The BeatGear Cavern

A Fab Forum
It is currently Sat Nov 23, 2024 7:44 am
Hofner

All times are UTC - 8 hours




Post new topic Reply to topic  [ 11 posts ] 
Author Message
 Post subject: In Case Of Spyware/Virus....
PostPosted: Sun May 08, 2005 8:51 am 
Offline
Vice-Admin./Technical Affairs
User avatar

Joined: Sat May 29, 2004 6:24 pm
Posts: 12139
Age: 65
Location: Metro NY
All too many of our friends here have this happen, so I'd like to offer a few steps to help mitigate the risks of getting the beasties in the first place, and a simple checklist of things to do first when you think your computer has been infected.

For prevention's sake, everyone running Windows should make sure their systems are fully updated with the latest patches from Microsoft. If you don't have automatic updates turned on, turn 'em on. Go to Windows Update and get the patches that may not have been installed on your computer at this point.

There's no excuse for not keeping an updated anti-virus package on your computer. If you don't have a current subscription with Norton, McAfee, etc. stop reading this and download AVG Free anti-virus. Yup, it's free, updated every couple of days, and it's darn good.

Make sure you have an anti-spyware product running. If you're running Windows 2000 or XP, Microsoft AntiSpyware is an excellent choice, and it's free. Other paid products which will work with other Windows varieties are BOClean and SpySubtract. No affiliation with either of those companies, I've seen both in action, and have been impressed with their capabilities. SpySubtract has a 30 day free trial mode.

A software firewall is an excellent idea, however, I would stay away from Norton's offering - too many people I know have had trouble with it. ZoneAlarm is a great choice (although I would go for the paid version rather than the free version, as I've seen occasional problems with the free version, especially during upgrades, that can completely hose a system).

A bit of research before you install anything or go to a particular site that might be dicey is worth it. If you've got your AV and anti-spyware products running before you hit certain sites you should be OK, but if you see dialog boxes popping up saying "Would you like to install...." etc, don't just blindly do it. Close your browser, make a note of what you're looking at, Google it and the word spyware or malware, and see if there's anybody who's getting burned by that. Needless to say, most P2P file sharing programs are loaded with the stuff, and I would avoid them like the plague. Certain song lyrics sites are known for trying to sneak spyware onto your PC, and sometimes you might get a dialog box saying you might need to "upgrade" your Media Player - be careful, here be Dragons! If you aren't sure, don't do it.

Finally, backup, backup and BACKUP! Get an external hard drive and use either Norton Ghost or Acronis True Image to take images of your known good system. In the worst event, you can fully restore a known good system with either of these products.

If for some reason, you think you've got a spyware or virus infestation, handle things methodically, and odds are you can beat this thing (there will be cases where your system will need to be wiped, unfortunately, however those will usually happen if for some reason you've picked up an extraordinary nasty - that's why you get Ghost or True Image).

First, update all of your anti-virus and anti-spyware products if you can. Do full scans of your computer, and record the names of any nasties they find. If you can't update them, that's also a symptom to be recorded. Quarantine or delete the nasties they find. Take plenty of notes. Repeat the scans in Safe Mode.

Second, run several of these web-based scanners against your computer (list courtesy of Broadband Reports):
http://housecall.trendmicro.com/
http://support.f-secure.com/enu/home/ols.shtml
http://www.mwti.net/antivirus/free_utilities.asp
http://security.symantec.com/
http://www.ravantivirus.com/scan/
http://www3.ca.com/threatinfo/virusinfo/scan.aspx
http://www.pandasoftware.com/activescan/
http://us.mcafee.com/root/mfs/default.asp
Likewise, note what they find, and zap the nasties.

Third, download, install and run some additional anti-spyware / anti-trojan programs. The reason for this is that not every program picks up every nasty, and having a different set of eyes (so to speak) will see if anything has been missed by your currently installed set of defenses. Some other possibilities are TDS-3 30 day trial, Ewido Security Suite, and the old standbys Spybot S&D and Ad Aware SE. Run the scans in both normal and safe mode. A couple of words of caution here, as there's been some question as to whether some of the free software providers have been independent enough to keep certain known nasties detected and removed (notably in the case of Lavasoft and a known adware company), so caveats apply. Another thing to be aware of here is that in some cases removing nasties with AdAware or Spybot has been known to blow out network connectivity for computers. If that occurs, LSP-Fix may be able to restore connectivity.

As always, note everything you've done, and any nasties that have been found.

Fourth, if the above steps have failed to clean the infection, or you have an "about:blank" hijacking, download both CWShredder and AboutBuster. CWShredder is included in SpySubtract if you've downloaded it, so that's unnecessary if you've previously installed it. Make sure you update AboutBuster after you've extracted it. Again, run in both normal and safe modes.

Fifth, if the above steps haven't fixed the problem, you'll need to download HijackThis, which is a diagnostic tool that can help the gurus diagnose any serious infections. Get a log from HijackThis, and then contact your local guru for additional help at this point.

Make a note of whatever bogus sites you are redirected to, and if you find you can't get to well-known computer security sites, that's also an important symptom. Places to check are Broadband Reports Security Forum, CastleCops, Wilders Security, and Spyware Warrior. If you can't get there, there might be a HOSTS file somewhere on your computer which is putting you somewhere where the crooks want you to be. All of those sites are important forums to check, as you might be infected with a new variant of some nasty that might require a special fix from a vendor (those forums helped me track down the fix for the nasty that infected Mark Barnes' computer).

One thing that you should be aware of is that occasionally these things are so insidious that they will reinfect you when you reboot your computer or reconnect to the internet. If it gets to the point of using HijackThis, you'll probably need to use tools such as regsvr32 and a process killer to clean the system out (some of these things are very good at stealthing themselves and not turning up in the Task Manager).

As always, I'm glad to help out anyone here on the forum who finds themselves in a pickle with spyware and tech issues.


Top
 Profile  
 
 Post subject:
PostPosted: Sun May 08, 2005 3:05 pm 
Offline
BGC Administrator
User avatar

Joined: Mon Apr 26, 2004 8:30 pm
Posts: 32901
Location: Waterville, NY USA
Thanks, Mike -- I'm sure a lot of folks will find this information useful.

_________________
Mark . . . and Plastic Soul (now on Facebook)
"Suos cultores scientia coronat."


Top
 Profile  
 
 Post subject:
PostPosted: Sun May 08, 2005 3:07 pm 
Offline
Order of the Wig & Girdle
User avatar

Joined: Tue Sep 07, 2004 5:42 pm
Posts: 5466
Since it is great information may I suggest to all to do what I did and print it out incase you can't get back here to use it when needed....... :?

_________________
Image ImageImage


Top
 Profile  
 
 Post subject:
PostPosted: Mon May 09, 2005 6:13 am 
Offline
Order of the Wig & Girdle
User avatar

Joined: Fri May 07, 2004 1:49 pm
Posts: 5450
Age: 63
Location: NYC
I wish I knew about all this BEFORE I got infected at home. I got rid of almost all of them so far, I have one left.

Thanks MikeB!!!

_________________
"People are just about as happy as they make up their minds to be." Abe Lincoln

"Argument from intimidation is a confession of intellectual impotence." Ayn Rand


Top
 Profile  
 
 Post subject:
PostPosted: Mon May 09, 2005 7:11 am 
Offline
Order of the Wig & Girdle
User avatar

Joined: Mon May 24, 2004 7:02 am
Posts: 16536
Location: Seafoam-On-Shingle
Very nicely laid out MikeB. You left out the final step, of course... :wink:

_________________
"It's only with the heart that one can see clearly. What's essential is invisible to the eye." The Fox/Gene Wilder



- the ONLY board member designated "brofessor stink-puppet" by Winky


Top
 Profile  
 
 Post subject:
PostPosted: Mon May 09, 2005 6:14 pm 
Offline
1,000,000th Poster!
User avatar

Joined: Wed May 19, 2004 8:00 pm
Posts: 23654
Location: Sanity Cruz Ca.
Mike, I vote you get the BGC community service award. Great information, stuff we all can use. Thanks.


Top
 Profile  
 
 Post subject:
PostPosted: Tue May 10, 2005 7:24 pm 
Offline
Order of the Wig & Girdle
User avatar

Joined: Sat Sep 25, 2004 7:50 am
Posts: 19141
Location: Philadelphia
Nice job Mike, excellent information!

All that work to look at some \ \o/ / what's the internet coming to?


Top
 Profile  
 
 Post subject:
PostPosted: Fri Jun 17, 2005 3:05 pm 
Offline
Order of the W&G/Expert Panel
User avatar

Joined: Sun May 09, 2004 6:12 am
Posts: 10680
Location: Seattle Washington USA
This sure beats anything I have to say ..Thanks !

_________________
I'll take mine "ALAPWOB" ...as low as possible without buzzing.

Mark Arnquist -Arnquist Musical Designs Inc
Arnquist gutars


Top
 Profile  
 
 Post subject:
PostPosted: Thu Dec 01, 2005 3:03 pm 
Offline
BGC Fellow
User avatar

Joined: Fri May 07, 2004 9:38 am
Posts: 2072
Location: West Palm Beach, Florida
My computer was going nuts. I could not search anything while I was in IE6. It would let me click on any link. I could not download any of those great sites.

Anyway I was able to load,"eScan". What a great program. It found some some viruses that were taking over my Internet explorer. Now I have that running in the background as well as Microsoft Antispyware and Ad-aware.

Norton let those viruses infect my computer. Everything works great now. I will never use another Norton anti virus program again.

What I am going to use is Norton Ghost and a Maxtor USB one touch hard rive to do back-ups now and then so I never get put in that situation again,


Top
 Profile  
 
 Post subject:
PostPosted: Sat Jun 17, 2006 11:12 am 
Offline
Order of the Wig & Girdle
User avatar

Joined: Wed May 17, 2006 7:09 am
Posts: 19841
Age: 66
I have heard there are so many "holes" I. E. that it resembles a screen door
I switched to Mozilla's Firefox, and Nothing but smooth sailing ever since. pop-ups are non-existent, and it's fast, easy and simple. Anyone out there plauged with that macromedia flash pop-up that just won't go away, no matter what you do, even if you install the latest flash player? Not a peep out of them with Firefox. Best thing that's happened to me since Winxp-pro!
Get it at Mozilla.com


Top
 Profile  
 
 Post subject:
PostPosted: Tue Oct 09, 2007 9:35 am 
Offline
Order of the Wig & Girdle
User avatar

Joined: Tue Sep 07, 2004 5:42 pm
Posts: 5466
bump as questions have arose again.............. :)

_________________
Image ImageImage


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 11 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
Copyright © 2007 The BeatGear Cavern
DivineBlack by Darthorx
Updated by phpBBservice.nl
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group