Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
Windows Vista

Removing Malware from Windows Vista (part 2) - Removing Malware by Using Windows Defender

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
3/28/2011 2:46:27 PM

Removing Malware by Using Windows Defender

It’s no secret that malware installations can cause significant frustration for end users and technical professionals alike. Computer users should certainly use some form of defense against the installation of unwanted programs. Windows Defender is the primary method of combating malware in Windows Vista. It is included with every edition of the operating system, and Microsoft designed it to prevent, detect, and remove malicious software programs.

Windows Defender includes a combination of different technologies that are designed to work together to keep users’ systems free of unwanted software. For example, it has the ability to detect malware based on various “signatures” that are stored within its definitions database. It uses this information to monitor for system modifications, downloading of new files, and running of applications. It also periodically scans the file system for known malware programs. Because new types of malware are constantly being developed, it also integrates with the Windows Update feature to download new definitions regularly.

Windows Defender is enabled by default and includes basic configuration settings that should meet the needs of most users. In this section, you’ll learn how you can use this program to identify and remove malware.

Working with Windows Defender

During general operations, Windows Defender is designed to run without any specific input from users. It runs constantly in the background on computers and attempts to detect any unwanted software installations or activities. It also monitors for potentially risky modifications to system settings or the presence of known malware files.

Windows Defender also offers several features and settings that you can modify based on users’ specific requirements. You can launch Windows Defender from the Start menu or by double-clicking the Windows Defender icon in the system tray (if it is present). Figure 1 shows the default display of the program.

Figure 1. The Windows Defender default display

The screen provides details related to the last time a scan was run as well as an overview of current Windows Defender settings. It can also provide information that might require the user to perform a task. For example, if the Windows Defender definitions file is outdated, the user is prompted to download and install updates.

Note: Keeping systems protected

Although users can choose not to use Windows Defender, it is highly recommended that they enable some type of antivirus and antimalware program on the computer. Numerous third-party products are available. When making recommendations as a Consumer Support Technician, verify that these programs are designed with Windows Vista in mind.

Scanning for Malware

One of the most common operations that users perform with Windows Defender is scanning for malware. Although the program is initially configured to perform a regular scan, as a Consumer Support Technician, you might want to run a new scan to detect recently installed malware. You can start the process of performing a standard Quick Scan by simply clicking the Scan button in the toolbar. This instructs Windows Defender to start scanning the most common locations in which malware might be located (see Figure 2). These locations include the Windows Registry (including locations in which startup programs are defined) and commonly used file system locations (such as user-specific folders). It also performs a scan of the Windows operating system folder.

Figure 2. Performing an on-demand Quick Scan with Windows Defender

In addition to the Quick Scan, there are two other options. You can access both by clicking the arrow next to the Scan button. The Full Scan option performs all of the operations of the Quick Scan, but it also inspects all areas of the computer’s file system. The process can take a significant amount of time (especially on computers with many files), but it is the most reliable way to detect any potential malware on the computer.

Another option is to perform a Custom Scan. This option enables users to specify a particular hard disk volume or folder to search for malware, which can be useful when you suspect that recently downloaded files stored in a specific location might be malware. Any results that are found are immediately displayed on a results screen.

Responding to Malware Alerts

When Windows Defender encounters potentially malicious software on the computer, it might need to notify the user to determine what to do. In most cases, users should disable or remove the software. Sometimes, the software might be legitimately required and should be given permission to perform its tasks. For this reason, Windows Defender can notify users of the issue by using the system tray icon. If there is an issue that requires attention, the icon changes to include either a yellow exclamation mark or a red stop sign. Additionally, Windows Defender can display system tray notification messages or pop-up windows (see Figure 3).

Figure 3. Viewing a notification about potential malware

The potential danger of certain pieces of malware can range significantly, based on type and design. Using information stored in its definition files, Windows Defender can determine the importance of a particular piece of suspected malware and can present details to users. The potential alert levels are as follows, in order:

  • Severe

  • High

  • Medium

  • Low

  • Not yet classified

Typically, items that are marked with Severe or High alert levels should be removed immediately from the computer. Figure 4 shows the action options that are available when malware has been detected.

Figure 4. Responding to a malware alert in Windows Defender

The user is given several different options to determine how the problem should be resolved, as follows:

  • Remove This option automatically removes the malware. Often, this includes deleting any files that were detected and changing any system settings that might have been modified. For example, this might involve removing the program from the list of startup items.

  • Quarantine In some cases, users might not know whether to allow the program and, therefore, will not want to delete it. The purpose of the quarantine feature is to move the software to a safe location on the computer. It will no longer be able to run automatically, but it will not be permanently deleted. If users find that they do indeed want to run the program, they can choose to remove it from quarantine.

  • Ignore This option does not perform any actions based on the detection of malware. If a program has been configured to run automatically, it will continue to run. Users will continue to be notified of the detection of the program on future scans.

  • Always Allow This option is designed to allow certain programs to continue running on the computer without generating any future warnings. In general, users should select this option only if they are completely sure that they trust the program and are aware of its capabilities.

Additional details are often available by selecting a specific item from the list. To make decisions easier for users, each alert level can have a corresponding default action. You’ll look at those details later in this section.

Viewing the Windows Defender History

Over time, it is likely that Windows Defender will detect multiple pieces of malware. As a Consumer Support Technician, you might want to review this list. For example, if a user reports that he or she is missing several important data files, it is possible that malware might have moved or deleted them from the computer. To access these details, click the History button on the Windows Defender toolbar. Figure 5 shows an example of the types of information that might be available.

Figure 5. Viewing a history of detected malware on the local computer

Viewing Quarantined and Allowed Items

Earlier in this lesson, you learned about the option to place malware items in a quarantine location. This is a useful option when you are unsure whether you should allow a specific program, but you don’t want to enable it immediately. Later, you might want to review the items in this location to make a determination about whether you should enable or remove them from the system. You can view the quarantine location by clicking the Tools button in Windows Defender and then selecting Quarantined Items. When you select an item, you can decide what should be done with it.

Similarly, Windows Defender keeps track of which items the user allows to run on the computer. As a Consumer Support Technician, you might want to verify that a user did not unknowingly enable a malicious program to run on the computer. You can access this list by clicking Allowed Items on the Tools page in Windows Defender.

Joining Microsoft SpyNet

One of the most challenging technical issues in the battle against spyware is detecting new malicious programs. Malware authors are constantly making changes to existing programs and creating new ones to circumvent definitions used by programs like Windows Defender. To react more quickly to new malware, Microsoft has created a system that enables users to report these programs automatically. The resulting online community is known as Microsoft SpyNet. You can configure membership options by using the Microsoft SpyNet link in the Tools window in Windows Defender (see Figure 6).

Figure 6. Configuring SpyNet membership options

There are three options for these settings. The first option is Join With A Basic Membership. This is the default setting, and it allows Windows Defender to send information about detected malware to Microsoft. As the text notes, there is a possibility that the report might contain personal information. However, Microsoft states that it will not use this information in any way. The primary limitation of this setting is that it does not protect users from items that are defined as not yet classified.

The second option is Join With An Advanced Membership. This option enables Windows Defender to collect and transmit information about unclassified potential spyware. Windows Defender can collect numerous technical details to help analyze whether the program is indeed malicious. Apart from helping detect malware more quickly, this setting also configures Windows Defender to present alerts for unclassified malware that it detects.

The final option is I Don’t Want To Join Microsoft SpyNet At This Time. In most cases, the basic and advanced memberships will be most useful for customers. No special registration process is required, and Microsoft guarantees that user-specific information will remain confidential if it is included with a malware report.

Configuring Windows Defender Options

Windows Defender includes numerous basic and advanced options that you can configure based on users’ specific needs. You access these settings in Windows Defender by clicking Tools and then clicking Options (see Figure 12-35). The main sets of options that are available include the following:

  • Automatic Scanning These settings specify whether automatic scanning is enabled. If it is, the user can choose the frequency and time at which Windows Defender performs the scans. Additionally, there is an option to download updated definitions automatically before performing the scan.

  • Default Actions This section allows users to specify actions that Windows Defender automatically takes when it detects malware. The default settings specify that the recommendations that are included in the definition files should be used. This is often the most appropriate setting for users. Other options include specifying whether items of a certain alert level should be automatically removed or ignored.

  • Real-Time Protection Options Windows Defender includes numerous features that are useful for automatically preventing against common malware installation methods. This section, shown in Figure 7, enables users to specify which types of actions Windows Defender should monitor. The most secure setting is to leave all of the check boxes selected. For performance or testing reasons, however, you might want to disable one or more of the items.

    Figure 7. Viewing real-time protection options in Windows Defender
  • Advanced Options This section includes several settings related to which files Windows Defender scans, along with specific behaviors such as automatically creating restore points. You can click the Add button to specify files or locations that Windows Defender should not scan (see Figure 8).

    Figure 8. Configuring advanced and administrator options in Windows Defender
  • Administrator Options This section enables you to specify whether Windows Defender is enabled and whether other users on the computer can make changes to its configuration.

Figure 9. Viewing Windows Defender configuration options

Overall, Windows Defender includes a large number of options for customizing the behavior for malware detection and removal.

Other -----------------
- Diagnosing Issues in Windows Vista (part 6) - Using Other Diagnostic and Troubleshooting Tools
- Diagnosing Issues in Windows Vista (part 5) - Repairing Windows Vista
- Diagnosing Issues in Windows Vista (part 4) - Troubleshooting Startup Problems
- Diagnosing Issues in Windows Vista (part 3) - Performing Windows Memory Diagnostics
- Diagnosing Issues in Windows Vista (part 2) - Using System Restore
- Diagnosing Issues in Windows Vista (part 1) - Monitoring Windows Event Logs
- Using Windows Complete PC Backup and Restore (part 2) - Performing a Complete PC Restore
- Using Windows Complete PC Backup and Restore (part 1) - Creating a Complete PC Backup
- Using the Backup and Restore Center (part 4) - Using Previous Versions of Files
- Using the Backup and Restore Center (part 3) - Restoring Files from a Backup
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Windows Vista
Windows 7
Windows Azure
Windows Server