It can be quite frustrating if your device is completely clean yet keeps getting malware. If this keeps happening repeatedly, it may indicate a severe security threat to your device. In such a situation, you need to act quickly to identify the threat and determine its cause, so you can protect your data and keep your device safe.

Check for backdoors in the device

If your device keeps getting malware again and again, it may be because of a backdoor. A backdoor can include any technique or method that allows another person to access and manipulate your device without authorization. Backdoors provide an access point by which hackers can access your device even after you remove security threats and then install malware again.

Because of this, backdoors like RAT or Trojan, are among the most serious threats that can harm your device. If your device gets hacked, you may notice certain signs, such as overheating, weird pop-ups, frequent app crashes, etc. If you notice these signs even after removing malware, it may indicate a backdoor, and you can remove it in the following ways:

  • Scan your device properly: You should install an antivirus program that has malware scanning capability, such as Kaspersky and Malwarebytes. Such tools can identify and eliminate threats, helping keep your device safe. If you're using Windows, then Windows Defender is an option worth considering if you don't wish to use third-party programs.
  • Get a specialized rootkit-detecting program: Malwarebytes Anti-Rootkit is a helpful tool that can help you identify and get rid of rootkits from your Windows device. If you're using Linux, you can use chkrootkit for the same purpose.
  • Check startup and registry entries: Malware can easily hide in startup processes but you can use utilities like Autoruns or Windows Task Manager to find and remove them.
  • Take a look at system logs: Regularly check your system logs for abnormal activities, such as login attempts you don't remember. On Windows, you can use tools like the Event Viewer to check for such activities.

To prevent threats from backdoors, you need to scan, monitor, and analyze your device regularly. However, you will have to get professional help to remove the backdoor permanently from your device.

Use external devices with caution

One of the most common ways by which malware spreads across different computers, tablets, and smartphones is through external devices. When you connect an SSD, SD card, USB flash drive, or an external disk to an infected machine and then reconnect it with a different machine, the second machine will also get infected with the malware. That is why you need to be extremely careful when sharing machines and devices with others.

Several USB hacking tools like OMG Cable and Rubber Ducky along with keyloggers are available on the market, which can make your USB devices easy to hack. So, you should check the source of any external device before connecting to it. If your device has already been affected and you've cleaned it, you can prevent it from getting infected again by:

  • Turning off Autoplay and Autorun: Features like Autorun and Autoplay automatically allow malware to run on your system as soon as you plug in an external device. So, you should first turn off Autoplay and Autorun for all connected devices.
  • Enable Write Protection: Write protection is a feature that prevents any connected device from making changes to your system. Turning it on will ensure that any malware present on the connected device will not be able to activate on its own on your device.
  • Separate work and personal devices: One of the best ways to protect your devices like USB drives is to avoid using them everywhere. Restrict your work devices to work environments and avoid using them on your home computers. This will reduce the chances for malware to travel and spread to different environments. You can also keep a separate external storage device for personal uses to reduce the chances of cross-contamination.
  • Get cloud storage: An alternative to physical storage devices is cloud storage, which also offers other benefits, like letting you share your files with friends, family, and colleagues easily. You can simply download the files you need when you need them, saving storage space on your machine. Just make sure to scan the files after downloading them for extra protection.

Adopt safe browsing habits

By adopting safe browsing habits, you can avoid putting your device at risk from phishing scams, malicious websites, and other threats. For starters, it is always better to rely on a modern browser like Mozilla Firefox and Google Chrome, which have built-in safety features like pop-up blockers that can protect your browser and your machine. Additionally, they are frequently updated with patches that block vulnerabilities, preventing malware from accessing your system.

Besides this, you should be cautious when clicking on download and other links. Make sure to check the link destination and avoid clicking on it if it seems unfamiliar or odd. If you need to download applications or files from the internet, do so from trusted and reputable sources, such as their official websites and app stores. Lastly, when visiting websites, check whether they are secure, which you can do by looking at the http part in the URL. Secure websites always use https:// to encrypt user data for better protection, and modern websites show a warning when visiting unencrypted websites.

Avoid granting admin privileges

In many cases, malware requires admin privileges before it can perform any harmful activities. By restricting the admin privileges, you can reduce the harm that malware can do. You should also take the time to understand the PoLP (Principle of Least Privilege), which refers to the concept of limiting the access of users to programs they need to perform their tasks. This can help you limit or eliminate the damage malware can do if your device keeps getting infected repeatedly. Here is how you can implement PoLP on your device.

  • Set up regular accounts: You should set up regular accounts for everyday activities and avoid using the admin account on your machine for such routine tasks. Access the admin account only when you need to perform some security-related action.
  • Review user permissions: On shared devices, such as NAS or a family computer, you should regularly review the permissions granted to different accounts. Restrict user accounts, remove the ones that nobody is using, and set passwords for all accounts for better protection.
  • Restrict other users from installing programs: On shared machines, restrict software installation to your admin account. This will prevent others from being able to install programs that can open up your system to various threats.
  • Educate others: Protection is only effective if everybody is aware of and follows the safety rules that can keep your device safe from hackers and malware. Educate others about why they should not share network passwords and avoid downloading software from unreliable sources.

Install the latest updates

Whether you are using Android, Windows, or some other device, it is vital to keep your system and applications updated. Outdated versions of both may have vulnerabilities that can expose your device to various threats. Updates often include security patches that fix these problems and protect your device from such threats. If you are concerned about updates not being supported on your hardware, you should first create a backup of the system before updating. Additionally, make sure to get the updates from the official sources and avoid side-loading them, as the updates may have been tampered with in the latter case.

Reformat your device

If you cannot clean your device and get rid of malware using any of the methods shared here, you may have to reformat it completely. Keep in mind that you should only use it as a last resort since it will remove all your apps, settings, and customizations. However, it will also get rid of any malware that still remains on the machine. You may also have to reformat other devices you connected to it, since they may have become infected as well.

Things to know

  • When downloading third-party malware removal tools, make sure to check and verify their authenticity. Many times malware is disguised as such a tool, tricking you into installing it on your machine.
  • Always use a VPN when visiting websites over the Tor network as an additional safety and privacy measure. This can not only help you hide your actual IP address but also prevent malicious websites from accessing other information regarding your device.
  • Utilities like System Restore on Windows and Timeshift on Linux let you revert your system to an earlier state. In some cases, these can come in handy when you want to get rid of apps that have installed themselves on your machine without your knowledge, granting malware access to it.
  • It is a good idea to keep a backup of your system on a separate disk or cloud storage solution. This will help you restore everything quickly in case you need to reformat your device.