TechTalk from microsoft: removing malware.
This is the second in a series of four pieces that will highlight resources available from Microsoft. ASIS International is partnering with Microsoft to help raise IT awareness among its membership.
Malware continues to present a serious threat to corporate networks. Containing the spread of malware requires an understanding of the various technologies and techniques that malware authors can use to attack a computer.
Malware threats directly target both users and computers, but the majority of threats target the user, rather than the computer. If a user with administrator-level user rights can be tricked into opening the door to a malware attack, the malicious code has more power to perform its tasks.
Microsoft's Malware Removal Starter Kit provides IT professionals with a good starting point in defending against this threat; it offers free, tested guidance and tool recommendations to help combat malware attacks and restore infected systems.
Using the Windows Pro-installation Environment (Windows PE), the starter kit gives users the ability to discover malware by performing a thorough offline scan of their computers. Once malware is located and identified, administrators can quickly remove it from infected PCs with a number of free antimalware tools, like the Malicious Software Removal Tool from Microsoft.
The kit describes a 4-stage process to help determine the nature of the problem, limit its spread, remove the malware, verify its removal, and proceed with next steps. The following presents a brief look at this process.
Stage 1: Initiate Your Response. When you arrive at the computer that has a malware problem, if you cannot run antivirus software on the computer, disconnect the computer from the network, turn it off, and refer directly to "Stage 3, Run an offline scan."
Stage 2: Scan for malware. To most effectively combat malware: run antivirus and antispyware software on the computer; run an online scan tool; run an online scan tool using the networked option in safe mode.
Stage 3: Run an offline scan. First start the computer using the CD-ROM that you built by following the directions in the Malware Removal Starter Kit, and then use offline scanning tools to repair the primary hard disk drive while it is offline.
Stage 4: Next steps. If, malware appears still to compromise the computer, you may choose to use System Restore to return the computer to a known good state. If after that, the computer still shows signs of malware-related issues, you can get specialized help or rebuild the computer.
If the malicious software has managed to avoid the offline scan, you will likely need to seek specialized help to remove the malware. Because specialized help requires time and money, a quicker and cheaper option is usually to delete the files on the hard drive of the computer, then reinstall the operating system and software programs.
* FOR COMPLETE GUIDANCE, SEE THE MALWARE REMOVAL STARTER KIT WEB PAGE AT GO.MICROSOFT.COM/?LINK1D=7065527.
Frank Simorjay, Program Manager, Security and Compliance, Microsoft Corporation.