Ever go to a Web site, see things start to blink on your computer, and know that you probably just got some kind of epic computer virus? It happens every once in a while. There’s hope.
First, every Mac user tells me that Macs don’t get viruses, so fine, you guys are on your own. The first stop for a PC user should be Windows Defender (pre-Windows 7) / Microsoft Security Essentials (Windows 7+), which are free anti-malware apps put out by Microsoft. They’re very easy, they fix most malware, and did I mention, free?
Next on the list is to check your HOSTS file. A HOSTS file is a file that overrides DNS, which basically means that when you type in a domain name, you might actually end up somewhere else (generally, right where your attacker wants you). Run Notepad as an administrator (right click and click Run As Administrator), and open up C:\Windows\system32\drivers\etc\hosts. There should only be 2 lines that don’t start with a “#”, and both of them should end with “localhost.” If you see more than that in there, chances are, you have an issue. There are potentially legit (but somewhat rare) reasons your host files may be modified, so in order to make your changes reversible, instead of deleting lines, just add a “#” to the beginning of the undesired lines.
Last, the tool most pros will use to find bad things on your computer is called HijackThis (Note: Not for use at TSA checkpoints!). HijackThis is a brilliant piece of software that lists almost everywhere on your system that a virus can hide. The downside is that it take a bit of tech expertise to know what to remove — but Internet forums and/or that nerdy family member who knows the Interwebs can set you straight. Once you know what you want to remove, you just click on the item in HijackThis and select Fix, and the problem will be removed.
This is one of a 30-part series, “No Surveillance State Month,” where daily for the month of June I’ll be posting ways to avoid invasion of your privacy in the digital age. The intent of these posts is not to enable one to escape detection while engaging in criminal activity — there’s still the old-fashioned “send a detective to watch you” for which these posts will not help. Rather, this series will help you to opt-out of the en masse collection of data by the government and large corporations that places Americans in databases without their knowing and freely-given consent for indefinite time periods. We all have the right to privacy, and I hope you demand it.
Actually, you can not put a domain in your hosts file. it is for single machines (unless the windows host file operates differently than the one on every other computer). In other words if you want to block machine1.domain.com and machine2.domain.com you can not have an entry for *.domain.com but instead need an entry for each machine … and they can always purchase a new domain. I put an entry in there anyway but it is not a silver bullet.
Instead look at the ip addresses (numerical addresses) of the machines that attacked you or do a whois on them. There will be a common bit, usually the first three numbers of the four. Then you can go into your firewall settings (usually on your router) and ban 111.222.333.* and get that machine20.newdomain.com that they will use.