II. A. Signs of Infection – Disabled CMD, TaskMgr, Regedit
Worms usually infect units and disable as many ways to remove the infection. These range from disabling the command prompt (to disable absolute control over files), the task manager (to disable stopping certain tasks from running), disabling the registry editor (to disable us from removing the effects of the infection from the computer), and others.
II. B. Signs of Infection – Shutdown Upon Execution of the Command Prompt
As stated above, this is another method of disabling the command prompt with the additional nuisance of a computer shutdown if you even attempt to launch the command prompt. This is usually caused by a file that’s attached as an autorun everytime the command prompt is executed.
II. C. Signs of Infection - Missing “Folder Options”
Infections may also include the disability to see hidden and system files by removing the “Folder Options” in the Tools menu in Windows Explorer. This is done so that we won’t be able to change the visibility of files whose attributes were changed to “hidden” and/or “system”. If we can still view the Folder Options anyway, we won’t be able to switch from “Don’t show hidden files…” to “Show all hidden files…”
II. D. Signs of Infection – Unable to Safely Remove Flash Drive
“Safely” removing a flash drive or removable drive involves the computer checking if the flash drive is still being used or accessed. “Safely” removing a flash drive just makes sure that the computer is not reading or writing data onto the flash drive anymore. Being unable to remove your flash drive “safely” using the “Safely Remove Hardware” of Windows XP when we’re absolutely sure that the computer is not accessing the flash drive anymore possibly means that the computer is constantly saving an “autorun.inf” file onto the flash drive because of the infection. It is not a sure sign of an infection though because there are exceptions to the rule.
II. E. Signs of Infection – Different Title in Internet Explorer
There are worms that use the title bar of Internet Explorer for “bragging rights”. They label it with their own statements like “I WAS HERE” or something to that effect. Unless we ourselves edited the registry to change the title of Internet Explorer, it’s a sign that our computer is infected.
II. F. Signs of Infection – Different Folder Icons and/or Missing Folders
There is a type of worm that hides the folders in our root drives and then camouflages itself as an executable file with a fake folder icon mimicking the name of the folder/s it hid. If we look closely, the folder icon it uses is a bit different from our typical Windows XP folder icon (hopefully).
No comments:
Post a Comment