Removing Perfctl From My Linux Server

If you’ve been around a while, you’d remember there was a time when you can rest quietly assured that your Linux box is safe from viruses and other malware. Or rather, few bad actors bother to target Linux. Most target Windows. That was then. But today, with the increase in the popularity of Linux not just on servers but even on desktops, Linux is no longer under the radar of bad actors.

So a few days ago, I was alerted to abnormal CPU utilization on one of my servers. I logged in to check and saw that there’s a process called perfctl that was using up CPU time. I killed it but it respawned after a while. It looked like my Linux server had malware.

Continue reading “Removing Perfctl From My Linux Server”

RegEdit and Task Manager

RegEdit and Task Manager are two useful Windows tools for managing your computer. RegEdit allows you to edit the Windows registry, a global configuration setting repository. Task Manager, on the other hand, allows you to start and stop applications and processes among others.

What’s one use for these tools? Malware cleanup. Typically viruses, worms, and other malware would be hooked up into your registry to run upon Windows startup. You need to stop the malware process using Task manager. Press Ctrl-Alt-Delete, Select the Processes tab, choose the malware process, and click End Process. Of course you’ll need to know the name of the process. If I don’t, I would normally just stop everything I can and then run regedit :P

Once the malware process is (hopefully) stopped, you would want to be able to  edit out  their entries in the registry using RegEdit. Click Start->Run…, type “regedit”, and press Enter. Typically malware startup values would be under “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run”). Just carefully delete them.

Now here’s a  problem: Some malware disables both these tools. The solution? Use alternate tools that provide the same or even bettter functionality such as RegAlyzer and Task Killer.

Disabling Autorun

One big cause for your computer getting infected by viruses, worms, and other malware would be Window’s autorun “feature”. Plug in a hard disk, optical disk, memory card, etc and autorun launches and runs a program. Guess what that program usually is? Yup, malware.

So one of the easiest ways to protect your computer is to simply disable autorun. There are many ways to do it but by far, this procedure from annoyances.org works best for me:

  1. Click Start->Run…
  2. Type “regedit” and press Enter.
  3. Navigate the tree on the left pane to “My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies”
  4. Expand “policies”
  5. If there’s no “Explorer” folder, right-click “policy” and select New->Key. Type “Explorer” and press Enter.
  6. Open the “Explorer” folder.
  7. If there’s no “NoDriveTypeAutoRun” entry on the right pane, right-click on it and select New->DWORD Value. Type “NoDriveTypeAutoRun” and press Enter.
  8. Right click on “NoDriveTypeAutoRun” and select Modify
  9. Enter “ff” on the Value Data Field and select Hexadecimal for Base. Click OK
  10. Close Regedit
  11. As with anything you do in Windows, restart your computer.

Voila! No more autorun.