Results 1 to 2 of 2
  1. #1
    Joined
    Jul 2003
    Location
    Australia
    Posts
    14,223

    Question Basic Spyware/Virus Combat Strategy Plan

    Since I have been a Moderator in the Networking and Operating Systems forum room, I have seen many threads asking how to get rid of Spyware and Viruses - Malicious Wares or also known as Mal-Wares.

    There are a few things that you can do to help both yourself and us to resolve your problem more quickly and more efficiently. Follow this basic guide and you'll be a Spyware Assassin in no time.


    Identify the problem:

    Spyware and viruses usually have very similar symptoms - some of these include:
    - Pop-up windows in Internet browsers
    - Changed "Home Page" Settings
    - other anomalies in your Internet browser (strange icons or text)
    - Other anomalies in Windows such as pop-ups, strange icons, error messages and strange file behaviour.

    ..it comes down to two words: "Search" and "Destroy" (as stated in the name of a popular Spyware-removal program). These words become the two basic steps to Spyware and Virus identification and removal:

    SEARCH:
    Means to both find the offender on your computer, and more importantly: Find out about it!

    You should be asking yourself these questions:
    - What is it called?
    - How can I find out about it?
    - How many files does it use and how do I find them all?
    - Does this thing hide anything else on my computer?

    DESTROY:
    The second part of the process. After you know what the problem is, you can think about how to destroy it.
    95% of Spyware and Viruses are destroyed during the Search process.



    SEARCH and DESTROY- Steps to removing spyware:

    1.0) Spyware and Anti-Virus Software:
    Once you know you have been infected with something, you should try running some software packages that are designed to clean this sort of stuff off. Sometimes you may never find out the name of a pop-up just by doing searches yourself. These programs have massive lists of known nasties and will pick them out for you

    It's always a good idea to run at least two - if one doesn't catch everything, there's a good chance the second program will catch the rest. Here at PC Perspective, we recommend using both Spybot S&D and AdAware to start with. You should also update and run some anti-virus software.


    2.0) Advanced Spyware Software:
    If after running those, you still think you have something on your computer, download and run HijackThis. Analyse your computer and post the report in here in the Forums. Be sure to edit any private details out of it! HijackThis is more thorough, but also more complicated and easier to cause damage with. Be careful of what you choose to remove from here - or let us show you what to remove.

    ** If you delete/clean things using Spyware-Removal or Anti-Virus software, you might need to re-start your computer for the changes to take effect.

    ** If you reach this stage, you will also need to look at stage 2.1 AND 2.2:


    2.1) Persistent Spyware and Intelligence Gathering:
    If Step 1.0 did not help, you need to try and find out any names that are associated with the problem and search them in Google. Hopefully by doing this, you will find a program or a guide that has been specifically made to fight the same problem that you have.

    Google for:
    - Web address names of pop-ups or unwanted favourites
    - Names of unknown files or programs listed in the HijackThis report
    - Names of files requested in unwanted download popups
    - Names of unwanted icons shown in Internet browsers
    - Names of viruses that anti-virus software found
    - Any other names of interest


    2.2) Hard Drive Searches
    Hopefully HijackThis has provided you with some suspect file names and/or you think you know of some suspect files to gather intelligence on them. Search your Hard drives for these files and then look at the Properties of them to see if they have any other names on them. Maybe a company name or the name of the Program. Look for anything that you can search for in Google.
    **Write the names down on a piece of paper, so you have an easy reference and won't forget.

    ** When you find a name or a file you want to search, also try cut down versions of the search keyword. For example: If I find "nastypastie.dll", I can search for "nastypastie" and also "nasty" or "pastie" because they are uncommon names. This applies to both Google and hard drive searches.


    3.0) Advanced Searches (Registry):

    ** Registry Editing is done at your own risk!! We take no responsibility for any changes you make in the Registry!

    By this point, you should have lots of information on your problem, and have hopefully found a guide through Google on how to clean up your problem, or have ound some software that will do it for you...

    ..it is still possible that you're still getting some residual messages or have had a really complex problem. There are a couple of steps you can take that may help:

    Open the Registry Editor (regedit) and go to the following keys - look for anything suspicious:
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    ** If you find entries in these two that are obviously related to your problem, it should be safe to delete that entry. If I see the entry "c:\windows\nastypastie.exe", I know it can be deleted. If I see an entry that says "RUNDLL32.EXE nastypastie.dll", I know that can be deleted.

    ** IMPORTANT: RUNDLL32.EXE is an important Windows system file. DO NOT DELETE IT! Many spyware programs and viruses use RUNDLL32.EXE to load their program.


    5) Seek Advice:
    If you're still having problems or need help, post whatever details you have here in the Networking & Operating Systems Forum and we'll see what we can do to help you

    ____________________________________
    Mjölnir © 2004
    PC Perspective / AMDMB Forums
    Last edited by Mjölnir; 07-31-2004 at 08:34 AM.

  2. #2
    Joined
    Jul 2003
    Location
    Australia
    Posts
    14,223
    Prevention of Attacks in Future:

    There are several ways that you can build up resistances against Spyware and Viruses:
    • Run Anti Virus Software, keeping it up-to-date. Be sure to use it's "Memory Resident" or "Execution Protection" type features that are always monitoring files as they are accessed. Most Anti Virus software also includes Email scanning too.
    • Run Anti Spyware Software checks regularly with the Spyware software mentioned in the above sections.
    • Use a Firewall. These limit the types of traffic and are good at blocking the nasty stuff getting through "back doors"
    • Don't open unusual Email Attachments. If they are from someone you know, contact that person to as them if they deliberately sent it and is it safe. They may not know they have sent it.
    • Set up a HOSTS file. See this site for more information:
      Blocking Unwanted Parasites with a HOSTS File
    • Use Commonsense. If a window pops up while you are surfing, and it offers you some great performance enhancing product, DON'T click YES! Hit ESC and hope it goes away or use the mouse to click the [X] in the top-right corner. If they don't work, try pressing ALT+F4, but don't click the buttons inside the window.


    Malware Combat Software Links:

    ** all of these sites offer free solutions for fighting Spyware and viruses

    Recommended Anti Spyware Software:
    AdAware
    Merijn.org (HijackThis and CWShredder)
    SpyBot Search & Destroy
    SpywareBlaster
    SpywareGuard

    Recommended Anti Virus Software:
    AVG Anti-Virus
    Kaspersky Labs Antivirus
    Trend Micro HouseCall

    Other Useful Sites:
    Google
    Blocking Unwanted Parasites with a HOSTS File
    Virus Alerts / Security Warnings / Solutions - by Jimzinsocal

    ________________________________________________________________________
    A big thanks to the members at PC Perspective / AMDMB Forums who contributed to this article!
    Mjölnir © 2004
    PC Perspective / AMDMB Forums
    Last edited by Mjölnir; 07-31-2004 at 01:03 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •