Conficker: a good excuse for an early spring cleaning

Conficker: a good excuse for an early spring cleaning

Summary: Some of you have probably heard about Conficker.C, the computer virus/worm that is set to activate on April 1st.

SHARE:

Some of you have probably heard about Conficker.C, the computer virus/worm that is set to activate on April 1st.  Conficker.C exploits a particular vulnerability in Windows that was announced in October of 2008 which allows code to be remotely executed. Nobody exactly knows what Conficker.C is supposed to do on April 1st, other than receive and and execute instructions from various remote systems, but it is presumed that infected computers will become minions of some huge botnet, with some nefarious purpose such as a large denial of service attack on a singular or group of entities or perhaps steal huge quantities of personal information. Or wipe everyone's hard disks.

Chances are, if you don't hang out on peer-to-peer file sharing networks (or naturally, if you use Linux or Mac OS X, which are not susceptible to Windows viruses) and your system is up to date with all current Windows patches you're probably fairly safe from Conficker.C. But no matter how well prepared you think you are against a malware attack, I see Conficker.C as a good excuse to perform an annual "Spring Cleaning" of your PC, especially if you're finding performance to be sluggish and are experiencing what I commonly refer to as "Windows Crotch Rot" -- the natural deterioration of a Windows system after a period of lengthy use due to registry corruption and leftover junk. While admittedly Vista is less susceptible than XP to these types of issues,  it's certainly not immune to this type of degradation.

Click on the "Read the rest of this entry" link below for more.

Antivirus Software

I can't tell you how many systems I have encountered owned by friends and family members who have let their introductory subscription of whatever included antivirus software package runs out that comes with their new PC. I've never been able to figure this out, but I believe many people think that the "Your update subscription is going to run out, subscribe for $49.00 for 1 year of support" warning message is some kind of ruse into giving Symantec or some other company extra money for a newer version when their current anti-virus product is working perfectly, so they just ignore it.

Naturally, their virus definition update service stops working, and a year later, they get nailed, thinking their software has been protecting them all along. Or maybe they've been nailed long ago and they don't even know it, wondering why their PC has been misbehaving and running slowly for months.

Conficker.C is a particularly nasty virus as it is capable of scanning and killing processes for security products including disabling firewalls, patch deployment, as well as antivirus software. So it's essential that your antivirus software is kept up to date.

I have no problem with spending money on commercial anti virus systems -- such as Norton Antivirus 2009 (or Norton 360 3.0) and ESET NOD 32 Antivirus 4, which are very polished and effective products, but in this day in age I can completely understand why someone might think twice of pulling out their credit card when their computer suddenly prompts them to spend $50.00 -- and frankly, if you're a home user, there's several good free antivirus solutions out there.

Clam AntiVirus
Image via Wikipedia
First and foremost I would like to mention Clam Antivirus or CLAMAV, which is an Open Source antivirus product, and I happen to like it a lot because it is multi-platform -- it runs on all versions of UNIX including Linux and Mac OS, as well as on Windows. If you use alternative platforms such as Linux and Mac, you can still be a vector for spreading computer viruses even if the virus itself cannot affect you, so I still suggest you scan your systems on a periodic basis, at least once per day, particularly if you exchange files with Windows users. CLAMAV is a very fast virus scanner as it runs on the command line on-demand or via a scheduled cron process, but there are also GUIs available for it, such as KLAMAV for Linux KDE.

On Windows, the GUI-based, run on demand ClamWin is an excellent manual no-frills virus scanner, and it is fully capable of killing Conficker.C.

Should you be unlucky enough that your system becomes totally infected to the point where it has slowed to a crawl and malware processes are rendering it unusable, CLAMAV is built into a number of bootable Live CD Linux distributions, such as System Rescue CD and KNOPPIX, which are capable of read-write mounting your local NTFS filesystems and cleaning off the viruses. Conficker.C can actually block you from downloading antivirus software from the Internet should you actually become infected, so booting from one of these utility distros may be your best (and only) option for cleanup if you actually do get hit. I always keep System Rescue CD around just for this purpose if a Windows system is rendered unusable by a virus infection.

For fully integrated free virus scanners for Windows, I happen to be partial to Avast! Home Edition. When installed, Avast! is completely integrated into Windows with support for web browsers, P2P file sharing and instant messaging clients, runs resident and scans files, and doesn't bog down system performance. It automatically updates itself and provides scanning with a slick looking and easy to use GUI.

Antispyware Packages

Spyware and Adware protection is another area where end-users can get complacent. Like antivirus, there are a number of very good commercial antispyware packages out there such as Webroot Spy Sweeper (the current version of which comes with antivirus software from Sophos) but there are some free solutions that do a particularly good job.

The first of which is Spybot Search and Destroy, which is by far the most comprehensive free spyware scanning and cleaning solution available today. As of March 25, 2009, the software has over 1,525,689 fingerprints in 484951 rules for 4580 products which it can block and remove from your system. In addition to being able to thoroughly sweep your registry and file system for spyware signatures, the software includes an optional real-time registry change monitor known as TeaTimer which actively warns against registry changes to the system that may be malicious -- it should be noted, however, that TeaTimer alerts can be kicked off when doing something innocuous as installing software packages and regular software updates, so some users might find it it be a nuisance particularly if they do a lot of software downloads.

Another free antispyware product is Microsoft's own Windows Defender which comes included with Windows Vista and the current Windows 7 beta, and can be installed optionally as a free download on Windows XP. I personally feel that while Windows Defender isn't a detriment (although I find its usefulness on XP to be marginal at best) I don't find it to be nearly as effective as a dedicated spyware sweeper or as comprehensive a blocking tool as SpyBot Search and Destroy's TeaTimer, so I wouldn't rely on it exclusively.

System Optimizers and Cleaners

In addition to virus infections and spyware and other malware which can degrade performance, Windows's performance will degrade simply from everyday use and requires periodic maintenance to prevent performance deterioration. This includes cleaning up after regular Internet browsing, emptying temporary files that are no longer needed, and removing vestigial traces of applications that have been removed from the system. There are a number of applications on the market that will keep your system "Clean" but I have two particular favorites which won't cost you anything.

The first is Piriform Software's CCleaner, a freeware utility which I find to be invaluable for emptying out browser caches, removing uninstaller files and correcting registry errors. It's also an excellent program to use for quickly removing unwanted bundled applications (aka "Crapware") that get installed (such as the Yahoo toolbar which seems to be packaged with just about everything nowadays) and disabling various services on startup which run in the background that take up precious memory and chew up CPU cycles. Do you really need the Java updater service, the Google updater, the Apple Software updater, the Adobe updater, Picasa file monitor and nine other non-critical software processes running constantly? CCleaner is a great tool for that.

Another application that I heartily recommend is IOBit's Advanced SystemCare 3 Free, which is a one-button "Fix Everything" application that combines some of the functions of CCleaner (Browser Clean/Cache/Junk Clean/Registry Repair) with some of the functions of SpyBot (Spyware Sweep) as well as other system maintenance tasks (System Defrag/Memory Optimzation). IOBit also sells Advanced SystemCare 3 Pro, ($19.95) which runs in a "Set it and forget it" mode in the background, and includes a number of other optimization utilities (such as a file system defragmentation utility).

While not specifically a systems optimization or cleanup suite, I want to mention another invaluable utility that I just found out about (thanks Custard_over_2x_Pie)  a Free/Open Source program, WinDirStat which replaces the very similar $28 MoleSkinSoft Directory Size utility which I spoke about in an earlier draft. If your hard disk is running out of space, don't just immediately consider buying a new external or internal hard drive to fill it with more crap -- figure out what's eating all that space first. WinDirStat is useful for finding directories and files that are hogging up your system and will quickly identify the culprits, and show you graphically who the big hogs are. Got a giant pile of CD ISO files or scanned documents you don't need chewing up 60GB of space in some forgotten folder six levels down which you forgot about a year ago? Do you have invisible temp and uninstaller directories from previous Service Pack installs beneath your /WINDOWS directory (called $NTuninstall ) eating up hundreds of megabytes that can be freed up? This tool will help you find them so you can offload them or delete them from your drive.

Lastly, I'd like to mention the free Windows Installer Cleanup Utility from Microsoft. This program allows you to clean up directories from aborted installed products which use the MSI packaging format. This program should be used with caution, as it might require that you have to re-install other applications on your system.

Got any other good "Spring Cleaning" tips? Talk Back and let me know.

Reblog this post [with Zemanta]

Topics: IT Employment, CXO, Malware, Operating Systems, Security, Software, Windows

About

Jason Perlow, Sr. Technology Editor at ZDNet, is a technologist with over two decades of experience integrating large heterogeneous multi-vendor computing environments in Fortune 500 companies. Jason is currently a Partner Technology Strategist with Microsoft Corp. His expressed views do not necessarily represent those of his employer.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

41 comments
Log in or register to join the discussion
  • Very Poor Recommendations

    Commercial Anti-virus: You recommend ESET NOD32
    and Norton 360. If you actually do take a look
    at the latest comparatives like av-
    comparatives.org, you will find that your best
    bet lies with Avira Antivir. Its not premium
    priced like ESET NOD32 or Norton 360(a bloated
    suite) but does the best job of detecting
    malware.

    Free Anti-virus: I cannot believe you
    recommended Clam AV to windows users. And you
    totally fail to mention that it lacks a real
    time resident shield. Do you realize how
    dangerous can it be for someone who relies on a
    non-resident anti-virus to even surf the net.
    But its good to know that Christopher Dawson
    has finally found a brother. Chris loads his
    kid`s PC with Clam AV and then writes a post
    wondering why his PC got infested with malware.
    Come on man, do some research before firing
    off recommendations. I am not against Clam AV,
    nor am I affiliated with Avira, but relying on
    a non resident anti-virus is like driving
    without a seat-belt because you have a skilled
    doctor friend who treats you for free.

    Free anti-spyware: Now this is where you really
    lost it. Spybot is an ok program, if you
    consider it with tea-timer turned on. But if
    your anti-virus program already provides
    antispyware capabilities then adding one more
    real-time shield to the mix doesnt make sense.
    In such a situation a standalone anti-spyware
    is better off being used as an on-demand
    scanner only. And believe me, if you compare on
    demand scanning performance then you can find
    better alternatives in Super-Antispyware and
    Malwarebytes Antimalware.

    iravgupta
    • Can't speak to the others

      but I'll go with you on the Norton 360 as a bloated piece of software.

      Norton AV with spyware seems to have been done right, I haven't noticed any significant slow down in performance.

      Tested 360 and I'll tell you, the two systems took a dive in performance!
      AllKnowingAllSeeing
    • Norton

      Earlier versions of their suites were much more
      resource intensive, but not their 2009 products
      which equate to a total redesign and are much
      less memory hogs. I was impressed with the
      product when I tested it this year.
      jperlow
      • Actually, they are still resource intensive

        I uninstalled Norton Internet Security 2009, and installed Kaspersky's Internet Security package... like night and day.

        Norton is still bloated somehow, and to make things worse..... I makes a bunch of 'unmovable' files on the hard drive that make things fragment faster.
        Lerianis
        • Kaspersky pollutes your drive

          Kaspersky pollutes the hard drive with alternate data streams. Uninstall it and tell it to toss the ADSes, and watch how long that takes. Garbage!
          cryptikonline
      • More like Symantec Corporate?

        I've never been impressed by Norton consumer AV products, but Symantec Corporate AV always seems to play nice.
        seanferd
  • I'll stick with my Antivirus XP 2009, thanks.

    I'm KIDDING! :p
    MGP2
    • LOL!

      That's a good April Fools joke right there!
      eMJayy
    • A wise choice!

      You can't go wrong with it! If Loverock recommends it then it must be good.
      InAction Man
    • <a href="http://www.berkshirecleaning.co.uk">Carpet Cleaning Reading</a>

      @MGP2 <br><br>Funny!
      dmtaylor247
  • RE: Conficker: a good excuse for an early spring cleaning

    Actualy Nod32 and Norton 360 are perfectly fine programs.
    Avira actualy uses more memory than both so norton's not actualy that bloated.
    And you failed to mention that avira has also a very high rate of false positives which can undermine its effectiveness.
    Spybot also locks the host files and has a proces smonitor and killer (in the tools section it can unload modules as well.) as well as a few other useful tools that you dont get in MBAM or SAS (not that ive ever actualy found MBAM or SAS to be useful).
    jdbukis@...
    • MBAM not useful???

      Holy cow! I would like to call you something right now, but I'll refrain. I use Malwarebytes Anti-Malware all the time to clean all kinds of junk from computers. It may not get all trojans or rootkits, but it does a good job and if you have the full time protection enabled with the full version, it works well to protect you.
      PcJunkie
  • My Preferred Method of Windows Virus Removal

    If you boot into Knoppix, run apt-get update and apt-get install clamav, you'll get the latest patched 0.94 version of clamav. You can opt to save your settings with Knoppix SaveConfig to a partition or a pen drive.

    Essentially you can mount with ntfs-3g (read/write) the Windows partition and scan it with clamav. This keeps conficker (or any other virus clever enough) from attempting to thwart attempts to find it (conficker includes over 500,000 virus signatures in the clamav main and daily database).

    This is my preferred method of virus detection and removal.

    Here is a 'how-to' to help you use clamav from Knoppix:

    http://www.volatileminds.net/projects/clamav/tutorial.html

    If you need help in virus removal, I can be reached from my website contact page.

    P.S. Users reluctant to use this method might want to consider downloading BitDefender.

    This ComputerWorld article drew it to my attention:
    http://www.computerworld.com.au/article/279991/romanians_find_cure_conficker

    The Conficker removal tool can be found here:

    http://www.bdtools.net/

    Be safe Folks.

    Dietrich T. Schmitz
    http://www.dtschmitz.com
    no_zd_user_name
    • Yes

      Didn't want to go into detail, but that's why I
      mentioned the Linux live CDs.
      jperlow
  • What did this cost Businesses (repeat from years ago)

    I would like to know a 'dollar cost' of all of the outages from Windows XP, Vista, Windows Server 2000, 2003 and 2008 gasp anyone who would choose this platform.....

    I find it amusing that people still cling to this monolithic OS full of security holes and blame people for not patching when the only people who understand 'Windows code' are virus writers & hackers PERIOD!

    Christian_<><
  • WinDirStat to identify disk space use of files and folders. $0.00

    nt
    Custard_over_2x_Pie
  • Install Centos (and wipe out Wormdows forever)

    Then you will never have viruses/malware/spyware/trojans/worms again.

    Dump the 'Wormdows' Operating System!

    :)
    Christian_<><
    • No, don't dump it

      Because as soon as your 'Centos' becomes an operating system with 15% marketshare or more..... you'll see worms, virus, malware for it, you farking idiot!
      Lerianis
      • Wow...what kind of freakin' optimist are you?

        [i]Because as soon as your 'Centos' becomes an operating system with 15% marketshare or more..... you'll see worms, virus, malware for it, you farking idiot! [/i]

        Did you mean "as soon as your 'Centos' becomes an operating system with 15% marketshare or more..... [b]your child or grandchild[/b] will see worms, virus, malware for it... ]:)

        MGP2
    • Yawn...

      Same tired blather from the same tired troll.
      MGP2