You are on this page because Elisa has received a notification of a device infected with malware in your subscription. Elisa receives such notifications from reliable parties, such as the Finnish Communications Regulatory Authority.
Once you have received notification of a computer virus, immediately disconnect the infected device until the virus has been removed. This reduces threats directed at information located in your computer, such as leaks of information. In addition, this will prevent your network traffic from being blocked to remove the virus as your subscription may need to be closed until the infected computer has been cleaned.
For assistance, contact our Omaguru service. The number is subject to an extra charge.
Malware
Malware often steals user IDs, passwords or even banking IDs. In addition, it may slow down your computer or even prevent you from using it. As a result, it is important that it is removed from the computer as quickly as possible, and the computer is not connected to the network before it has been cleaned. Reinstallation of the operating system is often the easiest and safest way to clean your computer. You should also change your passwords in every service you use after cleaning your computer. Otherwise, you should change your passwords at regular intervals.
Malware can infect any operating system, even if older Windows systems are the most vulnerable. Recently, viruses that attack Mac systems, such as DNSChanger and Flashback, have appeared in greater numbers. Typically, Linux systems are troubled by port scanners.
Regardless of the operating system, it is important that their data security is kept up to date by installing all necessary updates. Virus protection must be up to date, and firewall settings should be checked regularly. There are several virus protection programs available. Elisa offers Elisa Security Services. Virus protection software does not guarantee 100% protection against viruses, but without any protection, your computer is likely to become infected and become inoperable fairly quickly.
Any computer can become infected with viruses, and it is good to remember that you should not install any programs from the Internet if you are not absolutely certain of what they contain. Moreover, it is not recommended to open any links to pages if you do not know what they contain. Junk mail sent to your e-mail address often contains attachments or links to pages that contain malware. Using virus protection software and a firewall, and using the Internet smartly, provide good tools in the fight against viruses.
Open DNS server
An open DNS server is a feature in modems, routers or computers which can be utilised in denial-of-service (DoS) attacks. DoS attacks are based on the open DNS server responding to name queries made through the Internet from an address defined by the attacker. In this case, the attacker can set the attacked service or site as the target.
Some modems and routers include a setting which enables an open DNS server. This feature should be disabled. An open DNS server can also run in computers if the broadband terminal is bridged. In this case, the DNS feature must be disabled manually. Often, this feature is activated by malware or a virus.
An open DNS server is always a security risk. If you need help in closing your open DNS server, contact the Omaguru service.
Additional information:
http://www.cert.fi/katsaukset/2012/tietoturvakatsaus_1-2012/dns.html
Finding an infected computer
Operators receive notifications with an identifier which helps in finding the correct subscription. We may not be able to pinpoint the exact computer from which the malicious traffic is coming. However, we can narrow the target down using dates and times. Malware notifications may also be sent regarding computers that have connected to the network through wireless or wired technology. If the infected computer is not located in your house, it is possible that the network has been accessed through your wireless network if it is unsecured or if the password has been cracked. We recommend that you secure your wireless network or change your current password.
Torpig/Mebroot
Mebroot and Torpig are rootkits that usually appear in Windows XP or older Windows operating systems. These rootkits are difficult to remove because they can access the boot sector of the operating system. Therefore, it starts up before the operating system and virus protection software. As a result, virus protection software is often unable to detect a rootkit. The easiest and safest way to remove a rootkit is to reinstall the operating system.
> Information about Mebroot on Ficora's website
> Wikipedia (English) page about Torpig
Conficker (Downadup)
Conficker is a computer worm which exists in several different versions. Therefore, it can be difficult to find using virus protection software. Some of the malware can often be removed, but some of it may remain in your computer, allowing the malware to continue running. The easiest and safest way to remove the virus is to reinstall the operating system. Conficker is often spread through USB sticks and external hard drives. As a result, all USB sticks, external hard drives and memory cards used in the infected computer should be cleaned.
> Information about Mebroot on Ficora's website
> Wikipedia (English) page about Torpig
Port scanners
Port scanners look through extensive IP address spaces for open computer ports. Often, they concern a computer infected with malware or connecting to the network without precautions. In addition to the Windows operating system, port scanner viruses can appear on Linux systems or digital receivers.
> Information about port scanner viruses on Ficora's website
Bitcoin miner
A Bitcoin miner is malware which infects OS X. It steals passwords and harnesses the computer to mine virtual BitCoin money. The safest way to remove the virus is to reinstall the operating system.
> http://news.softpedia.com/news/Bitcoin-Mining-Malware-in-the-Wild-208665.shtml
> http://www.tietokone.fi/uutiset/uusi_mac_troijalainen_vakoilee_ja_louhii_virtuaalirahaa
Bank trojans
The purpose of bank trojans is to steal online banking IDs and passwords using screen capturing and key logging software. ZeuS trojan is particularly malicious in Finland because it identifies Finnish online banks.
You can try to clean your computer using the link below.
> http://fitsec.com/blog/index.php/2011/08/15/tool-release-a-banking-trojan-detection-tool/
If you are unable to clean your computer, the safest way to remove the malware is to reinstall the operating system.
> http://krebsonsecurity.com/tag/citadel-trojan/
> https://www.cert.fi/tietoturvanyt/2011/08/ttn201108231354.html
DNSChanger
DNSChanger is malware which changes DNS settings. DNSChanger may also change your router's DNS settings, due to which the router needs to be reset after cleaning. The safest way to remove the malware is to reinstall the operating system.
Information about DNSChanger on the FBI's website
Virut
The reinstallation of the operating system is recommended.
> http://www.f-secure.com/v-descs/virus_w32_virut.shtml
Reinstallation of the operating system
In order to reinstall your operating system, you need the discs delivered when you purchased your operating system or computer, or downloaded versions of the Windows operating system. You also need a key code which verifies that you have an authentic version of the system. You may also be able to reinstall your operating system from a hidden partition on your hard drive.
The hard drive needs to be formatted before reinstalling the operating system. After this, you can start the reinstallation. In principle, the operating system is easy to install if you only use basic settings, in which case you only need to accept the questions asked by the installation wizard and follow instructions.
Make sure that, before formatting the hard drive, you take copies of all necessary files, such as images, text files and other personal files. Do not take copies of executable files if they can be installed from other sources. Malware is usually attached to executable files.
If you are unable to install the operating system, ask for help from someone you know who knows more about computers. You can also contact Elisa's Omaguru service or computer service companies.
Terms and conditions
Customers who have signed an agreement with Elisa are responsible for the use of their subscription and any traffic passing through the subscription. Agreement terms contain separate provisions regarding information security for which the customer is responsible.
Elisa is responsible for information security within its communications network and information security services it offers. Otherwise, customers are responsible for information security related to their use of the service.
> Agreement terms of Elisa and Saunalahti
Information security provisions are set out in Sections 4.2 and 4.6.
Windows-etätuki
Mac-etätuki