There are a few different things that need to be done.
Step #1. Uninstall what you can.
Go to your Add-Remove Programs Control Panel and look for any advertising related programs or anything that you did not install. Some programs bundled with malware will refuse to run after the malware is removed. Then you must consider, is that application worth your privacy?
Some common programs, installed without the user's knowledge, that I've seen:
Bargain Buddy
Gator
GAIN
Wild Tangent
My Web Search
Hotbar
Grokster
Kazaa
Precision Time
Weatherbug
Smiley Central
Look for applications that do not have a size listed, or ones you don’t remember installing. I have found that most programs that have ‘search’ in the name are usually malware. Uninstall anything that looks suspicious. If you are uncertain about a specific listing, go to www.google.com and search for the application name. If you see the words ‘adware’ or ‘spyware’ often in your search results description, it’s probably safe to say the program is malware and should be removed. Some programs require a re-boot to complete uninstalling, others may not. I would recommend a re-boot after uninstalling any of these programs even if they did not ask you to.
Note: Pay close attention to the uninstall dialog boxes. Some will read very funny and try to trick you into canceling the uninstall. Some will try to demand you give them a reason for uninstalling. (Precision Time will do this.)You don’t have to tell them ANYTHING! It’s none of their business so NEVER submit a survey or give information to remove a program. It’s usually a trick like the link on SPAM E-mail that says ‘to remove, click here’ - and in reality what you are really doing is verifying to them that they’re spamming a good, active address, and they’ll make it worse for you from then on.
Look for any extra toolbars in internet explorer besides anything you've installed intentionally. Common spyware ones you may find are ‘Web Search Tools’, etc. See if there are any options to uninstall these extra toolbars.
Delete Internet Explorer cookies and files. A cookie is a tiny text file certain web pages create on your computer. Some are good, but some of these often can contain malware. Go to 'Tools' - ‘Internet Options’ in Internet Explorer. Right there in the ‘General’ tab are buttons that say ‘Delete Cookies’ and ‘Delete Files’. Deleting files may take a couple minutes if not done in a while, so be sure to wait it out. This should be done every once in a while anyway, but keep in mind you may have to re-enter some passwords and saved information on certain web pages again. This usually isn’t a hassle.
Step #2. Clean up processes.
There are two parts for this step.
A). Look in your Start Menu under the Startup folder. You will want to delete any spyware startup programs there so they will not be activated upon re-boot. You can right click on the item menu and choose delete.
B). Now this one may be a bit of a pain, but this is something that will help you survive and troubleshoot many things to come. Right-click on your Task Bar and choose task manager. You can also get to task manager by hitting control-alt-delete. Click on the Processes Tab. Now, this list may look Greek to you, but it tells you EVERYTHING that’s going on on your PC. What’s listed here will vary from PC to PC, depending on what is installed. Viruses and malware applications that are currently active will be listed here, as well as installed programs, hardware drivers, and windows services. The trick is to know what processes are good and which aren’t. The best thing to tell you here is to search Google on each one. Look at the descriptions that come up. For example, if you search for GMT.exe you will get links to adware removal information. GMT.exe is the spyware program Gator/GAIN. Now if you search for svhost.exe you will get links to a windows tasks library since it is a windows process. If you become familiar with your PCs regular processes you will be able to spot a new virus or application that’s not supposed to be running when it shows up. You can also see what applications are taking up your processor power by clicking on CPU column top. Usually ‘System Idle Process’ is taking about 90%, but no other applications usually takes up that much unless they are actively processing something. Anything you see that takes up an odd amount of CPU power needs to be investigated and probably ended.
Step #3. Run removal applications.
These are the programs I use and recommend for removing adware and spyware. Both can be downloaded from http://www.download.com/.
Ad-Aware 6:
http://www.lavasoftusa.com/support/download/
Spybot Search and Destroy:
http://www.safer-networking.org/en/download/index.html
One thing I have come across is malware claiming to be a spyware removal application. Some will infect your computer then warn you that you may be infected! I prefer to stick with what my fellow technicians and I have successfully used in the field. An important thing to keep in mind is that certain types of applications do NOT play nice with others of their ilk. These include antivirus applications, popup blockers, and spyware removal programs. Having two of any one type of these applications can cause your system to become unstable. However, I have found that Ad-aware and Spy-Bot together don’t have this problem. One will find things the other doesn’t and vice-versa. They will complain about each other, though. Ad-aware will warn you about Spy-Bot and vice-versa. You can ignore this. I have not had these two applications cause any problems when working together. If you have any other spyware removal applications installed, I strongly recommend that you uninstall them, especially if you didn’t intentionally install them in the first place. Some may be legit, but I prefer to stick with the removal programs I trust. Also make sure you only have one antivirus program installed, and only one popup blocker enabled.
These spyware removal applications are like antivirus applications in that they need to be updated often to remain current against new threats. Be sure to update each application before you run it. Follow the instructions and repair any problems found. It is a good idea to re-boot after each one cleans things off to save the registry.
If after taking the preceding steps you are still having problems with malware you may have to break down, back up your files, and restore your computer from the manufacturers CD or format and re-load your hard drive from scratch. I recommend this be done about once a year anyway. Even if you maintain your computer well things will still become corrupted and slow over time just from use, and many files are created that are not needed anymore. Some of these malware programs are very ingenious and fight removal, or reinstall themselves. As I’ve said I have come across just a couple malware programs neither I nor any tech in my group could remove. Format c:
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment