This is a rant from 2021-07-16 that will develop into a more polished and thorough blog post and/or series of blog posts.
when it comes to malware, prevention is the best. once you are infected with malware, you don't know how sophisticated the attacker is, and if they are sophisticated, then you almost certainly have a backdoor or a means of persistence (surviving reboots, surviving attempts at removal, etc). if you want to get rid of it, i really don't know where i'd start other than a reputable antivirus software.
have windows defender do a full scan. it can do some amount of detection and removal. i don't know how well (if at all) it handles rootkits. malware with sophistication hides itself from tools, modifying the operating system so that attempts to detect it are difficult or impossible. once you've run a full scan with windows defender, you want to turn your computer off and boot from external media like a flash drive, probably using a linux-based operating system, and then you can scan the drives with that.
with regards to prevention, there are a lot of things i do on a regular basis to prevent getting malware. you want to harden your machine, which means making it less susceptible to attack, and the means is usually just to reduce your attack surface. user-friendly operating systems like windows and macOS try so hard to be user-friendly that they basically have their genitals hanging out in the wind asking to get attacked. they work under the assumption that their software is secure, but there's always new zero days or other previously unknown vulnerabilities, as bugs are written faster than they can be found and squashed. such is the state of the software industry, and we trust much of our lives to software and operating system producers.
in all your email clients (web-based or native), set it to not download/load/display external content. even if not for malware, there's still tracking beacons in the form of single-pixel images that simply make your computer call out to all the peeping toms and say "I'm here! I'm here! come track me!" (by this, i mean advertising companies, whether they be giants like facebook or google, or even more vicious advertising groups).
go through all your operating system settings and turn off "let my device be discovered on the network". turn off bluetooth, wifi, and other wireless technologies. again, having wireless technologies turned on is like having your genitals dangling in the wind, asking to get prodded by anyone who knows how to put kali linux on a flash drive (hint: it's not difficult). i only use wireless technologies on a regular basis on my phone. otherwise, i'm wired for everything else, including my headphones.
macOS has a feature called "power nap", where even when it's asleep it will occasionally turn on briefly to check emails, text messages, etc… turn it off.
on your home router, go through your settings and turn off uPNP, universal plug-n-play. having that on is one of the absolute best ways to get hacked. i know it's tempting to open things up for gaming or so you can reach your NAS from anywhere in the world. don't do it. if you want to connect to your home network from anywhere in the world, use a VPN. there are a VPN router hardwares you can get to achieve this.
i personally would also use ipv4 with NAT, and turn off ipv6. your refrigerator and your alexa don't need their own public IP addresses on the open internet. NAT effectively works like a firewall, not allowing any unexpected traffic in. you're most likely already using NAT. when you access stuff on the internet from your computer, your router opens up a tunnel back in from whoever you're talking to so the communications can get back in to you. otherwise, unsolicited traffic is dropped at the router and never makes it inside your network (unless you have uPNP on or port forwarding enabled on some ports).
in your browsers, install ublock origin. it blocks ads, and a lot of ads are called "malvertising" because attackers can often inject a malicious payload into ads and get them downloaded by users. so, as much as someone might want to "support websites by keeping ads enabled".. you're also letting in attackers 👍️
downloading files.. this one is a little complicated.. but it's still very important to understand if you ever plan on downloading things (most people do). only download things from sources you trust. AND, only download those things from sites that have HTTPS! (S is short for "secure", and HTTPS is "Hypertext Transfer Protocol Secure".) if you visit a website and your browser says "hey, this page isn't safe!" and then you go ahead anyways, and then you proceed to download files, you're asking to get hacked. because someone can MitM ("man in the middle"), modify the downloaded file in-route to your computer, and inject malicious stuff in there to take over your computer.
OKAY, so there is an exception. there are such things as "mirrors", and many of them don't use HTTPS. AS LONG AS YOU DO SOME VERIFICATION, this MAY be safe. see, the original source will [should] give you a hash. hashes are one-way functions that take data of arbitrary length and return a fixed-length string of characters, such as a9b07e070fa2a28976a7d460abb300d1. whenever you download a file from an http source (and preferably also from an https source), you MUST check the file hash! and make sure the hash they provide isn't md5 or sha1, because those have been cracked. attackers can inject malware and still make calculated modifications to the payload get the hash to match. with stronger hashing algorithms like sha256, sha512, there currently aren't any publicly known ways to crack them.
if you get a link from a mirror and aren't given a hash, assume it's malicious. seriously.
and even if you are given a hash, if you don't trust the source, still don't download it.
ahh, checking links before you click. because one click is all it takes to get attacked. and it's not like clicking the link will cause you to obviously and immediately get compromised. it's not like you click the link, a webpage loads, and it says "haha! i got you!" or your screen goes dark or something. if attackers have any level of sophistication, they will hide as best they can. and they will use your machine to send send emails, launch DDoS attacks, and possibly to try to infect other machines on your local network (i.e. your computers on your home network aren't even safe from each other! don't leave important data/files on an unauthenticated file server!!)
you can almost always hover over a link (in email clients, web browsers, etc) and see where they go. if you can't, then you should scream expletives as loudly as you can directed at the vendor of the software, and then never use the software again, and also never trust the company, and then publicly defame the company whenever you get a chance.
the most important part of a url is the domain name. unfortunately, lately many companies have sold their souls to advertising companies and bypassed important security guarantees of the internet, and they've basically allowed themselves to be taken over so they can continue to track their users (well, now the site A that decided to do that, with advertising company B, and now B has their hands in A's pants or wallet or wherever they want to put their hands).
okay, back to urls and domain names. in https://www.google.com/q?=something+interesting, the domain is google.com and the subdomain is www.google.com. i personally own two domains. it's about $16 a year. and there are attackers who buy look-alike domains like paypai instead of paypal, called "domain squatting", in the hopes that they can trick you into clicking links to their site and drop your credentials to them, or simply download a tasty malicious payload to your beloved machines. so be very careful when checking links to make sure that the base domain (google.com in this example) is exactly who you think it is. READ VERY CAREFULLY!
in addition to that, don't click a link that says https://evilhacker.com/innocent_webpage.html.
AND, even if the displayed url with blue and underlined LOOKS like a full url, STILL HOVER OVER IT AND READ THE URL!! DON'T LET THEM TRICK YOU!! it's so unimaginably easy to make the actual url look nearly the same while still being a malicious website, while the displayed url is actually a friendly website.