Spyware, viruses, & security forum: Welcome to S,V, & S forum; Security Tools and Removal Resources

http://www.bleepingcomputer.com/forums/forum55.html

October 7, 2007

There are 2 free trial versions depending where you are

USA version or UK version for Europe.


http://www.thespykiller.co.uk/index.php?page=15 or


http://spysweeper.thespykiller.co.uk/

Once downloaded you are given the option of spysweeper standard or with antivirus and towards the end of the install then the option to install ask scumware is offered but it is enabled by default so make sure to deselect it

IMPORTANT NOTES:

You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed.
Turning off System Restore will clear out all previous restore points.
To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.


1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives" as shown in this illustration:
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Proceed with what you need to do; for example, virus removal. When you have finished, restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.

What is a rootkit?

http://blogs.techrepublic.com.com/security/?p=262

Rootkit detectors, antirootkit scanners, reviews and general information about rootkits and the products that detect them.


Avira Rootkit Detection Beta
http://betatest.avira.com/products/products.php

Avira Rootkit Detection Beta supports Windows 2000 Server or Workstation, Windows XP Home and Professional, Windows Server 2003 (all versions), and Windows Vista (32-bit only). Available in English language only. Beta is free but registration is required.

.....

F-Secure Blacklight

http://www.f-secure.com/blacklight/

F-Secure Blacklight is available free. Provides detection and removal of common rootkits. Commandline version available. Also supports Windows Vista (32-bit only).

........

IceSword

http://www.pcworld.com/downloads/file/fid,64212-order,1-page,1-c,moreantispywaretools/description.html

Available for free, IceSword is one of the lesser known but more capable rootkit detectors available. More suited for advanced users, IceSword identifies user-mode rootkits only (though it will at least list kernel-mode drivers for intrepid users who don't mind a lot of independent research. Works only under Windows XP.

........

McAfee Rootkit Detective v1.1

http://vil.nai.com/vil/stinger/rkstinger.aspx

Free rootkit detection from McAfee. Supports Windows XP SP2 Home and Professional Editions, Windows 2000 SP4, Windows 2000 Server, and Windows 2003 Server SP1.

.....

Panda Anti-Rootkit

http://research.pandasecurity.com/archive/New-Panda-Anti_2D00_Rootkit-_2D00_-Version-1.07.aspx

Free beta antirootkit scanner from Panda Software, Panda AntiRootkit identifies known and unknown rootkits and gives the option of removing them, including their associated registry entries, processes and files. A commandline version is also available. Supports Windows 2000 and Windows XP SP2 (Home or Pro).

.....

Rootkit Revealer

http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx

Formerly from SysInternals; acquired by Microsoft. Detects some of the more common rootkits. No commandline version.

......

Sophos AntiRootkit

http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

A free rootkit detector from Sophos that runs under Windows NT/2000/XP/2003. Includes both a Windows graphical user interface (GUI) and a commandline version. Supports Windows NT 4.0 (SP 6a with IE 4.0), Windows 2000 (Professional or Server), Windows XP (Home or Professional), Windows Server 2003 SE, and Windows Small Business Server 2003.

.......

Trend Micro RootkitBuster

http://www.trendmicro.com/download/rbuster.asp

Trend Micro RootkitBuster scans for hidden files, registry entries, processes, drivers and hooked system services. Provides cleaning capability for hidden files and registry entries.

.....

KillBox is a tool to delete in-use files, if the file is running, KillBox will attempt to end the process (close the running file) and delete it.

http://www.killbox.net/

If you are using a HOSTS file (3rd party) in Windows... you might want to consider using a HOSTS file manager. Some HOSTS File Manager has update function, backup of HOSTS file, enabling/disabling HOSTS, adding/modifying entries and many more.

Below are some free HOSTS File Managers:

1. hostsXpert
2. HostsMan
3. HostsToggle
4. Hostess
5. Host Administrator
6. HOSTS File Manager
7. Hosts Manager

Check their website for more details.

Message was edited by: admin to update links

Avoiding Malware/Malicious/Rogue Products and Websites:
Before visiting a website, or downloading, installing and purchasing a product, it is a good idea to determine if the product is not marked as rogue or if the website is not distributor of known rogue products. Also, it is best to alerted if the website or link is safe to visit or click.

You can use below tools or services to help prevent malware, malicious ads and rogue software:

1. OpenDNS - No software is required to use OpenDNS. This service is free to all users. Simply enter the following DNS servers in your router or internet connection settings to start using OpenDNS:
208.67.222.222
208.67.220.220
You can create a free Opendns account to configure the filters (to block adware, rogue spyware, phishing, other bad sites or to allow it to auto-correct misspelled website, or enter your home network so all computers in your home network or business network will use OpenDNS and will be protected from the spyware, rogue, phishing etc)

2. HOSTS File - replacing the default HOSTS file in Windows will help in stopping the communication with websites that is known to install or inject malware or parasites.
- MVPS Hosts
- hpHosts
- Malware Domains
- Peter's Adblocking
NOTE: Location of HOSTS file and where to add it - please see http://en.wikipedia.org/wiki/Hosts_file#Location_and_default_content

3. Browser add-ons:
-- Adblock Plus - blocks ads and malicious sites (to block malware or malicious sites, please subscribe to malware domains)
-- Web of Trust (WOT)
-- Firetrust SiteHound
-- McAfee SiteAdvisor

4. IE-SPYAD adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. Once you merge this list of sites and domains into the Registry, the web sites for these companies will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC.

5. SpywareBlaster and Spybot-S&D Immunization. Use the immunization function to prevent known bad site and activex in installing.

6. SpywareGuard - use this software's real-time protection to prevent known bad site and software in downloading.

7. Default browser security protection - IE, Firefox, Opera and some other browser offers anti-phishing and anti-malware prevention. Please enable this option in the browser settings.

8. Always UPDATE your system by installing the latest patches and security updates. Also, update your anti-malware scanners.

To manually check or search if the site is bad or malicious, use the following services or tools:

1. hpHOSTS online
2. hpObserver
3. MVPS Hosts Text file
4. Bleeping Computer Malware Removal Guides
5. Malwarebytes New Rogue Threats
6. Bharath's Security Blog
7. Spyware Warriors List of Rogue/Suspect Anti-Spyware Products & Web Sites. NOTE: This is not updated anymore but still useful to check if the site or software is rogue or have record as being 'rogue' (will help you decide)
8. Malware Domains Text File

If you are still unsure whether the site or software is safe, please ask in forums by creating a new topic.

Note: This is a revised copy. I deleted the original post as it contains outdated links. Thanks!

Find out if the files, processes, BHO, startups, DLL, Event ID and Windows Services are safe or not.

Scan your event log, monitor processes and services in your computer.
Below are services and tools that will help you managing those items.
Note: Post in forums if you have questions on file or contribute by submitting file info to below websites.

Altair Technologies
* EventID.net - If you want to investigate the caused or description of Event ID that you are seeing in Windows Event Log Viewer, use EventID.net which has the growing list of Event ID database.

Bleeping Computer
1. Startup Programs Database
2. F0, F1, F2, F3 HijackThis entries
3. O4 HijackThis Entries
4. O20 HijackThis Entries
5. O21 HijackThis Entries
6. O22 HijackThis Entries
7. O23 HijackThis Entries

GFI
* EventLogScan - Scan your pc for high security events with GFI's free online service - EventLogScan will install an ActiveX control on your machine and analyse all the events in your security event log. After the analysis, it will present you with an HTML report with all the critical, high and medium security events found and a brief explanation of each. To perform the scan, you must download the ActiveX control to your machine. You will be prompted to download the GFI EventLogScan Service ActiveX Control. Select "Yes" to download and start the test.

Microsoft
* Microsoft's DLL Help - database contains information about DLL files that are included with selected Microsoft products.

Senior Mag
* Computer File Extensions - Find computer file extensions - browse alphabetically.

SpywareData
1. BHO List
2. Toolbar List
3. LSP List
4. ActiveX List
5. StartUp List

Sysinfo.org
1. CLSID List and Startup Info
2. Startup Applications List
3. CLSID or Browser Helper Object list

Tools:

BillP Studios
* WinPatrol Free - Monitor vulnerable areas of your computer or get alerts about new programs. WinPatrol will monitor Startup Programs, IE Helpers, Scheduled Tasks, Services in Windows, Cookies, File Types and Hidden Files. It will also list your Active Tasks and you can use it's newes feature "Delayed Start" to increase speed of your computer startup by delaying programs not needed immediately.
Note: BillP also offer WinPatrol PLUS. See what's in PLUS version here.

Javacool Software
* SpywareBlaster - Not only it protects your computer from known bad spyware and activeX, it also include a "find tool" to help you see whether a file is indeed known bad. Note: The said "Find" option is available only if you will enable any protections it offer. Screenshot at http://www.dozleng.com/images/blog/sbfind.jpg

Malwarebytes
* StartUpLite – A program that requires no installation! Just download and run this application and it will try to detect if Windows is starting with unnecessary start-up applications.

Patrick Kolla
1. Spybot Search & Destroy - This popular antispyware scanner also includes Startup List that will allow you to manage your startup items. See http://www.spybot.info/en/howto/startup.html
2. RunAlyzer - RunAlyzer is our brand-new autostart & configuration manager that allows you to view and edit all the spots where Windows looks for programs or services to start. It's a combination of a standard configuration manager and an advanced tool to locate and remove places where hijackers, spyware and other malware hide.
Note: At the time of this post entry, RunAlyzer is currently in BETA status. Use at your own risk.

Note: This is a revised copy. I deleted the original post as it contains outdated links. Thanks!

Firewall software will help you control the applications and your system to whom it will communicate. It is recommended to use a two-way firewall (incoming/outgoing traffic).

There's FREE built-in firewall in Windows:

Windows XP SP2 includes a firewall but will only monitor incoming connection. To enable the firewall in XP SP2/SP3, please read Microsoft KB283673. You can use Microsoft Fix It solution in this KB to enable the firewall.

Windows Firewall in Vista and Windows 7 can monitor incoming and outgoing traffics. The built-in firewall in Vista and Win7 is enabled by default.

Third-Party Free Firewall
Please download the firewall program from vendor's website to get the current version all the time. The download links below is alternative only.

1. Online Armor Personal Firewall
Download: http://download.cnet.com/Online-Armor-Personal-Firewall/3000-10435_4-10426782.html
Support: http://support.tallemu.com/forums/index.php
System Requirements: XP and Vista.
Note: Online Armor does NOT support Windows XP 64, Windows Vista 64, Windows 98/Me

2. Agnitum Outpost Firewall Free 2009
Download: http://download.cnet.com/Agnitum-Outpost-Firewall/3000-10435_4-10913746.html
Support: http://www.outpostfirewall.com/forum/
System Requirements: Windows 2000, XP, Vista.
Note: The Pro edition of Outpost supports Windows 7

3. Windows 7 and Vista Firewall Control
Download: http://download.cnet.com/Windows-7-Firewall-Control/3000-10435_4-10618117.html
Support: http://vistafirewallcontrol.freeforums.org/
System Requirements: Vista and Windows 7

4. PC Tools Firewall Plus
Download: http://download.cnet.com/PC-Tools-Firewall-Plus-Free-Edition/3000-10435_4-10625321.html
Support: http://www.pctools.com/forum/
System Requirements: Windows 2000, XP, Windows 2003 and 32-bit edition of Vista

5. Sunbelt Personal Firewall
Sunbelt Personal Firewall will keep working after the first 30 days, but in basic mode. Below are the limitations when using it as Basic mode:
-- It is available for personal, noncommercial use only.
-- Web content filtering, including its logs and statistics, is not available.
-- Host Intrusion and Prevention System (HIPS) is not available.
-- It cannot be used at Internet Gateways.
-- Logs cannot be sent to a Syslog server.
-- The configuration cannot be protected by a password and it is not possible to access and administer the firewall remotely.
Download: http://download.cnet.com/Sunbelt-Kerio-Personal-Firewall/3000-10435_4-10487067.html
Support: http://supportforums.sunbeltsoftware.com/
System Requirements: Windows 2000 Pro, XP and Vista.
Note: Sunbelt Personal Firewall 4 does NOT run on any 64 bit Versions of Windows, Windows 2003 Server, Windows 2000 Server, Windows NT4, Windows Me/98/95

6. ZoneAlarm Free Firewall -- Please note that ZoneAlarm installer is offering third party toolbar. Uncheck the installation of toolbar (Spy Blocker which is Ask Toolbar) and options to modify your browser's home and search pages. It is not necessary to install the toolbar in using the firewall.
Download: http://download.cnet.com/ZoneAlarm/3000-10435_4-10039884.html
Support: http://forums.zonelabs.com/
System Requirements: XP and Vista

7. Comodo Internet Security -- Please note that Comodo installer is offering a toolbar with third party search engine, Ask.com. Uncheck the installation of HopSurf toolbar and options to modify your browser's home and search pages. It is not necessary to install the toolbar in using the firewall. Other notes: If you have antivirus already, you do not need to install Comodo AV. The installer will also offer the use of third party DNS servers. It is also not required to use the third party DNS Servers.
Download: http://download.cnet.com/Comodo-Internet-Security/3000-10435_4-10460704.html
Support: http://forums.comodo.com/
System Requirements: XP and Vista

Matousec.com created a comprehensive list of available free & commercial firewall software and it is updated often. See http://www.matousec.com/projects/firewall-challenge/product-list.php

Firewall Test:

GRC ShieldsUP - https://www.grc.com/x/ne.dll?bh0bkyd2
Audit My PC Firewall Test - http://www.auditmypc.com/firewall-test.asp
PC Flank Leak Test - http://www.pcflank.com/pcflankleaktest.htm
PC Flank Advanced Port Scanner Test - http://www.pcflank.com/scanner1.htm

Note: Matousec often test some firewall software for leak test. Result often change and the test is limited to leak test only so don't base your decision in choosing a firewall using this test - http://www.matousec.com/projects/proactive-security-challenge/results.php