When malware enters your system, one of the first things you can do is disable your antivirus scanner. You can also modify the HOSTS file to block access to antivirus update servers.
Testing your antivirus
The easiest way to make sure your antivirus software is working is to use the EICAR test file. It’s also a good idea to make sure your security settings are configured correctly in Windows.
The EICAR test file
The EICAR test file is a virus simulator developed by the European Institute for Computer Antivirus Research and Computer Antivirus Research Organization. EICAR is a string of non-viral codes that most antivirus programs have included in their signature definition files specifically for testing purposes; therefore, antivirus applications respond to this file as if it were a virus.
You can easily create one yourself using any text editor or you can download it from the EICAR website. To create an EICAR test file, copy and paste the following line into a blank file using a text editor such as Notepad:
Save the file as EICAR.COM. If your active protection is working properly, simply saving the file should trigger an alert. Some antivirus applications will immediately quarantine the file as soon as it is saved.
Windows security settings
Test to make sure you have the most secure settings configured in Windows.
- In Windows 7, security and firewall settings are available through Start | Dashboard | System & Security. Select Action Center in the right pane.
- For Windows 8 and 8.1, type the word “action” on the Start screen, then select Action Center from the results.
- For Windows 10, enter “security and maintenance” in the search box on the taskbar, and then select Security and Maintenance.
Once in Action Center, make sure Windows Update is turned on so you can get the latest updates and patches, and schedule a backup to make sure you don’t lose any data.
HOSTS file check and repair
Some malicious programs add entries to the HOSTS file on your computer. The hosts file contains information about your IP addresses and how they are mapped to hostnames or websites. Malware editions can effectively block your Internet connection. If you are familiar with the normal content of your HOSTS file, you will recognize unusual entries.
In Windows 7, 8, and 10, the HOSTS file is in the same location: in the C:WindowsSystem32driversetc folder . To read the contents of the HOSTS file, simply right-click it and choose Notepad (or your favorite text editor) to view it.
All HOSTS files contain several descriptive comments and then a mapping to your own machine, like this:
# 127.0.0.0.1 localhost
The IP address is 127.0.0.1 and it maps back to your own computer, i.e. localhost . If there are other entries you don’t expect, the safest solution is to replace the entire HOSTS file with the default.
Replacing the HOSTS file
- Rename the existing HOSTS file to something like “ Hosts.old ” . This is just a precaution in case you need to use it again later.
- Open Notepad and create a new file.
- Copy and paste the following into the new file:
- # Copyright (c) 1993-2009 Microsoft Corp.
- # must be kept on a single line. The IP address should
- # in the first column followed by the corresponding host name.
- # lines or following the machine name indicated by a ‘#’ symbol.
- For example:
# For example:
- # 22.214.171.124 rhino.acme.com # source server
# 126.96.36.199 x.acme.com # x client host
- # 127.0.0.1 localhost
# ::1 localhost
- Save this file as “hosts” in the same location as the original HOSTS file.