Adware, malware, spyware and hijacker help, discussions and information

 
Malware Advisor Blog 		  

Symptoms of Infection

Home
About Us
Our Forums
How'd I Get Spyware?
Spyware Symptoms
Spyware Help
Rules Of Protection
Newbie Reading
Security Musts Haves
Online Scans
Email Security
XP & Vista Links
Heroes & Zeros
Tips\Misc. Info
Sister Sites
Email Us

The following list comprises the most obvious symptoms of your machine being invaded by any of the current crop of unwanted parasites out on the Net. Having any of these symptoms is not necessarily the end of the world. But any combination of 3-5 of them could be cause for concern.

These are for the most part the latest set of common symptoms and while being so, that is not to say you may have other symptoms.

  • The homepage of your browser is changed suddenly, and you have no clue as to how it happened. This is commonly called a browser hijack, and there are many of these infections,

  • You suddenly notice an 'extra' toolbar on IE and once again you didn't install it. Toolbar infections are of a far and wide variety, coming in many forms and names. You can also get these installed by not paying attention to some freeware installs as well. Read about one of the latest here.

  • Your firewall alerts you to an unknown program trying to access the Internet. This usually means something has already gotten by your defenses and you need to take action, and in many cases most infections rarely travel alone. Another firewall indicator is that it is actually turned off by the malware. Many aggressive malwares target multiple av\anti-spyware applications.

  • New shortcuts appear on your desktop or your task bar, or even your system tray that you didn't put there nor know what they are. Nine times out of ten, these are some sort of bogus security links or gambling link. Many cases rogue anti-spyware throw a few on the desktop.

  • New entries appear in your favorites folder that you didn't put there. These are usually gambling sites or porn related, occasionally security links.

  • Your computer starts acting sluggish and slow with massive CPU numbers. This could also be from any number of unrelated reasons too, so this symptom in and of itself, may not be an indication of malware problems.

  • Excessive popup windows, unable to stop or close. This particular symptom is rather now 'old school'. Most infections these days install a bit more stealthily than they used to. Rather than throw so many and make it obvious there is something wrong, you're more likely to get just a few here and there. Still annoying but not as openly obvious.

  • If any of your security tools have been disabled or open and close right away, this is a good sign of nasties. Yes, that's right, as the media and security forums have done a good job in educating users the only tactic left to the scumware writers is to try to disable all security ware on the system.

  • Every time you do a search, you wind up at the same unusual and unknown web site-search engine, or you get 1-3 pages of unrelated search results, before getting to your actual search. Typically referred to as a 'search page hijack'. This is all too common a symptom of many malware infections.

  • There is a new program or multiple programs in the Add/Remove Programs section of your control panel. If you're lucky, they will remove via Add\Remove, but more times than not, this does not work.

  • You're unable to access any of these: task manager, regedit, MSCONFIG, control panel, Run command and maybe even task bar....they just pop up and disappear or they just can't be brought up at all. Another popular indication is a message indicating the function has been disabled by an 'administrator'. The idea behind this little trick is to prevent you from being able to access key sections of your computer for removal of the infection. Usually a special registry merge is required just to fix this part, but we also have some special tools to fix several of these functions in one step.

  • Your desktop has been changed to a web page or some type of notice that your PC is infected and you cannot change it.  There are several alleged anti-spyware applications which actually do this. Imagine, claiming to remove infections, when in fact they cause them!! Many of these are listed on Rogue Threat Page. It is far more current than Eric Howe's list. That list has not been updated since May '07, so the information contained on it is unreliable.

  • You get a lot of returned emails from people you don't know. This could be a sign of your machine being a zombie.

  • You begin to receive a pop up balloon asserting that your system is infected with any number of viruses or spyware. This one has been notorious since the middle of '06. Typically they are called Smitfraud\Zlob infections and an be removed relatively easily.

  • Your system is sending out large amounts of 'packets' or using excessive bandwidth. If you have an advanced firewall or router, you may be able to monitor the amount of actual data being transferred over your line. If these numbers are excessive, you could have on board a hidden process or instance of Internet Explorer, or an entire SMTP set up.

If you have multiple symptoms, its possible you have more than just ad/mal/spyware. Then it's more likely you have trojans or worms. Follow the steps on this page, Infected, Now What?' Expect repair to take some time. If your uncomfortable trying removal of an infection, please post a HijackThis! logfile in my forum.

See the Latest Malware Threats  Forum section to see if your the latest victim of a particular infection and to see if we have a fix for it yet.
The Internet Traffic Report monitors the flow of data around the world. It then displays a value between zero and 100. Higher values indicate faster and more reliable connections.