Create a Virus Removal Lab and Practice… a Lot.
Practice virus and spyware removal on your own systems first! Learn to become a malware removal expert in your own lab environment, and get the confidence and skill to take on the latest threats. Here's what you'll need:
- a Windows XP computer (512 MB RAM P4 recommended)
- internet connectivity
- (optional) a removable hard drive and backup software like Norton Ghost or Acronis
If you have these supplies, the rest are free. Setting up your lab consists of:
- Installing Windows XP
- Creating a Utilities CD
- Backing up Your System
Installing Windows XP is self-explanatory and there are plenty of guides available.
Creating a utilities CD involves finding and installing the latest malware removal tools. See the Utilities CD link on the right.
Backing up Your System with Acronis or Ghost happens after you make absolutely sure you have no personal data on the computer. Get your system in a state where you are ready to load a virus on it, but don't do anything yet before backing up to a removable hard drive.
Now for the fun and danger. It's dangerous because you do not want to be connected to any Network, or you might inadvertently spread the virus to others. That's why you must follow three separate steps:
- Downloading the virus
- Disconnecting from the Network
- Executing the virus
Limewire: the easiest way to catch a virus.
Dowloading the virus can be done using P2P software like Limewire. Typically, a large portion of these files are viruses, especially files labled "keygen". You can use a free scanner like AVG to determine which of your downloads are viruses, and then save and label these samples on a CD or thumb drive (just be careful what you do with them).
Disconnecting from the Network. This means unplugging Ethernet cables, phone cables, and any other networking gear from your computer. Make sure to remove Wireless capability completely. You don't want to get blamed for spreading viruses, or even worse, hosting illegal material as a result of the virus infection.
Executing the Virus. This step is easy - run the really-harmful-virus.exe file on your quarantined lab computer. I recommend working on one virus at a time, so you can learn from your mistakes in a predictable, repeatable environment. If any certain virus gives you trouble, you can learn the best way to remove it, and you'll know which virus is causing you difficulty.
Next, you get to practice:
- Virus Detection
- Virus Removal
Virus Detection. Once you've executed the virus, you might be able to confirm that it is running in a new process is running using Process Explorer, a free tool. Or, if uses rootkit cloaking mechanisms, then you get to explore your rootkit detecting tactics.
Virus Removal. For special virus removal tactics, see the Removal Tactics link on the right.
If your lab computer ever becomes too corrupted, you can restore it to its earlier state using the optional backup software. Alternatively, you can format and reinstall Windows.
