back

Eliminating Malware

Tools and Techniques for Malware Removal/Prevention1 H 2 M

Episodes
Episodes
  • Eliminating Malware
    • Identify, Quarantine and Remediate
    • Updating, Scheduling and Monitoring

Identify, Quarantine and Remediate

35 M

  • Episode Description
  • Transcript

In this episode, Daniel and Wes show you what to do when you suspect that your computer might be infected with malware. They begin by explaining how to identify the symptoms of a malware infection. Then they demonstrate the ways in which you would quarantine the infected system followed by remediation using both built-in and 3rd-party antivirus/antimalware tools like HouseCall and Malwarebytes. Finally, they look at using bootable media with stand-alone antivirus software like Kaspersky Rescue Disk 10, for the most difficult cases.

[MUSIC] All right, greetings everyone and welcome to another great episode of ITProTV. I'm your host Daniel Lowrie. In today's episode, we're gonna be talking eliminating malware. Joining me in the studio today to help us in that very endeavor is none other than our good friend Mr. Wes Bryan. Wes, welcome back to the show, sir. How's it going today? >> It's going great and as always Dan, it's good to be here. That's right and in today's episode, we're gonna be looking at a few of the I should say techniques that you can use in order to eliminate malware that are on your systems. Now we're gonna use about a six step method. We're going to take care of a few things here in the first episode. It's gonna be starting out with identification. Now, when we look at malware one of the biggest things that we need to start with, regardless of what technology used, what type of operating system you're using, whatever software you're using whether your systems are up to date, right? All good stuff. It starts with awareness, right? When we look at a layered defense system, if you're not aware that certain things can happen, then you're not really gonna be aware of the potential causes that they can have and much less being able to mitigate them. So it really starts with identification. Now, what are some of the things we can use to identify Malware on our systems, right? Well we've got antivirus software, of course. But sometimes we can use other types of symptoms that can lead us into believing, well maybe there is some malware. Let me show you what I mean, I've got a diagram here. And with identification, some of the things that we have to look at is, Dan I think of things like excessive resource utilization, right? If you have things like system hangs. Ever try to launch an application and that applications just sits here, it's like it's thinking about it. Let me show you what I mean here. I've actually got a machine here that's got a lot of stuff going on right now. You can see Dan here, we got some CPU utilization going on here. And I've noticed that it's actually coming back down a little bit. Sometimes, it goes all the way up to about 98%. Look at our memory, Dan, it's just pegged, right. Almost completely utilized. And the disk? The disk is through the roof right? It's table topped. So these are some of the things that you can see when it comes to viruses being on your systems. Notice that we've got excessive resource utilization and I'm not doing anything. I just started the computer up. Alright, and we've got some problems. This could be some of the things that could lead you to believe that maybe we got a virus, right? >> Yeah, that's exactly right. This is definitely a sure fire sign that your computer has some sort of problem. Now Wes, what was it that lead you to open? Obviously we've got the performance monitor up and running so you can see all these things. What lead you to go there? What would lead someone to open that up as a first step to trying to identify the problem? >> That's right Dan. One of the things that would lead me to believe that it's time to launch Task Manager is when I'm loading for instance applications. Applications that I expect to run right? Maybe yesterday I was using an application. Everything's running fine and all of the sudden today I launch my computer up and I haven't changed anything and I'm trying to load some of those applications up and unfortunately they're not loading. So that might lead me to believe that maybe I've got a process that's running on this machine. And I might even know that it's malware, right, I might just think that I've got some background services or something I need to close, maybe I've got something started up that's really bogging down my start time. Let me show you what I mean here, in Task Manager it does give you the ability to find the different processes that you have running on machines. What's really cool, I really like about this is the fact that you can tell what the process is and what it's associated with. If you ever get something in here that has like asterisk in it, that'd be my first sign of you might wanna worry about that one. If it doesn't tell you what the process is, it's probably cuz it really doesn't want you to know. So it is a good way to kind of get some information again. Remember it's about identification. We, at this point, really don't know if If we do have a virus, we're just trying to isolate down for instance at this point, why we're having performance issues inside of the computer. >> Yeah, Wes, and this is something I've worked on many a help desks. I've helped many a people through remediating viruses on their computer and this is definitely where we always start. What is it that's causing this problem? Task manager helps us with that because it's showing all the processes that are running on our computer. When you start seeing stuff like what Wes was talking about, crazy names that don't make sense, there's this really cool tool available to us on the internet. It's called Google. >> [LAUGH]. >> And we are able to take that name and Google it, and you will find out whether or not that is a legitimate process, or maybe it's some sort of malware. And I'm being facetious, I'm having a good time with, having a little fun there saying Google's our tool but it really is. In one hand that is a serious thing to take that name, throw it into Google and see what comes back. If it says how to remove the blankety blank blank blank virus and you're like, well that's exactly what I have on my computer. Now I know that this is the culprit. I've identified it and now I've got to move towards some sort of remediation tool or take some steps. Maybe I'm going to read a forum post. But we're going to give you some tips to do this as well today, but this is where it begins. You have to find out who, or what, is causing the problem before you can move forward. Cuz if it's just hey, you've got a lot of downloads going on and you're computer's running slow, well then that's not a problem, right? That's something you're doing purposefully. If you're rendering graphics, that's something you're doing purposefully, and of course your computer's gonna run slowly. But if you just rebooted it, and you're just trying to open a spreadsheet, you're trying to write in a Word document, you're trying to check your email and the thing is running like a one legged dog Well, that is a good, and it shouldn't, that's a good thing that we need to start looking for, identifying the culprits. >> Definitely, so remember identification, use some of your techniques. What has changed, you know? One of the things that we, what has changed since the last time the system is running right. Is it something that you've changed, is it maybe a website that you've visited. Now some of you guys might be saying out there, well just don't visit those websites. Well, it's just not that easy, we're not talking about anything scandalous if you will or criminal type activities. What we're talking about is something like going for instance to the classified ad where they're doing job posting. In fact, I did have somebody that I knew that was posting job sites, or what it was, help wanted ads. Right, well when they started getting the responses back, guess what? Attachments, attachments to the responses back started to infect the machine, so- >> That's my resume. >> That's exactly, here's my resume. >> Resume. >> [LAUGH] And now enjoy your gift that keeps giving. Now the next thing that we have to look at is quarantine. Okay. Quarantine is important right. Once we have identified that hey we do have something on the system. Now what we have to do, what we wanna make sure that we isolate it so that it doesn't start to infect other machines, right. In today's day and age, every computer that you have is pretty much networked. We're far past the days when you'd have a computer that really isn't networked outside of some, maybe some extreme security purpose. So let's look at this. Quarantine, it doesn't matter if you have a wired network or if you have a wireless network, right. If I'm holding a plug in my hand that goes to my network adapter I know it's not gonna affect other machines on my network, and that's a good thing, all right? You can go a little bit further than that. We can show you this too here. So I've got a Windows 10 machine. And down in the bottom here, what I have here is you can see a wireless adapter, right? So it doesn't matter if it's a wireless adapter. I know my head's kinda covering it up here. The wireless adapter, it could be disabled very, very easily. I'm just going to right click on it so I can get out and show you that right there. And here's my network adapter. And you can wireless adapter on all I gotta do is I can right-click on it and I can disable it. Now that's gonna disconnect me from my remote desktop session here so we'll go ahead and cancel that out. And I know that this machine is no longer connected to my network. And there you can see it shuts down. So wireless Fairly easy, right, just turn off a network adapter, well wired isn't much different. And again you can see it's, my head's kinda covering it up here, if I right-click in the lower righthand corner on that little monitor icon with the trident pitchfork there, I know it's supposed to be a cable, it looks like a pitchfork to me here. And I go to adaptor settings, notice, guys out there, that nothing's really changed. The adaptors look the same, the only difference is, one says wireless and it's got a little wireless information there, maybe your network adaptor, and the other one here is a gigabit wired network. Well, easy, pull the plug. But then I can also come in here and I can disable the network adapter, and now I know that from a communication standpoint, we've got some other things that we got to do inside of the operating system to ensure that our system can be brought back online once it's remediated. But now I know that I'm not communicating outbound and we've essentially quarantine that information. Now, I could say, well, guess what? We've got the x's over here towards the Internet, well, we can probably bring those x's if we wanted and put them more over here, right? Because not only do we not want connection out to the internet, we don't want connection inside of our networks too. Because just the tendency that viruses have, I mean it's a virus, so it can spread. Now there are some things that we want to understand inside of the operating system that we need to do as well. A lot of times we'll talk about things like, for instance, disabling system restore, you probably heard it. I know Dan, you've been in some episodes where they say, when you're thinking about security, you're thinking about malware, your computer's infected, the first thing you should do is disable system restore. Well why, why should I disable a system restore? Well let me go ahead and show you what I mean here. I'm gonna switch over to a Windows 10 machine and we're gonna go ahead and we're gonna do a system restore. Now, I'm kind of jumping ahead cuz we wanna show you the remediation, we're gonna show you that. But if I have done a system restore, and I should be good, right Dan? I do a system restore, we're back online. Well, let's find out if that's the case. So, we're at a Windows 10 machine here, I'm gonna right-click on the little Windows charm there, icon, and I'm gonna choose system protection. And when I choose system protection you're gonna notice if you look right here that the Local Disk C does have system protection turned on and if I start to do a system restore, and I can choose Next, we'll go through the restore. Notice I got a restore point here, Dan, I think I'm infected here, it's just easy let's just go ahead and do the restore and we should be good. So I'm gonna go ahead and I'm gonna pick one of this restore points. Choose Next, we'll choose Finish. And it's gonna tell us say you cannot interrupt this until it's complete. So that's got our system restore and we'll let that go ahead and churn away a little bit. But I wanna show you a little bit more about System Restore while that's working in the background, and how you should disable that. And we'll show you the why coming up here in a second. So again in Windows 8.1 machine, it's no different, it's the same locations. You go up to System, go to System Protection. And notice that we pretty much got the same thing happening here to. I've got system restore turned on, I know it's turned on because this isn't grayed out, you're gonna see that in a second. I don't know if I have any restore points. Well, we can always figure out if we have restore points without going through a full system restore, just by choosing this Next button. Just like we did when we chose the restore point in the earlier machine. Now these restore points, what is the restore point? Why do we say to delete them? The restore point is a point-in-time snapshot of the system configuration, and that it's bookmarked if you will, it's saved for later. So that if you do have to restore your machine, let's say in the case of maybe a virus, you can restore it to an earlier point in time in the system configuration. Your documents are gonna be just fine. The problem is if the virus is in the registry, which a lot of times they are, guess what settings also get saved in the system restore point? The registry settings. And if you have a virus in the registry right now doing its thing, it's also gonna be in the restore points. So, we say to disable it. Why, what happens when you disable it? Well Dan, let's go ahead and show you. So what we're gonna do here is we're gonna configure this. And notice it says turn on system protection or turn off system protection. Now if you're in Windows 7, guys, and you go out there and you say well, Wes, I got one more radial button. You have two, I've got three. Well that's cuz in Windows 7 you can also control previous versions, I could say just restore my previous versions of files, don't do a system protection. So that's another option. Either way, doesn't matter, Windows 7, 8, 8.1, Windows 10, you name it, you turn Disable System Protection. And notice what it's gonna tell you. Right away it says are you sure you wanna do this because all existing restore points are gonna be null and void. They're gonna be erased, I should say. We'll go ahead and choose Yes to this, and we'll choose OK. And Dan, notice that System Restore is grayed out. That means that we know it's not turned on, you've just seen me turn it off. The other thing, notice I do not have any restore points left. I can't create one, the only thing I can do is come back in here and turn this back on. Now let's go ahead Dan, let's check out our machine here. Sometimes it takes a little bit to do the system restore and it does look like it's finishing up here, so we'll give that just a little bit more. And I tell you what, a couple other things while this thing is cooking away here, I wanna talk a little bit about some other shared locations that if a machine, you need to quarantine it, remember, we're trying to get this off of our network, and we don't want it to infect our other machines. If you're part of a homegroup, well, what's the homegroup for us? Well, let's go and take a look at that. If you have any homegroups on your network, I am gonna go ahead and get into the control panel here and we'll get into System and Security, oops, wrong side of the river there. Let's, how about Network and Internet and then HomeGroup. Now, HomeGroup, we have to watch, right, because with HomeGroup, you're sharing all of these different locations. Dan, notice that I am, we'll try not to do that again. I'm sharing pictures, I'm sharing videos, I'm sharing music, documents, right. And if I'm sharing this with a machine that's infected or vice versa this could cause a problem as well. So one of the things I would recommend is if you do have other devices that temporarily that are part of a home group, what I would do is choose this option here, you'll see Leave the HomeGroup. And personally I hit the gate running. Just leave it for now cuz you can always set it back up once you have remediated your system. Dan, I think we're good over here. Let's go ahead and sign in. A couple other places I want you to keep in mind that you might have to disconnect from if you have File History. One of the things that they're pushing today is File History. You can see here that our System Restore, Dan, is successful. So we should be clean, we should be ready, everything should be good to go. Let me go ahead and we'll get into our Control Panel. I'm kinda having some issues, here, with my computer. It doesn't seem to be working right here. So we will go ahead and get into System and Security, and you'll see that there's File History. Well, with File History I want you to notice something here. Notice that I do have my information being stored. It's being sent from this machine over to another machine to ensure that I can recover this information too. Well you might say, well what's the big deal about keeping that location? Well I want you to look at the personal files that are being stored across all of these different folders and libraries. Can you imagine, viruses can get into these locations as well. Now one of the things that, you remember that we were saying that sometimes viruses don't manifest themselves and you don't see any symptoms? Let me show you something here. Let me go ahead and get down into Windows Defender, and let's look at some history here. Look at that, we just did a system restore, Dan, right? >> Mm-hm. >> You've seen it happen, you were there, you were witness to it all, and what happens? We've got a virus. All right, notice that it found a virus already, and it actually didn't even warn us. This was silent, and we're not even aware that this happens. And you as a tech might say well, wait a sec, or even as home user might say, yeah, we should be good, right? I restored my computer, I did exactly what they said. But the problem is your restore point had a virus in it, all right, and this restore point that I just restored is infected, so it's actually gonna be a continuation of the problem. So, remember, very easy, just as a little recap here, remember that when you get in here, just go to system, and look here. It's telling me, Windows Defender requires your actions here. And we're gonna go ahead and choose configure. We're gonna disable this, turn it off, just like we did before. And now all of those restore points have been cleared. Now we gotta get over here to, as far as it goes to like remediations, we need to get over here to Windows Defender and see what's going on. >> Really, really quickly, Wes, before you jump there, is there any time in which we can trust a restore point? >> There is, and that's a great question to ask. If you know that you've got earlier restore points, all right, maybe you've got something like the system image checkpoint. When you first install your operating system, it does an initial restore point. This is before you've installed any software, any additional drivers, so you could restore back to that restore point. Keep in mind that you just wanna pay attention to any of the software that's gonna be affected, right? Because system restore, it's not biased, it doesn't pick and choose, it'll uninstall software too. So just keep that in mind that if you do go to one of those earlier restore points, yeah, that's a viable solution too, but it might uninstall some of your software. Let's see what Windows Defender is telling us we need to look at. Let's get into a little bit of remediation here. All right, so history, you'll notice I'm over here on the history tab, you have to be an administrator to view the details. So, if you're not an administrator on the account, you won't be able to view these details. And if you read Microsoft documentation on this, it's just because it could contain sensitive information, and they don't want your standard users having access to that information. So, all we're gonna do is we're gonna put a check mark in here. We're gonna choose Remove. And like magic, hopefully Windows Defender has done its job. And this is a utility that's actually built into the machine, and that's a great thing to have. It sets you up initially to have some level of protection. Is it a one stop shop? Does it solve every single one of your problems? No, it doesn't, because if it did, we wouldn't have other third party companies out there that are doing a really good job, making a lot of good money on their products there. So, you do at least have something on hand. Now the other thing that you can have here too, and let me show you on our Windows 8 machine. So you can see it's kind of relative to all the Windows machines that you might be supporting. The other one is something known as the MRT. All right, if I type in MRT and you've done your Windows updates, I should have something known as the malicious software removal tool kit. Now we gotta be careful with this one because unlike Windows Defender, Windows Defender does real time protection, right, it's monitoring things in real time. And just like you're seeing, right, Windows Defender taking action, malware detective and starts locking things down. The MRT is not, and I repeat, is not a replacement for any virus software. And in fact, so much so, guys, that Microsoft even tells you this. I mean, they say it right here, look, this tool is not a replacement for any virus product. However, if you need some offline protection, if you need just a quick scan to see if it can find it, you at least have it. And you can see some of the types of viruses and software. I mean, there's a laundry list here, and there's a bunch of them, but remember, this is a static database, right? This is one that's inside of the operating system, so if you have taken your system offline, you might not get the latest and greatest again, because it's all kinda built into the software itself, but it is there and it is available for you. All right, so couple of things that we can do. Again, keep in mind that when you're doing your remediation side of it, you can start with the utilities that are built into the system. However, there are other utilities that you can use. For instance, you can go up to HouseCall. HouseCall is another one that's out there, too, and the good thing about HouseCall is it works on a lot of different systems. It's by Trend Micro. Keep in mind that it depends on the severity of whether you can use HouseCall. Let me go ahead and show you that, guys, here. So HouseCall, when you go to Trend Micro's site there, you download it, and you can see you download a 32 bit and 64 bit system. Keep in mind, though, it does need to attach to the Internet. So, if you're in a situation where it demands bringing this computer offline, HouseCall really isn't gonna work for you, because it does have to connect outbound. But if it is something that you think you can stay connected to the Internet, you can use it, no problem. It doesn't cause any issues. >> Now, Wes, I know a lot of users, they see the word free attached to something, and they think well, it's not that good. It might get a few things, but this isn't the most robust solution that you can grab. But is that really true when it comes to these antivirus systems? Are these free systems worth their wait, or should we just run out and grab some pay utility? >> It really depends on your budget. I'd tell you, there are many free ones out there. There are free ones that have been out, HouseCall is one of them that's been out there for a while. AVG has got some that are out there that are very good. Don't think that just because it's free that it's not gonna provide you the protection that you need. A lot of times when you get trial, or not even trial memberships, but you get paid accounts, they give you a lot of other bells and whistles, like tracking multiple devices, right? Not just a single device, but I wanna be able to track whether I've got infections on all of the devices, mobile devices and everything within my network. So don't think that just because it says free that it's not gonna do what you need it to do. You just really have to pay attention to what the, I keep wanting to say trial memberships, but what the paid versions give you. Now what if you have a virus and you can't use something like HouseCall, right? Well, there's another one that I like to use. And Dan, I know you like to use this one too. And that one's called Malwarebytes, so let's go ahead and show you that. I've actually got that, Malwarebytes is pulled down. This is good because I can put this on a thumb drive if I want. This computer has no outbound Internet connection at all. It cannot call home, all right? And remember, we're quarantining it, so we need that. Let's go ahead, and guys, be very careful. We're gonna go ahead and infect this machine here. We're gonna hit it with a crypto locker virus. And one of the things you really just be careful with is the fact that if you set these loose, know what you're doing. Like I said, I've disconnected everything. It doesn't have connectivity to my host. I'm actually gonna do something that you shouldn't do to set us up. I'm gonna turn Windows Defender off, cuz I want you to see how Malwarebytes will work. All right, so I'm infecting this machine here, and again, notice, Dan, that I didn't really see anything in the background, right? It just says, okay, it's running. And I get nothing, no sign of anything happening. Now I'm installing Malwarebytes as we speak here, and we'll let it go through its process. And that's the problem with some of these viruses, right? We did get some signs of viruses, Windows Defender let us know that something was going on. But had Windows Defender not been on, I just turned it off. I wouldn't be aware that any of this is going on. Now the good thing about malware bites is again, when I download this executable right, I can put it on a thumb drive. We'll restart it later. I tell you what, we'll go ahead and do a quick restart here, might as well make it happy. The great thing about malware bites is, I can put it on a thumb drive. And if I need to quarantine a device I can't go over the network right. I can take that thumb drive and I can plug it into the laptop or the computer that's in question and hopefully, it'll remediate that virus. Now, we're gonna see it here as it reboots. Give it a second. And we're gonna go ahead and see if we can't eliminate some malware here, do some remediation. >> Now, Wes, when it comes to the crypto locker virus, this is a very particular nasty guy. It will remove malwarebytes and micro systems and most anti-virus systems will remove it, but they won't un-encrypt your drive, right? >> Yes. >> If you have a crypto locker type virus, you can get it off your system, but if it has encrypted the drive- >> Game over. >> Yeah. [LAUGH] >> Yeah, definitely game over on that one. You do have, and again that's why it's good to be proactive. You need to have real time scans going on at all times to make sure that your systems do maintain a level of safety. We're gonna talk about it coming up. One of the biggest reasons you can get these viruses is through not updating your machines, not having all of the security defense in-depth in place. All right, so it looks like our machine is up and running, and I'm gonna go a little bit further. I'm actually gonna infect this with a couple of different, and you know what? Malwarebytes is doing its job. So, again you go back to that question, Dan, you asked about free is free worth it? You know what? This one's built into the system and you can see that it's doing its job even so much so that it doesn't want to play nice with letting me break Windows. You can see look there it is just catching all kinds of stuff. But what I really wanna do is I want you guys to see how Malwarebytes can do this so that if you don't have Internet connection, or for what ever reason, and this can happen. We were talking about this before we went on camera. Is that even legitimate executables, right? The things that you want to run, these viruses can shut down. So it's good to have something like Malwarebytes ready to go. All right, so it looks like we've got Malwarebytes. And I've got this strange Adobe connector. I need to, apparently, update my Adobe Flash Player on this. I don't have Adobe Flash Player on this. That's another telltale sign. Why is a piece of software that I don't even have installed trying to reach out and contact the Internet update? So let's go ahead. We'll do a quick scan here. And what it does is it does its preliminary scanning. And now, once that's done, it goes straight in the memory. And you could see it's gonna do, the scan shouldn't be too long. The drive really isn't too big here. And we're gonna see if it's gonna find this virus. Now keep in mind that this virus, if you will is inside of memory right now, and it is running. And I can see right now, right away without connecting outbound to the Internet, right? I don't have a definition database that I can update. That Malwarebytes has found two fake invoice trojans that are on this machine right now. Now we could let this thing keep running, all right, and it's let me know that it doesn't like, Windows Defender's like I'm the one that you want. [LAUGH] Not this guy. But we can see that Malwarebytes has done its job and we'll go ahead and let this run through and then through the magic of TV time outs, we'll come back and show you guys how we can eliminate these viruses. All right. So it looks like Malwarebytes has finished its scan. Let's see what it found. On our machine here we can see that it's found a few things. And you can see right there that HKU, right? That's your hotkey, or, excuse me, HKUsers, right? That's a subtree to the registry. And you can see that it found something way down there in the registry and you can see, look here, Rootkit banking trojan. So it's done its job, right? I would say it's made its money, but it was free. So back to your question earlier, Dan. You said about these free utilities, yeah this one's free. And I have used it a lot, and I know Dan's used it a lot too. So we're gonna go ahead and we're gonna choose Remove Selected, and then it says it's removing it. It's gotta clean this off so it's telling us hey, we're gonna generate a log for you so that if you need to review that information, which you should, you'll have that available. Now while that's restarting, I did go ahead and pull up HouseCall, I want to show you guys how to install that, cuz it's a really good program to run. Now, this machine isn't infected. Guys, I certainly don't want to attach an infected machine to our network. I'm sure Dan would absolutely love that. We're gonna go ahead. We're gonna run this and SmartScreen Filter is gonna do its job. You might say, wait a second Wes, you just ran a piece of software and you didn't check it first? We've got something built into Windows called SmartScreen Filter and what it does is it looks for applications that it's aware of that are digitally signed. And if it is digitally signed we know that we're good. All right, now notice that HouseCall again you could see it's downloading components updates, right? It's gonna pull down a definition database. It's gonna make sure that everything's up to date. Gonna make sure all the components within the software itself is up to date. And then we will probably have here in a second a crazy end-user license agreement that we're gonna have to accept. And then, what we can do from here is we can. Fast forward this into the scanning part. We'll give it a second here, and there it is. It's trying to show up. It's talking a little bit a time here. So HouseCall's a really, really good thing that if want something free, right? They’ve got online scanners that are available too that you can use. So for instance if I just wanna do a quick scan of common locations, I don't have to install anything locally. This one allows you to install it minimalistically, if you will, locally on the machine. Because every time you run HouseCall you're gonna have to connect outbound to the Internet. Let me show you what I mean here. Here's that End User License Agreement that comes up. And we're gonna choose Next, all right. And you do have some basic settings that you can do, for instance I can get in here and I can modify the settings, I can do a full scan or I can do a custom scan. So for instance, maybe Dan comes to me and says Wes, I've got a thumb drive, I think it might have some viruses on it, right? Well he might just say, so I formatted it. Well, maybe he wants a little bit of information on what virus might be on that thumb drive. Well I could also plug in a thumb drive if I want and customize the scan. We're just gonna go ahead and we'll leave it with just a basic scan here. Your log settings, again, if it does find stuff, it's found here, right here in HouseCall. Go ahead and go back, and we're gonna do a scan. Now you guys have seen this before. It's gonna run through, it's gonna do its scan. It's gonna check outbound. It's got its database. It can communicate. And one of the things that good about HouseCall is it stays up to date. Again, Trend Micro is constantly updating like all the major manufacturers or vendors are out there. But this isn't something like MBAM where you could have and mostly likely do have an out of date definition database and that's one of the good things about HouseCall. So Dan we got a couple of other products that I might want to mention here, if you're running Windows 7 you can always get Microsoft security essentials keep that in mind that is always an option. The other thing that you can get to, we've mentioned ABG, these are free out there. Whatever remediation, any virus technology used, the big thing is to make sure you use it, right? >> It's like a bullet proof vest. [LAUGH] You go out as a police officer. You're in probably in some danger. You get on the Internet, you have an element of danger that is out there. You need to take steps to protect yourself. And all you gonna do is put on some sort of bullet proof vest. That is our antivirus systems. So find one that you like that's easy for you to work, and that you've learned and it works for you. Learn it, use it, right, turn it on, keep it up to date, things of that nature. And we're gonna hit that topic quite heavily I'm sure, coming up. >> Yeah, definitely. One of the last ones that I might want to talk about real quick, we've talked about, do you have connection to the Internet, right? If you do, and you don't need to quarantine it to where you have don't any internet connection, you can use something like House Call, right? You have stuff that is built in to the machine that you can use as well. We've seen things like, for instance, Windows Defender, again, little bit older. If you've got Windows 7 Box, you can use something like Microsoft Security Essentials. If you're doing your updates, you should have the MRT in there. But what if it's so severe, right, that the moment you turn the computer on it's locked down. You can't do anything, right? They got a lot of technologies out there like ELAM, the Early Launch Anti-Malware Service that checks system drivers. But what happens if stuff gets past that? It is possible. Let me show you here, you could use something like this Kaspersky's Rescue Disk, right? And you can go ahead and accept the EULA here. And what this does is I put it on a thumb drive, right? And the computer isn't going, the hard drive in the computer isn't gonna be online, right? This is gonna be an offline mitigation. And it's not offline just from a network's standpoint, it's offline from a hard drive standpoint too. Because I don't want that hard drive booting up. So this is more of like a pre-installation environment. Windows Defender Offline has this Kasperky's, got their rescue disk here. And what gives me the ability to do is plug this into a machine, boot directly to the USB drive. You could use an optical disk if you wanted to, boot to the optical disk. And notice what I have here. I have a very small footprint Linux distro, like a Linux Live CD. And it's not running from the local hard drive, and it gives me the ability, and this is what I really like about this one, Dan. Notice that it gives me the ability to look at disk boot sectors too. All right, boot loader viruses are very hard sometimes to get rid off. And in fact, they like to inject rootkits down in the lowest portion of the operating system, because they boot up, and the any virus software's not even initiated yet. So it starts to do its job before your protection even kicks in. So this is a good thing that you can run this against the hard drive when in it's not on or when it's not initiated. And it knows where to check, knows to look down into the registry as well, just like we've seen Malwarebytes do it. But from this standpoint, the hard drive's not even running, and that might be one of your escalated mitigation techniques, right? It could be so severe you can't even turn the computer on. So it's a great thing to have, it runs in RAM. The next time I reboot this computer, it's gone, provided I don't the USB thumb drive still in the machine, it's gone. And then hopefully we can boot our machine up, and from there, problem is hopefully mitigated. >> All right, well, Wes, obviously you gave us some great tips and tricks on how to either remediate our machine if it does get infected, and how to keep ourselves out of the weeds while actually throwing on that vest, right? Put that bulletproof vest on, don't let it sit in the corner. It's out there, there are free ones. All you have to do is download and install and run it, and you're gonna have at least some level protection. And Wes, you've done a great job of showing us. >> Thanks. >> Some of the symptoms, if our computer does get infected, how to we know that happens, and then what to do if that is the case. Thanks for stopping by and explaining it for us, Wes. Thank you guys for watching, we're gonna go ahead and sign off for ITproTV. I've been your host Daniel Lowrie. >> And I'm Wes Bryan, >> We'll see you next time. [MUSIC]

Just you? Training a whole team? There's an ITProTV plan that fits.

With more than 4,000 hours of engaging video training for IT professionals, you'll find the courses you and your team need to stay current and get the latest certifications.