents a step-by-step attack plan to clean up an infected computer This presents a step-by-step attack plan to clean.

Attack PlanAttack Plan

AlexAlex

IntroductionIntroduction

This presents a step-by-step attack plan to This presents a step-by-step attack plan to clean up an infected computerclean up an infected computer

For basic clean up run AV(anti-virus) For basic clean up run AV(anti-virus) software and anti-adware softwaresoftware and anti-adware software

For the harder to remove viruses use other For the harder to remove viruses use other more complex tools to remove themmore complex tools to remove them

Run AV SoftwareRun AV Software

In order to run AV software you first need In order to run AV software you first need to purchase itto purchase it

Disconnect from the Internet to save Disconnect from the Internet to save yourself from more mischiefyourself from more mischief

Boot into Safe Mode (press F8 when Boot into Safe Mode (press F8 when Windows begins to load)Windows begins to load)

Insert the AV software CD. Then when the Insert the AV software CD. Then when the menu appears, install the softwaremenu appears, install the software

AV AV (PART 2)(PART 2)

Enter the information to register the Anti-Enter the information to register the Anti-virus software. You won’t be connected to virus software. You won’t be connected to the internet, but you will be set up to fully the internet, but you will be set up to fully register when the connection worksregister when the connection works

During the installation, choose scan the During the installation, choose scan the system for viruses. Set the software to system for viruses. Set the software to scan all type files and to look for all types scan all type files and to look for all types of malware.of malware.

AV AV (PART 3)(PART 3)

Sometimes the software detects a Sometimes the software detects a program you know you downloaded and program you know you downloaded and want to keep. This is called want to keep. This is called graywaregrayware..

Reboot into Safe Mode with Networking, Reboot into Safe Mode with Networking, connect to the internet and allow you AV connect to the internet and allow you AV software to get any updates and if it software to get any updates and if it requires you to reboot, then reboot into requires you to reboot, then reboot into safe mode w/networkingsafe mode w/networking

AV AV (PART 4)(PART 4)

After the updating is finished, scan your After the updating is finished, scan your system again. Some system again. Some malwaremalware will be will be discovered for you to delete. Keep discovered for you to delete. Keep repeating the process until all malware is repeating the process until all malware is deleted.deleted.

Reboot your system and see if pop-ups Reboot your system and see if pop-ups still open up. If so you still have malware.still open up. If so you still have malware.

Clean-up Clean-up (PART 1)(PART 1)

Run Windows Defender and Ad-Adware to Run Windows Defender and Ad-Adware to remove what is left.remove what is left.

However, you may need to go through and However, you may need to go through and manually clean out your system.manually clean out your system.

After the first boot of AV software, you After the first boot of AV software, you might find some start-up errors caused by might find some start-up errors caused by incomplete removal of the malware.incomplete removal of the malware.

Clean-up Clean-up (PART 2)(PART 2)

For each program file the AV software said For each program file the AV software said it couldn’t delete, try to delete it yourself it couldn’t delete, try to delete it yourself using Windows Explorer.using Windows Explorer.

Don’t forget to empty the recycle bin when Don’t forget to empty the recycle bin when finished. finished.

To get rid of other malware files, you may To get rid of other malware files, you may need to delete temporry ie files. To do so need to delete temporry ie files. To do so use disk cleanupuse disk cleanup

Clean-up Clean-up (PART 3)(PART 3)

Some malware hides itself in system Some malware hides itself in system restore.restore.

To get rid of this malware, you must turn To get rid of this malware, you must turn off system restore then reboot and turn off system restore then reboot and turn system restore back onsystem restore back on

Clean your registry.Clean your registry.

Clean-up Clean-up (PART 4)(PART 4)

Root out Rootkits: a rootkit is a program Root out Rootkits: a rootkit is a program that uses unusually complex methods of that uses unusually complex methods of hiding itself on a systemhiding itself on a system

Was originally used on UnixWas originally used on UnixCan prevent task manager from displaying Can prevent task manager from displaying

the process or might cause it to rename the process or might cause it to rename the rootkit processthe rootkit process

Also might be hidden from registry editorAlso might be hidden from registry editor

Clean-up Clean-up (PART 5)(PART 5)

Anti-rootkit software looks for running Anti-rootkit software looks for running processes that don’t match up with the processes that don’t match up with the underlying program filename, and the underlying program filename, and the software campares files, registry entries, software campares files, registry entries, and processes provided by the OS to the and processes provided by the OS to the lists it generates from the raw datalists it generates from the raw data

Finally,Finally,

If you have done everything that is said If you have done everything that is said here you will have to restore the entire here you will have to restore the entire system, or wipe your hard drive and re-system, or wipe your hard drive and re-install Windows and all of your install Windows and all of your applications and then restore your data.applications and then restore your data.