ClamXav is no longer free
The antivirus now runs under a 30-day trial before becoming a paid service. We recommend you uninstall ClamXav if you have it on your computer, and replace it with Sophos.
A computer virus or malware is a commonly used term to describe all types of malicious software including Trojans, worms, adware, and spyware. Each have slightly different functions, but usually either try and damage the software on your computer, or send information about your computer usage to an outside source over the internet. The details of each type are explained below:
A Trojan, as the name suggests, pretends to be something good, like virus scanning software or other useful applications. In reality they run malicious programs in the background that can perform any number of functions, like allowing an outside user to copy your files, see your browsing history, or even take remote control of your computer.
A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other computers on the network, and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or devour files on a targeted computer.
Adware or advertising-supported software is any software package which automatically plays, displays, or downloads advertisements to a computer after the software is installed on it or while the application is being used. Adware is usually seen by the developer as a way to recover development costs, and in some cases it may allow the software to be provided to the user free of charge or at a reduced price. As a result, the advertisements may be seen by the user as interruptions, annoyances or as distractions from the task at hand.
Spyware is computer software that is unknowingly installed on a personal computer to collect information about a user, their computer or browsing habits without the user's informed consent. Spyware programs can collect various types of personal information, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser activity. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs.
Unfortunately, there are many ways your computer can become infected. Some of the main causes to an infected computer included: illegally downloading music and movies, clicking on ads, browsing to compromised websites, and in general not being cautious when it comes to web browsing. Be sure to follow the safe browsing habits and remember, it's always better to be safe then to be sorry.
There is a wide variety of virus symptoms that differ based on what type of infection you have and how far the virus has progressed. A list of common symptoms is listed below:
The first order of business is to get anti-virus software. Students and faculty can download ClamXAV and Windows Defender/Security Essentials for free, but the protection shouldn't stop there. We also recommend downloading other virus scanning tools, here at the OSU Computer Helpdesk we often use Malwarebytes and SUPERAntiSpyware both of which are available for free.
Click HERE to watch a tutorial about running a virus scan with Malwarebytes.
After obtaining the software simply run the program and have it scan for viruses. A good habit to exercise before each scan is to double check that the software's definitions are up-to-date. In order to update the definitions there should be either a tab or button that relates to updating the software, e.g. "Check for Updates online."
Anti-virus is a requirement while you are at the university as it is part of the Acceptable Use of University Computing Resources agreement. Anti-virus software is a program designed to protect your computer from computer viruses. Anti-virus software protects your computer’s sensitive data, which includes but is not limited to, personal information, browsing history, and credit cards.
Oregon State has made a recommendation for the Windows and Mac computers below (you may use other anti-virus software while on campus).
For Microsoft Windows computers, we recommend the Windows Defender/Security Essentials anti-virus. It provides browsing protection and daily scans of your computer to continually protect it. To install the software please follow the provided instructions.
For Apple Mac OS X computers, we recommend Avira as it is compatible with Mac OS X 10.10 and later. Avira can be found here.
If you are already infected or believe that you have an infection and your main anti-virus software is not finding anything, Oregon State recommends that you use some proven effective options for advanced scanning of your computer.
Alternatively, you can jsut bring your computer into the Service Desk or call OCH. Their information can be found below:
Watch what you download. Don't open any unrequested attachments in your email. Don't use file sharing programs, such as Torrenting Apps (uTorrent or BitTorrent). Run a virus scan at least once a week, and update your virus definitions on a weekly basis. If you are using Outlook as your mail client, make sure to get the most up to date patches available for it.
The answer is yes!
It is a very common misconception that the mac systems are impervious from malware and viruses. There is no technical reason why a Mac computer could not be infected with malware, but the major reason they have not been attacked as much is because there is a smaller population of systems to infect and gain information. A mac computer already has a built in solution for only "known" malware which Apple flags. There is no detection that occurs using heuristics or watching for malicious actions. Also the mac solutions depend on you keeping your computer up to date at all times.
We recommend that you install an anti-malware program such as our recommendation to help make sure that you are keeping yourself protected at all times. To find out more information on our solution please follow this link for Sophos
No. You will need to uninstall your current anti-virus program or not install our recommendations. Installing both programs simultaneously will cause problems and can make your computer unusable. If you have already installed both, try to uninstall the last one you installed. If your computer isn't bootable, call OSU Computer Helpdesk at 737-3474 and we'll try to help you get it working again over the phone or in person at the Service Desk (2nd floor of the Valley Library by the Circulation Desk).
Click on the links below for tutorials and links to install and setup basic tasks to protect yourself.
Windows Defender for Windows 8, Windows RT, Windows 8.1, and Windows RT 8.1 offers built-in protection against malware. Everytime you turn on your computer, if you have not purchased another version of anti-virus you will be protected wtih this application. You cannot use Microsoft Security Essentials with Windows 8.1, but you don't have to—Windows Defender is already there and ready to go. But if you’re wanting to protect a PC with an older version of Windows, you can use Microsoft Security Essentials to help protect against viruses, spyware, and other malicious software. It offers free real-time protection for your home or small business PCs.
Microsoft Security Essentials is a free download from Microsoft that is simple to install for Windows 7 and XP, easy to use, and always kept up-to-date through Windows update, so you can be assured your PC is protected by the latest definitions.
Microsoft Security Essentials runs quietly and efficiently in the background so you’re free to use your Windows-based PC the way you want—without interruptions.
If you want to use Microsoft Security Essentials, we recommend that you uninstall other anti-virus software already running on your PC. Running more than one anti-virus program at the same time can potentially cause conflicts that affect PC performance.
Sophos is a virus scanner for Mac OS X that has the capability to identify both Windows and Mac threats.
Sophos can be setup up as passive or active: scan only the files you tell it to or your full hard drive, whichever you favor; you can also choose to schedule weekly scans to keep your computer secure in real time.
For windows computers, we currently recommend the anti-virus that Microsoft provides for free! This AV is the one of the easiest to come by and has one of the most basic installation processes. If you do not currently have an AV on your computer, it is recommended to get this free Microsoft one. If you have another preferred AV then you can continue to use that one instead.
Microsoft has stopped protecting and supporting Windows XP as the system is now well over ten years old. It is recommended that you use a more recent operating system for your machine's own safety.
If you are unable to upgrade your machine's operating system, here is a list of current supported Antivirus software:
Symantec Clean Wipe is a tool designed by Symantec specifically to help uninstall their products. It is recommended that you only use Clean Wipe as a last resort when trying to remove Symantec products and uninstalling them normally through the Control Panel is a much better option when it works.
|You will need to authenticate with your ONID Username and prefix your Username with "ONID\"|
|Windows||Clean Wipe (Uninstaller)|
|Mac OS X||Symantec Uninstall Application|
When prompted enter in your username and password, please remember to put your domain before the username (for example, ONID\onidusername in the username field).
Wait for the download to finish
1.) Open the Cleanwipe file that was downloaded (it should be a .zip file)
2.) Copy the files that are inside to your desktop (it may help to put them in a new folder)
3.) Run the CleanWipe.exe file that you just copied
4.) If your computer gives you a pop-up box asking for permission to run CleanWipe, click ‘Yes’
5.) Once the program opens click ‘Next >’
6.) Check the box to indicate that you accept the terms in the license agreement
7.) Click on ‘Next >’
8.) Check the boxes next to any products that you want to remove. Most commonly this will be the ‘Client Software’ box on the top of the list.
9.) Click ‘Next >’
10.) Make sure you don’t have any unsaved documents open as the computer will be restarting soon
11.) Check the box that reads ‘Reboot automatically’
12.) Click ‘Next >’
13.) CleanWipe will now run through and uninstall Symantec
14.) Once the removal finishes (a message that reads ‘Removal completed successfully’ will show up) click ‘Next >’
15.) Click ‘Finish’
16.) The computer should now restart. If it doesn’t restart automatically be sure to do restart it yourself
17.) Once it reboots make sure that all Symantec products are removed from the computer
This is a recommend step as part of using Sophos as this allows for extra protection while using your computer.
Before running any manual full scans, always remember to update Sophos' virus definitions. This helps Sophos better find and quarintine potential virus infections on your computer.
The iTunes and Google Play stores have many applications. They have a few that could save your privacy on your phone. These applications help protect your phone from malicious applications and downloads. Google and Apple also have testing policies in place that try to protect you from downloading those malicious applications.
If you would like to find out about other options please use this website to see the recent AV Mobile Test Results:http://www.av-test.org/en/home/?avtest%5Btype%5D=9&avtest%5Bplatforms%5D=10-7,9-8-6
CryptoLocker is malicious software that encrypts your data files (word, powerpoint, pictures, music, videos, etc.). The nefarious individuals then hold your data for ransom and try to extort money from you.
All computers using Windows XP 2, Vista, 7, 8 and 8.1. This includes any Apple or Linux based computers running Windows in a virtual environment like Bootcamp, Parallels or VMWare.
Encryption encodes your data so only you and authorized people or authorized websites can read the data. Example – When you use a banking website that has “https” in the address bar, the information you transmit to and from that website is encrypted/encoded.
The encryption designed to safeguard your data is used against you when CryptoLocker infects your computer. Your data files are encrypted with a unique key that only the malicious people/hackers have access to. Encryption can not be broken at this point in time without the key. When your data is encrypted and the key is lost, the data is essentially lost forever.
Bad guys prey upon people's fears to steal their money and information. One of their favorite tricks is to tell people that their computer is (or might be) infected, and they are relying on you to respond in a manner that installs a virus on your computer.
In some cases, your computer may already be infected before you see the popup. The safest thing to is shut it down and take it to the OSU Computer Helpdesk or your IT support staff to resolve the issue.
But you can protect yourself before you're affected.
There are three big ways to protect yourself before you're affected.
There are a few additional steps you can take.
A few things to check for if you are unsure about the message are:
If you think you may have accidentally clicked on a fake antivirus warning, shut down your computer. Students can bring laptops to the Walkup Helpdesk for malware scans, while faculty and staff should contact their IT support staff.
The viruses that get installed can:
OSU work computer - Please contact your IT support staff.
OSU Students - Contact the OSU Computer Helpdesk.
Self help options for personal computers
The Flashback virus targets a security hole in the Java software installed on your computer. Java is included with OSX, the operating system on your Mac. The virus is designed to steal personal information in the background without the user noticing, so once your computer is infected, you may not see any difference in the way it runs. To find out if your computer is infected, read the section below.
A new variant of the flashback virus has become available. In order to check if your device has this new variant you will need to open a terminal window by either searching for it using the Finder, or by opening Applications->Utilities->Terminal, then typing the following commands:
You will be looking for any files ending in the extension ".so". There is a pending list of possible files that may be listed in that directory, so far they are:
There are several other files that may be there, their names and locations are as follows:
For removal instructions, read the information below:
Apple has released a software update that should fix the most common variants of the infection: directions on downloading that update are provided below:
If you do not have ClamXAV installed, you can download and install it from their website.
PLEASE NOTE: The removal process involves running scans and possibly installing programs on your Mac. If you are not comfortable doing this on your own, you can get help on campus:
There are several steps you can take to keep your Mac safe from infection.
Keep your Mac (and other programs) up-to-date
All viruses are designed to exploit security holes in different programs, and most updates work on patching these holes as they are discovered. Using out-of-date software makes it easier for infections to target your system.
To check your Mac for Apple updates:
To check your Mac for other program updates:
This varies based on what program you are using, but it can generally be found by opening the program, then looking for an "Updates" option in one of the top menus.
Updating your Operating System:
Older Mac Operating Systems (OSX) have additional vulnerabilities that newer versions don't have. The latest versions of Mac OSX are 10.7 and 10.6. You can check which version of OSX you are using by clicking the Apple symbol in the upper-left hand corner of your screen, and clicking on "About this Mac". If you have a version that is below 10.6, you may want to consider purchasing an upgrade for your computer if possible. Contact the OSU Computer Helpdesk for more details.
Install an Anti-Virus Program
Everyone is elligible to download free antivirus from ClamXAV. If you need help installing an Anti-Virus program, you can bring your Mac (If it is a laptop) to the Walk-Up Computer Helpdesk in the Valley Library. Note if you are faculty with a department owned Mac, you will need to contact your department support group for help.
Practice safe browsing habits when using the internet
Browsing to the wrong website is one of the most common forms of infection. Follow the suggestions on the safe browsing page for safe browsing tips.
Currently, 10.5 users and earlier are going to have to disable their Java until they can remove the infection, as the new update from Apple doesn't cover their OS. If you're not sure on how to find your OS version, follow the directions below:
PLEASE NOTE: If you are using OSX 10.5 or earlier, we highly recommend (for security reasons) that you look into purchasing an update if your computer supports it. If you have questions about updating, contact the OSU Computer Helpdesk.
If you are faculty and using a department issued laptop, you should be eligible for an upgrade through your department. Contact your department support group for help.
Oregon State University utilizes a device on our network called FireEye. This device monitors the network for patterns of activity a computer displays when it is infected with malware, or has been compromised by hackers.
When the FireEye device detects signs of malicious activity, it sends an alert to the OSU Computer Helpdesk, who, in turn, sends a notification to the registered owner of the computer. The user is then responsible for contacting the Helpdesk to resolve the issue. This document outlines that notification process.
Please Note: While every attempt will be made to resolve the situation through this process, there may be instances where the availability, confidentiality, or integrity of the OSU network or the data residing therein is placed at risk by the activity discovered on the device. In such cases, network access for that system will be blocked prior to notification.
OSU notifies users when a malware infection is detected on their computer. Users must come in for help, or inform the Helpdesk that the infection has been removed.
Notifications include technical details on the infection and give users information on how to clean their own computers. Please note that the notifications will be from firstname.lastname@example.org and will be followed with an email from email@example.com detailing options you have to clean your computer.
If the user does not come in for help or notify the OSU Computer Helpdesk and they continue to receive notifications from firstname.lastname@example.org then the user’s network access will be disabled and a notification of the access restriction will be sent.
A user is not typically disabled until after three notifications have been sent, but there are circumstances that will extend the amount of notifications before loss of network access, such as a long period of time between malware notifications from FireEye.
Below are examples of the notification e-mails sent to users, which can be used as reference to ensure these are not fake emails or phishing attempts.
Example from Security:
Example from the OSU Computer Helpdesk: