Patrick Marshall answers your personal technology questions each week. Here he covers malware, cleaning and rootkit.

Share story

Q: What actions would you suggest when you believe your contact address book has been hacked to send bogus messages to those listed?

— Gerry Wooldridge, Renton

A: If you’ve been hacked — or more likely, if you have inadvertently been infected with malware — and the contents of your address book has been taken, there’s not much you can do other than to firm up your security. That means several things. Of course, you’ll want to make sure you’ve got good anti-virus and anti-malware programs installed. Even more important, though, is to follow sensible practices online.

First, don’t click on links in emails unless you’re certain the sender is legitimate. And I have to say, there are a lot of more sophisticated phishing scams out there now trying to get users to click. Email scammers have gone way beyond the widow from Nigeria trying to move money from her dead husband to America. Many of the recent scams say something to the effect that “we’re having trouble getting your Amazon shipment to you.” Rather than clicking on links, log into your Amazon account and see if there are any problems.

Next, be wary of what websites you visit. Just opening a website with certain types of malware on it can cause malware to be downloaded to your computer.

Q: I have a shared Bluehost account where I have my own website and I maintain a few websites there under subdomains for people at no charge. They are all WordPress sites except for one old Dreamweaver site. My account was recently shut down by Bluehost due to malware infection and now I am trying to figure out the best and most reasonably priced way to clean the account. I’m also willing to do it myself if I can find the right software with good instructions. I searched your articles on The Seattle Times website but did not find anything that pertains to this. Do you have any recommendations that could help me with this process?

Related Tech Q&As

Read more from Patrick Marshall here >>

— Julie Newcombe

A: As usual, the “best” options aren’t necessarily the most reasonably priced. But like you, unless I’m really under the gun, I’d try doing it myself with, hopefully, a free scanner. I haven’t reviewed any of the website cleaning tools, so I can’t recommend a specific one. But I’ve done some looking around and one name that keeps popping up is Quttera. They offer both free and subscription scanning tools at https://quttera.com/. If that doesn’t do the job, you may want to use Bluehost’s Site Doctor service. Yes, it costs $249.99, but they’d be obliged to get your sites back up and running.

Q: I am using a Dell Envison PC that I purchased in 2014. I am running Windows 7 with all updates. Recently, my PC has been infected several times each day with a persistent virus: bgsync_backup.js. At best, this bug greatly slows my PC. I can key in text at the extremely slow rate of one letter in 3-5 seconds. At worst, I can make no entries. This renders my PC effectively useless.

— Jerry Lundry

A: I haven’t been able to find any documentation of bgsync_backup.js being a virus. That said, if you have an anti-virus program identifying it as such and (apparently) successfully removing it, but the problem soon returns, I’d suspect that you’ve been infected with a rootkit. A rootkit is malware that hides in the computer’s boot software and re-establishes itself each time you boot the computer. An anti-virus program may be able to remove it from memory, but it returns when you reboot the computer.

Unless there’s a specific program to remove that rootkit — and I haven’t been able to find one in this case — the only way to remove it is to reformat the boot drive and reinstall your applications.