iPhone 3GS from AT&T. Free Shipping
Community Newsletter: Q&A: 4/1/05 Removing malware that just won't die!
- 3/31/05 5:06 PM
Spybot Search & Destroy Home Page protection
by MarkFlax - 4/2/05 4:15 AM
In reply to: Spybot Search & Destroy and Adaware by billjean73
Hi Bill,
You may want to do this to help your friend protect his home page in Internet Explorer.
Open up Spybot Search & Destroy, check for updates and immunize immediately.
Then, switch to Advance mode, (Mode > Advanced Mode). This will bring up more menu choices in the icons on the left.
Click the "Tools" icon on the left, and you will see in the main window a group of icons with an option to tick any or all of them.
Tick the "IE Tweaks" icon. Then click the IE Tweaks icon on the left. In this page you can tick the top two options, "Lock Hosts file to "read only", so it is protected against hijackers, (also see below), and Lock IE Start Page setting so that nothing can change it. This prevents any viruses, spyware etc from changing Internet Explorer's Home Page. If you set the home page to what your friend wants it first, then set this option, it can no longer be hijacked.
To return to the main Tools page, click the Tools option again. Whilst you are there, tick the following icons;
Resident - Here, if you click the Resident icon on the left, you can set Spybot's "Tea-Timer" function to work. This will continuously monitor the computer, and if any program attempts to set itself to load on startup, a message will be displayed asking for permission or to block it. It is very useful, but if you feel that it may confuse your friend, by leaving the Tea-Timer unticked, he will still get very good protection.
BHO's - Browser Help Objects can often cause problems with Internet Explorer, and this page will list all the BHO's registered with IE. They can be removed here if they cause problems.
Browser Pages - Click the icon in the list on the left will list all of the web site pages that are registered as IE's home or start pages. You can remove bad ones here by highlighting them and clicking "Change" to change it to a safe one, (perhaps one already listed. It doesn't matter if there are 2 or more of the same).
Hosts File - Here, if you now click the Hosts File icon on the left, you can "add" Spybot S&D's list of bad internet sites to the computer's Hosts file. This Hosts file "stops" those sites from loading in the internet browser, and this will help if your friend inadverdently finds himself visiting such bad sites.
System Startup - By clicking the System Startup icon on the left, you will see all the programs that try and load up when the computer is turned on. Many of these are necessary, (eg firewall, anti-virus, etc), but the list can show you any programs that may be suspicious and that you can investigate. Any that you do not want to start, just take the tick out.
There are other options in this Tools page, and you may want to explore them as you wish.
Good luck, I hope this helps.
Mark
Spybot SEarch & Destroy
by billjean73 - 4/13/05 8:48 AM In reply to: Spybot Search & Destroy Home Page protection by MarkFlax
Thanks Mark, I have been trying to find these items that you mention, even read all of help menue but could not figure out how to do what you are telling me. I will make a trip out there again tomorrow and try this proceedure.
Firewall
by worrywort1 - 4/1/05 12:10 PM In reply to: Mark F.'s winning answer by Lee Koo (ADMIN)
Dear Mark,
My daughter has windows XP , I installed the XP windows pack 2,, but I just don't understand how it works. I don't know what to do with the firewall once I downloaded it and I can't do anything with my email, outlook express, nothing worked right.So after trying I finally uninstalled it. CAN YOU HELP ME? We are getting more and more spyware and popups.Can you help me understand what to do with windows pack 2.I really don't know that much about computers, and some friend have had to write down step by step instruction, so can you please help me.
worrywort
Karen
worrywort1@charter.net
Karen
by MarkFlax - 4/2/05 4:28 AM
In reply to: Firewall by worrywort1
You have asked such a big subject and you seem to be having problems other than with SP2 that it is difficult to give you an easy answer.
Firstly, can I recommend that you do not give out your email address when you ask questions in any forums. There are web robots that trawl all forums looking for unprotected email addresses so that they can send spam emails to the addresses.
If you need to give an email address, disguise it with something like "myname@myisp-removethis-.com". This will fool the robots.
For your problems, I list below a link to a reply I gave to another forum member a while ago. He had a specific problem and in the end my advice didn't help him, but the advice still holds true for SP2 installation issues.
The link is;
http://reviews.cnet.com/5208-6142-0.html?forumID=5&threadID=46283&messageID=550557
I hope this helps.
Mark
virus/etc stuff
by skybox - 4/3/05 10:17 PM In reply to: Mark F.'s winning answer by Lee Koo (ADMIN)
thanks for the overall world of computer virus and etc. types of problems. As a elderly man with a computer who finds all of this confusing and hard to keep up with your paragraphs helped a lot. Thank you and tell us more we need you. Victor perry .
(NT) You're welcome, :)
by MarkFlax - 4/4/05 4:35 AM
In reply to: virus/etc stuff by skybox
Remove Spyware
by luci50 - 4/5/05 4:37 AM In reply to: Mark F.'s winning answer by Lee Koo (ADMIN)
Run the Win in safe Mode, than run the an antispy program: SpyBot, Ad-aware, so on ...
Reboot in normal mode!
A BIG thank you!
by DDF - 5/19/05 5:51 AM In reply to: Mark F.'s winning answer by Lee Koo (ADMIN)
Thank you for taking the time to answer a question that is helpful to so many of us - it is well laid out in easy to follow steps and very thorough - for those of us not quite so computer savy, I am going to now print it out and follow all of your steps! THANK YOU!!
DDF
Jacob S.'s winning answer
by Lee Koo (ADMIN) - 3/31/05 4:27 PM
In reply to: 4/1/05 Removing malware that just won't die! by Lee Koo (ADMIN)
Answer:
Dear Tom,
Unfortunately, spyware and adware are programs when installed can be very difficult to remove. Removing these programs can often take hours, if not days, to completely eliminate. The worst ones copy themselves like a virus with random filenames and ensure that each copy, if deleted, is replaced quickly.
To stop them permanently, you have to delete them. But the process to do so is different depending on how many spyware and adware versions you have installed. Your computer, for example, would make me want to reformat and reinstall the operating system from scratch or using the vendor’s supplied recovery CD/partition. While it may seem like the idea is unnecessarily warranted, please note that it is guaranteed to wipe out all adware and spyware. If you feel that your spyware removal tool is taking more than a few hours to operate, I would highly suggest this route. Additionally, recovery cd’s are meant for the average user to restore the computer back to shipping condition.
A more surgical method would be to boot up into “Safe Mode”. When starting up, press F8, and select Safe mode. When you log in, try to run your favorite spyware removal tool. Because Safe Mode does not run anything at startup, no spyware or adware should be running at the time, which will make it extremely easy to kill them. If there are any still left after this sweep when you boot back into full mode, you should take note which processes are running in the Task Manager. Any unusually named processes (which are also their filename) can be renamed in the next trip to safe mode. Don’t delete any files yet until you know they are in fact the culprits. Also, to find out what a process does, just google it. For example, if you type wdfmgr.exe into google’s search bar, it will list sites which explain what that process does.
Now that you have the computer free or nearly free of spyware and adware, remember to install a good antispyware tool that proactively blocks such software from being installed in the first place. Additionally, install a software firewall such as Zonealarm free edition which will block outgoing calls from programs that you do not specifically authorize internet usage. This will alert you to the fact that there may be something on the system which was installed without your knowledge. This software firewall will also block intruders from the Internet that may be trying to turn your computer into a zombie for distributed denial of service attacks against businesses such as Yahoo.
The next thing I would recommend is that your daughter, if under age, becomes a standard user instead of being an administrator on the computer. Even if it is a computer that only she uses, the account that she normally would use should never be an administrator. I stress that for a reason. Most programs require administrators to install. Spyware can still be installed on the computer, but it severely limits how it gets installed. You should set a general rule that administrators do not surf the web using privileged accounts. By default, users only have read permissions on the registry keys which cause programs to start up when the computer is booted.
Jacob S. of Fallbrook, California
Submitted by: Jacob S. of Fallbrook, California
Hijackthis - In depth analyzer/malware finder
by monty14 - 4/1/05 5:09 AM In reply to: Jacob S.'s winning answer by Lee Koo (ADMIN)
I recently ran into some of the problems mentioned in this post regarding pop-ups and malware that just wouldn't die. One of them was resolved with an update that Norton released but the others took more digging and work and the help of a program called "Hijackthis". www.majorgeeks.com and other sites offer this free download. A word of caution this analyzer will point you to registry settings to delete and other major components of your operating system and should be used with care as removal of the wrong file or files could render your computer useless.
Hijackthis pointed out a number of interesting little executables, malware/web site redirectors and all around funny business that once I worked through made the difference as to whether I used the current install of the OS or needed to format and start over.
Not sure where I picked up these little "gems" as I was reading forums on a new truck, blogs on building computers and reading online reviews of what new shotgun to buy or not buy. So it's likely I had been through hundreds of sites/domains and somebody just happened to have left a little trap for fun? The reason I bring this up is so those of you blaming your loved ones for "screwing up". Stuff does just happen sometimes. After I got over being mad I simply dug into figuring this out and did learn some great lessons to improve and maintain my computers performance. If you think about it we've gone from virus and malware/trackers to an increased level of malicious software. In a sense this really only an escalation of the "game" being played by programmers/hackers. Unfortunately for us it takes time and patience to stay current and learn the next countermeasures. If you've been unduly hard on your loved one that "wrecked" the computer by simply spending some time surfing the web you might want to go back and remedy that as well....?
Microsoft AntiSpyware
by twotawl - 4/1/05 5:28 AM In reply to: Jacob S.'s winning answer by Lee Koo (ADMIN)
I had a similar problem to this and I tried everything that Jacob S suggested. I downloaded the Microsoft AntiSpyware (beta) and it found and fixed the problem. I have since been running this application and have not experienced any crashes or other conflicts on my XP Professional machine. Even though this software is still in beta form, it might be worth a try. It might ease the pain and avoid the hassle of a restore...
Ms anti spyware
by mikewilder - 4/1/05 6:40 AM In reply to: Microsoft AntiSpyware by twotawlThis software kicks butt! I have also had great results using it on my own computer as well as my young neighbor's. His machine had 17 different spyware signatures after he had surfed for only 1 day! I ran the MS prog. and installed a firewall, he's been happy since.
MS AntiSpyware Revisited
by Dr. Where - 4/1/05 9:16 AM In reply to: Microsoft AntiSpyware by twotawlI had run into the "phone home-ware" problem myself, and found that the creepy crawlers had invaded my HDD, even despite my "Tight Security" of a Very popular firewall.
I don't know how I stumbled onto Microsoft AntiSpyware; it just happened. I now use it religiously; you don't have to pamper it like you do with Spybot S&D {no offense to them, theirs is a "stand up" app} - but in one run MSAS took out eight offenders and it runs nightly - all by itself, and I've not had a signature again. I find it quiet, comfortable, and dependable.
The real answer is here!!
by rh - 4/1/05 7:19 AM In reply to: Jacob S.'s winning answer by Lee Koo (ADMIN)
Jacob hit on the most important point...don't run as administrator. (assuming XP, 2000, 2003)
As a testament to this, I personally have run as a limited user account for my daily operations for over 2 years now. I have NO spyware removal tools, and NO virus detection tools. I use IE and Outlook. I visit any site I like without worry. I open emails and their attachments without worry.
Malware cannot install itself into anything that will corrupt or change your operating system without the privilege to do so. Running without those privileges cuts them off right there!
Everyone talks about the use of other operating systems, but most don’t realize that they don’t normally run as ‘root’ user as do Windows users. This is the ‘root’ (sorry for the pun) of the problem. Let’s face it, you don’t need to have full rights to your system to browse the web, to read email, to play with pictures, to keep your checkbook in line, or most anything else.
One important note…it is important to use software that has been “Windows XP” certified. This is evident by the “Designed for Windows XP” logo on the software box. Not that I am promoting a dictatorship certification program but, the certification requires that the software work properly under a non-admin account. Many software developers that don’t go through this process still assume an admin account and write to areas of the operating system that a normal user should not have access to (Program Files folder, Windows folder, HKLM registry, etc.)
Here is a good place to start http://nonadmin.editme.com/ reading more.
Happy and safe computing without fear is a great life.
Try Using Super Ad Blocker
by Malcolm2000 - 4/1/05 10:42 AM In reply to: Jacob S.'s winning answer by Lee Koo (ADMIN)
I had the same problem with pop-up ads untill I purchased Super Ad Blocker. I herd about it through C-Net. You can try Super Ad Blocker for free for 30 days and then it is just $29.95. It's worth the investment because Super Ad Blocker just added a new Adware and Spyware utility as well and the program all so blocks out search engine pop-up ads which are some of the most annoying pop-ups. Let me know how it works out for you.
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
