Since it is great information may I suggest to all to do what I did and print it out incase you can't get back here to use it when needed.......
| The BeatGear Cavern http://beatgearcavern.com/forum/ |
|
| In Case Of Spyware/Virus.... http://beatgearcavern.com/forum/viewtopic.php?f=3&t=4801 |
Page 1 of 1 |
| Author: | MikeB [ Sun May 08, 2005 8:51 am ] |
| Post subject: | In Case Of Spyware/Virus.... |
All too many of our friends here have this happen, so I'd like to offer a few steps to help mitigate the risks of getting the beasties in the first place, and a simple checklist of things to do first when you think your computer has been infected. For prevention's sake, everyone running Windows should make sure their systems are fully updated with the latest patches from Microsoft. If you don't have automatic updates turned on, turn 'em on. Go to Windows Update and get the patches that may not have been installed on your computer at this point. There's no excuse for not keeping an updated anti-virus package on your computer. If you don't have a current subscription with Norton, McAfee, etc. stop reading this and download AVG Free anti-virus. Yup, it's free, updated every couple of days, and it's darn good. Make sure you have an anti-spyware product running. If you're running Windows 2000 or XP, Microsoft AntiSpyware is an excellent choice, and it's free. Other paid products which will work with other Windows varieties are BOClean and SpySubtract. No affiliation with either of those companies, I've seen both in action, and have been impressed with their capabilities. SpySubtract has a 30 day free trial mode. A software firewall is an excellent idea, however, I would stay away from Norton's offering - too many people I know have had trouble with it. ZoneAlarm is a great choice (although I would go for the paid version rather than the free version, as I've seen occasional problems with the free version, especially during upgrades, that can completely hose a system). A bit of research before you install anything or go to a particular site that might be dicey is worth it. If you've got your AV and anti-spyware products running before you hit certain sites you should be OK, but if you see dialog boxes popping up saying "Would you like to install...." etc, don't just blindly do it. Close your browser, make a note of what you're looking at, Google it and the word spyware or malware, and see if there's anybody who's getting burned by that. Needless to say, most P2P file sharing programs are loaded with the stuff, and I would avoid them like the plague. Certain song lyrics sites are known for trying to sneak spyware onto your PC, and sometimes you might get a dialog box saying you might need to "upgrade" your Media Player - be careful, here be Dragons! If you aren't sure, don't do it. Finally, backup, backup and BACKUP! Get an external hard drive and use either Norton Ghost or Acronis True Image to take images of your known good system. In the worst event, you can fully restore a known good system with either of these products. If for some reason, you think you've got a spyware or virus infestation, handle things methodically, and odds are you can beat this thing (there will be cases where your system will need to be wiped, unfortunately, however those will usually happen if for some reason you've picked up an extraordinary nasty - that's why you get Ghost or True Image). First, update all of your anti-virus and anti-spyware products if you can. Do full scans of your computer, and record the names of any nasties they find. If you can't update them, that's also a symptom to be recorded. Quarantine or delete the nasties they find. Take plenty of notes. Repeat the scans in Safe Mode. Second, run several of these web-based scanners against your computer (list courtesy of Broadband Reports): http://housecall.trendmicro.com/ http://support.f-secure.com/enu/home/ols.shtml http://www.mwti.net/antivirus/free_utilities.asp http://security.symantec.com/ http://www.ravantivirus.com/scan/ http://www3.ca.com/threatinfo/virusinfo/scan.aspx http://www.pandasoftware.com/activescan/ http://us.mcafee.com/root/mfs/default.asp Likewise, note what they find, and zap the nasties. Third, download, install and run some additional anti-spyware / anti-trojan programs. The reason for this is that not every program picks up every nasty, and having a different set of eyes (so to speak) will see if anything has been missed by your currently installed set of defenses. Some other possibilities are TDS-3 30 day trial, Ewido Security Suite, and the old standbys Spybot S&D and Ad Aware SE. Run the scans in both normal and safe mode. A couple of words of caution here, as there's been some question as to whether some of the free software providers have been independent enough to keep certain known nasties detected and removed (notably in the case of Lavasoft and a known adware company), so caveats apply. Another thing to be aware of here is that in some cases removing nasties with AdAware or Spybot has been known to blow out network connectivity for computers. If that occurs, LSP-Fix may be able to restore connectivity. As always, note everything you've done, and any nasties that have been found. Fourth, if the above steps have failed to clean the infection, or you have an "about:blank" hijacking, download both CWShredder and AboutBuster. CWShredder is included in SpySubtract if you've downloaded it, so that's unnecessary if you've previously installed it. Make sure you update AboutBuster after you've extracted it. Again, run in both normal and safe modes. Fifth, if the above steps haven't fixed the problem, you'll need to download HijackThis, which is a diagnostic tool that can help the gurus diagnose any serious infections. Get a log from HijackThis, and then contact your local guru for additional help at this point. Make a note of whatever bogus sites you are redirected to, and if you find you can't get to well-known computer security sites, that's also an important symptom. Places to check are Broadband Reports Security Forum, CastleCops, Wilders Security, and Spyware Warrior. If you can't get there, there might be a HOSTS file somewhere on your computer which is putting you somewhere where the crooks want you to be. All of those sites are important forums to check, as you might be infected with a new variant of some nasty that might require a special fix from a vendor (those forums helped me track down the fix for the nasty that infected Mark Barnes' computer). One thing that you should be aware of is that occasionally these things are so insidious that they will reinfect you when you reboot your computer or reconnect to the internet. If it gets to the point of using HijackThis, you'll probably need to use tools such as regsvr32 and a process killer to clean the system out (some of these things are very good at stealthing themselves and not turning up in the Task Manager). As always, I'm glad to help out anyone here on the forum who finds themselves in a pickle with spyware and tech issues. |
|
| Author: | Mark Barnes [ Sun May 08, 2005 3:05 pm ] |
| Post subject: | |
Thanks, Mike -- I'm sure a lot of folks will find this information useful. |
|
| Author: | sam37 [ Sun May 08, 2005 3:07 pm ] |
| Post subject: | |
Since it is great information may I suggest to all to do what I did and print it out incase you can't get back here to use it when needed.......
|
|
| Author: | Epidrake [ Mon May 09, 2005 6:13 am ] |
| Post subject: | |
I wish I knew about all this BEFORE I got infected at home. I got rid of almost all of them so far, I have one left. Thanks MikeB!!! |
|
| Author: | gingerly [ Mon May 09, 2005 7:11 am ] |
| Post subject: | |
Very nicely laid out MikeB. You left out the final step, of course... 
|
|
| Author: | blckout420 [ Mon May 09, 2005 6:14 pm ] |
| Post subject: | |
Mike, I vote you get the BGC community service award. Great information, stuff we all can use. Thanks. |
|
| Author: | TomTrig [ Tue May 10, 2005 7:24 pm ] |
| Post subject: | |
Nice job Mike, excellent information! All that work to look at some \ \o/ / what's the internet coming to? |
|
| Author: | Dr Quist [ Fri Jun 17, 2005 3:05 pm ] |
| Post subject: | |
This sure beats anything I have to say ..Thanks ! |
|
| Author: | steve350 [ Thu Dec 01, 2005 3:03 pm ] |
| Post subject: | |
My computer was going nuts. I could not search anything while I was in IE6. It would let me click on any link. I could not download any of those great sites. Anyway I was able to load,"eScan". What a great program. It found some some viruses that were taking over my Internet explorer. Now I have that running in the background as well as Microsoft Antispyware and Ad-aware. Norton let those viruses infect my computer. Everything works great now. I will never use another Norton anti virus program again. What I am going to use is Norton Ghost and a Maxtor USB one touch hard rive to do back-ups now and then so I never get put in that situation again, |
|
| Author: | LtDave32 [ Sat Jun 17, 2006 11:12 am ] |
| Post subject: | |
I have heard there are so many "holes" I. E. that it resembles a screen door I switched to Mozilla's Firefox, and Nothing but smooth sailing ever since. pop-ups are non-existent, and it's fast, easy and simple. Anyone out there plauged with that macromedia flash pop-up that just won't go away, no matter what you do, even if you install the latest flash player? Not a peep out of them with Firefox. Best thing that's happened to me since Winxp-pro! Get it at Mozilla.com |
|
| Author: | sam37 [ Tue Oct 09, 2007 9:35 am ] |
| Post subject: | |
bump as questions have arose again.............. 
|
|
| Page 1 of 1 | All times are UTC - 8 hours |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|