How does malware propagate? According to Microsoft’s report (gathered from Microsoft’s Security Removal Tool) almost 45% requires user interaction, e.g. executing a file. Another 43% uses AutoRun capabilities via USB or a network to infect a system. The remaining 12% list file infections, exploits where updates are available and password brute force attacks.

It is interesting to note that disabling autorun would eliminate nearly 50% of all malware threats. Exploits, which get lots of coverage on the Internet attribute to only 6% of detections.

A look at the different types of exploits reveal that exploits targeting Java were responsible for up to one-half of all exploits in a given quarter. Operating system exploits have passed HTML and Script exploits in the second quarter which can be solely attributed to a vulnerability i Windows Shell which was for instance exploited by the Stuxnet family.

When it comes to document exploits it is Adobe Reader and Acrobat who have accounted for most of the exploits in the first half of 2011.

Operating system infection rates paint an interesting picture. Nearly ten times as many Windows XP SP3 systems get infected as Windows 7 SP1 64-bit systems. Windows 7 Service Pack 1 32-bit systems have a ratio of 1:6 compared to Windows XP’s infection rate.

Even Windows Vista with its latest service pack installed reports only half of the infection rate that Windows XP reports.

A look at the different threat families and categories sees Adware at the top followed by misc potentially unwated software, misc trojans and a second smaller group lead by Worms, Trojan downloaders, virus, password stealers and backdoors.

Email spam decreased dramatically in the past twelve months according to the Microsoft report. From 89 billion messages in July 2010 to 25 billion in June 2010. Microsoft attributes this to the takedown of two major botnets in August 2010 and March 2011.

Global Infection Rates by country

• United States:
• Brazil: Most trojan downloaders and droppers, most exploits, most password stealers and monitoring tools.
• France: Most Adware
• United Kingdom
• China: Most backdoors and spyware
• Germany
• Russia: Most misc potentially unwanted software
• Italy
• Canada
• Turkey: Most misc trojans, Worms and Viruses

Interested users can download the latest report and previous reports from Microsoft’s Security Intelligence Report website.

The alternative is an application like F-Secure’s Online Scanner which can be started from a web browser. This particular application is a Java app which means that the latest Java Runtime Environment (JRE) needs to be installed on the system.

Users can visit the official website to start a scan of their computer system right away. The online application uses up to date virus and threat definitions that F-Secure maintains for all of their products.

When you start the online app you are asked to select a scan mode. Available for selection are quick scan, which only scans the most important files and folders of the system, a full scan or a custom scan. Custom scan can be configured on an extra screen in the program interface.

Here it is then possible to scan all or only selected folders and file types. The program itself will scan for malware, spyware, rootkits using a database of known virus signatures and heuristics to identify unknown threats.

The program then downloads files from the Internet which may take some time depending on the Internet connection. The scan time depends largely on the selected mode and the speed of the system.

The application displays a summary after the scan highlighting potentially malicious files. These files can be deleted from the system and send to F-Secure as a sample (handy if heuristics identified an unknown threat that F-Secure has no information about).

The program is easy to use and comes with enough customizations for advanced uses. I would not recommend relying solely on online scanners for security though, but would recommend them for additional security scans on a regular basis. You can check out our overview of online virus scanners here.

Modern USB devices on the other hand do not ship with write protection switches anymore, which means that other solutions need to be discovered that work equally well.

What if you’d fill the storage on the USB device to the brim? That’s what USB Dummy Protect does. The idea is simple. You create a fake file that takes up all free space on the device. With no space left on the drive, viruses cannot write on it which means that they are blocked and cannot replicate.

The software is fully portable and needs to be placed on the USB device. You can run the program on any computer system that runs the Windows operating system.

USB Dummy Protect detects the free size on the device directly after it has been started, and begins to write a dummy file of the same size to the drive. The filename is always dummy.file.

If you need space to store files on the drive, you need to remove the dummy file first, copy or move the new files to the drive, and run USB Dummy Protect again to fill the remaining free space again with a dummy file.

The protection is basic, and advanced viruses may be able to circumvent it, for instance by deleting files on the stick to free up space before writing to the stick.

Still, USB Dummy Protect is relatively comfortable to use, especially since it is always located on the USB drive so that it can be used to write a new file whenever that is necessary.

The software worked fine on a 64-bit Windows 7 Pro test system. The developer notes that it only works on USB devices of up to 4 Gigabytes if they use the FAT file system.

You can download USB Dummy Protect from the project homepage at Google Code.

The company stayed deathly silent for eighteen months but have now finally announced that there have been 774,651 activations using the pirated key for their Avast Pro suite.

The key was originally issued to a small business in Arizona but has since been used right around the world including, according to an Avast spokesperson, “on two computers in Vatican City”.

The spokesperson went on to say “There is a paradox in computer users looking for ‘free’ antivirus programs at locations with a known reputation for spreading malware.”

Now the dodgy code is being used in over 200 countries and Avast have issued a pop-up warning on the relevant computers informing the user, who may be completely unsuspecting, of the situation and offering them the option to switch to a legitimate copy of either their free or paid-for anti-virus suites.

There’s no data yet on how many pirates have decided to go legit, but according to Avast “it’s going according to plan”.

Some variants of the worm contain a link to a PDF document, this PDF contains malware that opens access to the users’ email address book.  It’s becoming increasingly common for Adobe’s file formats to be used for viruses and malware since increased security in newer versions of Microsoft Windows have made it a much harder target.

The worm will immediately spread by sending a copy of itself to everyone in the users’ address book.  It will also attempt to remove or disable any security software on the PC so that it can remain undetected.  Finally it will look for open network links to other computers and attempt to auto-run itself on those machines.

The worm isn’t widespread but so far some major corporations have been hit including NASA, Disney and the insurance giant AIG.

Security firm Kaspersky said the new worm has similarities to the now infamous I Love You bug  of ten years ago.  “The difference with those earlier attacks is that the e-mails typically carried the malicious file itself and didn’t rely on a link to a downloading site…But the technique used to entice users to click on the attachment or malicious link is the same: offer the user something he wants to see.”

As always our advice is to virus check any attachment before you open it, if you even need to open it at all.

The controversial system collected the URLs of websites visited by its customers and the ISP failed to inform either its customers or the ICO before its launch.

Mark Schmid, TalkTalk’s Director of Communication said in a statement “We were simply looking at the urls accessed from our network, we weren’t looking at customer behaviour so we didn’t feel we were obliged to inform customers.  This is all about protecting customers. It is not designed to provide us with data for any other purpose.”

The system scanned the websites visited by TalkTalk customers to aid the company in detailing websites that could contain malware or viruses.

British Telecom had proposed a similar service called Webwise which was heavily criticised by the British public.  BT also conducted trials without informing customers which led to accusations of intercepting private data.

Online privacy is an issue of which the public is becoming increasingly aware, which can only be a positive thing.

The virus, discovered by Kaspersky Labs, is believed to be the first booby-trapped application for the operating system.  In a security advisory, Kaspersky say “ the fake media player was most prevalent among Russian Android users. The risk to Android owners worldwide is believed to be low.”

Needless to say there are a huge number of smartphone users who, though app stores are installing large volumes of programs on their phones without really knowing if they are hiding any malicious payloads.  This is a problem that’s only going to get worse over time.

“We can expect to see a corresponding rise in the amount of malware targeting that platform,” said Denis Maslennikov, mobile research group manager at the firm.

There are a significant amount of Java applications that behave in this way, as the BBC has proven recently with it’s own malicious app to prove how easy it is to write such code, but this is the first believed to have been written specifically for the Android operating system.

Both Apple and Google monitor the apps that are available for download through their app stores and Microsoft have also said they will do the same with their forthcoming Windows Phone 7 Operating System.  Somehow though this virus has still made it through the testing process.

A spokesperson for Google told the BBC…

“Google has a system in place that can revoke malicious applications and stop them running on handsets.  Our application permissions model protects against this type of threat.  When installing an application, users see a screen that explains clearly what information and system resources the application has permission to access, such as a user’s phone number or sending an SMS.  Users must explicitly approve this access in order to continue with the installation, and they may uninstall applications at any time.  The spokesperson said the firm advises users to “only install apps they trust”.

The malware takes the form of a game that spies on the smartphone’s owner and was built using the standard software toolkits that are available  to everyone.  In a report on the experiment today, Experts says that this makes the malware much harder to spot.

There is evidence that criminals are now beginning to target smartphones with their complete lack of virus protection, in order to gain personal details that can be used for identity theft and other crimes.

Chris Wysopal, the co-founder and head of technology at security firm Veracode, who helped the BBC develop its malware, said that smartphones are not at the point PCs were at in 1999, at the birth of the popular internet.

“At that time malicious programs were a nuisance. A decade on and they are big business, he said, with gangs of criminals churning out malware that tries to steal saleable information.”  He said.  “Mobiles offered a potentially more tempting target to those criminals.”

Simeon Coney, of mobile security form Adaptive mobile said…

“In a mobile network the device is intrinsically linked to a payment plan, to a user’s credit,” he said. Nothing happens on a mobile network, no call is made or text is sent, without money changing hands.  Criminals have tapped into that revenue stream by getting phone owners to dial or contact premium rate numbers. Now they are turning their attention to applications and the lucrative information they scoop up.”

The Java application from the BBC was put together in only a few weeks and  gathered contacts, text messages and also gathered the phones’ location.  IT then sent this information to a specially set-up email address.

The malware was only 250 lines of code, with the entire program only 1500 lines of code.  The BBC say in their report that there can be benefits to the way some phone OS manufacturers vet programs.  Apple vets every program for the iPhone and iPad and Blackberry maker RIM and Google can easily switch off malicious applications through use of a code-signing system.  Microsoft’s Windows Phone 7 operating system will also see all programs vetted.

The last time the BBC conducted an experiment like this they took control of a botnet, but when the experiment was over left a message on the screens of the infected PCs worldwide and instructed the botnet to self-destruct.

The latest threat is another with Adobe’s name on it.  The company has already come under heavy criticism this year for major flaws in it’s Acrobat and Flash platforms, this new threat is more of the same with the Acrobat reader for the iPhone.

The BBC is reporting that experts are saying the threat has yet to be exploited and are urging Apple and Adobe to find a fix before it is.

The threat would affect all devices running Apple’s iOS operating system, the iPhone, ipod and iPad, none of which run anti-virus software.

Graham Cluley, a computer security expert with Sophos, told BBC News that the exploit used the same principle as Jailbreakme – a utility that lets iPhone 4 owners run non-Apple approved applications – although it uses the exploit in a benign way.

“It uses the same tricks as you do when jailbreaking,” said Mr Cluley.  “We always thought that Apple’s Mobile Safari would be the main vulnerability.  “At present, we have yet to see any of these exploits out in the wild, but it is only a matter of time,” he warned.

The method exploits a weakness in the Safari web browser to automatically open an infected PDF.  The irony of this being that so far the only way to secure yourself against it is to unlock your device and install unapproved software on it.

Neither Apple for Adobe have so far commented on the threat or said when a patch might be available.

Antivirus software that cleans the virus may sometimes fail to cleanup the system properly. It can happen that Windows features are still not accessible even after the virus has been removed from the computer system.

That’s where tools like Re-Enable aid the user. The software program offers to activate Windows features like Regedit, Windows Task Manager, System Restore, MsConfig or the Control Panel after a virus attack.

It displays all features in the main interface upon startup. Some or all of the apps and functions can be selected for fixing.

re-enable

A click on the Re-enable button after the selection will start the recovery process.

The program offers a Tool menu on top that comes with additional troubleshooting utilities. Here it is possible to restore Safe Mode, edit Hosts files, reset files and folder attributes, unhide drives, repair the desktop, repair explorer.exe startup problems or scan for and delete autorun.inf files.

Re-Enable is a handy program to repair a system after a virus attack. The developer has created a lite version which requires the Microsoft .net Framework 3.5 SP1 and a portable version which has no dependencies but is 30 times the size of the lite version (700 KB to 22 MB). (thanks Gabor for the tip)

Take a look at Recover Operating System After Virus Attack for an alternative

Microsoft has reported it’s seen more than 10,000 PCs hit by the attack so far and it’s still not been able to find a fix for the problem.

The effect of the vulnerability can give hackers complete control over a PC.  It initially came about when a Google Engineer discovered it was possible to exploit Windows XP’s ability to send and receive remote help from another computer.

Initially, Microsoft said it only saw “innocuous” attacks by a few researchers but now hi-tech criminals are exploiting it as well.

Writing on the Microsoft Security Centre blog, Holly Stewart said it had started seeing “seemingly-automated, randomly-generated” web pages that host the exploit.

A senior security researcher at Trend Micro, Rik Ferguson, said  ”It’s certainly very serious and is now being actively exploited by what appears to be several different groups as you can see form the multiple payloads being delivered.” and Carole Thierault, senior security consultant as security firm Sophos has described the attacks as a “nightmare”.

Microsoft is still working on a fix for the problem but Engadget have reported that…

Microsoft says the only current work around to the issue is to Unregister the HCP Protocol which disables hcp:// style links

The vulnerability does not affect Windows Vista or Windows 7.

Windows XP and Windows Server 2003 users can read the following guide to find out how to protect their system from the attack: Windows XP And Windows Server 2003 Zero-Day Vulnerability

To make matters worse there seem to be two – possibly unrelated – issues that webmasters experience. One is a malware attack that is spreading malware on hacked blogs while the other is making use of cloaking techniques to serve a different version of the blog to search engine spiders than to regular visitors and admins.

The cloaking hack appeared on radars in March when bloggers and hosters reported about compromised sites. Media Temple for instance stated on March 2nd that “a number of customer sites [..] have been compromised”.

They identified several patterns the attackers used, one of which placed random-string names in the document root of the blog.

But Media Temple hosted WordPress blogs were not the only ones hit by the attack. Reports from webmasters hosted by Godaddy, Network Solutions or VPS.net indicated that the attack was not web hoster specific.

Fast forward to April 6. Christopher Penn discovered that his blog had been compromised. He found out that the hack on his site injected a new option name into the wp_options table that was using encoded Javascript. The option name always started with rss_.

Deleting that name from the database table stopped the cloaking issues he was experiencing. The key did however appear again which suggested that his blog was still open for the attack.

The vulnerability itself has not been discovered yet. Chris suggested that it has either been the TimThumb plugin or an outdated version of Magpie that WordPress ships with. Both have not yet been confirmed to be the entry points.

There has been no response yet from the WordPress developers regarding this issue.

To make matters worse a second attack has hit WordPress blogs, this time to spread malware. It is not yet clear if the two attacks are related but it is likely that they are.

Frank Gruber posted information about that second attack on his blog which ironically seems to have been successfully compromised as well.

The virus somehow infiltrates WordPress and adds a new file in your scripts directory called jquery.js and then inserts that file into the header or footer files of your site. It also inserts an iFrame that calls a 3rd party site which is known for malware or other malicious activities.

The Trend Micro blog is sharing additional information about the virus that is being spread using this attack. The attack “leads into an infection chain that leads to various malware, including a rogue antivirus[..]“.

To sum it up:

• Several WordPress blogs running the latest official version are currently successfully compromised.
• Attackers either manipulate the blog to spread malware (more recently) or to cloak links that are only visible to search engines
• It is currently not clear how the attacks are carried out.
• Some pointers are given on how to disinfect a blog

WordPress webmasters should check their blogs immediately to make sure that it has not been compromised yet. A wordpress plugin like Antivirus might also help in preventing a successful attack.

The Cleaner is an antivirus software, not a suite which means it does not offer a firewall, email spam scanning or any of the other modules that security suites offer. It can therefor be best compared to other standalone antivirus solutions such as AVG 9 or Avast.

The developers have divided the program into a scanner and a resident program, both highly compatibly with other antivirus solutions installed on the computer system. The program uses a database of malicious software plus advanced heuristics to detect known and unknown threats on a computer system.

The Giveaway of the Day edition does not offer the TCActive module that monitors processes in the background. This version of The Cleaner is therefor only suitable for scanning the computer system for malicious software.

TCActive is available in the program directory despite the help file claiming that it is only available in retail versions of the security program. It needs to be started manually and will run in the background afterwards.

The tab driven program is easy to use. The user should start by clicking on the Update tab to update the program’s database, something that does not seem to be handled automatically by the antivirus software.

The scan tab provides the means to perform a smart scan that will only scan popular locations for malware or full scan which will scan everything on the hard drives selected by the user.

The only other options provided are to change the heuristics level from relaxed to paranoid in a slider, to whitelist files so that they are not scanned by the software and to take a look at reports and the log.

The Cleaner in this regard is therefor a solid addition to any security setup a user might already have installed on the computer system. The lack of the background process monitor make it not suitable as the only antivirus program on the system.

Installation of The Cleaner

Installation is straightforward. Just execute the setup.exe after extracting the files to the local computer system. The serial number for The Cleaner is located in the readme file that is part of the zip file. The program can be registered after the first startup. A restart of the software is required afterwards.

Positive

• Fast Scan
• Compatible with other antivirus software and security suites
• Background monitoring with TCActive

Negative

• No TCActive module means no background monitoring
• Updates have to be initiated manually

The Cleaner, well the crippled version without TCActive, is available for free at the Giveaway of the Day website. The developer’s website is accessible here.

Followed by no file type at all (e.g. pointing the user to a root url or directory) with 18.99%, the txt file extension with 10.37% and php with 6.56%.

This requires some explanation. Most users would probably agree that text files are harmless. This is not always the case especially when it comes to links as links can be redirected easily. But attackers can also rename an executable to txt and use malicious code on a website to run the file.

The statistics basically points out that while the standard file (exe) associated with a computer virus is making up more than 50% of all attacks it is of equal importance to understand that harmless looking files and links can be malicious as well.

The safest bet is still to avoid clicking on links or attachments in emails. A sandboxed environment or a virtual PC are two secure alternatives if the link needs to be clicked on. (via Avira Blog)

For Linux, ClamAV is one of the best virus scanners. And not only is ClamAV one of the best, it also has a great front-end for users who prefer to not have to deal with command line tools. That front-end? ClamTk. In this article you will learn how to install and use ClamTk to keep your Linux box virus free. Your friends and co-workers might thank you in the end.

Installation

First and foremost, ClamAV is required (You can read more about ClamAV in my article “Add antivirus to Postfix with ClamAV“) so you will need to have that installed and updated (might even be wise to make sure ClamAV is the latest version and run the freshclam command to update your virus signatures before you begin the installation of ClamTk).

If you’re unsure how to update ClamAV you can do so fairly easily. Let me show you how to update ClamAV in Debian. Follow these steps:

1. Open up a terminal window.
2. Gain super-user access (either with the su command or using sudo – depending upon how you use/administer your system).
3. Open up the /etc/apt/sources.list file in your favorite editor.
4. Add the line deb http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free to the bottom of the file.
5. Save and close the sources.list file.
6. Issue the command apt-get update.
7. Issue the command apt-get install clamav clamav-base clam-freshclam.

Your ClamAV should be up to date. Now let’s install ClamTk.

From the same terminal window, issue the command apt-get install clamtk which will install the latest version of ClamTk. You are ready to scan.

Using ClamTk

Figure 1

To open the ClamTk window (see Figure 1) you can either click Applications > System Tools > Virus Scanner or from either the run dialog (<Alt>F2) or a terminal window issue the command clamtk. One of the first things you should do is click Help > Update Signatures which effectively runs the freshclam command.

You can take care of scanning a few different ways:

• Click Home button (the Home icon) to do a quick scan of your ~/ directory.
• Click the Binoculars icon to scan a single file.
• Click the magnifying glass to scan a directory.
• Click Scan > Recursive Scan to scan a parent directory and it’s children.
• Click Scan > Home (thorough) to do a more thorough scan of your home directory.

Since I use Claws Mail, I would want to do a recursive scan on the ~/Mail directory. I will warn you, a thorough, recursive scan can be somewhat resource intensive. So if you need to do this type of scan, you might want to do it when you’re not busy, otherwise your machine might become a bit less responsive.

Final thoughts

I am happy to say that I have yet to come across an infected file on any of my Linux machines. Does that mean I will stop scanning? No. I get a ton of email, and I prefer to do my part to ensure that no email that might leave my inbox (especially forwards) contains a virus. You should do this as well, even when Linux is your main operating system.

The Virus Total service can be used on the website directly by uploading one file to the service or by use of the Virus Total software which recently has been updated to version 2.

It was previously only possible to send one file from within Windows Explorer to the service using the software. This has changed as Virus Total Uploader 2.0 comes with its own interface.

The main improvements of Virus Total Uploader 2.0 are the ability to send up to five files to Virus Total, a file size limit increase from 10 Megabytes to 20 Megabytes, a process view that can be used to send running processes to Virus Total and the option to download and upload files from a url to the online service.

Files that should be send to the online service can be dragged and dropped into the interface, picked from the process listing or selected using the build in file browser. The software will automatically generate file hashes for the selected files and compare them to the Virus Total database. Results are displayed immediately of matching hashes are found with the option to upload the file anyway for a second check.

The old option to send files from within Windows Explorer is still available in the Send To menu. Users who prefer this option can use it exclusively and ignore the program interface.

Virus Total Uploader 2.0 adds several interesting new features to the virus checking service. Especially the increased file size limit and the ability to test running processes easily make it a recommended addition to every Windows operating system.

The new version can be downloaded from the official Virus Total website. (via Raymond)

The following links point to antivirus software programs that can be downloaded as trial versions. These trial versions can be used for either 30 days or 90 days without payment.

Which antivirus software developers are offering 90 day trials?

• McAfee VirusScan Plus [link]
• McAfee Internet Security [link]
• McAfee Total Protection [link]
• Norton Antivirus [link]
• Norton 360 [link]

Which antivirus software developers are offering 30 day trials?

• Kaspersky Antivirus [link]
• Kaspersky Internet Security [link]
• Bitdefender Antivirus [link]
• Bitdefender Total Security [link]
• Bitdefender Internet Security [link]
• ESET Smart Security [link]
• ESET Nod32 Antivirus [link]
• Trend Micro Internet Security Pro [link]
• Trend Micro Internet Security [link]
• Panda Security Antivirus [link]
• Panda Antivirus Pro [link]
• F-Secure Internet Security [link]
• F-Secure Antivirus [link]

Please let us know in the comments if we have missed a product.

Some notes: This article does not rate the antivirus software programs. There might be free programs out there that are comparable to the listed antivirus products. The only problem with this method is that users need to install different antivirus software regularly. This not only means more work for the user but also the requirement to get used to new software products.

Many antivirus companies are running promotions every now and then that offer longer trial versions for download. This will obviously help tremendously.

Any thoughts or ideas?

IClean is a portable application that can be run from anywhere including a portable drive or device. The computer program will then display information about the computer system in six tabs that are accessible on top of the interface.

• Processes: Displays all running processes with the option to check processes and kill them or kill and delete them.
• Services: A list of all running services with the option to delete multiple services at once.
• Registry: Several security sensitive Registry settings are displayed here including programs that bypass firewall rules, toolbars and browser helper objects with the option to repair, backup and restore settings.
• Startup Folders: Displays a list of startup items that are loaded during system start with the option to enable, disable or clear them.
• Hosts: The Windows hosts file that is used by malware to redirect Internet traffic.
• Advanced: Option to terminate a known process ID.

Several of these options could come in handy after a sucessful malware removal on the computer system. IClean is available at the developer’s website and compatible with all Windows operating systems from Windows 98 to Windows Vista (and probably Windows 7 as well).

These things seem to happen regularly and it is not only laptops that are affected by this. We have seen malware on appear virtually anywhere where it can appear in the last years, even on music CDs from a well known company. This leads to the interesting question on what users can do to ensure that their computer system is not already infected by malicious software.

Security companies advise to scan a newly purchased computer system thoroughly before starting to work with it. They also suggest to stay offline during the procedure which can sometimes be problematic if the computer system is the only available at hand. The virus definition files of antivirus software that is already installed on the computer system is usually outdated and might not catch the virus. The same is true for antivirus software that is purchased in stores.

Security experts therefor suggest to download the virus definitions for the antivirus program from a different computer with Internet access. That’s problematic if there is only one computer system available. Solutions for this might be to visit friends, go to an Internet Cafe or computer shop to download it from there.

Which leads to the question: What do you do after buying a new computer system?

One of the traits of the Conficker worm is the blocking of url strings. This includes urls of antivirus companies, Microsoft and support sites that could aid users in removing the Conficker worm from a computer system. Users with the worm cannot open the websites in their web browser anymore and this is the exact concept of the Conficker Eye Chart. It displays six images on the website. Three images from urls that are not blocked by Conficker and three that are blocked.

If the web browser is displaying all six urls it is very likely that Conficker has not infected the computer system. If only the safe three images are displayed an infection with the C variant of Conficker is likely while the display of four images hints at A and B variants of Conficker.

The major benefit of this Conficker detection test is its simplicity. It takes only a web browser and a few seconds to test if the computer system has been infected. It is still a good idea to confirm the findings by using a software detection program which you can find here.