1
00:00:03,010 --> 00:00:09,920
You realize now how easy it is to run an ad programs on your computer malicious code can be injected

2
00:00:09,920 --> 00:00:17,250
into a program you downloaded from the internet not installing updates regularly can also contribute

3
00:00:17,250 --> 00:00:20,640
to the unauthorized remote launch of programs and processes.

4
00:00:23,370 --> 00:00:26,370
There are many potential threats.

5
00:00:26,540 --> 00:00:31,610
Your system is not risk free and you have to factor in the possibility that malware can already be installed

6
00:00:31,610 --> 00:00:32,890
on your computers.

7
00:00:34,520 --> 00:00:41,620
Malware payloads are diverse ranging from relatively minor problems like tailored advertising to serious

8
00:00:41,620 --> 00:00:48,040
perils such as data theft or using your computer to attack other machines including government institutions

9
00:00:48,040 --> 00:00:50,230
systems which could get you into trouble.

10
00:00:52,720 --> 00:00:58,060
To counteract these threats you need to be able to detect and remove unwanted software from your computer.

11
00:00:59,700 --> 00:01:03,200
At least 10 percent of some home computers are infected with malware.

12
00:01:03,330 --> 00:01:05,390
So this is a universal concern.

13
00:01:07,280 --> 00:01:12,290
If your computer runs one on one program you can be sure that soon the system will be plagued with the

14
00:01:12,290 --> 00:01:21,450
myriad of malware and infected computer runs from 20 to 40 unwanted programs on average.

15
00:01:21,480 --> 00:01:28,570
The programs can be associated there co-operative their watch over one another and launch one another

16
00:01:29,470 --> 00:01:31,430
try to prevent each other's removal.

17
00:01:35,050 --> 00:01:39,380
What should you do if you suspect that your computer is infected with malware of this type.

18
00:01:41,640 --> 00:01:43,980
First you need to keep it from spreading.

19
00:01:44,310 --> 00:01:50,410
It can be done simply by disconnecting a computer from a network next.

20
00:01:50,420 --> 00:01:54,620
It's necessary to identify suspicious processes.

21
00:01:54,750 --> 00:01:59,010
Often the unwanted or malicious programs will try to conceal themselves in the system.

22
00:02:00,350 --> 00:02:04,520
They can hide a system components or run as drivers.

23
00:02:04,520 --> 00:02:09,580
There are also low level programs that hide in BIOS or uniprocessor unit systems.

24
00:02:13,000 --> 00:02:21,080
If you manage to identify the malicious processes terminate them this operation seems simple but may

25
00:02:21,080 --> 00:02:23,100
be quite complicated to accomplish.

26
00:02:25,680 --> 00:02:30,650
If you terminate one process it will be promptly relaunched by other allied processes.

27
00:02:33,020 --> 00:02:38,240
Standard Windows tools don't allow for suspending or freezing processes or terminating more than one

28
00:02:38,240 --> 00:02:43,350
process at a time.

29
00:02:43,360 --> 00:02:46,190
That's why this simple attack strategy is so effective.

30
00:02:47,830 --> 00:02:51,040
Assuming that you have successfully terminated a malicious process

31
00:02:54,600 --> 00:03:01,580
need to prevent it from running again after the system is restarted it's vital to locate the paths that

32
00:03:01,580 --> 00:03:09,390
have been modified by the malware configuration settings and remove unwanted programs centuries.

33
00:03:09,480 --> 00:03:16,660
It's also good to get rid of Bioneers of on wanted programs provided they're not added to other programs.

34
00:03:16,690 --> 00:03:22,380
They should be deleted if they're injected into other programs.

35
00:03:22,390 --> 00:03:24,070
The entire program has to go

36
00:03:27,370 --> 00:03:34,160
your last task is a controlled computer restart after the system is restarted you need to repeat all

37
00:03:34,160 --> 00:03:37,270
operations to make sure that the computer is free from malware.

38
00:03:39,070 --> 00:03:41,420
How can you do this.

39
00:03:41,450 --> 00:03:47,090
The basic tool that can be helpful in the unaided identification of malware and battling it is Process

40
00:03:47,090 --> 00:03:51,780
Explorer which will get to know in a moment.

41
00:03:51,870 --> 00:03:58,440
The program is equivalent to Windows Task Manager This tool is both user friendly and rich in features.

42
00:04:02,720 --> 00:04:06,150
Before we run it I'll give you some hints on what you should pay attention to.

43
00:04:07,700 --> 00:04:11,500
Mehler frequently masquerades as popular legitimate programs.

44
00:04:11,760 --> 00:04:17,600
So look for processes that have weird file names whose icons are lifted for example from Microsoft Word

45
00:04:21,040 --> 00:04:23,310
malware creators can be lazy in that respect.

46
00:04:23,310 --> 00:04:27,520
Embargo other programs icons.

47
00:04:27,540 --> 00:04:32,280
Let's also look for programs that come with no icons and have empty description lines.

48
00:04:33,810 --> 00:04:41,150
Another target for suspicion or programs that aren't signed by their Creator.

49
00:04:41,220 --> 00:04:44,720
This isn't exclusively about a lack of digital signature.

50
00:04:44,760 --> 00:04:51,620
We also refer to programs that like any information about their developer all files and processes that

51
00:04:51,640 --> 00:04:53,950
claim to be provided by Microsoft.

52
00:04:53,950 --> 00:04:59,080
Microsoft has submitted in the manufacturer name field but they have no digital signature should be

53
00:04:59,080 --> 00:05:04,650
carefully I'd Microsoft has been digitally signing their applications for many years

54
00:05:07,340 --> 00:05:12,230
pay attention to files that are found in the windows or Windows system 32 directories.

55
00:05:13,050 --> 00:05:16,530
The system folders should contain only Microsoft applications.

56
00:05:18,680 --> 00:05:23,660
Software has not been installed there for quite some time.

57
00:05:23,660 --> 00:05:29,570
There could also be something fishy about compressed or zipped processes packaging files is a popular

58
00:05:29,570 --> 00:05:33,250
technique for bypassing any viruses.

59
00:05:33,360 --> 00:05:39,000
If a file is compressed or encrypted and Avy scanner will be unable to match it to a known signature

60
00:05:39,000 --> 00:05:43,170
of a malicious program.

61
00:05:43,190 --> 00:05:50,560
Let's also check if a program contains strings that explicitly suggest its real purpose if your program

62
00:05:50,560 --> 00:05:56,240
contains For example the own use string this spells trouble.

63
00:05:56,310 --> 00:06:02,520
If you find your L side especially if a program developer did not use the name of the site but only

64
00:06:02,520 --> 00:06:03,900
its IP address.

65
00:06:03,900 --> 00:06:05,530
This is also suspicious.

66
00:06:07,760 --> 00:06:13,280
The addresses are probably services or servers that a program connects to for instructions or updates.

67
00:06:16,680 --> 00:06:20,940
You should also pay close attention to applications that actively use internet connection

68
00:06:23,910 --> 00:06:25,670
these programs send and receive data.

69
00:06:25,690 --> 00:06:32,840
And we had no idea that they even run on our computer.

70
00:06:32,850 --> 00:06:40,280
Let's also look at programs that hide under popular processes such as SBC host DXi or run DSL 32 weeks

71
00:06:40,290 --> 00:06:48,430
see the programs are used to launch system services or libraries will show you in a moment why we need

72
00:06:48,430 --> 00:06:49,480
to watch out for them.