Malware is an annoying or dangerous program designed to covertly access a device without the knowledge of its owner. There are several types of malware: spyware, adware, phishing, Trojans, ransomware, viruses, worms, rootkits, and programs aimed at taking control of the browser.

Sources of malware

Malware often enters a device via the Internet or email. However, hacked websites, demo versions of games, music files, toolbars, various software, free subscriptions and everything that you download from the Internet to your device, which does not have protection against malware.

How to recognize malware

Slow operation, pop-up messages, spam or crashes often indicate that the device is infected with malware. To check if this is the case, you can use the malware scanner (it is part of all malware removal tools).

How to remove malware

The best way to get rid of the problem is to use a reliable malware removal tool that can be found in any quality antivirus product. Program Avast Free Antivirus and its Anti-Malware component can protect you from malware by quickly and easily removing it from your devices. It's not just a removal tool dangerous programs. This is also permanent protection from malicious attacks, acting in real time.

How to protect yourself from malware

• Use powerful antivirus products that can also protect against malware.
• Do not download files attached to email messages. mail from unknown senders.

Malware-- any software, designed to obtain unauthorized access to the computing resources of the computer itself or to information stored on the computer, with the aim of unauthorized use of computer resources or harm to the owner of the information (or the owner of the computer) by copying, distorting, deleting or replacing information.

Malicious software is divided into three main classes: computer viruses, network worms, Trojan horses. Let's consider each of them in more detail.

Computer viruses

This class of malware is the most common among the rest.

A computer virus is a type of computer program distinctive feature which is the ability to reproduce (self-replication). In addition, viruses can damage or completely destroy all files and data controlled by the user on whose behalf the infected program was launched, as well as damage or even destroy the operating system with all files as a whole.

Usually, the user himself, who does not check antivirus program information that enters the computer, as a result of which, in fact, infection occurs. There are quite a few ways to "infect" a computer with a classic virus (external storage media, Internet resources, files distributed over the network)

Viruses are divided into groups according to two main features: by habitat, by the method of infection.

By habitat, viruses are divided into:

• · File(injected into executable files)
• · Boot(implemented in boot sector disk or to the sector containing the bootloader of the hard drive)
• · Network(spread across computer network)
• · Combined(for example, file-boot viruses that infect both files and the boot sector of the disk. These viruses have an original method of penetration and a complex algorithm of work)

According to the method of infection are divided into:

Network worms

The next big class of malware is called "Worms"

A network worm is malicious programming code, which distributes its copies over local and / or global networks in order to penetrate a computer, launch its copy on this computer and further distribute. To spread, worms use e-mail, irc-networks, lan, data exchange networks between mobile devices etc. Most worms are distributed in files (an attachment to an email, a link to a file). But there are also worms that spread in the form of network packets. Such varieties penetrate directly into the computer's memory and immediately begin to act resident. Several ways are used to penetrate the victim computer: independent (packet worms), user-based (social engineering), as well as various flaws in the security systems of the operating system and applications. Some worms have the properties of other types of malware (most often Trojans).

Classes of network worms:

Mail worms (Email-Worm). This is a malicious system that resides in a file attached to an email. The authors of the mail worm in any way induce to execute the attached file with the virus. He is disguised as new game, update, or popular program. By activating activity on your computer, the mail worm first sends its own copy by e-mail, using your address book, and then harms your computer.

• · Internet pager worms (IM-Worm). The action of this "worm" almost completely repeats the method of distribution used by mail worms, only the carrier is not an email, but a message implemented in instant messaging programs
• · Worms for file-sharing networks (P2P-Worm). To infiltrate a P2P network, the worm only needs to copy itself to a file sharing directory, which is usually located on the local machine. The P2P network takes care of the rest of the distribution work - when searching for files on the network, it will inform remote users about given file and provide a service for downloading it from an infected computer.

There are more complex worms of this type that mimic the network protocol of a particular file-sharing system and respond positively to search terms. At the same time, the worm offers its copy for download.

Using the first method, the "worm" searches the network for machines with resources open for writing and copies them. However, it can randomly find computers and try to open access to resources. To penetrate the second method, the "worm" looks for computers with installed software that has critical vulnerabilities. Thus, the worm sends a specially crafted packet (request), and part of the "worm" penetrates the computer, after which it downloads the full body file and launches it for execution.

Trojans

Trojans or programs of the "Trojan horse" class are written with the aim of causing damage to the target computer by performing actions not authorized by the user: data theft, damage or deletion of confidential data, disruption of the PC or use of its resources for unseemly purposes.

Some Trojans are capable of independently overcoming the protection systems of a computer system in order to penetrate it. However, in most cases, they enter the PC along with another virus. Trojans can be considered as additional malware. Often, users themselves download Trojans from the Internet.

The cycle of activity of Trojans can be defined by the following stages:

• - penetration into the system.
• - activation.
• - performing malicious activities.

Trojans differ among themselves in the actions they perform on an infected PC.

• · Trojan-PSW. Purpose - Theft of passwords. This type Trojans can be used to search system files that store various confidential information (for example, passwords), "steal" registration information for various software.
• · Trojan Downloader. Purpose - Delivery of other malicious programs. Activates programs downloaded from the Internet (run for execution, registration for autoload)
• · Trojan-Dropper. Installation of other malicious files on the disk, their launch and execution
• · Trojan-proxy. Provide anonymous access from the victim's PC to various Internet resources. Used to send spam.
• · Trojan Spy. They are spyware. They carry out electronic spying on the user of an infected PC: the information entered, screenshots, a list of active applications, user actions are saved in a file and periodically sent to the attacker.
• · Trojan(Other Trojans). They carry out other actions that fall under the definition of Trojans, for example, the destruction or modification of data, disruption of the PC.
• · backdoor. Are utilities remote administration. Can be used to detect and transmit to an attacker confidential information, data destruction, etc.
• · ArcBomb ("Bombs" in the archives). Cause abnormal behavior of archivers when trying to unpack data
• Rootkit. Purpose - Hiding the presence in the operating system. With the help of program code, the presence of certain objects in the system is hidden: processes, files, registry data, etc.

Of these, spyware is the most widely used - Trojan Spy and RootKit (rootkits). Let's consider them in more detail.

Rootkits. AT Windows system Under RootKit it is customary to consider a program that is illegally introduced into the system, intercepts calls to system functions (API), and modifies system libraries. Interception of low-level APIs allows such a program to mask its presence in the system, protecting it from detection by the user and antivirus software.

Conventionally, all rootkit technologies can be divided into two categories:

• Rootkits running in user mode (user-mode)
• Rootkits running in kernel mode (kernel-mode)

Sometimes rootkits come in email attachments, masquerading as documents of various formats (for example, PDF). In fact, such a "imaginary document" is an executable file. Trying to open, the user activates the rootkit.

The second way of distribution is the sites subjected to hacker manipulation. The user opens a web page - and the rootkit gets into his computer. This is possible due to flaws in the security system of browsers. computer file program

Rootkits can be planted not only by intruders. There is a well-known case when the Sony Corporation built a kind of rootkit into its licensed audio CDs. Rootkits are essentially the majority software tools copy protection (and means to bypass these protections - for example, emulators of CD and DVD drives). They differ from "illegal" ones only in that they are not set secretly from the user.

Spyware. Such programs can perform a wide range of tasks, for example:

• · Collect information about Internet usage habits and most frequently visited sites (tracking program);
• · Memorize keystrokes on the keyboard (keyloggers) and record screenshots of the screen (screen scraper) and send information to the creator in the future;
• · Be used for unauthorized analysis of the state of security systems - scanners of ports and vulnerabilities and crackers of passwords;
• · Change the parameters of the operating system - rootkits, control interceptors, etc. - resulting in a decrease in the speed of the Internet connection or loss of connection as such, opening other home pages or deleting certain programs;
• · Redirect browser activity, which entails visiting websites blindly with the risk of viruses.

Remote control and management programs can be used for remote technical support or access to your own resources that are located on a remote computer.

Passive tracking technologies can be useful for personalizing the web pages a user visits.

These programs are not viruses in themselves, but for one reason or another they are included in anti-virus databases. As a rule, this small programs, which have a small area of ​​​​influence and are ineffective as viruses.

• · Adware is a generic name for software that forces ads to appear.
• · Bad-Joke - bad jokes. Programs that frighten the user with unexpected and non-standard opening or use graphics. It can also be programs that give false messages about formatting a disk or stopping the program, etc.
• · Sniffer - a program designed to intercept and then analyze network traffic.
• · SpamTool - a program designed to send spam (as a rule, the program turns the computer into a spam machine).
• · IM-Flooder - a program that allows you to send various messages in large quantities to a given IM-messenger number.
• · VirTool - utilities designed to facilitate writing computer viruses and to study them for hacker purposes.
• · DoS (Denial of service) - a malicious program designed to carry out a Denial of Service attack on a remote server.
• FileCryptor, PolyCryptor - hacker tools, which are used to encrypt other malicious programs in order to hide their contents from anti-virus scanning.

So, the topic of our conversation today is malware. We will find out what it is, how they manifest themselves on computers, how you can "catch" this infection, and also classify all of them by danger. In addition, let's try to understand how it will be possible to remove them from the operating system once and for all. What programs will help us with this? Which one is the best for the task at hand? All this will now be discussed.

What are

Let's start by understanding what malware is. After all, this, for the most part, depends on the treatment of the computer. Each infection has its own approach that helps to eliminate the root of the problem.

In general, a malicious program is any application created with the aim of destroying the operating system, as well as obtaining the user's personal data. Plus, main feature is harming your computer. So you have to work hard to protect yourself from this infection.

Malicious programs, as already mentioned, can be classified. Moreover, according to this very classification, it is possible to determine the degree of danger of a particular application. Let's get to know you all types.

The first one is spam. The least dangerous, albeit unpleasant, viruses (malware) that can only be encountered. Usually aimed at displaying numerous ads and clutter CPU with their tasks. Sometimes they can steal personal data.

The second type of viruses are worms. Also a very "weak" infection. As a rule, it gets on a computer for the purpose of its own reproduction. Plus, as in the previous case, they load the processor. The result is slowdown of the computer. Not critical, but still annoying.

The following malware are trojans. They are the most dangerous objects. They destroy the operating system, clutter up your computer, steal your personal data... In general, a "hodgepodge" of all malicious applications. They must be disposed of immediately.

The last option that can be encountered is spies. Designed to steal personal information. Sometimes they can destroy the operating system and multiply. They are not particularly dangerous for the user and the computer, but for the data this is a big threat. The system needs good and reliable protection against malware to keep all documents safe and sound.

Where do they live

Well, we have already met you with the classification, as well as the degree of danger of all computer infection that a modern user may face. Now it's worth knowing how malware is distributed, as well as where you can meet them.

The first leader in our list is suspicious advertising in world wide web. For example, the offer of a free download of a book that will teach you how to earn millions in 2 weeks. Sometimes it is enough just to follow a link or a banner, and the computer will already be infected.

Also, viruses and malware are constantly present on prohibited sites, resources of an intimate nature, torrents, and so on. As in the previous case, it is enough just to visit the site - and the infection will already sit on the computer. More often than not, even the most will not be able to help you prevent infection.

The third place is occupied by various ones. They, as a rule, download some document you need to your computer, and then install malicious content in a trailer. Try not to use such managers very often. It is better to wait a while and download the document using a browser - there is at least some kind of protection already there. Not very good, but nevertheless, in most cases, really helps us.

Sometimes malware is distributed via email e-mail. You go to an unfamiliar letter sent to you - and you're done! It is better to refrain from reading incomprehensible messages if you do not know exactly where it came from.

Manifestation

Well, now it's time to find out how you can understand that your computer is infected. After all, this is what helps us start thinking about how to remove malware from a computer in time. It should be noted that users have ceased to pay attention to many "signals". Now we will remind about them, so as not to lose sight of anything.

The first clear sign is the appearance of brakes on the computer. All this is due to the load of the central processor. Although this behavior may be caused by a banal system failure. It’s just better to play it safe once again and check your computer for viruses.

The second signal is the appearance of new content on the computer. In this case, we are talking only about the software that you did not install. And sometimes they didn’t even hear about the existence of it. You should not run such ones, and even more so try to work in them.

Next comes the appearance of spam and advertising on the computer, as well as a change start page your browser. In this case, you should immediately sound the alarm - because you definitely have some kind of infection. The anti-malware protection apparently failed and missed some kind of virus.

Also, a variety of failures and malfunctions can be observed in the computer. There are errors in applications, and spontaneous shutdown / reboot, and a lot more of this kind of "surprises". All this should be given special attention.

How to uninstall: antivirus

Now it's time to find out what malware removal programs are. The first applications that we will get acquainted with - This software is aimed at finding and removing an infection that has penetrated a computer, as well as providing reliable protection for the operating system.

To be honest, there are a lot of antiviruses now. Any user can install the one that he likes specifically. There is no fundamental difference between them. Nonetheless in the best possible way Dr.Web, Nod32, Avast cope with their work. As many users note, it is these antiviruses that quickly detect an infection and then remove it, causing minimal harm to the operating system.

Antispyware

The second ally in the fight against viruses is anti-spyware. Unlike antivirus, the action of such content is aimed at detecting and removing computer spyware viruses. They won't find any Trojans. As a rule, they are used after the antivirus on the computer.

Malware removal programs are very extensive. Nevertheless, one leader can be singled out among them, who perfectly searches for and eliminates spies in the operating system. This is SpyHunter.

You just need to download, install and activate yourself latest version this security. After that, launch the application, set up a scan, and launch it. Next, delete everything that was found (a special button will appear for this). That's all. The application is freely available, and also has a simple and intuitive interface.

For registry

Sometimes viruses and spyware are registered in the registry of your computer. This greatly complicates the healing process. What can be done in this situation?

Of course, you can clean the registry from the virus yourself. But it is best to use for this purpose special utilities. For example, CCleaner. With its help, you can easily scan your computer, and then clean up all the "extra" and dangerous data in the system registry.

To do this, download, install, run and configure the program. After starting, on the left side of the screen, you need to check all sections hard drive, as well as browsers. After that, click on "analysis", and then on "cleanup". That's all. Pretty easy and simple. Even a novice user can handle this application.

We remove programs

Of course, everything that has been described above is an excellent step to eliminate all viruses hanging over the system. True, they should not be limited. Let's find out what other steps to take if you suddenly found some kind of computer infection in the system.

Of course, this is the removal of all extra programs on the computer. With all this, special attention should be paid to the content that appeared after the infection of the system. To get rid of it, you will have to use There, find "Add or Remove Programs", and then wait for the list of all installed content to load. Next - find what was installed "by itself", select the line and click on "delete". That's all.

Finishing the fight

Today we talked with you about malware, classified and understood what signs distinguish a healthy computer from an infected one. In addition, we got to know the most popular programs to remove computer infection.

In general, all the healing of operating systems comes down to the following algorithm: all installed applications(third-party), the system is checked with an antivirus, then it is scanned by antispyware, after which the registry is cleaned. It ends with a simple restart of the computer. Thus, all problems are solved.

In this article, we will get to know main types of malware . There are many different types of these, let's take them all in order!

And so I will try to describe everything quite simply, I think you will like it! And so let's go!

Viruses

The first type is, as you probably all already know, “viruses” (computer) and “worms” (well, also computer J) what is it? Surely you have heard many definitions and their classification? If not yet, now you will certainly know and imagine what it is and how they work!

Viruses are a kind of malicious software that performs various unauthorized actions in your OS (Operating System), it all depends on its purpose. Basically, a virus is a program code that gives your computer certain commands that the computer executes. How this happens and how viruses are written, we will talk with you in the article “Virus commands and how it works” Well, that’s all about viruses for now, let’s move on to the next type - worms.

Worms

Worms what is it and how does it work? This is also malicious software that contains a “code” of a slightly different plan, namely, the main difference is self-reproduction (copying itself), each copy of it retains its inherited self-reproduction properties! Which is very bad for your computer speed.

Trojans

Trojans are programs designed and written specifically for the specific "needs" of an attacker. For example, a Trojan can easily copy your data (eg passwords, or other information from your computer).

I would like to note that such programs can also modify or block information or even a whole system of commands on your computer! Be careful, these are very dangerous and harmful programs that can cause serious consequences. Let me give you an example, let's say your computer, after visiting the Internet, picked up a “trojan” and your antivirus found it in you, you think they say, well, I’ll delete it and that’s it! At first glance, everything is logical as they picked it up and deleted it, it would seem fearless!

And as I already wrote, if you read carefully, then such a program can modify information and commands (Change, make changes) and it turns out that the Trojan was removed, and it has already done its job by changing a number of commands in your system or its settings. What could this turn out to be? Yes, absolutely at least everything depends on the code and what changes it brought to the system of your PC.

These are the pies, dear readers! Well, I would like to write how the Trojan differs from simple virus. The main difference is that such Trojans do not copy "themselves" (do not create copies of themselves). Well, let's move on with the Trojans!

The next type is rather tricky programs and they are referred to as "Malware utilities" type. This is one of the most difficult types of programs, since these programs can be both useful and harmful. And of course, how am I without an example :)

Malicious utilities

I will give an example, such a program is installed on your PC (Personal Computer) and then it may not harm your computer at all, but as always there is a but. Such a program can hack another computer's security system from yours! Do you represent? Sit means you drink your seagulls, watch a movie, and in the meantime, the processor of your machine processes commands that bypass the protection system of another computer, there are few such utilities, but they already exist and I have come across them! And this is how you understand far from everything about this type, but for now let's finish this and move on to another type.

Adware, Pornware and Riskware

Adware, Pornware and Riskware are a little more complicated and a little more detailed. So what is this malware? Heh, I'll try to be as clear as possible. Let's start... This is definitely a conditional range of malware, since it can be both harmful and completely useful programs, Let's give an example again for clarification? With an example, everything will be clearer. Let's say you are a System Administrator and you need to install a remote control program. system administration for computers, for those who are not very familiar with this, I will write briefly. This is the ability to control another computer from a distance, through local network(Special cable) or internet. So in this case, everything is fine, as you need it to simplify the operation and maintenance of other PCs. But imagine if in the role system administrator there will be an attacker who wants to get into this his other idea of ​​exploiting this loophole?

That's all briefly described, in more detail I will write many more articles on this type, how it all works, and how to implement it all and protect against such threats.

Malware

Malware(in the jargon of anti-virus services " malware", English. malware, malicious software- "malicious software") - any software designed to gain unauthorized access to the computing resources of the computer itself or to information stored on the computer, with the aim of using the computer resources unauthorized by the owner or causing harm (damage) to the owner of the information, and / or to the owner of the computer, and / or the owner of the computer network, by copying, distorting, deleting or replacing information.

Synonyms

• badware (bad- bad and (soft) ware- software) - bad software.
• computer contaminant (computer- computer and contaminant contaminant) is a term for malicious software that is used in the laws of some US states, such as California and West Virginia.
• crimeware (crime- crime and (soft ware- software) - a class of malicious programs specially designed to automate financial crimes. It is not synonymous with the term malware (the meaning of the term malware is broader), but all programs related to crimeware are malicious.

Terminology

By its basic definition, malware is designed to gain unauthorized access to information, bypassing existing access control rules. Federal Service on Technical and Export Control (FSTEC of Russia) defines these concepts as follows:

• Authorized access to information(English authorized access to information) - access to information that does not violate the rules of access control.
• Unauthorized access to information(eng. unauthorized access to information) - access to information that violates the rules of access control using standard tools provided by computer technology or automated systems. Regular means is understood as a set of software, firmware and technical support for computer equipment or automated systems.
• Access control rules(eng. access mediation rules) - a set of rules governing the access rights of access subjects to access objects

Other definitions of the term "malware"

According to Article 273 of the Criminal Code Russian Federation(“Creating, using and distributing malware for computers”), the definition of malware is as follows: “…computer programs or modifications to existing programs, knowingly leading to unauthorized destruction, blocking, modification or copying of information, disruption of the computer, computer system or their network ... "

It should be noted that the current wording of Article 273 interprets the concept of harmfulness extremely broadly. When the introduction of this article into the Criminal Code was discussed, it was understood that “unauthorized” would be considered actions of the program that were not explicitly approved. user this program. However, the current court practice also classifies as malicious programs that modify (with the user's permission) executable files and / or databases of other programs, if such modification is not allowed by their copyright holders. At the same time, in a number of cases, in the presence of a principled position of the defense and a competently conducted examination, a broad interpretation of Article 273 was declared illegal by the court.

Microsoft defines the term "malicious software" as follows: "Malware is short for 'malicious software', commonly used as a generic term for any software that is specifically designed to cause damage. a separate computer, server, or computer network, whether it's a virus, spyware, etc."

Malware classification

Each antivirus software company has its own corporate classification and nomenclature of malware. The classification given in this article is based on the nomenclature of Kaspersky Lab.

By malicious load