Difference between revisions of "R4L/Services/Hosting/Malware"

From R4L Help Wiki
< R4L‎ | Services‎ | Hosting
Jump to: navigation, search
 
Line 1: Line 1:
== Got a Virus/Malware on your computer? ==
+
== '''Got a Virus/Malware on your computer?''' ==
 
Almost all of the time, when a customer's hosting account is sending spam, their email account's username and password have been discovered by malware that is on their computer.  This virus then will send out the account's username and password to other computers that are infected with the same malware, and these computers will then connect to the account and send out spam.<br />
 
Almost all of the time, when a customer's hosting account is sending spam, their email account's username and password have been discovered by malware that is on their computer.  This virus then will send out the account's username and password to other computers that are infected with the same malware, and these computers will then connect to the account and send out spam.<br />
 
When our monitoring system detects that the email account has been compromised and is being used to send spam, we have to disable the account until that computer's malware problem can be fixed.  If we don't stop the spam from being sent quickly, the IP address of the server will get added to spam blacklists, and other customers using email service on this same server will have problems being able to send email.<br />
 
When our monitoring system detects that the email account has been compromised and is being used to send spam, we have to disable the account until that computer's malware problem can be fixed.  If we don't stop the spam from being sent quickly, the IP address of the server will get added to spam blacklists, and other customers using email service on this same server will have problems being able to send email.<br />
  
  
== Scan Tools ==
+
== '''Scan Tools''' ==
 
While there are many tools, both free and paid, available, these are the five we'd recommend:<br /><br />
 
While there are many tools, both free and paid, available, these are the five we'd recommend:<br /><br />
 
'''Spigot Search & Destroy'''<br />
 
'''Spigot Search & Destroy'''<br />

Latest revision as of 13:52, 15 January 2016

Got a Virus/Malware on your computer?

Almost all of the time, when a customer's hosting account is sending spam, their email account's username and password have been discovered by malware that is on their computer. This virus then will send out the account's username and password to other computers that are infected with the same malware, and these computers will then connect to the account and send out spam.
When our monitoring system detects that the email account has been compromised and is being used to send spam, we have to disable the account until that computer's malware problem can be fixed. If we don't stop the spam from being sent quickly, the IP address of the server will get added to spam blacklists, and other customers using email service on this same server will have problems being able to send email.


Scan Tools

While there are many tools, both free and paid, available, these are the five we'd recommend:

Spigot Search & Destroy
Spybot Search & Destroy has made quite a name for itself over the years, earning accolades from both general and computer-focused publications. Spybot Search & Destroy is the highest ranked freeware tool at 2Spyware.com, a website that ranks malware removal tools. In addition to scanning for malware, Spybot Search & Destroy also has a variety of additional functionality, including a botnet scanner, hosts-file modification (to keep malware from calling home), a secure file shredder, and a dummy code feature (it replaces malicious or questionable adware modules with inert code so the dependent program will keep functioning).
http://www.safer-networking.org/en/spybotsd/index.html

SUPERAntiSpyware (Windows, $30)
SUPERAntiSpyware is available as both a freeware and premium edition like Malwarebytes' Anti-Malware (see below), but the level of restrictions on the freeware edition are considerably higher. The free version is limited to basic on-demand scanning and malware removal. The premium version includes real-time scanning, registry protection, a scheduling service, auto-scan on startup, and 50 startup diagnostics to stop malware infections before they spread. One of SUPERAntiSpyware's strongest selling points is its high level of compatibility with other protection tools like Avira, Kaspersky, Symantec, and McAfee.
http://www.amazon.com. Search for SUPERAntiSpyware

ComboFix (Windows, Freeware)
ComboFix is just runs with a very basic interface. You download ComboFix, run it, and it takes care of the rest. The basic ComboFix process looks like this: It backs up your registry, checks to see if you have Windows Recovery Console installed, and then it goes to town on your system scanning away through 40+ stages. When it's done, ComboFix spits out a log file and lists all the malware it found, which ones it was able to remove, and which ones you'll have to use your Google-fu to look up how to remove manually. It isn't fancy, but it gets the job done and gives you a detailed report at the end to take to security forums for help if you need it.
http://www.combofix.org/

Malwarebytes' Anti-Malware (Windows, Free and $25)
Malwarebytes' flagship application Anti-Malware is a shareware malware-removal tool. The principle difference between the free and premium version of the application is real-time monitoring. If you don't need active scanning against threats, the free version uses the same database and does an admirable job ferreting out infections. Anti-Malware was, for example, one of the few malware removal tools that could detect and remove the Antivirus XP 2008, a spyware application that masqueraded as an antivirus app. The Anti-Malware installation includes another application from Malwarebytes called FileASSASSIN—a helpful tool for deleting files locked by Windows.
http://www.amazon.com/ Search for Malwarebytes' Anti-Malware