What is Spyware?
http://en.wikipedia.org/wiki/Spyware
This guide lists the steps that I use to clean 20+ infected systems a week. Some may consider it a bit extreme, but once you get a few nasty pieces of malware on your system that keep replicating you'll understand why it's a good idea to be thorough. I've also included some of my own personal recommendations and opinions.
Are you using a rogue anti-spyware application? "Rogue/Suspect" means that these products are of unknown, questionable, or dubious value as anti-spyware protection. Please review Spyware Warrior's extensive database.
Adware & Spyware Removal
Disable the System Restore temporarily (WinXP & WinME) if you are infected; any trojans, spyware, etc. you may have picked up could have been saved in the System Restore and can reinfect you. Since the System Restore is a protected directory your tools can not access it to delete files that can trap viruses and other applications inside.
Note: Go to add/remove programs and look down the list for New.Net Domains. If you see it please double-click to remove or else the LSP chain will break and you'll have to run the Winsock tool.
[*]1st Download the Windows 98, ME, 2K, XP Winsock Fix in case you cannot access the internet after removing the malicious content from your system.
[*]2nd Run Crap Cleaner
Important: I highly recommend downloading, installing, and updating all of the programs listed below in normal mode*. You may then restart your system and boot into safe mode. Booting in safe mode is important because it disables most drivers and running applications. To boot into safe mode, restart your computer and tap the f8 key (after first black and white screen, but before the Windows splash screen) until you get to a black and white screen asking you what to do.
* If your system is hosed and you are unable to boot to normal mode, you may install and run all of the utilities listed below in safe mode.
[*]3rd Run Spy Sweeper (30-day trial)
[*]4th Run Spyware Doctor
[*]5th Run Ad-Aware
[*]6th Run Spybot
[*]7th Run Hijack This*
* If you aren't sure about which items to remove, you may post your log and someone will review it. Otherwise you may use the HijackThis log file analysis
Additional tools:
[*]Microsoft Windows AntiSpyware Beta1
[*]Pocket KillBox is a program that can be used to get rid of files that stubbornly refuse to allow you to delete them. When it loads type the full path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted.
[*]Nail/Aurora Remover The symptoms are apparent - you receive popups with Aurora in the title bar. Several executables run in the background: Aurora.exe, nail.exe, a randomly generated filename (such as "wtsvizptwu.exe") with the description of "Buddy", and/or the trojan SvcProc.exe (Stervis).
Virus Removal
Do a full system scan with your up-to-date antivirus. If do not have a resident antivirus installed on your computer, please do so immediately! Both of these are free antivirus apps with decent detection rates.
[*]AntiVir
[*]AVG
Kaspersky offers one of the best antivirus utilities on the market. Check out the independent review.
[*]Kaspersky v5.0 (30-day trial)
I also recommend using the online virus scanners for a "second opinion" since a lot of Trojans and other malicious files seem to slip past most scanners (McAfee, Norton, etc.).
[*]Panda Online Virus Scanner
[*]Trend Micro Online Virus Scan
Note: After you have finished performing all of the steps listed above you may safely reboot your system back to normal mode. I would also recommend opening internet explorer, clicking on tools > internet options > click on the Security tab and reset all 4 security settings back to default. You may also safely set your homepage to your default in case it was inadvertently changed.
*Sometimes it is necessary to repair your windows installation after you've rid your system of malicious content.
Prevention
If you want to purchase one or more of the Anti-Spyware tools above then I would recommend either Spy Sweeper or Spyware Doctor. They offer the best detection and removal, plus their real-time protection and scheduling is a very nice feature. Remember to keep all of these programs updated and run them at least once a week if you are paranoid or simply want to maintain a clean system. If you do not have (Windows) automatic updates enabled be sure to check Windows Update at least once per month to download all of the critical updates. By doing so you will help keep your operating system secure and up-to-date. Be sure to run the Microsoft Baseline Security Analyzer.
If you run Windows XP you may want to set up a limited account. Here's a useful guide that explains it in greater detail.
Please use common sense when you receive a popup, install P2P software, freeware, and other misc. applications. Almost all spyware is unknowingly installed by a computer user. In most cases, the installation of spyware is not illegal because you agreed to it when accepted the license agreement or clicked 'yes' on the popup window. The license agreement usually includes several paragraphs about the installation of spyware and collection of data. By accepting the license agreement, you agreed to let the spyware transmit your personal information.
Spyware Blaster can help keep your system spyware-free and secure, without interfering with the "good side" of the web. And unlike other programs, Spyware Blaster does not have to remain running in the background. It adds sites to your web browsers restricted sites area.
All broadband users should have a firewall protecting their system(s). A Cable/DSL router (NAT box) is a very inexpensive solution that most people are familiar with. Hardware firewalls are important because they provide a strong degree of protection from most forms of attack coming from the outside world. Additionally, in most cases, they can be effective with little or no configuration, and they can protect every machine on a local network. One obvious downside to software firewalls is that they can only protect the machine they're installed on, so if you have multiple computers (which many homes and small offices do), you need to install and configure a software firewall separately on each machine. This can be difficult to manage if you have a lot of computers.
Windows XP includes a software firewall, and there are other solutions that protect you from inbound & outbound traffic. Check out Kerio Personal Firewall.
[*]Latest version
[*]Old version
The bottom line is that with any home-office broadband connection, a hardware firewall should be considered a bare minimum, and supplementing it with a software firewall on one or more computers (and don't forget antivirus software) is always a good idea.
Microsoft no longer updates Java VM and it's full of security holes. The solution is to install Sun Java.
You may also want to consider switching web browsers and giving Firefox a trial run. It's fast, free, and definitely less prone to spyware. Tabbed browsing is also another nice feature. Support the underdog.
---
For further information and previous discussions on this topic, please see Schadenfroh's malware threads here and here.
http://en.wikipedia.org/wiki/Spyware
This guide lists the steps that I use to clean 20+ infected systems a week. Some may consider it a bit extreme, but once you get a few nasty pieces of malware on your system that keep replicating you'll understand why it's a good idea to be thorough. I've also included some of my own personal recommendations and opinions.
Are you using a rogue anti-spyware application? "Rogue/Suspect" means that these products are of unknown, questionable, or dubious value as anti-spyware protection. Please review Spyware Warrior's extensive database.
Adware & Spyware Removal
Disable the System Restore temporarily (WinXP & WinME) if you are infected; any trojans, spyware, etc. you may have picked up could have been saved in the System Restore and can reinfect you. Since the System Restore is a protected directory your tools can not access it to delete files that can trap viruses and other applications inside.
Note: Go to add/remove programs and look down the list for New.Net Domains. If you see it please double-click to remove or else the LSP chain will break and you'll have to run the Winsock tool.
[*]1st Download the Windows 98, ME, 2K, XP Winsock Fix in case you cannot access the internet after removing the malicious content from your system.
[*]2nd Run Crap Cleaner
Important: I highly recommend downloading, installing, and updating all of the programs listed below in normal mode*. You may then restart your system and boot into safe mode. Booting in safe mode is important because it disables most drivers and running applications. To boot into safe mode, restart your computer and tap the f8 key (after first black and white screen, but before the Windows splash screen) until you get to a black and white screen asking you what to do.
* If your system is hosed and you are unable to boot to normal mode, you may install and run all of the utilities listed below in safe mode.
[*]3rd Run Spy Sweeper (30-day trial)
[*]4th Run Spyware Doctor
[*]5th Run Ad-Aware
[*]6th Run Spybot
[*]7th Run Hijack This*
* If you aren't sure about which items to remove, you may post your log and someone will review it. Otherwise you may use the HijackThis log file analysis
Additional tools:
[*]Microsoft Windows AntiSpyware Beta1
[*]Pocket KillBox is a program that can be used to get rid of files that stubbornly refuse to allow you to delete them. When it loads type the full path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted.
[*]Nail/Aurora Remover The symptoms are apparent - you receive popups with Aurora in the title bar. Several executables run in the background: Aurora.exe, nail.exe, a randomly generated filename (such as "wtsvizptwu.exe") with the description of "Buddy", and/or the trojan SvcProc.exe (Stervis).
Virus Removal
Do a full system scan with your up-to-date antivirus. If do not have a resident antivirus installed on your computer, please do so immediately! Both of these are free antivirus apps with decent detection rates.
[*]AntiVir
[*]AVG
Kaspersky offers one of the best antivirus utilities on the market. Check out the independent review.
[*]Kaspersky v5.0 (30-day trial)
I also recommend using the online virus scanners for a "second opinion" since a lot of Trojans and other malicious files seem to slip past most scanners (McAfee, Norton, etc.).
[*]Panda Online Virus Scanner
[*]Trend Micro Online Virus Scan
Note: After you have finished performing all of the steps listed above you may safely reboot your system back to normal mode. I would also recommend opening internet explorer, clicking on tools > internet options > click on the Security tab and reset all 4 security settings back to default. You may also safely set your homepage to your default in case it was inadvertently changed.
*Sometimes it is necessary to repair your windows installation after you've rid your system of malicious content.
Prevention
If you want to purchase one or more of the Anti-Spyware tools above then I would recommend either Spy Sweeper or Spyware Doctor. They offer the best detection and removal, plus their real-time protection and scheduling is a very nice feature. Remember to keep all of these programs updated and run them at least once a week if you are paranoid or simply want to maintain a clean system. If you do not have (Windows) automatic updates enabled be sure to check Windows Update at least once per month to download all of the critical updates. By doing so you will help keep your operating system secure and up-to-date. Be sure to run the Microsoft Baseline Security Analyzer.
If you run Windows XP you may want to set up a limited account. Here's a useful guide that explains it in greater detail.
Please use common sense when you receive a popup, install P2P software, freeware, and other misc. applications. Almost all spyware is unknowingly installed by a computer user. In most cases, the installation of spyware is not illegal because you agreed to it when accepted the license agreement or clicked 'yes' on the popup window. The license agreement usually includes several paragraphs about the installation of spyware and collection of data. By accepting the license agreement, you agreed to let the spyware transmit your personal information.
Spyware Blaster can help keep your system spyware-free and secure, without interfering with the "good side" of the web. And unlike other programs, Spyware Blaster does not have to remain running in the background. It adds sites to your web browsers restricted sites area.
All broadband users should have a firewall protecting their system(s). A Cable/DSL router (NAT box) is a very inexpensive solution that most people are familiar with. Hardware firewalls are important because they provide a strong degree of protection from most forms of attack coming from the outside world. Additionally, in most cases, they can be effective with little or no configuration, and they can protect every machine on a local network. One obvious downside to software firewalls is that they can only protect the machine they're installed on, so if you have multiple computers (which many homes and small offices do), you need to install and configure a software firewall separately on each machine. This can be difficult to manage if you have a lot of computers.
Windows XP includes a software firewall, and there are other solutions that protect you from inbound & outbound traffic. Check out Kerio Personal Firewall.
[*]Latest version
[*]Old version
The bottom line is that with any home-office broadband connection, a hardware firewall should be considered a bare minimum, and supplementing it with a software firewall on one or more computers (and don't forget antivirus software) is always a good idea.
Microsoft no longer updates Java VM and it's full of security holes. The solution is to install Sun Java.
You may also want to consider switching web browsers and giving Firefox a trial run. It's fast, free, and definitely less prone to spyware. Tabbed browsing is also another nice feature. Support the underdog.
---
For further information and previous discussions on this topic, please see Schadenfroh's malware threads here and here.
Facebook
Twitter