Welcome to Mirage's All-in-One Virus Guide!

~Do you think you have a virus on your computer? Do you need to know how to remove it? Well, worry no more my teenage comrades!~

TYPES OF MALWARE

The types of malware include (but are not limited to):


Spyware
Adware
Ransomware
Rogues
Rootkits
Trojans
Backdoors


I will now explain exactly what the different types of virus do.

SPYWARE

Spyware runs in the background of your computer, and the worst part is you may never even know it is there until it is too late. Most spyware comes in the form of a "keylogger" which (as the name suggests) logs your keystrokes. There are two different kinds of keyloggers, hardware and software. Hardware keyloggers are far less common then software keyloggers, as they have to actually be physically attached to the victim's computer by means of a USB drive or serial port. Software keyloggers record what you type and email the log back to the creator. Then the creator can use your sensitive account information for malicious activities.

ADWARE

Adware is one of the more obvious types of viruses. It can insert advertisements in many unwanted places, such as on the sides of your websites or on your Facebook timeline. These ads are only visible to you, and most of the time users infected with adware shrug it off as a new feature on the site they are viewing. This can also be one of the most profitable types of virus for the creator, because they are being paid every time you view one of the ads. Sometimes adware will be so bold it will insert advertisements directly on your desktop. Other forms of adware include "Shopping Alerts" or "Good Deal Notifications".

RANSOMWARE

Ransomware is the most profitable type of virus to create due to the reason that the only easy way to remove it is to complete a payment to the virus creator. These viruses are created solely as ways to earn money.

There are two types of ransomware; one of which I like to call "posers".
Posers lock up a system and display a notification like "Illegal Downloads Detected". The reason these types of ransomware are so successful is that they try to scare the user into paying to avoid prosecution. Some scare tactics they use are claiming to be the FBI or other body of government, stating a warrant for the user's arrest has been issued, or (for more advanced ransomware) providing faked court/police documents.

The other type of ransomware is what I like to call "brash" ransomware. Brash ransomware blatantly states that the user has been infected by ransomware and must pay to unlock their files.

Methods for payment (for both types of ransomware) often include:


Texting or calling a premium phone number
Sending a PayPal payment to a certain email
Straight up entering your credit card information into the form



ROGUES

Rogue Antivirus Software, or for short "Rogues", pose to be legitimate Antivirus software. Often the process of infection is started when a user visits a hijacked webpage which claims the user has many viruses (when in reality they don't) and then says that the user should download their antivirus software to remove the threats. The user downloads the fake software and is then (once again) told that they have viruses on their computers. The program will sometimes claim to remove one or two of the infections, but all rogues eventually pressure a user into purchasing the "full version" of the product to remove the remaining threats. When the "full version" of the software is purchased, an easy method of Uninstallation is usually presented to the user. If the user had stayed with the free version an apparent means of uninstallation would not have existed. Rogues are yet another profitable virus to create.

ROOTKITS

Rootkits usually do not fly solo, they simply make a clear path for another piece of malware to run undetected. The word "rootkit" is contracted from "root" (the user with the highest permissions on a *nix system) and "kit" which simply means a collection of software. They use the root account (which is similar to the Administrator account on Windows based systems) and allow certain programs to run undetected by antivirus software or the firewall.

TROJANS

Trojan Horse Attacks, commonly known as just "Trojans", pose as legitimate, helpful programs and can sometimes actually act as such. For example, let's say a user downloads a trojan called CalculatorPlatinum. CalculatorPlatinum actually functions as a working calculator, but at the same time it allows hackers to access your computer over the Internet by opening ports and disabling the operating system's protective measures. This type of virus can also be classed as a Social Engineering Attack, which is described in depth below under the main category "ONLINE THREATS".

BACKDOORS

Backdoor viruses focus mainly on one aspect of computing: remote access. They (similar to some rootkits) open up ports and falsely authenticate themselves which allows hackers to access the user's files and computer over the Internet, Local Network, or Intranet (only applicable for computers on business networks).

ONLINE THREATS

Sometimes there are viruses that you don't even need to download in order to be affected by them. Just visiting an infected or fake page can open your computer up to a network of cyber criminals!

PHISHING

Phishing is one of the more widely known types of online threat. They involve making a fake copy of a legitimate site with modified code. This modified code can send the login details to the creator which can in turn lead to unauthorized account access. The fake page often circulates through fake emails claiming to originate from the legitimate service. For example, you could get an email from what seems to be PayPal asking you to confirm your account details. You click the link in the email and without thinking you enter your login information. Nothing happens! You have just been "phished".

To keep yourself safe from this type of attack, take note of the following:

When you receive an email from a service asking you to confirm your login information, type out the URL to the service yourself and never click the links within emails. Some phish sites take advantage of human error, by hosting their fake copies at a website with only a one letter difference than the real one. For example, a spoof of PayPal would have the website papal.com or paypl.com.

If you are skeptical about whether an email actually originated from a legitimate service, check the real website and email the company asking if the email was sent out. If it wasn't, the company may ask you to forward it to them. When this happens, you are saving countless others who will now not fall prey to the phishing attack.

SOCIAL ENGINEERING

Social engineering attacks can be the most deadly. The attacker creates an online persona, maybe posing to be a 15 year old girl or something along the lines of that. Ultimately, they trick you into revealing your password. A common method of account hijacking is trying to reset a users password. At this point it usually asks the user the security question. The attacker can pop the security question and the unsuspecting user will answer it without thinking anything. Then the attacker is free to reset the password. Sneaky, huh?

GOOGLE VIRUSES/REDIRECT VIRUSES

Sometimes when you click a result on Google you will be redirected to an "unsavory" page completely unrelated to the result you clicked on. This is called a redirect virus. The most common issue that causes this is a modified "hosts" file. To edit your file back to normal, follow these steps.

1.) Run Notepad AS ADMINISTRATOR (Right Click -> Run as administrator)
2.) Navigate to File -> Open
3.) Navigate to the following directory: C:\WINDOWS\system32\drivers\etc\
4.) Make sure "All Files" is selected in the drop down menu, otherwise you won't see it.
5.) Double-click the "hosts" file
6.) Delete anything after these lines:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost


7.) Save the file, and you're finished!

REMOVAL STEPS

Think you're infected? Run these steps to cure your computer!

DISCLAIMER: Mirage or Virtual Teen is not responsible for any damage these programs or steps cause to your computer or other property. (Basically, if you mess up, don't blame us!)

To minimize damage in case something bad happens, create a system restore point before performing any removal steps. If the removal is successful, then create a new restore point after removal.

If the virus prevents execution of any or all programs mentioned below then reboot your computer in Safe Mode and then try again.

STEP ONE - RKILL

Step one is to download RKill from bleepingcomputer.net. Please make sure you download RKill from BleepingComputer ONLY as there are some trojans out there posing as RKill! Once you download it, run it. It will terminate all malware processes it can find. After this is complete, a logfile will pop up in notepad. Do not continue to the next step until this logfile has popped up (to ensure RKill is completely finished).

STEP TWO - COMBOFIX

Step two is to run ComboFix. ComboFix is a very powerful program (!) so only run it if you are 100% sure your computer is infected with a virus. So far, I have performed this step countless times and ComboFix hasn't messed anything up but that doesn't mean it couldn't for you!

STEP THREE - MALWAREBYTES

Now for the last step. Download Malwarebytes Anti-malware Free Edition (say that 10 times fast!) and run it. Often a quick scan is all you need to find everything, but feel free to run a full scan if you want. This step will clean up any remaining viruses or residual files from the previous steps.

~And like magic, the viruses are gone!~

Thank you very much for reading my All-in-One Virus Guide! I will make periodical updates on this guide.

~The last update was made to this page on: April 3rd, 2013~

thanks!

Awesome job, man. Thanks for making this it's great!

Niice work Max. Cudos

This is amazing. Thanks.

for rootkits i prefere tdskiller from Kapersky. (dunno how to spell). I agree with you on mbam and never tried combofix.

You should warn them about RATs and shit. People will crypt their virus/RAT and it will be FUD to like everything. Tell them to check msconfig for stuff and to check App Data for weird .dll files. Otherwise, you can still be infected.

A good idea might be to put a list of well known, free antivirus & anti-spyware software, such as AVG, Spybot S&D, Avira and MalwareBytes, at the end of the thread. It's well written though. Good job.

thanks, good job

but can you change the yellow to a different color? it kills my eyes

nice job it works.

I'm sorry are they the removal steps all from the same site?

Had a ransomware virus last night, tried the first step of what you said whithout any luck. But came to using Combofix and sorted the problem out straight away. So great job!

Thanks, I'll make sure to be more careful with what links i click.

Just got round to reading this all. Really good job Max

This is a really great post max, good job! :)

Awesome Information

thanks

Malwarebytes is the greatest program I have on my computer...including all the music, pics, and games. I run it every few days just out of habit.

Really good thread.

Spyware is the good one and that can be mentioned.

You should add Bootkits also.

Thanks man

This...list equals perfection! Thanks so much...bookmarked the page. Now I am armed and ready for when a virus attacks.

Oh My Goodness. Now I'm terrified of getting a virus. Awesome guide, thank you!

Wow, it looks like programing.. i need to take my time to do this :S

Wow thanks, very useful

thanks

This works I know but now my laptop is not wanting to turn on properly! I fear my only computer is now ruined and I've no money to fix or replace it.

Thanks for sharing but i already know all these types :)

HAH! You windows users and your viruses crack me up! :D

It seemed like a good guide though.

What if I can't download stuff?

thanks so much that is really helpful :)

Yup. This is a good sours for viruses.

Niiiice. Looks good. I'm a Windows user and viri are the bane of my existence. Glad I can now kill em off

welcome to mirage's all-in-one virus guide!

~do you think you have a virus on your computer? Do you need to know how to remove it? Well, worry no more my teenage comrades!~

types of malware

the types of malware include (but are not limited to):


spyware
adware
ransomware
rogues
rootkits
trojans
backdoors


i will now explain exactly what the different types of virus do.

spyware

spyware runs in the background of your computer, and the worst part is you may never even know it is there until it is too late. Most spyware comes in the form of a "keylogger" which (as the name suggests) logs your keystrokes. There are two different kinds of keyloggers, hardware and software. Hardware keyloggers are far less common then software keyloggers, as they have to actually be physically attached to the victim's computer by means of a usb drive or serial port. Software keyloggers record what you type and email the log back to the creator. Then the creator can use your sensitive account information for malicious activities.

adware

adware is one of the more obvious types of viruses. It can insert advertisements in many unwanted places, such as on the sides of your websites or on your facebook timeline. These ads are only visible to you, and most of the time users infected with adware shrug it off as a new feature on the site they are viewing. This can also be one of the most profitable types of virus for the creator, because they are being paid every time you view one of the ads. Sometimes adware will be so bold it will insert advertisements directly on your desktop. Other forms of adware include "shopping alerts" or "good deal notifications".

ransomware

ransomware is the most profitable type of virus to create due to the reason that the only easy way to remove it is to complete a payment to the virus creator. These viruses are created solely as ways to earn money.

There are two types of ransomware; one of which i like to call "posers".
Posers lock up a system and display a notification like "illegal downloads detected". The reason these types of ransomware are so successful is that they try to scare the user into paying to avoid prosecution. Some scare tactics they use are claiming to be the fbi or other body of government, stating a warrant for the user's arrest has been issued, or (for more advanced ransomware) providing faked court/police documents.

The other type of ransomware is what i like to call "brash" ransomware. Brash ransomware blatantly states that the user has been infected by ransomware and must pay to unlock their files.

Methods for payment (for both types of ransomware) often include:


texting or calling a premium phone number
sending a paypal payment to a certain email
straight up entering your credit card information into the form



rogues

rogue antivirus software, or for short "rogues", pose to be legitimate antivirus software. Often the process of infection is started when a user visits a hijacked webpage which claims the user has many viruses (when in reality they don't) and then says that the user should download their antivirus software to remove the threats. The user downloads the fake software and is then (once again) told that they have viruses on their computers. The program will sometimes claim to remove one or two of the infections, but all rogues eventually pressure a user into purchasing the "full version" of the product to remove the remaining threats. When the "full version" of the software is purchased, an easy method of uninstallation is usually presented to the user. If the user had stayed with the free version an apparent means of uninstallation would not have existed. Rogues are yet another profitable virus to create.

rootkits

rootkits usually do not fly solo, they simply make a clear path for another piece of malware to run undetected. The word "rootkit" is contracted from "root" (the user with the highest permissions on a *nix system) and "kit" which simply means a collection of software. They use the root account (which is similar to the administrator account on windows based systems) and allow certain programs to run undetected by antivirus software or the firewall.

trojans

trojan horse attacks, commonly known as just "trojans", pose as legitimate, helpful programs and can sometimes actually act as such. For example, let's say a user downloads a trojan called calculatorplatinum. Calculatorplatinum actually functions as a working calculator, but at the same time it allows hackers to access your computer over the internet by opening ports and disabling the operating system's protective measures. This type of virus can also be classed as a social engineering attack, which is described in depth below under the main category "online threats".

backdoors

backdoor viruses focus mainly on one aspect of computing: Remote access. They (similar to some rootkits) open up ports and falsely authenticate themselves which allows hackers to access the user's files and computer over the internet, local network, or intranet (only applicable for computers on business networks).

online threats

sometimes there are viruses that you don't even need to download in order to be affected by them. Just visiting an infected or fake page can open your computer up to a network of cyber criminals!

phishing

phishing is one of the more widely known types of online threat. They involve making a fake copy of a legitimate site with modified code. This modified code can send the login details to the creator which can in turn lead to unauthorized account access. The fake page often circulates through fake emails claiming to originate from the legitimate service. For example, you could get an email from what seems to be paypal asking you to confirm your account details. You click the link in the email and without thinking you enter your login information. Nothing happens! You have just been "phished".

To keep yourself safe from this type of attack, take note of the following:

When you receive an email from a service asking you to confirm your login information, type out the url to the service yourself and never click the links within emails. Some phish sites take advantage of human error, by hosting their fake copies at a website with only a one letter difference than the real one. For example, a spoof of paypal would have the website papal.com or paypl.com.

If you are skeptical about whether an email actually originated from a legitimate service, check the real website and email the company asking if the email was sent out. If it wasn't, the company may ask you to forward it to them. When this happens, you are saving countless others who will now not fall prey to the phishing attack.

social engineering

social engineering attacks can be the most deadly. The attacker creates an online persona, maybe posing to be a 15 year old girl or something along the lines of that. Ultimately, they trick you into revealing your password. A common method of account hijacking is trying to reset a users password. At this point it usually asks the user the security question. The attacker can pop the security question and the unsuspecting user will answer it without thinking anything. Then the attacker is free to reset the password. Sneaky, huh?

google viruses/redirect viruses

sometimes when you click a result on google you will be redirected to an "unsavory" page completely unrelated to the result you clicked on. This is called a redirect virus. The most common issue that causes this is a modified "hosts" file. To edit your file back to normal, follow these steps.

1.) run notepad as administrator (right click -> run as administrator)
2.) navigate to file -> open
3.) navigate to the following directory: C:\windows\system32\drivers\etc\
4.) make sure "all files" is selected in the drop down menu, otherwise you won't see it.
5.) double-click the "hosts" file
6.) delete anything after these lines:



7.) save the file, and you're finished!

removal steps

think you're infected? Run these steps to cure your computer!

disclaimer: Mirage or virtual teen is not responsible for any damage these programs or steps cause to your computer or other property. (basically, if you mess up, don't blame us!)

to minimize damage in case something bad happens, create a system restore point before performing any removal steps. If the removal is successful, then create a new restore point after removal.

If the virus prevents execution of any or all programs mentioned below then reboot your computer in safe mode and then try again.

step one - rkill

step one is to download rkill from bleepingcomputer.net. Please make sure you download rkill from bleepingcomputer only as there are some trojans out there posing as rkill! Once you download it, run it. It will terminate all malware processes it can find. After this is complete, a logfile will pop up in notepad. Do not continue to the next step until this logfile has popped up (to ensure rkill is completely finished).

step two - combofix

step two is to run combofix. Combofix is a very powerful program (!) so only run it if you are 100% sure your computer is infected with a virus. So far, i have performed this step countless times and combofix hasn't messed anything up but that doesn't mean it couldn't for you!

step three - malwarebytes

now for the last step. Download malwarebytes anti-malware free edition (say that 10 times fast!) and run it. Often a quick scan is all you need to find everything, but feel free to run a full scan if you want. This step will clean up any remaining viruses or residual files from the previous steps.

~and like magic, the viruses are gone!~

thank you very much for reading my all-in-one virus guide! I will make periodical updates on this guide.

~the last update was made to this page on: april 3rd, 2013~ thanks

You can also download malware bytes, and nuke the little bastard

Malwarebytes does wonders.

I use ghostery,avast,and wot in chrome.. I still need to replace Norton with avast free. I can't pay for one..

This is really good, thanks for posting.

I am in Cyber Patriot which totally doesn't make me qualified to talk about viruses ;)
This guide was very helpful, thank you for posting this!

This a good virus/malware removal guide for those with such a bad infection that they can't run Windows to begin with.

https://www.maketecheasier.com/remove-windows-viruses-with-linux/