Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Security How To


I don't get the opportunity to do much virus, spyware or malware fighting here at SmallNetBuilder HQ. There are no kids downloading and "exploring" the Internet, my wife and I seldom (if ever) copy in files from off-network computers and both of us are well-versed in safe Internet practices (and follow them).

But my neighbors and family members are not so fortunate. My holiday-time trips home usually involve a half-day session with one of my sister's computers to make it stop "running slow", although that has ceased to be a regular thing now that all of her kids have moved to places (and computers) of their own.

Her problems usually haven't been bad, however. Removing some adware that came along with Party Poker and a general cleanout of temp and unused applications were enough to get her back to a nicely responsive system.

This weekend, however, one of my neighbors was not so lucky when they got hit with a variant of the Zlob trojan. Fortunately, they didn't complicate the problem and fall prey to Zlob's multiple exhortations to download and install fake malware fix tools that would have further complicated the problem. As it was, Zlob was perfectly capable of installing enough malware on its own.

In the end, I took the safe route of doing a clean reinstall of XP after spending an afternoon making several unsuccessful attempts at removal. But I learned a few things along the way that I thought might be useful to pass along.

Lesson #1: Know Your Anti-Virus Program

The most important thing in preventing a malware, virus or adware infection, besides observing good Internet hygiene, is to know the state of your anti-virus program. If you are running an Internet-connected system without good, automatically-updated anti-virus protection at a minimum, you're not just exposing yourself to risk, but you're also potentially part of the world-wide epidemic of infected computers.

AVG continues to provide its free Anti-Virus edition for "private" use, i.e. individuals, not businesses. So there is no excuse for not having effective anti-virus on every system that you own. Of course, AVG would also appreciate it if you would buy either the Pro or Internet Security versions, which add rootkit and additional protection features.

In my neighbors' case, they had a different anti-virus program installed. But they didn't know that it wasn't providing any protection, because it had expired months ago. The problem was that the program looked like it was running because it was spinning its little logo continuously down in the System Tray. But what my neighbor thought was the program's way of showing that it was working, turned out to be its way of saying it needed attention!

The fault here is shared between the program's designers and my neighbors' complacency and lack of curiousity. The program designers should have provided continuous non-ambiguous indications that the program was not doing its intended job.

With AVG, the tray icon changes to superimpose an international alert symbol on top of its normal icon when it is not running or hasn't been able to perform its daily update (Figure 1). It would be even better, however, if it also provided a pop-up or other obvious indication of what the problem is that is causing the alert.

AVG problem indication

Figure 1: AVG problem indication

But my neighbors are also at fault. Just as you must know what your car's dashboard trouble lights mean (if you want to avoid expensive repairs...or worse!), so must you know the status of your anti-virus. If they had known what their previous anti-virus program was trying to tell them, they would have saved themselves (and me) a lot of time.

Lesson #2: Know When You're Being Scammed

The most important thing in surviving a malware infection is knowing that you have one. Fortunately, zlob isn't shy about announcing itself. But the way it announces its presence can panic unknowledgeable users into doing things that they shouldn't

Zlob changes your desktop wallpaper to display a warning similar to that in Figure 1 and pops up a warning balloon in your Windows System Tray / Notification Area similar to those in Figure 2.

Zlob desktop wallpaper warning

Figure 2: Zlob desktop wallpaper warning

The wallpaper change is a good tipoff, since there is no normal Windows behavior that I know of that causes Windows to change your desktop wallpaper and prevents you from changing it back. But the tray popup is much more subtle and easier to fall prey to. Windows frequently uses Tray popups to provide warnings and alerts and allows you to take action by clicking on the alert balloon.

Zlob tray popups

Figure 2: Zlob tray popups

Fortunately, the desktop wallpaper change was enough to raise suspicion that something was wrong and caused him to call for help.

More Stuff

Featured Sponsors

Top Ranked Routers

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I'm looking for a router to use instead of an ISP router (a Virgin Media SH3 which will end up being relegated to modem mode). I'm hitting some weird ...
Will the AC5300 firmware work on the AC5334 that just came out? If not, any plans to support the AC5334?
Are there any specific limitations to be aware of when running merlin on the AC-87u that might be a little quirky/unexpected when compared to the AC-8...
I use two Asus RT-AC68U routers for my home network. The second is used as an extender. After running a ping on my second router to review which ports...
Basically I need help replacing the router(network box) that google fiber gave out with my ASUS RT-AC68U. According to a support guy I need to set the...

Don't Miss These

  • 1
  • 2
  • 3