Malware

If your system shows unusual behavior and it is probably infected with malware, you should complete the following steps in order to clean out your system.

Please note: When using these methods, data may be lost! If your system is infected with malware, this cannot be avoided at all times. In rare cases, it is possible that your system cannot be restarted. This indicates that your system is heavily infected with malware and, probably, it is necessary that your entire system has to be newly installed. This is, however, not often the case.

1. Step: Disconnect your computer from the Internet/network

If you suspect that your system is infected with a virus, pull the network plug and disable the wireless connection, until you have checked your system! This way you prevent your computer from infecting other computers in the network. Additionally, you make sure that the malware is no longer connected to the outside world. This means that the information collected from your system can no longer be sent to the Internet and no additional malware can be installed.

2. Step: Remove malware or contact the IT support

If you are unsure about how to clean out your system or the implementation of standard processes is not possible, please contact the IT support at +49 621 181 -2000 for further assistance.

In most cases, you are able to remove malware from your system. Please have the infected system checked by an updated virus scanner and quarantine the relevant files! An outdated virus scanner does not offer sufficient protection and you could be lulled into a state of false security, if the system check does not find anything.

As employee of the University of Mannheim you usually have Microsoft Defender on your system.

3. Install security updates!

As soon as your system has been cleaned out, you can re-connect it to the Internet. Please install all available security updates for your system and the programs installed without undue delay.

If your computer cannot access the Internet, it is possible that your device has been blocked by our network team. In this case, please contact the IT support at +49 621 181 2000 .

4. Step: Pay attention to unusual behavior

Even if you have cleaned out your system, you should have it regularly checked for malware by an updated virus scanner. In particular, if the unusual behavior of your device does not stop or if you think that there is something odd, please be very cautious. In this case, please contact the IT support for further assistance.

Today, a virus scanner is part of the standard equipment of every computer. Regular updates are indispensable because otherwise the program does not offer sufficient and reliable protection. A program which is automatically updated is very useful. The virus scanner should run permanently in the background so that the scanner can react without undue delay if a virus is detected. Many virus scanners do not only scan files on the drives and the random-access memory but also your Internet and e-mail traffic.

Please note: Never install two or more virus scanners at the same time on one system! The programs are incompatible with each other and the one program would obstruct the functioning of the other program and vice versa. It is also possible that the programs would not function at all! In addition, major system errors may occur.

Please note: Outdated virus scanner = (practically) no virus scanner!

As employee of the University of Mannheim, you should use the central antivirus protection provided by the University IT. For this purpose, the University IT offers the use of Bitdefender .

Download Bitdefender now

Viruses

Computer viruses are probably the most known type of malware. They can cause many damages, such as destroying and modifying files or disrupt the computer’s performance. Like a virus infecting humans, the computer virus spreads by infecting a “host”, in our case a computer, and infects files on this computer. If the infected file is transferred to another host, e.g. computer, this computer is infected as well. It is irrelevant how the infected file is transferred. In the past, viruses have spread via data carriers, such as USB sticks. Today, they are often sent as e-mail attachments or exchanged via cloud systems. In contrast to worms, spreading the virus is only possible if the user actively copies/distributes the virus even if the user is not aware of the virus.

Worms

In contrast to a virus, a computer worm does not need the help of the user to spread. A network connection and a target system with a corresponding security leak are sufficient for a worm to rapidly spread. If the e-mail program has a leak, for example, a worm in an e-mail attachment can access all contacts in the address book and can send itself to all these contacts.

Even if worms are mainly spreading in networks, there are also worms spreading via data carriers. For this, they use the computer’s auto start function. Bluetooth or modern chat systems like Facebook Messenger are other ways of transmission.

In the best case, the worm only takes up storage space on your system but it can also destroy programs and hardware.

Trojan horse/trojan

A Trojan horse, also called trojan, works the same way the ancient Trojan horse did, which the Trojans voluntarily pulled into their city. A trojan is disguised as useful or innocent file and the user downloads the file to the computer. However, the user does not always knowingly download a file, since trojans can also hide in attachments or even images.

If the trojan is executed, it can install malware with various intentions, such as a “keylogger” which records the keystrokes, a “sniffer” which collects all data on the computer or a “back door program”. With such programs, it is possible to remote control your computer, to add it to a bot net and to send mass spam e-mails, for example.

Spyware

Spyware is a mostly invisible danger which may be installed on your computer without you noticing while you install free software or which may be installed by Trojans. Generally, the software is running quietly in the background on an infected system so that users do not notice the spy.

For example, spyware programs collect personal data or record the surfing habits of the user. This may go so far that user specific marketing profiles are created which are then sold to other companies which then confront the clueless user with targeted ads.

However, we can think of much more worse scenarios, e.g. spying on your e-mails or online bank accounts and passwords. This form of spyware programs is called Keylogger. As the name suggest, they log every keystroke of the infected device.

Scareware

Scareware is a form of malware which aims to make the user feel insecure. The malware fakes a security problem on your computer which actually does not exist. If users fall for the trick, they are told that buying a “security software” will be a fast way to fix the problem – actually only the warning notices are being turned off.

To attract the user’s interest, pop-up windows which look similar to the security warnings of the operating system may open when the user opens a website. A well-known example of scareware is software disguised as virus scanners which are offered free of charge. As soon as you have installed the program, your system tells you that many infected files have been found. The software may be extremely persistent and very difficult to remove from the system. However, the software does not protect your computer, on the contrary: It may make it easy for other malware to enter your system.

Another form of scareware is confronting the users with crimes they allegedly committed, such as possessing child pornography material. They are then threatened with a criminal complaint, if they do not pay a ransom.

Ransomware

This type of malware encrypts the data on the computer or entirely prevents you from accessing your computer. Due to the encryption of the data, ransomware is also often called cryptotrojan. If you cannot access your computer at all, this is often called a lock screen trojan.

After the data has been encrypted, you are requested to pay a ransom to access the data and/or the computer again. However, it is never advisable to pay a ransom since there is no guarantee that you can access your data and computer again. It is important to take precautionary measures and to regularly back up important data so that you can still access your data in case an attack is successful. If your data has not been backed up, it might be possible to regain access with the help of an decryption tool which has already been published on the Internet. Since such tools mostly exist for older ransomware versions, this solution often does not work.

Adware

Like spyware, adware is often installed on your computer if you install other software, even software which you want to install. Often, a checkbox is overlooked so that you agree to the installation of the adware. Once the program is installed on your computer, it displays ads, mostly in the browser and as pop-up windows, or it forwards your search terms to ad pages. It also collects data on sites visited so that these can be sent to the manufacturer or that the ads displayed can be customized.

There is also “positive” adware which you install voluntarily on your own device. These are ads which aim at helping to finance free programs. It is important that the user knows what these additional programs do on the computer.