There are a few different things that need to be done.
Step #1. Uninstall what you can.
Go to your Add-Remove Programs Control Panel and look for any advertising related programs or anything that you did not install. Some programs bundled with malware will refuse to run after the malware is removed. Then you must consider, is that application worth your privacy?
Some common programs, installed without the user's knowledge, that I've seen:
Bargain Buddy
Gator
GAIN
Wild Tangent
My Web Search
Hotbar
Grokster
Kazaa
Precision Time
Weatherbug
Smiley Central
Look for applications that do not have a size listed, or ones you don’t remember installing. I have found that most programs that have ‘search’ in the name are usually malware. Uninstall anything that looks suspicious. If you are uncertain about a specific listing, go to www.google.com and search for the application name. If you see the words ‘adware’ or ‘spyware’ often in your search results description, it’s probably safe to say the program is malware and should be removed. Some programs require a re-boot to complete uninstalling, others may not. I would recommend a re-boot after uninstalling any of these programs even if they did not ask you to.
Note: Pay close attention to the uninstall dialog boxes. Some will read very funny and try to trick you into canceling the uninstall. Some will try to demand you give them a reason for uninstalling. (Precision Time will do this.)You don’t have to tell them ANYTHING! It’s none of their business so NEVER submit a survey or give information to remove a program. It’s usually a trick like the link on SPAM E-mail that says ‘to remove, click here’ - and in reality what you are really doing is verifying to them that they’re spamming a good, active address, and they’ll make it worse for you from then on.
Look for any extra toolbars in internet explorer besides anything you've installed intentionally. Common spyware ones you may find are ‘Web Search Tools’, etc. See if there are any options to uninstall these extra toolbars.
Delete Internet Explorer cookies and files. A cookie is a tiny text file certain web pages create on your computer. Some are good, but some of these often can contain malware. Go to 'Tools' - ‘Internet Options’ in Internet Explorer. Right there in the ‘General’ tab are buttons that say ‘Delete Cookies’ and ‘Delete Files’. Deleting files may take a couple minutes if not done in a while, so be sure to wait it out. This should be done every once in a while anyway, but keep in mind you may have to re-enter some passwords and saved information on certain web pages again. This usually isn’t a hassle.
Step #2. Clean up processes.
There are two parts for this step.
A). Look in your Start Menu under the Startup folder. You will want to delete any spyware startup programs there so they will not be activated upon re-boot. You can right click on the item menu and choose delete.
B). Now this one may be a bit of a pain, but this is something that will help you survive and troubleshoot many things to come. Right-click on your Task Bar and choose task manager. You can also get to task manager by hitting control-alt-delete. Click on the Processes Tab. Now, this list may look Greek to you, but it tells you EVERYTHING that’s going on on your PC. What’s listed here will vary from PC to PC, depending on what is installed. Viruses and malware applications that are currently active will be listed here, as well as installed programs, hardware drivers, and windows services. The trick is to know what processes are good and which aren’t. The best thing to tell you here is to search Google on each one. Look at the descriptions that come up. For example, if you search for GMT.exe you will get links to adware removal information. GMT.exe is the spyware program Gator/GAIN. Now if you search for svhost.exe you will get links to a windows tasks library since it is a windows process. If you become familiar with your PCs regular processes you will be able to spot a new virus or application that’s not supposed to be running when it shows up. You can also see what applications are taking up your processor power by clicking on CPU column top. Usually ‘System Idle Process’ is taking about 90%, but no other applications usually takes up that much unless they are actively processing something. Anything you see that takes up an odd amount of CPU power needs to be investigated and probably ended.
Step #3. Run removal applications.
These are the programs I use and recommend for removing adware and spyware. Both can be downloaded from http://www.download.com/.
Ad-Aware 6:
http://www.lavasoftusa.com/support/download/
Spybot Search and Destroy:
http://www.safer-networking.org/en/download/index.html
One thing I have come across is malware claiming to be a spyware removal application. Some will infect your computer then warn you that you may be infected! I prefer to stick with what my fellow technicians and I have successfully used in the field. An important thing to keep in mind is that certain types of applications do NOT play nice with others of their ilk. These include antivirus applications, popup blockers, and spyware removal programs. Having two of any one type of these applications can cause your system to become unstable. However, I have found that Ad-aware and Spy-Bot together don’t have this problem. One will find things the other doesn’t and vice-versa. They will complain about each other, though. Ad-aware will warn you about Spy-Bot and vice-versa. You can ignore this. I have not had these two applications cause any problems when working together. If you have any other spyware removal applications installed, I strongly recommend that you uninstall them, especially if you didn’t intentionally install them in the first place. Some may be legit, but I prefer to stick with the removal programs I trust. Also make sure you only have one antivirus program installed, and only one popup blocker enabled.
These spyware removal applications are like antivirus applications in that they need to be updated often to remain current against new threats. Be sure to update each application before you run it. Follow the instructions and repair any problems found. It is a good idea to re-boot after each one cleans things off to save the registry.
If after taking the preceding steps you are still having problems with malware you may have to break down, back up your files, and restore your computer from the manufacturers CD or format and re-load your hard drive from scratch. I recommend this be done about once a year anyway. Even if you maintain your computer well things will still become corrupted and slow over time just from use, and many files are created that are not needed anymore. Some of these malware programs are very ingenious and fight removal, or reinstall themselves. As I’ve said I have come across just a couple malware programs neither I nor any tech in my group could remove. Format c:
Friday, April 13, 2007
Thursday, April 12, 2007
What's all this evil-ware stuff?
Microsoft in all their genius left gaping holes in their operating systems and internet browsers that malicious parties are taking advantage of. They slow down your computer, give you annoying ads, and invade your privacy. Most of them can be removed, but I have come across some that could not. These types of programs are called malware.
Malware (mal´wãr) (n.) Short for malicious software, software designed specifically to damage or disrupt a system, such as a virus or a Trojan horse.
Besides viruses and Trojan horses, you're dealing with other types of malware programs now:
Adware - These are the wonderful little programs that bring you popups through your internet browser, scripts, or the messenger service in windows. These slow the PC down by constantly pulling ads from various servers.
Spyware - These programs track what you search for and where you go on the internet and send that to vendors to better profile you. Some can even have keyloggers that can record ANYTHING you type, including passwords, credit card numbers, etc. These slow the PC down by constantly sending information they gather to various servers, and are a great privacy concern.
Browser Hijackers - These programs reset your internet browser home page, and some will even reset it back if you change it. These are just plain obnoxious.
Malware (mal´wãr) (n.) Short for malicious software, software designed specifically to damage or disrupt a system, such as a virus or a Trojan horse.
Besides viruses and Trojan horses, you're dealing with other types of malware programs now:
Adware - These are the wonderful little programs that bring you popups through your internet browser, scripts, or the messenger service in windows. These slow the PC down by constantly pulling ads from various servers.
Spyware - These programs track what you search for and where you go on the internet and send that to vendors to better profile you. Some can even have keyloggers that can record ANYTHING you type, including passwords, credit card numbers, etc. These slow the PC down by constantly sending information they gather to various servers, and are a great privacy concern.
Browser Hijackers - These programs reset your internet browser home page, and some will even reset it back if you change it. These are just plain obnoxious.
How to not get SPAM
You have to be proactive to avoid it. Being reactive will not work with this particular monster. If your e-mail account is getting too much SPAM, then start fresh with a new address. Once your e-mail address is leaked out - it's too late to stop it.
1. Expect SPAM if you use your address on the Internet for anything. Remember, things are not as secure as they would like you to believe!
2. Use multiple addresses for different purposes. Don't shop with your work e-mail address or personal address. I have an address just for shopping online, another for job hunting, one for blogging, one for junk and spam, and another for personal use. I get SPAM on the older accounts, and the ones I've used for shopping. The accounts I've used only for e-mailing friends stay SPAM free - unless they break my rules.
3. Screen your messages online before downloading them to Outlook or Outlook Express. If the e-mail gets downloaded, and attachments (Including viruses) get copied to your local hard drive.
4. Change your address every so often.
1. Expect SPAM if you use your address on the Internet for anything. Remember, things are not as secure as they would like you to believe!
2. Use multiple addresses for different purposes. Don't shop with your work e-mail address or personal address. I have an address just for shopping online, another for job hunting, one for blogging, one for junk and spam, and another for personal use. I get SPAM on the older accounts, and the ones I've used for shopping. The accounts I've used only for e-mailing friends stay SPAM free - unless they break my rules.
3. Screen your messages online before downloading them to Outlook or Outlook Express. If the e-mail gets downloaded, and attachments (Including viruses) get copied to your local hard drive.
4. Change your address every so often.
Monday, April 2, 2007
Avoiding Infection
How do I avoid getting Malware in the first place?
Some you can't avoid, like commercials on TV. Nothing is 100% effective, except unplugging from the internet. Here's what you can do:
#1. Update your windows often.
These updates are fixing security holes in your OS (Operating System), and I have seen virus outbreaks only infect PCs that were not up to date. Most PCs have the Windows Update icon in your start menu. It is also under the tools menu in Internet Explorer, or just go to www.microsoft.com and follow the links. I only worry about the 'critical' updates. Run windows update until it tells you there are no more critical Hotfixes or Service Packs to install. Be sure to re-boot after any update, even if it doesn't tell you to do so.
Note: Windows XP Service Pack 2 includes a popup blocker. You will need to uninstall or disable it, or any other popup blocker you may have installed. Only one can play at a time.
#2. Tighten your security settings.
Right click on your 'My Computer' icon on your desktop. Click on 'Manage'. Expand 'Services and Applications'. Click on 'Services'. Look for "Messenger" in the right hand box. Adware programs use the messenger service to generate popups to you. If this service is started, right click on it and stop it. This should stop many popups. The 'startup type' of the messenger service needs to be 'manual'. If it is set to 'automatic,' double click it and change the startup type to manual or disabled. This will not affect any chat applications you may use.
In Internet Explorer:
Go to 'Tools' - Internet Options. Click on the 'Security' tab. Click on 'Internet' and click on the 'Custom Level' button. Under the 'Miscellaneous' category, about six down, is 'Installation of desktop items' - make sure this is set at 'prompt'.
Now click on the 'Advanced' tab. Be sure there are NO checks by 'Enable Install On Demand (Internet Explorer)' or Install On Demand (Other)' This setting is a MAJOR culprit for malware infection. After that you need to say NO to anything that prompts to install unless you know the source, like Microsoft or Macromedia.
Another Note: If you REALLY want to see what's going on behind the scenes you can have Internet Explorer require your approval for EVERY cookie. This is how I have my computer, that way I can tell the PC to always block cookies from 3rd party sites. To do this, go to 'Tools' - Internet Options. Click on the 'Privacy' tab. Click the 'Advanced' tab. Put a check in front of 'Override automatic cookie handling' Set both First-party and Third-Party to prompt. Click OK. Now every time you go to a page it will ask you if you want to allow specific cookies. For example, if I went to www.discovery.com I would get a prompt asking if Discovery.com can set a cookie. I OK all Discovery.com cookies but then bannerads.com wants to set a cookie. I'll deny that and check the box to always deny cookies from bannerads.com. Most third party cookies are ads. I refuse any cookie that has 'ads', 'click', 'stats', 'count', 'gator', 'search' or 'banner' in the site name, and I refuse all cookies that are not from the domain I am currently visiting.
#3. Install a firewall application such as Zone Alarm or enable Windows firewall. (You can look up how to do this in Windows Help, or hit F1.) A Firewall can not only protect your computer from being hacked into over the internet, but it also stops installed programs that are trying to access the internet without your consent.
#4. Install an antivirus application and make sure it is updated every few days. Most the PCs I have seen that have gotten a virus did not have their antivirus definitions current. Run a full virus scan about once a week.
#5. ALWAYS pay close attention to what you are installing. If given the choice always choose a 'custom' install. That allows you to see every component that is being installed. Another way to be safe, although it may be a hassle, is to actually READ the terms and agreements when you install applications. Many malware programs for legal reasons have to tell you what they're up to there.
Some you can't avoid, like commercials on TV. Nothing is 100% effective, except unplugging from the internet. Here's what you can do:
#1. Update your windows often.
These updates are fixing security holes in your OS (Operating System), and I have seen virus outbreaks only infect PCs that were not up to date. Most PCs have the Windows Update icon in your start menu. It is also under the tools menu in Internet Explorer, or just go to www.microsoft.com and follow the links. I only worry about the 'critical' updates. Run windows update until it tells you there are no more critical Hotfixes or Service Packs to install. Be sure to re-boot after any update, even if it doesn't tell you to do so.
Note: Windows XP Service Pack 2 includes a popup blocker. You will need to uninstall or disable it, or any other popup blocker you may have installed. Only one can play at a time.
#2. Tighten your security settings.
Right click on your 'My Computer' icon on your desktop. Click on 'Manage'. Expand 'Services and Applications'. Click on 'Services'. Look for "Messenger" in the right hand box. Adware programs use the messenger service to generate popups to you. If this service is started, right click on it and stop it. This should stop many popups. The 'startup type' of the messenger service needs to be 'manual'. If it is set to 'automatic,' double click it and change the startup type to manual or disabled. This will not affect any chat applications you may use.
In Internet Explorer:
Go to 'Tools' - Internet Options. Click on the 'Security' tab. Click on 'Internet' and click on the 'Custom Level' button. Under the 'Miscellaneous' category, about six down, is 'Installation of desktop items' - make sure this is set at 'prompt'.
Now click on the 'Advanced' tab. Be sure there are NO checks by 'Enable Install On Demand (Internet Explorer)' or Install On Demand (Other)' This setting is a MAJOR culprit for malware infection. After that you need to say NO to anything that prompts to install unless you know the source, like Microsoft or Macromedia.
Another Note: If you REALLY want to see what's going on behind the scenes you can have Internet Explorer require your approval for EVERY cookie. This is how I have my computer, that way I can tell the PC to always block cookies from 3rd party sites. To do this, go to 'Tools' - Internet Options. Click on the 'Privacy' tab. Click the 'Advanced' tab. Put a check in front of 'Override automatic cookie handling' Set both First-party and Third-Party to prompt. Click OK. Now every time you go to a page it will ask you if you want to allow specific cookies. For example, if I went to www.discovery.com I would get a prompt asking if Discovery.com can set a cookie. I OK all Discovery.com cookies but then bannerads.com wants to set a cookie. I'll deny that and check the box to always deny cookies from bannerads.com. Most third party cookies are ads. I refuse any cookie that has 'ads', 'click', 'stats', 'count', 'gator', 'search' or 'banner' in the site name, and I refuse all cookies that are not from the domain I am currently visiting.
#3. Install a firewall application such as Zone Alarm or enable Windows firewall. (You can look up how to do this in Windows Help, or hit F1.) A Firewall can not only protect your computer from being hacked into over the internet, but it also stops installed programs that are trying to access the internet without your consent.
#4. Install an antivirus application and make sure it is updated every few days. Most the PCs I have seen that have gotten a virus did not have their antivirus definitions current. Run a full virus scan about once a week.
#5. ALWAYS pay close attention to what you are installing. If given the choice always choose a 'custom' install. That allows you to see every component that is being installed. Another way to be safe, although it may be a hassle, is to actually READ the terms and agreements when you install applications. Many malware programs for legal reasons have to tell you what they're up to there.
Subscribe to:
Posts (Atom)
