Anti-Spyware Programs Clean but Don't Disinfect

The Houston Chronicle ^ | October 31, 2004 | Matthew Fordahl [Associated Press]

[quidnunc]

Salinas, Calif. — Though less than a year old, the PC took more than åfive minutes to start up and never shut down without stalling on error messages. Attempts to Web surf generated at least a half-dozen pop-up ads and — frequently — system freezes.

Internet Explorer's home page was hijacked. Attempts to reach some sites, including eBay — were redirected to random search engines that only called up more ads. Google search results were altered. And the modem, without permission, tried to dial distant lands in search of porn.

Welcome to the nasty world of a PC infected with adware, spyware, dialers and their ilk, all of it installed without the knowledge of its owner — my brother-in-law.

No sooner had he spent nearly $1,000 for the Dell Dimension 4600C than he lost control of it to advertisers and porn peddlers.

My brother-in-law, bless him, had committed the computing equivalent of running with sharp objects: Installing free software willy-nilly, clicking carelessly on misleading ads or spam and letting relatives (not this one) have free reign during visits.

But my job was not to judge. It was, rather, to make the violated system hum again. I agreed have a go at degunking it provided I could write about the experience. He agreed.

-snip-

[VRWCRick]

I am running Linux here with the Mozilla browser and have not (so far) had problems with viruses or spyware. Much of the so-called "free" Windows software on the net contains spyware, including Google toolbar! There are so many sharks on the net waiting to feed on the ignorant. Best bet is to keep the Windoze box off the net and use Linux or Mac to read the mail and surf the net.

[Brad’s Gramma]

BTTT with hugs and thanks. :)

[Drammach]

Minimum requirements for going on-line these days.. Load and install the following..

Outpost Firewall.. ( you will have to indicate to this program what applications (programs) you "trust" to go online or send / recieve on line.. )
Alternative: Activate Microsoft Firewall.. ( not as effective as 3rd party firewalls in my personal opinion )

Spyware Guard: Run before going online....Runs full-time.. ( certain amount of set-up involved.. preferences, etc.. )

Win Patrol 7 : Latest Version.. Add to start up programs. Runs full time..( You will have to make settings and preferences known.. It will ask you if certain software is OK to run or not.. )

Ad-Aware SE.. latest version.. ( Run at end of online sessions.. )
Spybot Search & Destroy... ( Run at end of online sessions.. )
Spyware Blaster.. ( Run BEFORE going online.. It protects your system while you are browsing.. )
CW_Shredder.. This searches for and destroys "cool web" spyware.. there are literally thousands of variations on this spyware, thus it's own specialty program..
( note: the present program is the LAST FREE VERSION.. from what I understand, the author has sold the rights to a commercial vendor.. )

Get AVG anti-virus.. the FREE version outperforms Norton and MacAfee, but even it doesn't "clean" everything..

Do not use Internet Explorer..
If you MUST, turn off Java, JavaScript, ActiveX, etc.. Set ALL such "extras" to PROMPT, or OFF.. Remember to do so in Security Settings as well as the "Advanced" Internet settings.

Get Mozilla, ( Browser and e-mail client combined )
Or Mozilla FIREFOX.. (recommended.)
And for E-Mail, Mozilla THUNDERBIRD.. Firefox does not have an integrated email program, it is a stand-alone browser..
There are other browsers, like OPERA that some recommend.. It's up to you..
Likewise, there are other e-mail clients, like EUDORA available..

All E-Mail clients should be set to indicate whether attachments are included, but should NEVER automatically open Attachments..
Be sure to set your e-mail client to "filter" JUNK MAIL.. Some programs have a "learning mode" that will recognize Junk Mail once it has been "tagged" as such.. You can also set the program to automatically delete such Junk..

Set up a "DOWNLOADS" Folder..
NEVER Download anything without knowing EXACTLY where it is going to end up on your computer..
NEVER download anything that is "self executing"..
ALWAYS SCAN EVERYTHING FOR VIRUS AS SOON AS YOU ARE FINISHED DOWNLOADING..
EVERYTHING.. EVERYTHING..

Last but not least...
ALWAYS assume that everyone you know with a computer and your e-mail address .....
IS RUNNING AN INFECTED COMPUTER..

Be paranoid.. Be very paranoid..

And have a nice day..

I'm not joking or being sarcastic here.. I mean every word of this.. Trust No One.. Their e-mail is probably infected.. their computer is probably infected..

[kingu]

Using Mozilla's Firefox 1.0PR, I've found that my mother's machine is dramatically less likely to get spyware/malware with the addition of the Adblock extension for Firefox. Blocking a lot of the ads that are used in hooks for alot of the malware that is out there has really helped.

Spybot S&D and AdAware in combination has finally cleaned up my wife's machine (she got hit through a hook in Outlook Express e-mail, she's now using Mozilla's Thunderbird for e-mail.) There's a hardware firewall on the network that has stood up to everything I've thrown at it, but I still have ZoneAlarm running on my computer to monitor the network.

Mother and wife running Norton AV which has generally been useless in the long term.

Everyone has their own favorites, but browser and e-mail seem to be the most vulnerable points of attack, and by avoiding Internet Explorer and Outlook Express, a lot of time and trouble can be saved.

[LTCJ]

... give Linux a try myself. Does it install alongside Windows so I can try it out before switching over all at once?

Yes, you can install Linux in a dual boot configuration that gives you a choice at startup as to which way you want to go. I'm posting from a system running SuSE Linux as my default boot with Windows XP as an option.

This system serves four users - my wife, myself and two kids. We all use Linux for general computing and ALWAYS for web browsing. I finally made the switch when the malware maintenance and security issues became so bad under Windows that it surpassed the inconvenience of installing and "learning" new operating system.

I still use Windows once a week to prepare a PowerPoint set for a network of churches but that's a 30 minute deal once a week. I'll forego even that once I get the time to test format compatability of running MSOffice under Linux - my schedule right now is a bit too tight to organize a network-wide test. Once that's done, I plan on only booting to Windows once every few months - to upgrade virus and security programs!

If you're interested in trying Linux, you can do so without installing it at all. If you have a CD or DVD burner, you can download a "LiveCD" image which will allow you to boot and run Linux directly from the CD without anything being installed to your HD. SuSE provides both free DVD and CD iso images. Others do as well, notably Knoppix (which is designed to run entirely from the CD). Let me know if you need details.

If you like what you see, SuSE can be purchased as a boxed set with excellent documentation or actually installed directly over the internet for free (the route I took for the latest version).

I, for one, an convinced. I won't be going back to Windows.

[backhoe]

Help for viruses and malware:

 

 Ad-Aware ... Spybot ... Peper Uninstaller ... HijackThis... CWShredder ... Spyware Blaster ... IE Spyad ... Free online Virus scan ... AVG AntiVirus ... LSPfix ... How to Show Hidden Files ... How to boot into Safe Mode ... How did I get infected in the first place?

---

Things you need--(all FREE)
Anti-Virus
AVG

 Avast
Firewall
Kerio(Direct Download) Zone Alarm

 If are using zone alarm it may slow your PC. Try Outpost Firewall http://www.agnitum.com/products/outpost or Sygate Firewall http://www.sygate.com/, both have FREE and Pro versions and are heads above ZA.
Misc.
IE Spyads SpywareBlaster Spyware Guard
Windows Update- you must keep updated, it is the start of a secure system-
get all CRITICAL Updates

Things you want(Still Free)
 

  I use Firefox PR1 and IMHO, beats the sox off MS Explorer. Life is good with tabs. Click the link and give it a try.

Ad-Aware
Spybot S&D

SpywareBlaster
MS MVP Hosts file

Mike Lin's Homepage and get the Startup Control Panel and Startup Monitor tools.

 

The best forum for malware removal:

 http://forums.spywareinfo.com/index.php?s=262d844129208feb8b0cf5b0186a32f6&act=SC&c=4
SWI Forums--

[Gigantor]

bookmark

[Drammach]

See posts #63 and #66..
(#66 includes links to software..)

Find a friend that is computer-friendly, and install and run those in #63..
Add others you find interesting or helpful in #66.. ( read the information at each site-page linked to.. they will help you to decide what all you wish to run / install.......

Don't totally panic..
I'm sure you learned to ride a bike, drive a car, earned a high school diploma, probably have a college degree of some sort..
If you can do all that, you can handle a computer..
Granted, it's frustrating, but getting spyware or viruses won't destroy your computer..
( It may cause the loss of information on the hard drive, or other inconveniences, but that's what "back-ups" are for.. Back Up Your Information.. ( CD or DVD. )

At worst, you may have to re-install Windows XP or something and start with a clean system..
But your computer won't blow up or anything..

[backhoe]

MY COMPUTER HAS BEEN SO MESSED UP IT IS DRIVING ME NUTS. I COULD NOT POST. CAN SOMEONE GIVE US STEP BY STEP DIRECTION ON HOW TO GET RID OF ALL THE MESS.

ducks, see reply #68... and then--

First off, if your PC is that bad, you may find it less frustrating to get the info and download all the stuff you need from another PC. And by all means, ask a power user for assistance, to help walk you through the steps. Bear in mind if- big if- you have backed up your critical data ( and who does that? ) it might be less time-consuming to simply format the HD and reinstall from clean CDs the OS and programs.

Print out all the info you find- there's too much to remember from reading a computer screen.

From my links in #66, get Ad-Aware from Lavasoft, Spybot Search and Destroy, and AVAST. Again, from my links, learn how to force Ad-Aware and Spybot to "perform a custom scan," and set them up to do that.

Reboot in Safe Mode- again, see my links, the info on this is in the SWI forums, on many posts, but in general, hit F8 repeatedly as your system boots. You must do this because the bad stuff loads during nomal bootup, and usually can't be deleted in normal mode. You also need to learn ( from the links ) how to set Windows Explorer ( this is NOT Internet Explorer-- this is the Explorer that comes bundled with your Operating System, that nobody uses much! ) to "see" all the files-- by default, it overlooks System files.

Run all three programs, one after the other, in safe mode, and let them clean out what they find-- and be advised you may have to do this ( in safe mode ) several times until they stop finding the junk in your system.

At this stage you may or may not have fixed the problem- but you will have found a pile of garbage that will help you get started in the right direction. You have to be patient, and persistent.

Now, join the SWI forum ( see my links ) and read carefully all the "pinned" instructions at the beginning of the forums-- you need to learn this so you can post your Hijack This! log in their forum in a format they can understand, and help you with your problems.

At this stage you will post your log there, and wait- they went from 5,000 members to over 30,000 in a few months and are badly overloaded, but if anyone can help you, they can.

It is possible that by reading their many posts, you can learn enough on your own to get a handle on the problems you are having- I did it that way.

And then, once you get your sytem clean- either by disinfecting, or a reformat & reinstall? Clone it to a spare hard drive once in a while-- HD's are cheap now, and that is the fastest way to recover from disaster. Your power user friend should know how to do this- but if not, ask me-- I think I can explain it well enough.

A few random thoughts-- first, quit using Internet Explorer-- you can't get rid of the damned thing, it's hooked into the OS-- but another browser like Firefox, Opera, or even an old free version of Netscape gets a lot less junk than IE... you must run an antivirus-- AVG is good and free, and uses little system resources, and they update daily. A firewall ( again, get a power user friend to help ) is just about mandatory nowadays-- and a hardware firewall is a lot better than a software firewall-- a home network can provide this, and some DSL modem have their own firewall.

And, of course, there is another route- Linux or a Mac!

[tet68]

Bump.

[js1138]

If you are already infected, you need to run the cleaner programs in safe mode. Otherwise they will just reinstall themselves.

[bad company]

I've been meaning to ask you, my computer guy has me running f-prot anti virus and spy sweeper. How do they compare with the others? I had some problems so I'm also running firefox, zonelabs firewall and win patrol.

[backhoe]

I'm not familiar with f-prot, but spysweeper is very good, indeed- I have used it in the past.

For what it's worth, AVAST found and cleaned bad code in my command.com and a couple of system DLL files than none of the others even saw.

[gortklattu]

I reformat every couple of months.

All my data is either on an archive CD or a present files CD. Since I use XP programs I have no problem with reinstalling the main data. The Microsoft 03 programs allow you to activate the product online only twice before you have to call in for the activation. Curse them.

Installing Kaaza is hard drive suicide. I once helped a company get rid of the program and all its tenticles. While I was doing that the kid who installed it on the company's computer asked me which shareware program I thought was best. I turned to his sister, a serious businesswoman, and told her to keep him from the computers.

[ActionNewsBill]

BUMP

[R. Scott]

I use Ad Aware, Norton antivirus and Spybot.
I had the same problem with this loaner HP I’m using. When I first ran Norton Antivirus I cleared over 1,200 infected files. Ad Aware and Spybot took care of a lot more, but after a day or so everything was back to what it was – hijacked home page, popups, and attempts to dial.
I finally had to go into safe mode as the administrator and run all three programs again. One time didn’t do it, it took about a week doing this every day.
Now I am running pretty much clear, but there is still something trying (unsuccessfully) to run. I'll have to go into the registry to find it but that is a bit more than I care to do now.

[Skooz]

bump for after the coffee kicks in

[centurion316]

ping

[P-Marlowe]

bump

[Nataku X]

That's a list of programs that launch on startup. If you see any programs on startup that look suspicious, like pornpopups.exe, just delete them. You won't hurt your system.