All too many of our friends here have this happen, so I'd like to offer a few steps to help mitigate the risks of getting the beasties in the first place, and a simple checklist of things to do first when you think your computer has been infected.
For prevention's sake, everyone running Windows should make sure their systems are fully updated with the latest patches from Microsoft. If you don't have automatic updates turned on, turn 'em on. Go to
Windows Update and get the patches that may not have been installed on your computer at this point.
There's no excuse for not keeping an updated anti-virus package on your computer. If you don't have a current subscription with Norton, McAfee, etc. stop reading this and download
AVG Free anti-virus. Yup, it's free, updated every couple of days, and it's darn good.
Make sure you have an anti-spyware product running. If you're running Windows 2000 or XP,
Microsoft AntiSpyware is an excellent choice, and it's free. Other paid products which will work with other Windows varieties are
BOClean and
SpySubtract. No affiliation with either of those companies, I've seen both in action, and have been impressed with their capabilities. SpySubtract has a 30 day free trial mode.
A software firewall is an excellent idea, however, I would stay away from Norton's offering - too many people I know have had trouble with it.
ZoneAlarm is a great choice (although I would go for the paid version rather than the free version, as I've seen occasional problems with the free version, especially during upgrades, that can completely hose a system).
A bit of research before you install anything or go to a particular site that might be dicey is worth it. If you've got your AV and anti-spyware products running before you hit certain sites you
should be OK, but if you see dialog boxes popping up saying "Would you like to install...." etc, don't just blindly do it. Close your browser, make a note of what you're looking at, Google it and the word spyware or malware, and see if there's anybody who's getting burned by that. Needless to say, most P2P file sharing programs are loaded with the stuff, and I would avoid them like the plague. Certain song lyrics sites are known for trying to sneak spyware onto your PC, and sometimes you might get a dialog box saying you might need to "upgrade" your Media Player - be careful, here be Dragons! If you aren't sure, don't do it.
Finally, backup, backup and BACKUP! Get an external hard drive and use either Norton Ghost or
Acronis True Image to take images of your known good system. In the worst event, you can fully restore a known good system with either of these products.
If for some reason, you think you've got a spyware or virus infestation, handle things methodically, and odds are you can beat this thing (there will be cases where your system will need to be wiped, unfortunately, however those will usually happen if for some reason you've picked up an extraordinary nasty - that's why you get Ghost or True Image).
First, update all of your anti-virus and anti-spyware products if you can. Do full scans of your computer, and record the names of any nasties they find. If you can't update them, that's also a symptom to be recorded. Quarantine or delete the nasties they find. Take plenty of notes. Repeat the scans in
Safe Mode.
Second, run several of these web-based scanners against your computer (list courtesy of Broadband Reports):
http://housecall.trendmicro.com/
http://support.f-secure.com/enu/home/ols.shtml
http://www.mwti.net/antivirus/free_utilities.asp
http://security.symantec.com/
http://www.ravantivirus.com/scan/
http://www3.ca.com/threatinfo/virusinfo/scan.aspx
http://www.pandasoftware.com/activescan/
http://us.mcafee.com/root/mfs/default.asp
Likewise, note what they find, and zap the nasties.
Third, download, install and run some additional anti-spyware / anti-trojan programs. The reason for this is that not every program picks up every nasty, and having a different set of eyes (so to speak) will see if anything has been missed by your currently installed set of defenses. Some other possibilities are
TDS-3 30 day trial,
Ewido Security Suite, and the old standbys
Spybot S&D and
Ad Aware SE. Run the scans in both normal and safe mode. A couple of words of caution here, as there's been some question as to whether some of the free software providers have been independent enough to keep certain known nasties detected and removed (notably in the case of Lavasoft and a known adware company), so caveats apply. Another thing to be aware of here is that in some cases removing nasties with AdAware or Spybot has been known to blow out network connectivity for computers. If that occurs,
LSP-Fix may be able to restore connectivity.
As always, note everything you've done, and any nasties that have been found.
Fourth, if the above steps have failed to clean the infection, or you have an "about:blank" hijacking, download both
CWShredder and
AboutBuster. CWShredder is included in SpySubtract if you've downloaded it, so that's unnecessary if you've previously installed it. Make sure you update AboutBuster after you've extracted it. Again, run in both normal and safe modes.
Fifth, if the above steps haven't fixed the problem, you'll need to download
HijackThis, which is a diagnostic tool that can help the gurus diagnose any serious infections. Get a log from HijackThis, and then contact your local guru for additional help at this point.
Make a note of whatever bogus sites you are redirected to, and if you find you can't get to well-known computer security sites, that's also an important symptom. Places to check are
Broadband Reports Security Forum,
CastleCops,
Wilders Security, and
Spyware Warrior. If you can't get there, there might be a HOSTS file somewhere on your computer which is putting you somewhere where the crooks want you to be. All of those sites are important forums to check, as you might be infected with a new variant of some nasty that might require a special fix from a vendor (those forums helped me track down the fix for the nasty that infected Mark Barnes' computer).
One thing that you should be aware of is that occasionally these things are so insidious that they will reinfect you when you reboot your computer or reconnect to the internet. If it gets to the point of using HijackThis, you'll probably need to use tools such as regsvr32 and a process killer to clean the system out (some of these things are very good at stealthing themselves and not turning up in the Task Manager).
As always, I'm glad to help out anyone here on the forum who finds themselves in a pickle with spyware and tech issues.
Login
Register
Donate
FAQ
Search
