Karl said:
About 3-weeks ago I suffered my fiest browser hijack ever - MS Tech
Support helped get the browser back to normal. Prior to this event,
I had NEVER had icons randomly installed on my desktop. I am
running WinXP, Zone Alarm Pro, Ad-Aware Pro, Ad- Watch (part of
Ad-Aware Pro) & Spy Bot. Ever since the browser hijak it seems that
I am now REGULARLY targeted for Spay Ware attacks. I have
3-computers that I use randomly, all connected to the internet via
wireless network, and only this ONE computer is continually getting
slammed with spy ware attempts. I have been on the phone with MS
Tech Support no less that 4-times, for 1 to 3-hrs each, and all
they can do is guide me through all the scans, removals, clean-ups
etc, but no one can explain why THIS computer seems to be getting
retargeted.
It's not being retartgeted - it is more likely it was never fully cleaned.
Which specific spyware are you seeing?
I see you have a decent "start" - but you should go through Tip (10) and use
more of the cleaners/immunization tools. Also - be sure you have the latest
versions - not just the definitions. In your case I would highly recommend
using CWShredder and HijackThis! as well as immunizing with the latest
version (both application and definitions) of Spybot Search and Destroy,
SpywareBlaster and IE-SpyAd.
Otherwise - without the name or symptoms of the specific spyware - it is
hard to assist you. The rest of the tips could help secure you against such
issues as well as exterminate what you curretnly are infested with.
Microsoft has these suggestions for Protecting your computer from the
various things that could happen to you/it:
Protect your PC
http://www.microsoft.com/security/protect/
Outfitting a new computer for the Net
http://www.microsoft.com/athome/security/update/newcomputer.mspx
Getting started with a new PC
http://www.microsoft.com/athome/moredone/yournewpc.mspx
Although those tips are fantastic, there are many things you should
know above and beyond that. Below I have detailed out many tips
that can not only help you clean-up a problem PC but keep it clean,
secure and running at its best.
I know this text can seem intimidating - it is quite long and a lot
to take in for a novice - however I can assure you that one trip
through this list and you will understand your computer and the
options available to you for protecting your data much better -
and that the next time you go through these steps, the time it
takes will be greatly reduced.
Let's take the cleanup of your computer step-by-step.
Yes, it will take up some of your time - but consider what you use
your computer for and how much you would dislike it if all of your
stuff on your computer went away because you did not "feel like"
performing some simple maintenance tasks - think of it like taking
out your garbage, collecting and sorting your postal mail, paying
your bills on time, etc.
I'll mainly work around Windows XP, as that is what the bulk of this
document is about; however, here is some places for you poor souls
still stuck in Windows 98/ME where you can get information on
maintaining your system:
Windows 98 and 'Maintaining Your Computer':
http://www.microsoft.com/windows98/usingwindows/maintaining/
Windows ME Computer Health:
http://www.microsoft.com/windowsME/using/computerhealth/articles/
Pay close attention to the sections:
(in order)
- Clean up your hard disk
- Check for errors by running ScanDisk
- Defragment your hard disk
- Roll back the clock with System Restore
Also - now is a good time to point you to one of the easiest ways to find
information on problems you may be having and solutions others have found:
Search using Google!
http://www.google.com/
(How-to:
http://www.google.com/intl/en/help/basics.html )
Now, let's go through some maintenance first that should only have to be
done once (mostly):
Tip (1):
Locate all of the software you have installed on your computer.
(the installation media - CDs, downloaded files, etc)
Collect these CDs and files together in a central and safe
place along with their CD keys and such. Make backups of these
installation media sets using your favorite copying method (CD/DVD Burner
and application, Disk copier, etc.) You'll be glad to know that if you
have a CD/DVD burner, you may be able to use a free application to make a
duplicate copy of your CDs. One such application is ISORecorder:
ISORecorder page (with general instructions on use):
http://isorecorder.alexfeinman.com/beta.htm
Yes - it is BETA software - but very useful and well tested.
(Don't know what "BETA" means? In simplest terms, it is the stage of a
softwares' life where it is tested for bugs, crashes, errors,
inconsistencies, and any other problems.)
More full function applications (free) for CD/DVD burning would be:
CDBurnerXP Pro
http://www.cdburnerxp.se/
DeepBurner Free
http://www.deepburner.com/
ImgBurn (burn ISO images)
http://www.imgburn.com/
Another Option would be to search the web with Pricewatch.com or
Dealsites.net and find deals on Products like Ahead Nero and/or Roxio.
Tip (2):
Empty your Temporary Internet Files and shrink the size it stores to a
size between 128MB and 512MB..
- Open ONE copy of Internet Explorer.
- Select TOOLS -> Internet Options.
- Under the General tab in the "Temporary Internet Files" section, do the
following:
- Click on "Delete Cookies" (click OK)
- Click on "Settings" and change the "Amount of disk space to use:" to
something between 128MB and 512MB. (Betting it is MUCH larger right
now.)
- Click OK.
- Click on "Delete Files" and select to "Delete all offline contents"
(the checkbox) and click OK. (If you had a LOT, this could take 2-10
minutes or more.)
- Once it is done, click OK, close Internet Explorer, re-open Internet
Explorer.
Tip (3):
If things are running a bit sluggish and/or you have an older system
(1.5GHz or less and 256MB RAM or less) then you may want to look into
tweaking the performance by turning off some of the 'resource hogging'
Windows XP "prettifications". The fastest method is:
Control Panel --> System --> Advanced tab --> Performance section,
Settings button. Then choose "adjust for best performance" and you
now have a Windows 2000/98 look which turned off most of the annoying
"prettifications" in one swift action. You can play with the last
three checkboxes to get more of an XP look without many of the
other annoyances. You could also grab and install/use one
(or more) of the Microsoft Powertoys - TweakUI in particular:
http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx
Another viable (decently inexpensive) option is to increase the amount
of memory (RAM) your computer has. You can get an idea of what you
need by visiting:
Crucial Memory AdvisorT Tool
http://www.crucial.com/
Then either buy direct from there or write down the specs you get and
visit:
http://www.pricewatch.com/ and locate the best price on what you
need. 512MB up to 1GB total memory should be more than enough for
the normal home user.
Tip (4):
Understanding what a good password might be is vital to your
personal and system security. You may think you do not need to password
your home computer, as you may have it in a locked area (your home) where
no one else has access to it. Remember, however, you aren't always
"in that locked area" when using your computer online - meaning you likely
have usernames and passwords associated with web sites and the likes that
you would prefer other people do not discover/use. This is why you should
understand and utilize good passwords.
Good passwords are those that meet these general rules
(mileage may vary):
Passwords should contain at least six characters, and the character
string should contain at least three of these four character types:
- uppercase letters
- lowercase letters
- numerals
- nonalphanumeric characters (e.g., *, %, &, !,
Passwords should not contain your name/username.
Passwords should be unique to you and easy to remember.
One method many people are using today is to make up a phrase that
describes a point in their life and then turning that phrase into their
password by using only certain letters out of each word in that phrase.
It's much better than using your birthday month/year or your anniversary
in a pure sense. For example, let's say my phrase is:
'Great new job in January 2006'
I could come up with this password from that:
'Gr8n3wj0bJAN2006'
The password tip is in the one time section, but I highly
recommend you periodically change your passwords. The suggested time
varies, but I will throw out a 'once in every 3 to 6 months for
every account you have.'
Also - many people complain that they just cannot remember the passwords
for all the sites they have - so they choose one password and use it for
everything. Not a good idea. A much better method would be to use a
Password Management tool - so you only have to remember one password,
but it opens an application that stores your username/passwords for
everything else - plus other valuable information. One that I can
recommend:
KeePass Password Safe
http://keepass.sourceforge.net/
It can even generate passwords for you.
Tip (5):
This tip is also 'questionable' in the one time section; however -
if properly setup - this one can be pretty well ignored for most people
after the initial 'fiddle-with' time.
Why you should use a computer firewall..
http://www.microsoft.com/athome/security/viruses/fwbenefits.mspx
You should, in some way, use a firewall. Hardware (like a nice
Cable Modem/DSL router) or software is up to you. Many use both of
these. The simplest one to use is the hardware one, as most people
don't do anything that they will need to configure their NAT device
for and those who do certainly will not mind fiddling with the equipment
to make things work for them. Next in the line of simplicity would
have to be the built-in Windows Firewall of Windows XP. In SP2 it
is turned on by default. It is not difficult to turn on in any
case, however:
Enable/Disable the Internet Connection Firewall (Pre-SP2):
http://support.microsoft.com/kb/283673
More information on the Internet Connection Firewall (Pre-SP2):
http://support.microsoft.com/kb/320855
Post-SP2 Windows Firewall Information/guidance:
http://snipurl.com/atal
The trouble with the Windows Firewall is that it only keeps things
out. For most people who maintain their system in other ways, this is
MORE than sufficient. However, you may feel otherwise. If you want to
know when one of your applications is trying to obtain access to the
outside world so you can stop it, then you will have to install a
third-party application and configure/maintain it. I have compiled a
list with links of some of the better known/free firewalls you can choose
from:
BlackICE PC Protection (~$39.95 and up)
http://blackice.iss.net/
Jetico Personal Firewall (Free)
http://www.jetico.com/index.htm#/jpfirewall.htm
Sunbelt Kerio Personal Firewall (KPF) (Free and up)
http://www.kerio.com/kpf_download.html
Outpost Firewall from Agnitum (Free and up)
http://www.agnitum.com/products/outpostfree/
Symantec's Norton Personal Firewall (~$25 and up)
http://www.symantec.com/sabu/nis/npf/
ZoneAlarm (Free and up)
http://snipurl.com/6ohg
You should find the right firewall for your situation in that
list and set it up.
Every firewall WILL require some maintenance. Essentially checking for
patches or upgrades (this goes for hardware and software solutions) is
the extent of this maintenance - you may also have to configure your
firewall to allow some traffic depending on your needs.
** Don't stack the software firewalls! Running more than one software
firewall will not make you safer - it would possibly negate some
protection you gleamed from one or the other firewall you run. It is
fine (and in many ways better) to have the software firewall as well
as a NAT router.
Now that you have some of the more basic things down..
Let's go through some of the steps you should take periodically to
maintain a healthy and stable windows computer. If you have not
done some of these things in the past, they may seem tedious - however,
they will become routine and some can even be scheduled.
Tip (6):
The system restore feature is a useful - first appearing in Windows
ME and then sticking around for Windows XP. It is only a useful
feature if you keep it maintained and use it to your advantage.
Remember that the system restore pretty much tells you in the name
what it protects which is 'system' files. Your documents, your
pictures, your stuff is NOT system files - so you should also look
into some backup solution.
Whenever you think about it (after doing a once-over on your machine
once a month or so would be optimal) - clear out your System Restore
and create a manual restoration point.
'Why?'
Too many times have I seen the system restore files go corrupt or get
a virus in them, meaning you could not or did not want to restore from
them. By clearing it out periodically you help prevent any corruption
from happening and you make sure you have at least one good "snapshot".
(*This, of course, will erase any previous restore point you have.*)
- Turn off System Restore.
http://support.microsoft.com/kb/310405
- Reboot the Computer.
- Review the first bullet to turn on System Restore
- Make a Manual Restoration Point.
http://snipurl.com/68nx
That covers your system files, but doesn't do anything for the files
that you are REALLY worried about - yours! For that you need to look
into backups. You can either manually copy your important files, folders,
documents, spreadsheets, emails, contacts, pictures, drawings and so on
to an external location (CD/DVD - any disk of some sort, etc) or you can
use the backup tool that comes with Windows XP:
How To Use Backup to Back Up Files and Folders on Your Computer
http://support.microsoft.com/kb/308422
Yes - you still need some sort of external media to store the results
on, but you could schedule the backup to occur when you are not around,
then burn the resultant data onto CD or DVD or something when you are
(while you do other things!)
Another option that came to my attention as of late:
Cobian Backup
http://www.educ.umu.se/~cobian/cobianbackup.htm
A lot of people have wondered about how to completely backup their system
so that they would not have to go through the trouble of a reinstall..
I'm going to voice my opinion here and say that it would be worthless to
do for MOST people. Unless you plan on periodically updating the image
backup of your system (remaking it) - then by the time you use it
(something goes wrong) - it will be so outdated as to be more trouble than
performing a full install of the operating system and all applications.
Having said my part against it, you can clone/backup your hard drive
completely using many methods - by far the simplest are using disk cloning
applications:
Symantec/Norton Ghost
http://www.symantec.com/sabu/ghost/
Acronis True Image
http://www.acronis.com/homecomputing/products/trueimage
BootItT NG
http://terabyteunlimited.com/bootitng.html
Tip (7):
You should sometimes look through the list of applications that are
installed on your computer. The list may surprise you. There are more
than likely things in there you know you never use - so why have them
there? There may even be things you know you did *not* install and
certainly do not use (maybe don't WANT to use.)
This web site should help you get started at looking through this list:
How to Uninstall Programs
http://snipurl.com/8v6b
How to change or remove a program in Windows XP
http://support.microsoft.com/kb/307895
A word of warning - Do NOT uninstall anything you think you MIGHT need
in the future unless you have completed Tip (1) and have the installation
media and proper keys for use backed up somewhere safe!
Tip (8):
Patches and Updates!
This one cannot be stressed enough. It is SO simple, yet so neglected
by many people. It is really simple for the critical Microsoft patches!
Microsoft put in an AUTOMATED feature for you to utilize so that you do
NOT have to worry yourself about the patching of the Operating System:
How to configure and use Automatic Updates in Windows XP
http://support.microsoft.com/kb/306525
However, not everyone wants to be a slave to automation, and that is
fine. Admittedly, I prefer this method on some of my more critical
systems.
Windows Update
http://windowsupdate.microsoft.com/
Go there and scan your machine for updates. Always get the critical ones
as you see them. Write down the KB###### or Q###### you see when
selecting the updates and if you have trouble over the next few days,
go into your control panel (Add/Remove Programs), insure that the
'Show Updates' checkbox is checked and match up the latest numbers you
downloaded recently (since you started noticing an issue) and uninstall
them. If there was more than one (usually is), uninstall them one by one
with a few hours of use in between, to see if the problem returns.
Yes - the process is not perfect (updating) and can cause trouble like I
mentioned - but as you can see, the solution isn't that bad - and is
MUCH better than the alternatives.
Windows is not the only product you likely have on your PC. The
manufacturers of the other products usually have updates. New versions
of almost everything come out all the time - some are free, some are pay
and some you can only download if you are registered - but it is best
to check. Just go to their web pages and look under their support and
download sections. For example, for Microsoft Office you should visit:
Microsoft Office Updates
http://office.microsoft.com/
(and select 'Check for Updates' and/or 'Downloads' for more)
You also have hardware on your machine that requires drivers to interface
with the operating system. You have a video card that allows you to see on
your screen, a sound card that allows you to hear your PCs sound output and
so on. Visit those manufacturer web sites for the latest downloadable
drivers for your hardware/operating system. Always get the manufacturers'
hardware driver over any Microsoft offers. On the Windows Update site I
mentioned earlier, I suggest NOT getting their hardware drivers - no matter
how tempting.
How do you know what hardware you have in your computer? Break out the
invoice or if it is up and working now - take inventory:
Belarc Advisor
http://belarc.com/free_download.html
Once you know what you have, what next? Go get the latest driver for your
hardware/OS from the manufacturer's web page. For example, let's say you
have an NVidia chipset video card or ATI video card, perhaps a Creative
Labs sound card or C-Media chipset sound card...
NVidia Video Card Drivers
http://www.nvidia.com/content/drivers/drivers.asp
ATI Video Card Drivers
http://www.atitech.com/support/driver.html
Creative Labs Sound Device
http://us.creative.com/support/downloads/
C-Media Sound Device
http://www.cmedia.com.tw/e_download_01.htm
Then install these drivers. Updated drivers are usually more stable and
may provide extra benefits/features that you really wished you had before.
As for Service Pack 2 (SP2) for Windows XP, Microsoft has made this
particular patch available in a number of ways. First, there is the
Windows Update web page above. Then there is a direct download site.
Direct Download of Service Pack 2 (SP2) for Windows XP
http://snipurl.com/8bqy
Order Windows XP Service Pack 2 on CD
http://snipurl.com/d41v
If all else fails - grab the full download above and try to use that.
In this case - consider yourself a 'IT professional or developer'.
Tip (9):
What about the dreaded word in the computer world, VIRUS?
Well, there are many products to choose from that will help you prevent
infections from these horrid little applications. Many are FREE to the
home user and which you choose is a matter of taste, really. Many people
have emotional attachments or performance issues with one or another
AntiVirus software. Try some out, read reviews and decide for yourself
which you like more:
( Good Comparison Page for AV software:
http://www.av-comparatives.org/ )
AntiVir (Free and up)
http://www.free-av.com/
avast! (Free and up)
http://www.avast.com/
AVG Anti-Virus System (Free and up)
http://free.grisoft.com/
eset NOD32 (~$39.00 and up)
http://www.eset.com/products/products.htm
eTrust EZ Antivirus (~$29.95 and up)
http://ca.com/store/home/us/hp2/
Kaspersky Anti-Virus (~$49.95 and up)
http://www.kaspersky.com/products.html
McAfee VirusScan (~$11 and up)
http://www.mcafee.com/
Panda Antivirus Titanium (~$39.95 and up)
http://www.pandasoftware.com/
(Free Online Scanner:
http://www.pandasoftware.com/activescan/)
RAV AntiVirus Online Virus Scan (Free!)
http://www.ravantivirus.com/scan/
Symantec (Norton) AntiVirus (~$11 and up)
http://www.symantec.com/nav/nav_9xnt/
Trend Micro (~$49.95 and up)
http://www.trendmicro.com/en/home/us/personal.htm
(Free Online Scanner:
http://housecall.trendmicro.com/housecall/start_corp.asp)
Most of them have automatic update capabilities. You will have to
look into the features of the one you choose. Whatever one you finally
settle with - be SURE to keep it updated (I recommend at least daily) and
perform a full scan periodically (yes, most protect you actively, but a
full scan once a month at 4AM probably won't bother you.)
Tip (10):
The most rampant infestation at the current time concerns SPYWARE/ADWARE.
You need to eliminate it from your machine.
There is no one software that cleans and immunizes you against
everything. Antivirus software - you only needed one. Firewall, you
only needed one. AntiSpyware - you will need several. I have a list and
I recommend you use at least the first five.
First - make sure you have NOT installed "Rogue AntiSpyware". There are
people out there who created AntiSpyware products that actually install
spyware of their own! You need to avoid these:
Rogue/Suspect Anti-Spyware Products & Web Sites
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Also, you can always visit this site..
http://mvps.org/winhelp2002/unwanted.htm
For more updated information.
Install the first five of these: (Install, Run, Update, Scan with..)
(If you already have one or more - uninstall them and download the
LATEST version from the page given!)
Lavasoft AdAware (Free and up)
http://www.lavasoft.de/support/download/
(How-to:
http://snipurl.com/atdn )
Spybot Search and Destroy (Free!)
http://www.safer-networking.net/en/download/index.html
(How-to:
http://snipurl.com/atdk )
Bazooka Adware and Spyware Scanner (Free!)
http://www.kephyr.com/spywarescanner/
(How-to:
http://snipurl.com/ate3 )
SpywareBlaster (Free!)
http://www.javacoolsoftware.com/sbdownload.html
(How-to:
http://snipurl.com/ate6 )
IE-SPYAD2 (Free!)
https://netfiles.uiuc.edu/ehowes/www/resource.htm
(How-to:
http://snipurl.com/ate7 )
CWShredder Stand-Alone (Free!)
http://www.intermute.com/spysubtract/cwshredder_download.html
Hijack This! (Free!)
http://www.spywareinfo.com/~merijn/downloads.html
(Log Analyzer:
http://hjt.iamnotageek.com/ )
ToolbarCop (Free!)
http://windowsxp.mvps.org/toolbarcop.htm
Ccleaner (Free!)
http://www.ccleaner.com/
Browser Security Tests (Free Tester)
http://www.jasons-toolbox.com/BrowserSecurity/
Popup Tester (Free Tester)
http://www.popuptest.com/
The Cleaner (~$49.95 and up)
http://www.moosoft.com/
Sometimes you need to install the application and reboot into SAFE MODE in
order to thoroughly clean your computer. Many applications also have
(or are) immunization applications. Spybot Search and Destroy and
SpywareBlaster are two that currently do the best job at passively
protecting your system from malware. None of these programs (in these
editions) run in the background unless you TELL them to. The space they
take up and how easy they are to use greatly makes up for any inconvenience
you may be feeling.
Please notice that Windows XP SP2 does help stop popups as well.
Another option is to use an alternative Web browser. I suggest
'Mozilla Firefox', as it has some great features and is very easy to use:
Mozilla Firefox
http://www.mozilla.org/products/firefox/
So your machine is pretty clean and up to date now. If you use the sections
above as a guide, it should stay that way as well! There are still a few
more things you can do to keep your machine running in top shape.
Tip (11):
You should periodically check your hard drive(s) for errors and defragment
them. Only defragment after you have cleaned up your machine of
outside parasites and never defragment as a solution to a quirkiness in
your system. It may help speed up your system, but it should be clean
before you do this. Do these things IN ORDER...
How to use Disk Cleanup
http://support.microsoft.com/kb/310312
How to scan your disks for errors
http://support.microsoft.com/kb/315265
How to Defragment your hard drives
http://support.microsoft.com/kb/314848
I would personally perform the above steps at least once every three months.
For most people this should be sufficient, but if the difference you notice
afterwards is greater than you think it should be, lessen the time in
between its schedule.. If the difference you notice is negligible, you can
increase the time.
Tip (12):
SPAM! JUNK MAIL!
This one can get annoying, just like the rest. You get 50 emails in one
sitting and 2 of them you wanted. NICE! (Not.) What can you do? Well,
although there are services out there to help you, some email
servers/services that actually do lower your spam with features built into
their servers - I still like the methods that let you be the end-decision
maker on what is spam and what is not. I have a few products to suggest
to you, look at them and see if any of them suite your needs. Again, if
they don't, Google is free and available for your perusal.
SpamBayes (Free!)
http://spambayes.sourceforge.net/
Spamihilator (Free!)
http://www.spamihilator.com/
MailWasher
http://www.mailwasher.net/
As I said, those are not your only options, but are reliable ones I have
seen function for hundreds+ people.
Tip (13):
ADVANCED TIP! Only do this once you are comfortable under the hood of your
computer!
There are lots of services on your PC that are probably turned on by default
you don't use. Why have them on? Check out these web pages to see what all
of the services you might find on your computer are and set them according
to your personal needs. Be CAREFUL what you set to manual, and take heed
and write down as you change things! Also, don't expect a large performance
increase or anything - especially on today's 2+ GHz machines, however - I
look at each service you set to manual as one less service you have to worry
about someone exploiting.
Black Viper Service Configuration Tips
http://www.blackviper.com/WinXP/servicecfg.htm
Configuring Services
http://snakefoot.fateback.com/tweak/winnt/services.html
Task List Programs
http://www.answersthatwork.com/Tasklist_pages/tasklist.htm
Processes in Windows NT/2000/XP
http://www.reger24.de/prozesse/
There are also applications that AREN'T services that startup when you start
up the computer/logon. One of the better description on how to handle these
I have found here:
Startups
http://www.pacs-portal.co.uk/startup_content.php
If you follow the advice laid out above (and do some of your own research as
well, so you understand what you are doing) - your computer will stay fairly
stable and secure and you will have a more trouble-free system.
