How you know you have malware on your PC
Original post 8/8/2015
Updated 04/30/2020


The idea for this article came from PC Magazine at
http://www.pcmag.com.
Read the original article here.

    If your computer or device is running erratically or has suddenly slowed down for no apparent reason it may have malware jamming up its works.

Everyone is at risk
    In years past, whenever anyone complained about the insidious problems of malware infecting their Windows PC there would be the inevitable refrain from Mac users, "My Mac is secure, it doesn't get viruses." Unfortunately Mac users can't say that anymore. Witness the outbreak a few years ago of the fake antivirus called Mac Defender which attempts to bilk Mac users out of the hard-earned cash by selling a cure for the horrid popups on their internet browsers, caused by what? Mac Defender, of course.
    Then there's the recent news of an Android malware vulnerability called Stagefright.
    These examples are made not to criticize other operating systems, but to point out that if you go online with an electronic device you are at risk and you need to take the proper precautions.

Here is a must-read article by Neil Rubenking of PC Magazine entitled Do You Really Need to Buy Antivirus or VPN Anymore?

If you follow the suggestions on this page you will be able to avoid most, if not all, of the malware infestations listed on this page.

Here is a more complete list of iOS and Android Vulnerabilities

Here is a list of PC Processor (CPU) Vulnerabilities

    Read on to see the nasty things malware can do to your PC if you don't have a good antivirus programs suite running on your computer. If you see anything like the following scenarios you should immediately run Malwarebytes; hopefully, by that time you will still be able to access and update it.

Popup ad windows open without the browser
    Adware programs bombard you with all types of unwanted information. Occasionally they're ads for legitimate products, but mostly they contain links to malicious websites that will try to put more malware on your PC.

Your search sites have changed.
    Clicking on Google takes you to an different search site. However, this redirection may take a more dangerous turn.
    You may be redirected to a fake banking site that looks just like your bank's real site. If you look at your internet address (URL) you find that it's not secure.
    Your bank's site has a https prefix in its internet address rather than http. A https prefix indicates a secure internet site where you can do business with confidence. If it doesn't you can be fairly certain the site is bogus.

A bogus antivirus program that you never installed generates scary warnings.
    A fake antivirus program with a name like Live Security Professional, Attentive Antivirus, or System Doctor generates popups that warn you of malware on your PC. In reality the malware is the program that is generating these popups. The program will inevitably require payment up-front to remove the made-up malware.
    When, and if, you pay the malware seems to instantly go away, for a while. But then it will almost always come back demanding another payment.

You may find posts you didn't write on your social media pages.
    Malware on social media sites like Facebook creates bogus posts. Simply clicking on these posts may initiate a malicious download to your PC. Malware like this is hard to avoid. If you have no active antivirus program running your PC will be infected and you may pass it along without even knowing it.

You find you cannot use common system tools and utilities.
    Tools like Task Manager, System Restore, MSConfig, and even RegEdit are suddenly unavailable. Trying to use these utilities may trigger a message saying your PC administrator has disabled them. Some malware will disable these tools as an act of self-defense to make it hard for you to eliminate the infection.

You cannot update the virus definitions for your installed and/or registered anti-virus/anti-malware programs because of an unexpected error. Cause may be unspecified.
    Legitimate programs that may be affected: Windows Defender, Microsoft Security Essentials, or any legitimate third-party anti-virus program such as Norton Antivirus, Macafee, Avira, Trend Micro, Panda, Kaspersky, AVG, Avast, etc. Even legitimate scanners such as Malwarebytes may be affected.

Finally, perhaps one of the most scary threats
    Ransomware blatantly announces that your files are encrypted and a payment is required to release them back to you.
    This could also be in the form of a fake FBI or United States Courts program that takes control of your files on your PC.
    This ransomware displays a lock screen that does not allow you to access your Windows desktop or your files until you pay a fine to get them back.

    Unfortunately, even if you pay there is no guarantee that you will get control of your computer or your files back.

    The only sure way to get your files and the use of your computer back is to keep a recent backup of your important files on a disk not normally connected to your PC.
    This could be as simple as keeping recent copies of your important files on a USB Flash Drive or as complete as a full disk image of the hard drive of your computer.
    Of course the hard drive in your computer must be completely formatted before restoring any files. (If no disk image is available the operating system (Windows) must be reinstalled also.)
See this page for more information about backups.

If any of the above situations exist on your PC then you know you have a virus or malware present on your PC and you need help!

- See the Malware removal section of my page Is your PC running Sloowly Now? for recommended software remedies.
    You can also go to Bleeping Computer website if you wish to view tutorials for self-help.
    Note: You may need to do this on another non-infected PC.

If none of this helps to remedy your situation contact us or any good PC technician.

What you can do before you get malware
    Don't ignore update notices or warnings generated by your antivirus program. Also be aware that all programs of this type require periodic (at least annual) software updates which you may need to authorize.
    In addition, you can check the status of your installed antivirus software on a regular basis by clicking its icon located in the taskbar.
    Note: Good active antivirus software has a feature which downloads virus definition files periodically (usually daily) from the software vendor's site if you have an active internet connection.
    If the antivirus software that came with your PC is no longer active because you didn't pay (lapsed subscription) your PC is not protected!

Fortunately there is no need to spend a lot of money for a good Windows antivirus program.
    
Avast Free Antivirus, and AVG Free Antivirus are good free ones. Download one of them from FileHippo.com or use Ninite.com to easily install the one you choose.
    Other free alternatives are Panda Free Antivirus, Bitdefender Free Antivirus and Kaspersky Free Cloud Antivirus.

    However if you feel that paying for an antivirus program is preferable then get Norton Antivirus. Norton has consistently received a top rating by experts from CNET, PC Magazine and PC World Magazine. BitDefender, Kaspersky and McAfee are other top-rated choices.
    Note: All paid antivirus software is subscription based. You must pay on a periodic basis to keep the software active.

If you have a Apple Mac PC see this Page for AntiVirus Suggestions.

Finally:
    Download and install the free version of Malwarebytes virus/malware scanner. Run it occasionally (after updating the virus definitions).
    This is an excellent program that can detect and remove malware that may slip past your active antivirus program. It happens!

    Unfortunately there is no antivirus software in existence that will provide complete, 100% protection against all forms of malware. Good browsing technique and being careful when downloading software from the internet are good habits to develop.
    And don't ignore the warnings or notices from your antivirus software!

For More Info:
    See my Windows Freeware page for more information.
    Also see my Security Programs Page for links to all major Security (Antivirus) vendor's sites as well as my recommendations for Active Antivirus programs for your Windows PC. Both Free and Paid (subscription based) programs are listed.
Many of these companies offer security software for iOS and Android devices also.

Remember, if you don't have an active security program running on your Windows PC or your internet device you are at RISK!

If you follow the suggestions on this page you will be able to avoid most, if not all, of the malware infestations listed on this page.

iOS (Apple) and Android (Google) Vulnerabilities
with links for more information

Source:
Most, if not all, of these incidents have received software patches via OS updates.
(However, Apple is much more sucessful at having their updates accessed and installed by users than Android.)

WiFi Firmware Issues (Microsoft, Gaming Devices, and Samsung Smartphones)
https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/

Apple FaceTime flaw (iOS)
https://www.zdnet.com/article/apple-facetime-exploit-found-by-14-year-old-playing-fortnite/

Fake Google reCAPTCHAs (Android)
https://www.zdnet.com/article/fake-google-recaptcha-used-to-hide-bank-malware/

Samsung facial recognition failures (Samsung)
https://www.zdnet.com/article/samsung-galaxy-s10-facial-recognition-fooled-by-a-video-of-the-phone-owner/

iMessage bricks (iOS)
https://www.zdnet.com/article/google-project-zero-reveals-bad-imessages-could-have-bricked-your-iphone/

Bluetooth tracking (iOS, Microsoft)
https://www.zdnet.com/article/bluetooth-vulnerability-can-be-exploited-to-track-and-id-iphone-smartwatch-microsoft-tablet-users/

App history at risk (Android)
https://www.zdnet.com/article/this-android-malware-can-take-photos-and-videos-and-spy-on-your-app-history/

Interactionless iOS attacks (iOS)
https://www.zdnet.com/article/google-researchers-disclose-vulnerabilities-for-interactionless-ios-attacks/

Filecoder (Android)
https://www.zdnet.com/article/this-new-android-ransomware-infects-you-through-sms-messages/

Joker (Android)
https://www.zdnet.com/article/malicious-android-apps-containing-joker-malware-reach-half-a-million-installs-on-google-play/

xHelper (Android)
https://www.zdnet.com/article/new-unremovable-xhelper-malware-has-infected-45000-android-devices/

Ad blocker advertising (Android)
https://www.zdnet.com/article/android-malware-disguises-as-ad-blocker-but-then-pesters-users-with-ads/

Locked phones still spy on you (Android)
https://www.zdnet.com/article/android-vulnerability-lets-rogue-apps-take-photos-record-video-even-if-your-phone-is-locked/

Processor (CPU) Vulnerabilities
Source:
Some attacks target only Intel Processors and others are able to target both Intel and AMD Processors.
Both Intel and AMD have responded proactively to all of these issues.


Meltdown
Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer.
https://meltdownattack.com/

Spectre
Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers.
https://spectreattack.com/

ZombieLoad
While programs normally only see their own data, a malicious program can exploit internal CPU buffers to get hold of secrets currently processed by other running programs.
https://zombieloadattack.com/

RIDL
The RIDL and Fallout speculative execution attacks allow attackers to leak private data across arbitrary security boundaries on a victim system, for instance compromising data held in the cloud or leaking your data to malicious websites.
https://mdsattacks.com/

Fallout
Fallout is in the same class of MDS attacks as ZombieLoad and RIDL, but unlike the first two, Fallout uses bugs in the store buffer cache to leak data from within a vulnerable CPU.
https://mdsattacks.com/

SWAPGS Attack
The SWAPGS Attack affects newer Intel CPUs that use speculative execution.
https://www.bitdefender.com/business/cyber-threats/swapgs-attack.html

LVI
LVI (or Load Value Injection) is a reverse of the Meltdown attack. Instead of leaking data from an Intel CPU, LVI lets an attacker inject and modify data that is already inside the CPU's speculative execution processes.
https://lviattack.eu/

Foreshadow
Foreshadow, or L1TF, is a speculative execution attack on Intel processors which allows an attacker to steal sensitive information stored inside personal computers or third party clouds.
https://foreshadowattack.eu/

Snoop
The Snoop attack can leak data by abusing the internal mechanism (bus snooping) that Intel CPUs employ to keep their multiple cache levels in sync (an operation known as cache coherence).
https://software.intel.com/security-software-guidance/insights/deep-dive-snoop-assisted-l1-data-sampling

PortSmash
PortSmash impacts all CPUs that use a Simultaneous Multithreading (SMT) architecture, a technology that allows multiple computing threads to be executed simultaneously on a CPU core.
https://github.com/bbbrumley/portsmash

LazyFP
LazyFP is a vulnerability that also resides in the way modern CPUs handle speculative execution processes, and more exactly, in how they handle context switching on the floating point unit (FPU).
https://blog.cyberus-technology.de/posts/2018-06-06-intel-lazyfp-vulnerability.html

BranchScope
BranchScope is a side-channel leak that occurs during speculative execution. More precisely, it's a leak that happens when an attacker manipulates the shared directional branch predictor.
https://www.cs.ucr.edu/~nael/pubs/asplos18.pdf

Spoiler
Spoiler is a vulnerability in the speculative execution feature of Intel CPUs. It is different from all the other speculative execution security bugs because it does not leak data, but is used to improve another attack, namely Rowhammer, which doesn't leak data from the CPU, but from the RAM.
https://en.wikipedia.org/wiki/Spoiler_(security_vulnerability)

Rowhammer
https://en.wikipedia.org/wiki/Row_hammer

NetCAT
NetCAT is a vulnerability that impacts Intel's line of server-grade CPUs. Namely, it is a vulnerability in all Intel chips that support the Data-Direct I/O Technology (Intel DDIO) and Remote Direct Memory Access (RDMA) features.
https://www.vusec.net/projects/netcat/

SgxPectre
SgxPectre is a variation of the original Spectre attack, adapted specifically for leaking data from CPU secure enclaves by exploiting bugs in the software development kits used to build the enclave's software.
https://arxiv.org/abs/1802.09085

SpectreRSB
As the name implies, SpectreRSB is also a variation of the Spectre attack. It exploits hardware design flaws in the return stack buffer (RSB) of modern CPUs, including Intel.
https://arxiv.org/abs/1807.07940

TPM-Fail
TPM-Fail is a vulnerability that impacts Intel firmware-based trsuted platform module (fTPM), which runs on a separate microprocessor inside the main Intel CPU.
https://tpm.fail/

Plundervolt
The Plundervolt attack exploits the interface through which an operating system can control an Intel processor's voltage and frequency, namely the Dynamic Voltage and Frequency Scaling (DVFS) system.
https://plundervolt.com/

CLKSCREW
CLKSCREW attack that abuses frequency adjustments to leak data from ARM chipsets. Plundervolt is different because it uses rogue voltage adjustments to leak data from Intel chipsets.
https://www.bleepingcomputer.com/news/security/clkscrew-attack-can-hack-modern-chipsets-via-their-power-management-features/

VoltJockey
Plundervolt is also known as VoltJockey, a name given by a different team of academics who also (independently) discovered the same attack.
http://voltjockey.com/