正如我们的身体与感染带来的昏昏沉沉的感觉作斗争一样,我们的设备也会抛出某些可能表明存在许多问题的症状或错误。
恶意软件(Malware)感染通常通过访问受感染的网站、单击社交媒体或电子邮件消息中的恶意网站链接或插入受感染的USB闪存驱动器来实现。同样,您的操作系统和应用程序中的漏洞使网络犯罪分子更容易在您的服务器上安装恶意软件。
主要目标是窃取数据,但直接攻击(direct attacks)也会出于其他邪恶目的而发生。由于零日漏洞使它们成为更有价值的目标,因此它们更容易受到攻击。
但是,并非每个错误本身都会触发危险信号,但如果您知道要注意什么(what to look out for),那么一些意外行为可能会引发警钟。
(Telltale Signs)受恶意软件感染的计算机(Computer)或服务器的(Server)迹象
如果您认为您的计算机或服务器已感染恶意软件,请检查以下行为:
· 性能下降
· 运行缓慢的进程
· 过多的硬盘活动
· 无法(Inability)连接到互联网
· 系统感染的屏幕警告
· 浏览器劫持(Browser-jacking)或重定向
· 无法打开 Microsoft 安装程序( Inability to open Microsoft Installer)或 EXE 文件
· 缺少文件,开始菜单(Start Menu)下没有条目或空白 C: 驱动器
· 防病毒(Antivirus)图标无法启动或从系统托盘中消失
· 无法访问更高级别的系统控制功能
· 更长(Longer)的窗口加载时间或根本不打开
· 看似随机的程序在后台运行
· 浏览器上的Internet主页已更改
· 比平时频繁出现的弹窗广告
· 不寻常的(Unusual)图标和错误的设备管理器(Device Manager)
那么,如果您在计算机或服务器上看到这些和其他奇怪的行为,您会怎么做?以下(Below)是我们对您可以采取的即时修复和预防措施的总结。
立即扫描您的系统(Scan Your System Immediately)
这是第一道防线。如果您安装了防病毒软件,请立即扫描您的系统(scan your system)以检查是否存在任何可能的恶意软件感染。如果感染明显且易于定位,您可以尝试移除。如果没有发现任何东西,而您仍然觉得有些不对劲,您可以运行替代的当前和经过测试的防病毒扫描程序。
请记住定期对您的计算机运行防病毒扫描,并对服务器以及通过(Remember)FTP连接到它的所有其他设备进行实时和预定扫描。投资一个好的恶意软件清除软件(malware removal software)和一个服务器监控工具,用于实时更新你的服务器性能。
将您的计算机引导至安全模式(Boot Your Computer into Safe Mode)
断开您的计算机与 Internet 的连接并启动到安全模式。在这种状态下,只会加载最低要求的服务和程序,并防止任何恶意软件设置为在您的操作系统启动时启动(该过程因您的操作系统而异)。
如果您的 PC 在安全模式下(Safe Mode)运行得更快,这可能意味着两件事:您有许多随您的操作系统启动的程序,或者恶意软件感染。
在开始任何操作之前,请删除临时文件(delete temporary files)以加速恶意软件扫描,同时清除下载的病毒文件。确保(Make)您的操作系统和应用程序始终使用最新的安全补丁进行更新。
恢复干净的备份
受感染计算机的主要症状之一是文件丢失,这可以通过维护数据的定期备份来解决。这样,如果感染难以删除,您仍然可以使用已备份到外部硬盘驱动器或云备份(cloud backup)的文件重新开始,而影响最小。
也对备份运行(Run)病毒和恶意软件扫描,以确保它们也没有被感染。
对于您的网站,将任何受感染的文件替换为干净备份中未受感染的副本。或者,如果您没有备份,请向您的主机询问您的文件的旧版本。
坚持使用信誉良好的网站和应用程序(Stick to Reputable Sites and Apps)
互联网充满了令人难以置信的内容和令人惊叹的应用程序。但是,下载此类应用程序或访问所有其他网站可能是一场危险的游戏。
坚持(Stick)信誉良好的网站,并在点击链接之前始终了解链接背后的内容。如果您怀疑该站点或链接,请进行在线搜索以检查它是否是已知的在线骗局。
反检查电子邮件附件和链接(Counter-check Email Attachments and Links)
电子邮件附件(Email attachments),无论是否来自您认识的人,也可能被恶意软件感染并用于传播感染。补救措施是不要打开您不确定的文件,并在下载并在您的计算机上打开之前对其进行扫描。
网络犯罪分子使用网络钓鱼电子邮件(phishing emails)诱使您点击它们,然后访问恶意网站或下载受感染的文件。这些可以是虚假的银行通知或朋友的消息,甚至是假定的病毒警告。
不要打开带有 .exe、.com、.pif和.src等扩展名的文件。
使用强密码或身份验证工具(Use Strong Passwords or Authentication Tools)
密码和其他机密数据是网络犯罪分子的主要目标之一。这就是为什么为每个在线帐户使用强大、唯一且复杂的密码组合很重要的原因。
如果您不记得所有密码,请找一个好的密码管理器(password manager)来帮助您。还可以在可用于额外保护层的情况下使用双因素身份验证。
对于您的网站和服务器,更改所有关联的访问代码,并使用FTP over SSL或SFTP进行加密的网络空间访问,而不是正常的FTP访问。
使用谷歌搜索控制台(Use Google Search Console)
当 iti 扫描此类软件时,此工具(tool)可以检测网站中何时存在恶意软件感染,然后为您提供必要的帮助来解决它。
找到并删除恶意代码字符串后,请联系搜索引擎以重新考虑和/或将您的网站从其包含恶意软件的网站黑名单中删除。您可以使用此工具进行Google,或使用Bing 网站管理员工具(Bing Webmaster Tools)。
结论
摆脱恶意软件可能很棘手。你如何解决它取决于你设法捕获的错误,但上述方法将有助于最大限度地减少重复感染的风险,同时在不破坏数据的情况下摆脱它们。
What To Do If You Think Your Computer Or Server Has Been Infected With Malware
Just as our bodies struggle with the groggy feeling that comes wіth infections, our devices also throw up certain symptomѕ or errors that could indicate a number of problems.
Malware infections usually come through visiting compromised websites, clicking on the links to malicious sites from social media or email messages, or inserting infected USB flash drives. Similarly, vulnerabilities in your operating system and applications make it easier for cybercriminals to install malware on your server.
The main goal is to steal data but direct attacks also happen for other nefarious purposes. They’re easier to compromise owing to zero-day vulnerabilities that make them a more valuable target.
However, not every error on its own can trigger red flags, but if you know what to look out for, there are some unexpected behaviors that may set off alarm bells.
Telltale Signs of a Malware-Infected Computer or Server
If you think your computer or server has been infected with malware, check for behaviors such as:
· Reduced performance
· Slow-running processes
· Excessive hard drive activity
· Inability to connect to the internet
· On-screen warnings of system infection
· Browser-jacking or redirects
· Inability to open Microsoft Installer or EXE files
· Missing files, no entries under Start Menu or a blank C:drive
· Antivirus icon can’t be started or disappears from system tray
· No access to higher-level system control functions
· Longer load times for windows or not opening at all
· Seemingly random programs run in the background
· Internet home pages on your browser have been changed
· Frequently occurring pop-up ads than the usual
· Unusual icons and erroneous Device Manager
So what do you do if you see these and other strange behaviors on your computer or server? Below is our roundup of the immediate fixes and preventive measures you can take going forward.
Scan Your System Immediately
This is the first line of defense. If you have an antivirus installed, scan your system immediately to check for any possible malware infections. If the infection is obvious and easily located, you can attempt a removal. If nothing is found, and you still feel something’s not right, you can run an alternative current and tested antivirus scanner.
Remember to regularly run an antivirus scan for your computer and real-time and scheduled scans for servers, and all other devices connected to it via FTP. Invest in a good malware removal software, and a server monitoring tool for real-time updates on your server’s performance.
Boot Your Computer into Safe Mode
Disconnect your computer from the internet and boot into Safe Mode. In this state, only the minimum required services and programs will load, and prevents any malware is set to startup when your OS starts (the process varies depending on your OS).
If your PC runs faster in Safe Mode, it could mean two things: you have many programs that startup with your OS, or a malware infection.
Before starting anything, delete temporary files to accelerate the malware scan, while clearing downloaded virus files. Make sure your OS and apps are always updated with the latest security patches.
Restore Clean Backups
One of the main symptoms of an infected computer is missing files, and this can be remedied by maintaining regular backups of your data. This way, if the infection is difficult to remove, you can still start over using files you had backed up to your external hard drive or cloud backup, with minimal impact.
Run virus and malware scans on the backups too just to be sure they’re not infected as well.
For your website, replace any infected files with uninfected copies from the clean backup. Alternatively, if you don’t have a backup, ask your host for old versions of your files.
Stick to Reputable Sites and Apps
The internet is chock full with incredible content and amazing apps. But, downloading such apps or visiting every other site can be a dangerous game.
Stick to reputable sites and always know what’s behind the link before you click on it. If you doubt the site or link, do an online search to check if it’s a known online scam.
Counter-check Email Attachments and Links
Email attachments, whether from someone you know or not, may also be infected by malware and used to spread infection. The remedy is not to open files you’re unsure about and scan them before downloading and opening on your computer.
Cybercriminals use phishing emails to lure you into clicking on them, and visiting malicious sites or downloading infected files. These can be anything from a fake bank notification or message from a friend, or even a supposed virus warning.
Don’t open files with extensions such as .exe, .com, .pif and .src.
Use Strong Passwords or Authentication Tools
Passwords and other confidential data are one of the main targets of cybercriminals. This is why it’s important to use a strong, unique and complex password combination for each online account.
If you can’t remember all your passwords, get a good password manager to help you with that. Also use two-factor authentication where available for an extra layer of protection.
For your website and server, change all associated access codes, and use FTP over SSL or SFTP for encrypted webspace access, instead of the normal FTP access.
Use Google Search Console
This tool can detect when there’s malware infection in a website as iti scans for such software, and then gives you the necessary assistance to resolve it.
Once you find and remove the malicious code string, contact search engines to reconsider and/or remove your site from their blacklists of sites with malware. You can use this tool for Google, or use Bing Webmaster Tools.
Conclusion
Getting rid of malware can be tricky. How you pull it off depends on the bugs you manage to catch, but the methods above will help minimize the risk of repeat infection while getting rid of them without destroying your data.