Ah, right up my alley – and I do thank you for being up front about this being an assignment. We’ve had other folks who have tried to get us to do their homework for them.
The key thing you have to understand is some terminology which is often bandied about without distinction. The distinction doesn’t matter to most folks who don’t actually have to fix these “little situations” up.
That said, there are 3 general classes of pests – with lots of room for overlap.
- Viruses (usually attached to some file or another)which infect the target computer when the file is opened.
- Worms – which travel on their own, and attack known network vulnerabilities in various operating systems and applications.
- Trojans – which look attractive, but actually contain a nasty surprise – hence the Trojan Horse reference.
- Spyware and related threats (often all of the above and then some) which get installed when the user visits a malicious or infested web page – which might otherwise be quite legitimate, or is a common mis-spelling of a well known web site.
I’d go into more detail, but that’s not the focus of your question. So let’s move on to “product” (or more accurately “pest”) identification.
Most of the major anti-virus vendors provide 2 things with their base product: on-line updates and a “rescue boot disk” of some sort.
I cannot count the number of times that I have encountered a system with Anti-Virus software installed which has never been updated. So making sure the Anti-Virus definitions are up-to-date is step one, followed by a full system scan.
However, there are many retro-pests (not just viruses) which attack, disable, and otherwise hamper security software (updates/patches, virus updates, firewalls, anti-spyware, etc.), and to deal with many of those, you need the “rescue” boot disk which will perform a virus scan of the system without allowing the infected O/S to boot and take control.
Beyond that are many programs (some paid-for, some free) which will identify spyware, hijacking software, viruses etc. I’ve provided a fundamental list below. It’s not exhaustive because A)it’s late at night and I’m tired, and B)I’m an acknowledged tool freak, and download, purchase, and build any tool that I think might help me. But….
1) Spybot Search & Destroy (Free, but send a donation, I did)
2) HijackThis (Free, but send a donation, I did)
3) The excellent tools from SysInternals.com (Bryce Cogswell and Mark Russinovich) The stuff on their site is free, and the commercial versions may be purchased from Winternals.com (I have bought several of their commercial versions – do you see a trend here?) for autoruns, RootKitRevealer, FileMon, RegMon, etc.)
4) Stinger.exe from McAfee/NAI which is a cleanup tool for what might be termed the “current top 40″ pests, although the actual number varies depending on what they see “in the wild”. Get that from http://vil.nai.com/vil/stinger
If none of these help, then you need someone like me – the trick being to find them in your local area.