Posts Tagged ‘antispyware’

Clean up your infected PC 2 of 3


This is the 2nd part of the series, the Part One can be found here.

In the first part of the article, I tried to describe the types of infections you can get, what problems and limitations you’ll experience, as well as preliminary techniques to try to keep you computer clean. But at this point, you are probably already infected. Let’s deal with that part now.

First, we need to see if we can do a preliminary cleanup. SuperAntiSpyware (SAS) and MalwareBytes (MWB) are both good candidates for the first pass. The advantage for SAS is that it is faster than MWB. The advantage for MWB is that you can install it in Safe Mode if necessary. Both will want to update their internal databases, so reboot your computer into “Safe Mode with Network Support” after installing them. You do this by tapping the F5 or F8 keys after you see the BIOS startup screen or logo.

When you run the cleaner the first time, it will want to go online to get the latest definitions. If possible, I strongly recommend this. When it completes the update, you can then begin. I suggest you do the Complete Scan or Full Scan first. SAS will actually show you what it has found as it finds it. MWB will only show the number of things it found until it finishes and then you can view a detailed log of the results. After the scan and fix is complete, you’ll usually be requested to reboot the computer. Please do so. When rebooting, I suggest you keep coming back to “Safe Mode with Network Support” and running the cleaner until it doesn’t find anything else (except for cookies, perhaps). Some of you may have more than one user on the computer. If this is so, you really need to log into each user, one by one, and run the cleanup program in Complete or Full Scan mode in order to check everything. Once these steps are completed and the results come back with just cookies or less, you can reboot into normal mode.

At this point, you’ll need an Antivirus program. There are many good ones out there, but no matter which one you use, you need to make sure it has its latest updates downloaded. Because they are free, you have two good choices.

You can use AVG, (currently at version 8, available at http://free.avg.com/.

The other alternative is Avast! (currently at version 4.8 and available from http://www.avast.com/, click on FREE SOFTWARE).

Like the SAS and MWB programs mentioned above, after you install an AV product, please get all available updates before scanning. Of course, if you already have an AV program installed (such as Norton, McAfee, PC-Cillin, please use it. Just make sure you have it get any virus definition updates and program updates first. As the AV scanner is doing its job, it may find further infections. If you are given a choice of deleting or quarantining the infected item, you should normally choose quarantine. That way you’ll have the best chance to avoid losing any of your data files. Be aware some sometimes you’ll need to run your AV a second (or third) time in order to make sure that all infections have been cleaned up. Once you’ve gotten the preliminary Anti-Spyware and Anti-Virus scans complete, you can now go in and try to clean out the rest of things.

The HiJack-This utility is good at this point because it can point out bad startup items that have had their files removed, but that have entries in Startup locations still in place. When you run HiJack-This, have it do a scan. Work your way down the list looking for any items that have “(file missing)” on the end of the line and put checkmarks at the start of those lines. Then, at the bottom left, you can click on FIX to remove those orphaned entries. Scan again when it has finished. You will see many entries prefaced by O4. Windows runs these automatic startup entries when it boots up. I’m not going to go into a long discussion on what each of the other entries in this list means because there are many websites that will help you interpret your HiJack-This log file. CastleCops.com and BleepingComputer.com come to mind as good sources. If there are any bad things you recognize in this list and if you know what you’re doing, you can checkmark and FIX them. Hijack this will make a backup so that it can restore them if needed. Because HiJack-This puts all the control in your hands, you have to be extra careful about what you remove from your computer. It lists bad as well as good things on your computer and it puts the responsibility to determine which is which in your hands. Please exercise caution when removing entries.
lion
The work that has been done so far is the lion’s share of the brute force work. Most (all?) of the malware should be gone. However, all Anti-Spyware and Anti-Virus programs are not equal and there is no one single program that will prevent, find, or fix all possible infections. So you are now in a position of needing a second or third opinion that your computer is truly cleaned up. Yes, you could install another one or two Anti-Virus or Anti-Spyware programs and run them, but perhaps an easier solution is to use some of the online scanners out there. That way, you can just visit their websites and they will scan your entire computer for you in an attempt to give you a clean bill of health.

In the final part of the article, I’ll talk about the tidying up and finalizing of the cleanup procedure.

Clean up your infected PC 1 of 3

Virus Cleanup

Working on computers as much as I do and seeing how commonly they can be infected, I can really relate with other people’s concern about keeping their computer infection-free. Therefore, it’s important to keep a clean machine. Having good protection software on it, and more importantly, practicing good online habits can go a long way towards keeping your PC healthy. Sadly, many of you will be reading this after you’ve been infected. So, let’s see if I can provide you with some techniques to resolve the infection and get back to a clean state.

To start this series, I want to say that some of you will have such a badly infected computer that these techniques may not work for you. If Windows won’t even boot up, not even in Safe Mode, then you’re probably done at that point and your only hope is a repair shop or an extremely competent computer friend. In other cases, some infections have side effects that inhibit what we want to clean and how we use our computers.

For example, it’s common for some Spyware and Viruses to disable the RUN command or the TASK MANAGER. They can block some or all of the Display Properties functions so that you can’t change your desktop wallpaper. They can even change the way the clock in the lower right looks or the System Properties window appears, usually indicating that you are infected. In some extremely difficult cases, it can block most applications (.EXE files) from running. Another tactic is to hide your DVD/CD-ROM’s from Windows or by disallowing programs to run from them. In many cases, even if you remove the malware that caused the situation, these side effects still linger and affect your continued use of your computer.

Lastly, some infections pretend to be protection programs that claim to be able to find and remove infections if you pay them $$ to download their software. This is a case of different levels of malware working together against you. To start, you get the minor infection first that gives you these warnings of the bad software it has found. Then, if you follow its procedure, it will want you to pay for, and then download, the main application that actually opens the door to other malware out there. Of course, it will tell you about all the (imaginary) things it has found and removed in order to protect you, but it never actually cleans your computer of anything.

A well-protected computer relies on a four-part protection plan. First, you should have good Anti-Virus software that you update regularly. Second, you need Anti-Spyware software that you will update regularly and use to scan your computer at common intervals. Third, a good Firewall on your computer. Make sure you get updates for it when they become available. Granted, Windows comes with a firewall if you have XP or Vista, but the level of control leaves a bit to be desired. Fourth, you need to practice safe computing habits. Oh, and did I mention that you want to update these programs regularly? The first three are relatively easy to accomplish. The forth is just a matter of learned habits and practice and is probably going to need to be it’s own article separate from this series.

Here are some good default settings you should consider. If you use Internet Explorer, go to the Control Panel and bring up the Internet Options icon. Then, go to the Security tab. One by one, click on each of the four zones you see and then click on Default Level. If you have a button that says ‘Reset all zones to default level’, click that instead. Next, go to the Privacy tab and click on the Advanced button. A window will pop up. Put a checkmark in the ‘Override automatic cookie handling’ and then set First-party Cookies to ‘Accept’ and set Third-party Cookes to ‘Block’. Now click on the OK button. Lastly, to help optimize Internet Explorer, go to the Advanced tab and scroll to the very bottom. Look for the line that says ‘Empty Temporary Internet Files folder when browser is closed’ and put a checkmark in front of it. Now you can click on OK and you’re done here.

If you have FireFox, a very helpful plugin is called NoScript. It normally blocks any web page scripts by default and you can then grant only the sites you approve of permission to run. You can get it here.

For more protection, you might want to try using software that will lock things into a virtual sandbox with the intention of preventing any malware you download from affecting the rest of the computer. Currently, the most popular app is called SandBoxIE. It is very well thought of and it’s free, too.

Good Scanning tools: SuperAntiSpyware, MalWareBytes, Spybot, AVG, HiJackThis, CoolWebSearch, online scanners such as Trend-Micro or Panda Soft

Good Copying tools: Unstoppable Copy, TeraCopy, Norton Ghost, Acronis True Image

By the way, if you are a dial-up user you might fall into the habit of putting off getting needed Windows and program updates. Getting those updates can be critical to avoiding bigger infection problems down the road. And disappointing as it is, you have to realize that whenever you go online, you’re going to bring back at least a little bad stuff back with you. Think of it as washing your car at common intervals to keep the gunk from building up on it.

Realizing that and keeping up-to-date on your protection software will go a long way towards keeping your computer in good shape. In the next part of the series, I’ll walk you through the main steps to clean up your PC.

Part 2 can be found here

Pop-up Spyware issues and How to Repair

Security Breach

I have been finding more and more machines are getting a pop-up that states “You are infected with ?????? viruses and ?????? spyware. Click here to download our program to remove this.” or some such wording of that nature. Whatever you do, DO NOT do this. It is a fake. It is in my opinion that this is more a form of aggressive advertising than anything malicious, however it is still an invasion of your system and as such falls under the heading of Virus.

I have seen it get past all the major Antivirus programs: Symantec’s Norton, McAfee, AVG, Avast, Trend Micro, etc… However, they do on occasion pick it up after it is on the system, if they are not disabled by it first. Some spyware programs pick it up and remove it, but again not very often.

The best way to prevent it’s intrusion is to hard shutdown the machine as soon as the pop-up happens. You will want to close any programs you have open first, but do not touch the pop-up. To hard shutdown, press and hold the power switch for approx. 15 seconds until the system shuts off. Yes, you’ve been told not to do this, and yes, it will leave temp files behind, but it is better than having your system infected. After it shuts off, you can then reboot the machine and keep your fingers crossed that the pop-up does not come back. Run your antivirus program and any antispyware programs to see if they detect anything.

If you are unlucky enough that the system is truly infected with it, then removal can become very sticky. The best I’ve been able to find to remove it is “Malware Bytes”, which you’ll need to run from safe mode. While in safe mode you should also run “Hijackthis” and remove any reference to AV360, Antivirus 2008, etc… You might also need to go into “My Computer”, “C Drive” and into “My Programs” to remove any directories that the trojan may have created. After all that is done, you’ll want to reboot into normal mode and run “Malware Bytes” again. Unless the system is too far gone, this should do the trick. If it doesn’t you may end up having to format and reload everything, but let’s hope it doesn’t come to that.

If you care to add any other suggestions or experiences, I’d be happy to hear them.

Powered by WordPress | New Best Free WordPress Themes | Thanks to New WordPress Themes, Best MLM and Free WP Themes