What is malware: how it works and how to remove it?

What does malware do?

Malware isn’t all homogenous. Lots of different kinds of malware do different things. However, they all have one thing in common: malware helps its creator at the expense of the victim and their computer.

Types of malware

Many kinds of malware exist; more appear every year. Here’s a non-comprehensive list of malware types and its definitions:

• Viruses. These malicious programs modify other files programs to spread. Every virus is unique in terms of its actual payload, but they all spread the same way.
• Ransomware. Occasionally also known as crypto-lockers, these programs encrypt important files on the victim’s computer and make them pay up to decrypt. Ransomware is profitable and devastating to larger organizations, with some high-profile examples causing millions in damages.
• Spyware. Whether it’s used by a suspicious spouse or a fraudster, spyware allows criminals to access their victims’ keystrokes, passwords, and other sensitive information. Some kinds of spyware are more nefarious than others—those used to steal bank credentials are usually more sophisticated than those used to monitor a loved one’s computer usage.
• Rootkits and bootkits. These extremely advanced types of malware hide in the lowest levels of a computer’s running software. Rootkits can’t be found through traditional means because they infect low-level, highly-trusted code. Bootkits run at an even lower level, starting before the operating system itself does.
• Adware. As the least malicious type of malware, adware just displays ads on the victim’s computer. Adware frequently comes bundled alongside more sophisticated malware, however, so don’t treat an adware infection as no big deal.
• Bots. With botnets, criminals remotely control hundreds or thousands of computers simultaneously. Botnets are used for distributed denial of service (DDoS) attacks on websites and other systems. To join a botnet, a device must be infected with bot malware.

How does malware spread?

Different kinds of malware spread differently. Some types, like viruses and worms, are characterized by how they spread.

• Viruses insert their own code in other programs.
• Worms take advantage of flaws in software to spread without input from the user.
• Trojan horses trick users into installing malware by masquerading as a legitimate program.
• Fileless malware exploits bugs in software or uses built-in tools like PowerShell to remain resident with no traces left on the user’s hard drive.

Although some kinds of malware spread with no user interaction, email is the most common distribution method for malware. According to data from Cisco, over 90% of malware infections start with malicious or infected emails.

Mobile device malware generally spreads through infected apps on third-party app stores, although it occasionally ends up in the official platform store as well.

What is the purpose of malware?

Like other white-collar crime, malware is generally intended to make money for its creator. Although some of the first worms were experiments or toys, modern malware is a serious crime.

Each specific type of malware makes money or gains power in a unique way. Banking trojans, for example, serve to steal banking credentials, allowing attackers to drain victims’ bank accounts. Some spyware is used to blackmail victims with sensitive data. Other malware is built for industrial espionage.

How do I detect malware?

Although many kinds of malware don’t leave a trace, others are less subtle. Adware is very easy to detect: you’ll start seeing ads in places you wouldn’t expect them. Ransomware is similarly easy to detect—you’ll see the ransom message. Other times, the only symptom is a slower computer.

Antivirus software can detect common malware with reasonable accuracy. If your antivirus software warns you that you have malware installed, heed its warnings. False positives, while possible, are fairly rare.

How do I remove malware?

Whether you’re using a PC or a Mac, there are some of the things that you should do if you suspect that your device was infected by malware. Here’s a step by step how you could remove it without losing all your files in the process.

1. Disconnect your device from the Internet

The first thing you have to do is unplug yourself from the Internet. It would even be better to disable the home router as well. This is because most malware types have some mechanisms to prevent them from being shut off. They might be pumping your private data into the hacker’s home server. When you disconnect, the main link to your device is broken. If you disable the whole router, it’s an even better choice since that way, you completely disappear from the radar.

2. Boot into the safe mode

Assuming that it isn’t ransomware and you can actually access your system, what you should do is boot into your system’s Safe mode. It launches only the core functionalities of your system. That’s why Windows 10 even have a separate partition for system files when it installs. Here’s how to enter this mode:

• On Mac, restart your system. Before the Apple logo shows up, press, and hold the Shift key. Enter your password, and you’ll access the system in a safe mode.
• On Windows, during bootup, you should press Ctrl + F8. Then out of the list of options, select Safe mode without networking.

If you’re able to boot in a safe mode, this means that the malware didn’t corrupt the essential system files, so it’s a pretty good chance that you’ll be able to clean up. If you’re unable to enter even into the safe mode, it might be that you should resort to system wipe.

3. Run a malware scanner

If you can, you should get a thumb drive and download the malware from a separate machine and network. Plugin the thumb drive and install the antivirus, perform a scan. Resolve any identified threats. It’s also a good practice to use antiviruses from different makers. That way, you will rely on the highest malware labs data, which might include the one that currently inhabits your system.

4. Re-install browser

Various malware types usually mess up your default browser’s homepage to infect your system the next time you connect to the Internet. While you’re there, uninstall your current browser and delete all saved settings. Don’t forget to delete the cache. It will help if you reinstall it once you confirm that the malware is gone.

5. Check if the malware is gone

Finally, you should initiate a normal startup and boot into normal mode. You can go to the process monitor to verify that nothing suspicious is running in the background. To be on the safer side, you should always perform another antivirus scan once you’ve booted into the system. If it returns no errors, you should be in the clear.

Computer wipe

Wiping your computer is another effective way to remove malware. This involves a few general steps:

1. On a clean computer, create an install drive. This is easy and free for Windows. Just download the ISO file and use Microsoft’s tool to create a bootable flash drive.(If you’re a Mac user, you can skip this step by using Internet Recovery. Regular recovery mode may be infected, so don’t use it.)
2. Back up your data from the infected computer. Files you backed up might be infected, so don’t open them on a clean computer just yet.
3. Boot from the USB drive or Internet recovery and install your operating system onto your computer’s internal hard drive. This will overwrite all of your data.
4. Boot your computer from the internal drive and continue the setup process. It will feel like you got a brand-new computer.
5. Install an antivirus solution on your computer, plug in your backup drive, and scan the files you backed up. Don’t open any until the antivirus software shows that your backup has a clean bill of health.

It’s easy to wipe your phone, whether you use Android or iOS.Here, we show you how to remove malware from Android or iPhone devices.

How can I protect against malware?

Hundreds of corporations offer software that protects against malicious software. However, some work better than others. Plus, the tradeoffs differ between antivirus programs. Some emphasize extra features, while others focus solely on speed and performance.

Both macOS and Windows include antivirus software out of the box. Windows has Microsoft Defender preinstalled, while macOS includes a variety of security features like XProtect and Gatekeeper. While these options are great baseline protection, they’re not enough for many computer users today.

• The software should offer active scanning so that you are continuously protected in the background.
• It should come from a reputable vendor. Amusingly, some malware disguises itself as antivirus software, so pay attention to reviews and make sure to download a legitimate option, not a fake.

Your cell phone or tablet can also fall victim to malware. To protect yourself there, only install apps from the Apple App Store or Google Play Store. Most smartphone malware comes from third-party app stores and sideloaded apps. Additionally, keep your device up to date to avoid worms and other similar malware that relies on security vulnerabilities.

Beyond antivirus software

Even though antivirus software is useful, you can improve your security further by going beyond simple file scanning. Many Internet security suites and corporate endpoint protection solutions scan email attachments, websites, and other common attack vectors. Gmail and Outlook also scan attachments by default.

Protecting against the potential effects of malware is often just as important as protecting against malware itself. Ransomware encrypts files, so having a backup of your data beforehand makes it a lot less dangerous. Using multi-factor authentication means that credential-stealing spyware can’t log into your accounts without you approving the second factor.

No matter what software or techniques you choose to use, vigilance and common sense matter. Most malware requires convincing you that it’s legitimate, so stay on your toes and don’t trust software blindly.