2 links and GOBS of spyware articles.

calendar Posted on April 25, 2005   comments No Comments

Been riding the whirlwind at work since I got back. Can’t complain, but it’s been keeping me busy.

We had some DNS related networking issues last Friday and over the weekend. While trying to figure out what was going on, I stumbled across this little gem of a collection of dns tools - http://www.dnsstuff.com/ All sorts of nifty tools and lookups.

Think your home theater is slick? Check out this guy’s stuff. Holy cow. I’m somewhat awed.

I wrote and posted this next little bit on my EQ guild’s forums earlier today. Figured I’d repost for that new reader that stumbled over the site (ok, hypothetical new reader :P)

Spyware / Malware / Viruses and Assorted Other CrapLots of bad crap floating around these days that can really booger up your computer and either completely break or slow down your gaming — and we certainly don’t want that!

I thought I’d suggest some tools and practices that some might find interesting. I’m not an expert, but I follow this stuff a lot and people pay me to fix their stuff — and I’ve spent a lot of time in email / IM / in-game with EQ players helping out as well…

Regardless of what the ads say, there is no one tool that will make everything better and keep you safe. It simply isn’t possible at this time. Changes happen too fast. In fact, in a recent study, the two best tools in their particular test combined for less than 80% success rate! Yikes!

I usually suggest the following:

1) Microsoft AntiSpyware - Yep, the big boys from Redmond bought a company a while back and rebadged it (Giant for those curious). It works pretty well (even in real time) and keeps reasonably current. I’m no MS fanboi, but it does work.

2) SpyBot Search and Destroy - One of the granddaddies in this field and still worth having around. They also have a real-time protection mode available (tea timer I believe) that is part of the installation.

3) Lavasoft’s AdAware SE - (click on the menu for “AdAware Personal”) - another classic and it generally does well.

4) CoolWeb Shredder - (click on the download (right side) for “Download stand-alone version of CWShredder”) Cool Web’s stuff is pretty darned pernicious. This one specializes only with that and does good work.

5) Consider using the Firefox web browser - Personally, I prefer it but more importantly, it’s not quite as likely to pick up as much cruft as you’re surfing. Built in blockers, certificate checking and tabs are nice too. Won’t start a holy war over it, just suggesting you try it.

6) Antivirus - get some. no excuse to not have any with good free options available (check out Grisofts’s free home edition - I’m a big fan and have even purchased their soho version for my own business).

Registry mechanic - I won’t advise using this one. I don’t use it and a lot of people have paid me a lot of money to fix their machines after they’ve used it. I’m sure it works great for some folks, but it has completely toasted some machines. Again, that’s just my opinion…

Last note: If you do find that you’re completely infested with spy/malware, get all the tools you use for cleanup (such as the ones listed above or similar) updated! THEN, reboot into Safe Mode (as windows starts, hit F8 for the boot menu and choose Safe Mode). Run the tools from there - they are much more likely to do a better job if all that crap isn’t already up and running.

There are many other free options available. These are just the ones I’ve had success with. There are more, but I didn’t want to write a book (just yet at any rate). If you feel slighted that I didn’t mention your favorite tool, just hit respond and mention it. :-)

The microsoft MVP’s have pretty decent article that covers more ground and is worth a read over: Dealing With Unwanted Spyware and Parasites. I picked up that url from the usenet group microsoft.public.security.homeusers.A person named Malke posts there frequently and has a pretty good canned response. He mentions some tools and techniques I don’t often need, but good stuff and I do intend to check out some of the tools some day. Here it is (hopefully he won’t mind!):

Here are some things you can do
to get the computer cleaned up. I recommend getting all tools from a
known-clean computer that has a fast Internet connection and a cd
burner. On your machine, empty your Temporary and Temporary Internet
Files. Then run TrendMicro’s Sysclean:

TrendMicro’s Sysclean is an extensive antivirus tool which has the
advantage of not needing to be installed. It requires two parts - the
scanning engine and the virus pattern files.

1. Create a new folder on your Desktop or the C: drive named something
useful like “Sysclean”.
2. Go here and download the two parts of the program to that folder:

http://www.trendmicro.com/download/dcs.asp - Sysclean
http://www.trendmicro.com/download/pattern.asp - virus pattern files

The pattern files will be zipped - extract them with your unzipper (like
WinZip) or if you have XP, you can just open the folder. You need to
put the extracted files in the Sysclean folder you made.

3. Restart your computer in Safe Mode. Get into Safe Mode by repeatedly
tapping the F8 key as the computer is starting up to get to the proper
menu.
4. Go to the Sysclean folder you made and double-click on sysclean.com.
Start the scan. After the scan is finished, look at the log. You may
need to make a note of where any viruses were found if they were not
able to be removed so you can manually delete them.

After you’ve run Sysclean, get a full-featured antivirus, install it,
update it, and do a thorough scan in Safe Mode. EZ-AV from Computer
Associates is still being offered with a free year’s subscription. Get
it at www.my-etrust.com/microsoft. Of course you could try AVG again,
but I think EZ-AV is a better choice.

You will probably want to continue your cleaning by removing non-viral
malware. You can obviously skip Step 1 below as you will have already
done it:

1) Scan in Safe Mode with current version (not earlier than 2004)
antivirus using updated definitions.

Before you remove malware, get LSPFix (or WinSockFix for XP which you
can get from MajorGeeks) - see links below.

2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from Intermute. I would not
install the other Intermute programs, however. Alternately, there are
CoolWebSearch malware removal steps at SilentRunners.

Be sure to update these programs before running, and it is a good idea
to do virus/spyware scans in Safe Mode. Make sure you are able to see
all hidden files and extensions (View tab in Folder Options).

If the malware remains even after you used Ad-aware and Spybot, you can
scan with HijackThis. HijackThis is an excellent tool to discover and
disable hijackers, but it requires expert skill. See below for
HijackThis links, including sites where you can post your HJT logs. A
combination of HijackThis and About:Buster works well in removing the
About:Blank homepage hijacker. Again, this is an expert tool and
novices should get help with it.

3) If you are running Windows ME or XP, you should disable/enable System
Restore after the system is clean because malware will be in the
Restore Points. With ME, you must disable System Restore completely.
With XP, you can delete all but the most recent (presumably clean)
System Restore point from the More Options section of Disk Cleanup
(Run>cleanmgr).

4) Make sure you’ve visited Windows Update and applied all security

patches. Do not install driver updates from Windows Update.

5) Run a firewall.

Links to help with malware:

Software/Methods:
http://www.safer-networking.org - Spybot Search & Destroy
http://www.lavasoftusa.com - Ad-aware
http://www.majorgeeks.com - good download site
http://www.intermute.com/spysubtract/cwshredder_download.html
http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
http://www.cexx.org/lspfix.htm - Repair Winsock 2 settings after
removing spyware
http://www.spychecker.com/program/winsockxpfix.html - WinsockXPFix.exe

HijackThis:
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
Eshelman
http://aumha.net - forums
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/

General:
http://aumha.net - look under “Security” for various forums
http://rgharper.mvps.org/cleanit.htm
http://mvps.org/winhelp2002/unwanted.htm
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://www.spywarewarrior.com/rogue_anti-spyware.htm

tags Tags: , , ,

Related Posts Possibly Related Posts

Comments

Leave a Reply




Have you read the Comments section on the Disclaimer page?

About

Wandering the Internet, looking at all things bright and shiny. Playing with many, writing about some. More …

Recent Posts

Recent Comments: