Research Paper on "Malware Removal Forum" in fulfillment of the course requirement in BA 180.1 Submitted to Professor Salma Angkaya

GROUP 8: BLACK DRAGON SPIRIT

Betsy Faye P. Aquino Ma. Karen Joy C. Legaspi Gian Carlo S. Lim Adrian M. Manlapig Ponce Ernesi P. Samaniego Lara Margaret M. Santos Adrienne Cecille D. Toledo

I. Definition and Description of the Technology

a. Overview of the effects brought by malware to our computers

In this digital age, endless possibilities happen at just a click of a button. The power of technology is at the reach of each individual that knows how to use it. Through the technologies that we have today, we were able to increase connectivity and facilitate tasks. Because of this, the technology has become a vital part of our society and culture that it is almost impossible to picture how we were able to survive without it back then. But in spite of all the benefits that come with the technology that we have today, it also became an opportunity for others to commit cybercrimes and became an outlet for the spread of malware.

b. Malware and Malware Removal Forums

Malware is a collective noun for viruses, spyware, trojans and all other malicious software applications and can be viewed as digital terrorism. Malware is not a specific threat but more like a combination of several threats, making it hard to combat it with an anti-virus or anti-spyware application alone. Several types of security programs have to be combined into one integrated package to combat malware effectively. Cybertopcops.com define malware removal forum as:

“Malware removal forums are administered by malware removal experts who work with malware infections everyday. They stay up to date with the latest removal methods and tools available for neutralising known as well as unknown malware threats. These people invest a lot of time, money and energy into effective malware removal methods and the prevention of malware infections. They help ordinary PC users to get rid of stubborn viruses, spyware, trojans, worms and other kinds of malware (or badware), but not only that, they also provide excellent advice on keeping your PC malware free.”¹

¹ Malware Removal Forum. Cyber Top Cops. Retrieved Jan. 21,2009 from <http://www.cybertopcops.com/malware-removal-forums.php>.

c. User Levels and Groups

• Administrators – are people assigned the highest level of control over the entire board. These people can control all facets of board operation which include setting permissions, banning users, creating usergroups or moderators, etc. They also have full moderator capabilities in all the forums. ²

• Moderators – individuals (or groups of individuals) whose job it is to look after the running of the forums from day to day. They have the power to edit or delete posts and lock, unlock, move, delete and split topics in the forum they moderate. Generally moderators are there to prevent people going off-topic or posting abusive or offensive material. ³

• Users – a general term encompassing those which have the lowest privilege of posting to the forum. Unlike administrators and moderators, they can only add and edit their own posts.

• Staff – anyone who has the right to reply in a malware removal forum to fix users’ computer. He may either have Administrator, Moderator or other special functions as appointed by the respective site administrator of the forum. (See more definitions on Glossary of Terms)

² Frequently Asked Questions. Malware Removal. Retrieved Mar. 26, 2009 from <http://www.malwareremoval.com/forum/faq.php?sid=866f3b580f892cdc178fc8d152474c70#f0r0>.

3 Idem.

d. How Does a Malware Removal Forum Work?

Here’s a quick preview of how malware removal forum works: 1) Statement of the Symptoms: The malware removal process starts with the problematic user’s statement of the malware symptoms. He gives a detailed explanation of what happened so as to introduce his problem to the expert. As you can see from Figure 1, on-site advertisements are placed strategically beside posts for better audience reach.

• File:Image1.jpg

Figure 1: Statement of the Sypmtoms ⁴

⁴amm07. kxvo.exe PLEASE HELP [RESOLVED]. Online posting. Mar. 5, 2008. Geeks to Go Malware Removal and Spyware Removal Forum. Retrieved Mar. 25, 2009 from <http://www.geekstogo.com/forum/kxvo-exe-PLEASE-HELP-t189980.html>.

2) Log Posting: After the user introduces his problem, he then posts a log acquired from a software known as HighjackThis. This log is vital in the whole malware removal process because with it, the expert can analyze the problem more thoroughly.

• File:Image2.jpg

Figure 2: Log Posting ⁵

⁵Idem.

3) The Staff’s Reply / Fixes: The malware removal expert then replies to the user’s post. He will first research line by line of the log posted using different resources online. After analyzing the log, he offered a simple step-by-step solution to the problem.

• File:Image3.jpg

Figure 3: Staff’s Reply/Fixes ⁶

⁶ Idem.

4) More Fixes: The technician would give further instructions to the user to remove the malware until he sees in the scans and logs that the computer is clean.

• File:Image4.jpg

Figure 4: More Fixes ⁷

⁷ Idem.

5) Cleanup: When the staff sees that logs are clean from malware, final instructions on cleanup of the tools used and traces of malware will be removed.

• File:Image5.jpg
• File:Image6.jpg

Figure 5: Cleanup ⁸

⁸ amm07. kxvo.exe PLEASE HELP [RESOLVED]. Online posting. Mar. 5, 2008. Geeks to Go Malware Removal and Spyware Removal Forum. Retrieved Mar. 25, 2009 from < http://www.geekstogo.com/forum/kxvo-exe-PLEASE-HELP-t189980.html&st=375 >.

II. Providers of the Technology

There are various malware removal forum sites in the web but they usually operate in this same way: 1. Register an account in their site 2. Then, one can air their concern on the forums. 3. A trained professional will then reply and ask the user to post a HijackThis log file of his computer. 4. From there, the user and the professional will exchange replies until the problem is solved. The malware removal forum sites offer their services for free. But, they are free to accept donations of generous and satisfied users. Because setting up a forum website is very easy, there are a lot of malware removal forum sites available. The following is a list of some malware removal forums, its site address and brief description:

• Spyware Info <http://www.spywareinfoforum.com/> ⁹

Spyware Info is dedicated to giving you the tools and knowledge you need to protect your privacy from the attack of spyware, adware, and corporate and government surveillance. It works by first registering to the site and when you need help with fixing a problem caused by spyware or a browser hijacker, you can post your questions in the support forums. After a day, or a few days the moderators will likely to get back and answer your questions. Rather, you can read old entries and if you can find a similar situation with yours just follow the solution given.

An added feature to this forum site is the chat room. If one needs help right away, a moderator or a contributor might be online and you can address your concerns and be answered right then and there. Spywareinfoforum.com also publishes the Spyware Weekly Newsletter. The Spyware Weekly Newsletter is distributed every week to 15,180 subscribers and still growing via email and can be read online by hundreds of thousands of visitors. The Spyware Weekly is your weekly source of information from the inside of the anti-spyware, pro-privacy movement. Every issue is updated and addresses new breakthroughs or problems and is linked to the vital issues of privacy and protection.

⁹Ford, William. Spyware Info & Removal Tools. WilliamAFord.com.Retrieved Mar. 25, 2009 from <http://www.williamaford.com/Spyware.php>.

The moderator and contributors of Spywareinfoforum.com are what we can consider as experts in the field. They are columnists for other similar sites as well and technological magazines. Some work in companies as software consultants. In other words, we can surely trust the credibility of this site and we applaud this site for continuing to help the battle against malware.

• Tech Support Guys <http://forums.techguy.org/> ¹⁰

Since 1996, Tech Support Guy has been providing free technical support to computer users of all experience levels. A lot of hard work and commitment goes into making any community work well. There are a lot of regulars who answer questions in the forums who don't get the appreciation they deserve. A few of these volunteers are picked out to become Moderators. It also works through registering and making an account that will serve as your user name. Like Spywareinfoforum.com, it also has a newsletter that summarizes the highlighted cases of the week. Tech Support Guy has an added feature where you can send in your questions via mobile phone but it does not have the live chat feature.

• What the Tech <http://www.whatthetech.com/> ¹¹

This site has been created for you, the user, to help with the removal and solution of computer problems. The problems encountered today require skill and experience to remove fully and without damaging the Operating System. This website has been in existence for over four years and many of its staff and members have been in this field for much longer. The focus is to restore the computer back to normal functioning, without the annoyances of viruses, spyware, malware, browser hijackers and so forth. Many of the methods uses freely available applications that are on the internet and which have been used and approved by the What the Tech staff.

Throughout this site, the most current information for safe-guarding the computer is made available for the internet community. The various sections are being updated continuously. As new problems arise, What the Tech strives to offer the most current and most efficient solutions available.

The forums are available to assist with problems. A valid registered user name is required to post to the forums. Some restrictions are in place to protect users coming for help at our forums. See the What the Tech News section of the forum for more detailed information on what these guidelines are and why they are in place. Further, the forums offer an interactive venue where the latest problems, information and commentary are posted by the What the Tech experts and you, the internet community.

They also offer a “Classroom” for those who want to learn how to help out on message boards like this one. Actually, we were the first forum to offer such a classroom. They have trained many people in the analysis and removal of various computer problems, mainly “Internet-related” but that is just one part of it. What the tech.com is dedicated to making technical problems and troubleshooting easier for a normal person to understand and follow.

10About Us. Tech Support Guy. Retrieved Mar. 25, 2009 from <http://www.techguy.org/aboutus.html>.
11What the Tech Management. About. What the Tech. Retrieved Mar. 25, 2009 from <http://www.whatthetech.com/about/>.

== •	Geeks to Go <http://www.geekstogo.com>12 ==

Geeks to Go is a venue to obtain answers from other people who offer their support and expertise on a completely volunteer basis. Its forum section has a lot of sub-forum groups to segregate different topics like Security (where malware removal forum is located), Operating Systems, Hardware, Software, Development, etc. For malware removal forum, only accredited staff members may reply with fixes. But to be a staff member, one must be a graduate of Geek University (GeekU). GeekU is Geeks to Go’s virtual training school to provide in-depth knowledge to malware related topics. Students who graduate are supposed to pay it forward by helping in replying in the forums. Thus the volunteers are renewed. Entrance to GeekU is completely free.

Another feature of Geeks to go is Live Chat wherein members can chat with the staff to air their concerns, in real-time. However, only quick questions and not malware removal fixes will be tackled. This must be posted in the designated forum, instead.

¹²admin. FAQ. Online posting. July 1, 2007. Geeks to Go Malware Removal and Spyware Removal Forum. Retrieved Mar. 25, 2009 from <http://www.geekstogo.com/forum/FAQ-t162632.html>.

• Bleeping Computer <http://www.bleepingcomputer.com>

Bleeping Computer is a site for computer beginners on how to solve computer-related problems. People can discuss anything about computer technology here while increasing their knowledge on the basic operations of the computer. Its forum is also divided into sections—operating systems, hardware, software, internet & networking, security, and other general topics. This way, one can learn, be trained, and solve computer problems that seem to be for the techie-geeks only. Its goal is to educate the people how to deal with the computer in an effective and efficient manner.

Bleeping Computer doesn’t offer live chat with a professional. But Bleeping computer offers tutorials on 120 computer related topics. These topics range from tracking hackers and detecting malwares, to even creating a ZIP file on different operating systems.

• Malware Removal <http://www.malwareremoval.com>

This site was started in 2005 by a professional who previously worked in the Dell Community Forum. He started training himself on other anti-malware sites such as whatthetech.com. With his training at analyzing HijackThis logfiles at Dell, he now started MalwareRemoval.com to further combat malwares.

MalwareRemoval also has a university where you can learn more about malwares and how to solve related problems. The goal is to have more people who are equipped to help others with malware problems. Also, this site offers an IRC chat room where one can interact with a moderator to air his malware related concerns.

III. Users of the Technology

The forums mentioned above are easily accessible to everyone through the internet. A simple registration is necessary to be able to join and post questions on the forums. Also, sites like Geeks to Go, Tech Support Guy and What the Tech does not allow kids under the age of 13 to join their forum and those under the age of 18 needs to secure a permission first to be able to join the forums¹³ . In addition, these sites offer their help only to home and personal users and do not support people working for profit or the IT department of any company. This may be due to the fact that an infected unit from a company needs a more complex solution to solve the problem; and also the staffs of these forums are IT professionals working for a company and thus need to protect their personal interests.

To better show how much these sites reach, here are the statistics from Alexa.com:

• File:Image8.jpg

The 2nd column shows the Weekly Traffic Rank of the respective sites. The lower the number means that it has higher combined measure of page views and users. The 3rd column shows the percentage of global Internet users who visit the site and the 4th column tells how much of these visitors are based from the Philippines. And as can be seen, less than 1% of the users of these sites are from our country. Relying heavily on anti-virus which does not guarantee 100% protection and resorting to computer reformatting whenever their computers get infected, clearly we could use the help of these sites. Thus, recommendations to improve these statistics and spread the use of these forums are mentioned in the following sections.

13BleepingComputer.com Message Board Rules.	BleepingComputer.com. 2008. Retrieved March 26, 2009 from <http://www.bleepingcomputer.com/boardrules.php>.
14 Traffic Rankings. Alexa. Retrieved March 26, 2009 from  <http://www.alexa.com/data/details/traffic_details/spywareinfo.com>.
15 Ibid. Retrieved from <http://www.alexa.com/data/details/traffic_details/techguy.org>.
16 Ibid. Retrieved from <http://www.alexa.com/data/details/traffic_details/whatthetech.com>.
17 Ibid. Retrieved from <http://www.alexa.com/data/details/traffic_details/geekstogo.com>.
18 Ibid. Retrieved from <http://www.alexa.com/data/details/traffic_details/bleepingcomputer.com>.
19 Ibid.Retrieved March 26, 2009 from <http://www.alexa.com/data/details/traffic_details/malwareremoval.com>.

• n/a¹-no data for Philippines

IV. Technology Assessment

a. Internal and External Analysis of the technology (SWOT)

• Strengths

Malware Removal Forum draws its strength specifically from computer users’ need of a practical solution to help them with their malware problem. It prides itself with trained staff and moderators who have exclusive privileges to reply to posts to help those in trouble. Before one obtains such a privilege, they must first undergo training and screening exercises. When a higher ranking authority in the forum sees that the trainee is fit to offer help, that is the only time when they can exercise the said right. This provides security to the users of this technology. They are ensured that nobody can trick the user to prank “fix” posts. Also, this makes it a guarantee that the respondent is an expert in resolving the malware problem. Hence, there is higher chance of disinfecting the computer from malware.

In addition, the founders of this technology use the forum as its platform because this way, the messages are easily archived on discussion boards. After a particular post is resolved, the moderators of the forum wouldn’t delete the post right away. Instead, they would keep it in the section where it is posted and would just label it as “[RESOLVED]”. This way, those users who identified malware infections the same as the one posted and resolved may opt to follow the same instructions given and after which, find his computer healthy again. However, this procedure must be used with caution. Some malware may belong to similar family with similar symptoms yet its program may be structure quite differently the fix is not 100% guaranteed. Also, the fixes posted are tailor–made for the user who requested it. Hence, if after employing the same procedure the fix wouldn’t work, it is advisable to post your own topic in the forum for the staff to recommend the fixes that suits one’s problem.

Also, malware removal forum is result-oriented. When users post their messages, they are requested to present the symptoms of the infection. The staff, then, browses through these topics and will usually reply at posts which they deem more comfortable to them while also taking into consideration the first come first serve basis of replying. With this, specialization gives greater chance that the problem will be solved in less time and more efficiently. Compared to other malware solutions like anti-viruses, the disinfection results of malware removal forums are tailored to the users’ needs. Most antivirus systems would need a comprehensive scan wherein it takes into account all virus possibilities and scan computer files, line by line, program per program. This is so because it comes from the fact that these computer programs do not have the intellect to decide on how to handle things. On the other hand, malware removal forum will already have input from information given by the user. Because the assigned staff knows what part of the system is infected from the symptoms given, he saves time by scanning only the probable areas of infection and not the whole computer. This scan will then generate a log file to inform the staff of what the program found and from there, he will tackle the problem assertively and decisively. Furthermore, all of these anti-malware programs (anti-spyware, anti-virus, etc.) are known to commit errors by giving false alarm detections. False alarm detection happens when the program prompts the user that it has found a malware, yet it actually is not. Files that are prone to be detected falsely as malware are the tweaks we employ to add functionality to the capability of our computer or add-ins like automatic shutdown tool, music player voice remover, etc. Accredited staff members do not just post their fixes. They also do some research line by line for each log that a user posts. This ensures that the fixes that the user will employ is examined carefully and not automatically generated. This gives the edge to malware removal forum against automatic HijackThis log analyzers and similar programs which reads the log for the user and suggests fixes based on their programming instructions. These programs have higher chances of committing error because they use a generalized guide.

Another advantage of this technology is that it is completely free. The site runs on a volunteer basis and it will not charge you for any service or help it rendered. There are no hidden charges and limits to functions or trial period in the malware removal forum. Unlike the free anti-malware programs, most of which will offer users to upgrade to paid version in order to make use of additional functionalities that is limited to free users. However, if users insist that they pay the staff for its excellent service, they may opt to donate through online money transfers. To reiterate the point of no-charge service, this step is not unnecessary for the completion of the disinfection process.

• Weaknesses

A major setback to these forums is that the forum posts can only be read when online. Thus, if the potential user wants to employ this technology to disinfect his computer, he will basically need an Internet connection to do such. Furthermore, Internet connection would not essentially mean ease of access of the technology. It is recommended that he at least have a DSL connection and not only a dial-up. Although forum members are recommended to minimize image size and content to accommodate dial-up users, long lines of text from scan logs and big file sizes of program tools for download to scan and disinfect will necessitate the need of a higher speed connection. Implicitly, if such a user is gravely affected by the digital divide that he cannot afford to pay for a decent Internet connection monthly, he might need to result to other substitutes.

Connected to this are cases such as when the user cannot use his internet because the malware has restricted the computer from doing so. Some notorious malware would disable network adapters, constantly redirect webpages, block sites or even hinder the browsers from access to the web. These would be more complicated to solve since all of the interaction to disinfect the computer happens on the site of these forums. One feasible option to answer this would be to use another computer to access the internet for posting. However, this suggestion wouldn’t be very advisable since it is prone to infect the other computer through the exchange of data. Another option is to switch to another browser. Still, this does not guarantee that it will work since the malware may cover attacks against the alternate browser.

Another concern with this technology is that the interaction of posting – replying takes a long time, on the average. Such is the case because after the user posted the requested logs for evaluation, the staff will scrutinize each of the lines and if he is unfamiliar with it, careful analysis will be made. They don’t just request users to delete or paralyze the file by putting them in another location. These files infected may be very critical such that removing them from the system will stop your computer from working or worst, damage it. Hence, they need a careful analysis of the file before recommending fixes. Furthermore, malware removal forums are volunteer basis so staffs are not bound to reply immediately after each user’s post but they commit to do so as soon as possible. Lastly, there may be lags between posts and its reply may came from the fact that the two interacting sides reside on different time zones in the world and would hence have slight to significant time differences in routine.

• Opportunities

A wide array of opportunity is available for the malware removal forum. At present, it only offers support through forum. This stems from the site administrators’ ideology of the benefit of archiving posts as mentioned in the strengths analysis. However, some may want immediate solution so that they can use their computer just in time for an immediate need. Hence, an opportunity may turn into strength once they open the functions of real time help through interactive chat sessions with online staff. While some forums already have on-site chat capabilities, they currently do not offer malware removal support there as it requires committed staff members who are always available to respond to users’ technical problems. At present, this feature is only available for quick queries by users but nothing malware removal related will be discussed. Staff and moderators will tell users to go post a topic in the forum if it their concern is malware removal.

Currently, most malware removal forum also offers free training to those who would like to join the volunteer staffs who are accredited to reply with fixes. This feature aims to educate computer users with average computer skills with knowledge on fighting malware and increase their workforce of volunteers. This may be a good training experience for IT personnel to keep their knowledge up-to-date with the current malware trends and how to remove them. Also, computer enthusiasts or those who just wanted to further their skills might also prefer to train here for whatever purpose it may serve them. It may perhaps be a good income generating sideline to be able to render service to infected computers from this education. This training is convenient because it allows users to work at their own pace. They may answer the exercises and read tutorials at their most convenient time. The training also does not bind the trainee to render help to the forum after completion. But, the teachers highly recommend that they “pay forward” by doing so and stay informed of the latest malware capabilities as it evolves continuously alongside technology. Furthermore, this training will have a good impact to cybersecurity if ordinary people will avail of this training. This will also be a good way to deter cyber criminals because if more people will have the necessary knowledge to battle malware, fewer computers will be infected.

• Threats

While free service makes malware removal forum attractive, it may become a threat to the technology when the demand for it becomes excessively high and the pool of volunteer staff fails to keep up with it. Implicitly, this will mean longer waiting times and more dissatisfied users.

In addition being not-for-profit driven is connected with this. As the volunteers’ gain is focused on the intangible things like more knowledge, better computer understanding, and other personal preferences, incentives are very limited. Being very tedious in its removing process, the amount of work may discourage staff involvement. Surely, this will affect the reputation and image of the users towards the technology once they become dissatisfied with the service.

For ethical reasons, the forum does not support the use of illegitimate software. Once the scans detect the presence of such, staffs are mandated to ask the user to remove the pirated software first, especially operating systems to continue availing of the free technical supports.

These forums are also not present to replace a company’s IT departments. Doing so would disrupt the industry and would force in big losses to computer specialists, who also compose a big percentage of the volunteers. This policy may also be a good one to limit the amount of demand. Corporate computer facilities will usually have numerous computer systems, which when infected spreads easily through the networked computers. This solution is recommended only for home or personal use only. Most of their “Terms of Use” will instruct staff to turn down help requests from IT personnel of a corporation, computer shops and the like.

Another threat posed by this technology is that the malware creators will have a better insight of how malware is removed. Since most forums are easily available even without an account and it is impossible to distinguish and verify which users are potential hackers, forum posts can be easily accessed. From, there they can gather information about the activities use td to counteract their damaging programs. With this knowledge, they may be able to strengthen the malware they create.

Most fixes are dependent to the tools available to scan and disinfect computer from malware. Hence, the staffs are limited to the extent of the power of these programs. Should malware overpower these tools, the staffs are one step behind curing the infection. When this case happens, those knowledgeable members of the volunteer team usually create the tools themselves to make the solution available. Hence, the site administration must ensure that there is always someone on the team who has enough knowledge to create such software.

b. Alternatives / Substitutes

Even if the technology of malware removal forum is present, many other substitutes to disinfect a computer from malware may be availed. The most used alternative is for users to avail of anti-malware programs. This includes anti-viruses, anti-spyware, and other specialized malware scanners. This alternative is recommended even by the tech experts from the forum. Infection is prevented because these tools scan files as they are accessed. They provide real-time protection such that when files are clicked, opened, saved, ran, or searched the anti-malware program tries to check whether it’s a bad one. If it is, the anti-malware blocks it from further disinfecting the computer. As for firewalls, they screen the programs that try to make use of active Internet connections. With this, the malware is hindered from strengthening itself by downloading other malware. These anti-malware programs range from freeware to costly licensed versions. While freeware programs are available, the malware removal forum gains competitive edge because anti-malware may raise false alarms and detect a file as a virus or malware when it is actually not. The most frequent to be victims are customized programs like auto-shutdown tools, voice remover for mp3’s and the like. It is also interesting to note that data from AV-Comparatives ²⁰ say that the highest virus detection rate is 71% by AVIRA’s AntiVir Premium and Kaspersky Labs’ Kaspersky AV. However, ESET’s ESET NOD32 Antivirus, the only antivirus reviewed with STANDARD+ certification level (the highest possible certification for antivirus), has only 54% detection rate. This is because these programs are highly dependent on the malware definitions given to them by the program creators. Definitions help the software distinguish the bad programs from the good one. If a virus, for example, is not in the list of the bad ones, it will not clean, delete or quarantine the said virus. As time proceeds, malware creators keep their programs flying below the radar of anti-malware programs by creating new generation of malware that is not on the list. Hence, the user must try to update his definitions through the update feature of the anti-malware, if any. Furthermore, malware creators will usually prefer to disarm the computer first by attacking the antivirus before continuing with its attacks. Hence, if the virus, for example, becomes successful at disabling the anti-virus by hindering it to run or update, it might be more difficult for the user to solve his problem. Then comes the need for users to turn to malware removal forum. All staffs are required to resolve the issue by making the users do the necessary steps. This includes having the anti-malware programs such as anti-virus, anti-spyware and firewall. Previously, it was stated that anti-viruses have detection rates lower than 100%. For malware removal forums, the tendency to correctly identify the virus is around 80-90% and may even be close to 100% if the feedback from the user is very informative enough to make the tech expert aware of the problem. This is so because the staffs screen the logs line-by-line. They never use programs that automate the analysis of logs because this is very prone to false detections or have lower detection rates. They can also tell the users whether the removal of a file or program is necessary or optional depending on the degree of risk it entails.

²⁰Retrospective / ProActive – Test. AV-Comparatives. November 2008. Retrieved Jan. 21, 2009 from <http://www.av-comparatives.org/seiten/ergebnisse_2008_11.php>

Next alternative is the use of the online scanners. If anti-malware programs was disarmed by the malware, online scanners may work with better success as its functions basically is controlled by the web browser. However, almost the same pitfall with anti-malware happens with this. They are definition-based and hence would limit and lower detection rates. Furthermore, since they are online, they cannot provide real-time protection. Lastly, not all of them have the capacity to remove the virus. Most of it would only offer scanning and would just present to you what it sees with a log file but not disinfect your computer. But, online scanners must not be scrapped right away. Some staff would recommend scans online because they work even without interfering with existing anti-malware programs. Hence, even if you have an anti-virus program, you may still use online anti-virus scanners. These defeats the hindrance that no two anti-viruses or anti-spyware programs of different manufacturers must be installed because they interfere with each other and may not protect one’s system at all. Since there is no single anti-malware program that can detect all virus, staffs recommend online scan for second opinion on the status of the system.

Also, we have automated log analyzers which analyzes HijackThis log automatically. This option requires a copy of the log generated and will tell the user which ones to remove. However, this procedure leads to very weak detection rate and may leave traces of the malware which may lead to recurrence.

Another substitute to disinfecting the computer is to bring it to the nearest PC repair center. They may be able to remove the virus like how malware staffs do but they will not do this for free. In the Philippine setting, they may charge from PhP400 or even higher depending on the amount of work to do. Furthermore, most technicians in the Philippines would rather recommend reformatting the hard disk which will completely remove the malware including everything stored in the hard disk. This is because reformatting is one of the most guaranteed way to remove a malware and will save time compared to troubleshooting and analyzing processes. Hence, those who prefer to retain important files may be charged more that the regular price.

c. Feasibility and Justification of Application

From the evaluation given above, it is clear that malware removal forum has a practical advantage for home users of the computer by the following reasons:

- It is free because volunteers run it.

- Trained professionals work with users to help resolve conflict.

- The system of information exchange is secured by giving reply rights only to accredited staff and there is a moderator who regulates the posts.

- It has higher detection rates because interaction among the users and staff on the symptoms and effects of the malware is known.

- It helps users who would not want to reformat their computer to retain their file.

- It works well with existing alternatives and the results are guaranteed.

d. Suggested Application of the Technology in the Philippine Setting

The researcher thus recommends that the technology be more widely introduced to the Philippine setting, especially to home users of the computer. Even if the technology is readily available, not much number is aware of the site technology and its capabilities. Hence, less audience is reached. An increase in the demand for it may increase the revenues from on-site advertisements because of increased web traffic. This is feasible to be applied in the Philippine setting because as previously mentioned, most computer technicians charge expensive fees to customers and would more often than not that they would just reformat the hard disk. With the use of this technology, important data is retained. Because Philippines is still a developing country, the demand for computer repair is very price elastic and hence would prefer free services. This introduction can be done through marketing strategies such as advertising on common Filipino social networking sites such as Multiply, Friendster, Blogger, Plurk, etc. This reaches the target market of computer users who have ready access to the internet.

Furthermore, this introduction will also open its gates to more Filipino volunteers who would like to be trained and eventually become staff. When this happens, the forums become more efficient as Filipino staff will reply quickly to Filipino users being in the same time zone. This is a progress to the present situation that most volunteers are foreigners and they come from different time zones which creates a lag in replies. In addition, when the site has established enough reputation and is gaining enough revenues from on-site advertisements, it may consider giving incentives or salaries to its staff based on the number of replies to post or by the number of resolved issues, whichever is more practical.

Lastly, site administrator or entrepreneurs may opt to change the business model of this site. The revenue from advertisements shown will be replaced by offering the service at a not-so-expensive price but with faster and guaranteed replies.

V. Conclusion

Because less than 1% of the users of the malware removal forum are Filipino, the researchers would like to conclude that there is a need for administrators to market this site to developing countries like the Philippines that would prefer these free services to increase site traffic and revenues from on-site advertisements. Also, the researchers would like to note that malware removal forum has its advantages and disadvantages like any other technology. Thus, users must evaluate whether the comparative advantage offered by the technology is more practical and more beneficial against its alternatives.

In addition, with the growing amount of infection faced by computer users, the free education of average users may be a good way to deter malware creators because they become more well-informed users who can take necessary precautions to avoid infection. Lastly, the incentive of profits will improve efficiency of the forum to rendering service to users. Thus, sharing extra revenues to volunteer workers may be a good way to encourage participation.

Glossary of Terms

• Anti-malware - are programs that provide protection from malware. It scans, disinfects and blocks malware programs. Typical examples are anti-viruses, anti-spyware, firewall, scanners, etc.

• Fixes – are replies of malware removal forum staff on what the user must follow to be able to disinfect one’s computer

• Hijackthis – is a program used to generate general logs about the computer. It is the primary tool used by experts to primarily diagnose the computer.

• Log – is a report generated by scanners to provide information on the computer’s system, its contents and its processes.

• Malware – is the coinage of the terms ‘malicious’& ‘software’. It refers to programs that were created to cause harm to computers. It is a general term to encompass all infections like computer virus, worms, trojan horses, spyware, adware, and other malicious and unwanted software.

• Malware removal forum – is a technology of an online site that provides venues for interaction where trained professionals respond to computer users on how they can disinfect their computer from malware

• Staff – one who has the right to reply in a malware removal forum to fix users’ computer

• User – one who needs help in disinfecting malware from his computer and requests help from staff of the malware removal forum