Donovan
Enlightened
*Updated yet again (7/8/07) with additional links and information*
I sent someone this info who PM me about an infection. I thought it might be useful to others as well! I (used to) do this for a living and these are the steps I recommend to remove most infections...
----------
The following freeware and instructions will help prevent and get rid of "most" malware infections. First download, install and fully update these programs if you don't have them already:
First, STOP using Internet Explorer 6 as your default web browser!!!! This is the single best thing you can do to prevent getting (re)infected with spyware/malware! Download FireFox web browser: http://www.mozilla.com/ or Opera http://www.opera.com/ (I use both FF and Opera). Install FireFox and/or Opera and set one of them to be the default browser (very important!) Then and use FireFox/Opera not IE to download the rest of the products.
*If you have IE6 still on your system then please upgrade to IE7 even if you aren't going to use it as your default browser (or even at all). The popularity and adoption of Firefox finally forced Microsoft to update IE (which sat without major updates or development for more than 4 years!). Internet Explorer 7 has numerous security advantages over IE6. One of the most important is that it is no longer "integrated" into windows explorer shell. This means that web content trying to open in windows explorer will be redirected to the default web browser.
SuperAntispyware: http://www.superantispyware.com/index.html
Cheesy name but a great product!
Spybot: http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10401314.html?tag=lst-0-1
Spyware Blaster: http://www.javacoolsoftware.com/spywareblaster.html
a very good preventative tool. A must have no matter what else you use!
AVG Anti-Spyware: http://www.ewido.net/en/download/
This is commercial software but also has a freeware mode. *AVG purchased Ewido a while back...
Install SuperAntispyware, Spybot, Spyware Blaster and AVG and update them all but do not run them yet (you may go ahead and update/run spywareblaster).
Close IE if open (you should be using FF/O!) and go into Internet options (right-click on the IE icon on desktop or go to control panel and choose internet options). While in the General tab of internet options, click on the "delete files" button in the middle of the window to delete all "cache" or temporary internet files (also check delete offline files). Click on the settings button next to delete files and this will open a new window (settings). In this new window click on the "view objects" button to open yet another window (downloaded program files). In this window select all objects and delete them. This will get rid of all the IE plugins (good and bad). Since you are going to be using FireFox you don't need any of them anyway! Even if you do need to use IE, any plugins you may need can be easily reinstalled later...
Make sure all programs are fully updated!
Run the SuperAntispyware scanner first and let it remove anything it finds.
Reboot into safe mode by restarting your pc and hitting F8 when you pc is first starting to boot. Choose Safe Mode no networking.
Then run the SpyBot and any other software scanning tools you have and let them remove anything they find. Then run the same programs again when you boot back to regular mode under your normal profile(s). This is important because safe mode will be using a different profile than "normal" mode.
Then run Trend Micro Housecall if you don't have a good up-to-date antivirus
http://housecall.trendmicro.com/
These steps should eliminate "most" infections.
If you are still having issues then a trick you can try is to first close all open programs and then run task manager (hit ctrl-alt-del) go to the processes tab and end explorer.exe. This will blank your screen but don't panic! Hit ctrl-alt-del again to get task manager back. Choose File, New Task (Run..) and browse to AVG (C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe) or SuperAntispyware (C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe) or Spybot (C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe) and run them. Explorer can sometimes get infected and this will let you run the scans without explorer in the way.
If you have XP: After cleaning your system up please disable then re-enable system restore to flush out infected backup copies: http://forums.majorgeeks.com/showthread.php?t=31668
And as always make sure your system is completely up to date with the latest service packs and patches. http://update.microsoft.com/ You will have to use IE for the Microsoft sites! (make sure IE doesn't steal back default browser). If you have MS Office or other MS programs be sure and update them as well. http://office.microsoft.com/en-us/officeupdate/default.aspx
Microsoft also has setup a site that will scan to see how healthy your pc is: http://safety.live.com
*On that note I would check all of your software to see if there are security updates and/or patches for them. Here is a great site that has updates and patches for most of your common software all in one place! http://www.softwarepatch.com/ I use this site all the time and highly recommend it!
Additional programs:
Microsoft Defender (used to be Giant Antispyware) http://www.microsoft.com/athome/security/spyware/software/default.mspx
And these good commercial antispyware programs:
Spyware Doctor http://www.pctools.com/spyware-doctor/
Pest Patrol http://www.ca.com/products/pestpatrol/
Webroot Spy Sweeper http://www.webroot.com/consumer/products/spysweeper
Antivirus recommendations:
Trend Micro PC Cillin Antivirus http://www.trendmicro.com/en/home/us/personal.htm
The most popular antivirus does not make it the best (very far from it actually and yes I am talking about Norton and McAfee. Neither are recommended). Trend Micro is one of the antivirus programs I use on my own PC's. PC Cillin is a full suite (antivirus, firewall, antispyware etc.) so if your looking for just AV there are some even better options:
NOD32 - very light on resources, one of the best!
http://www.eset.com/
F-Prot
http://www.f-prot.com/
BitDefender
http://www.bitdefender.com/
F-Secure
http://www.f-secure.com/
If you want a good freeware antivirus program try one of these. I have used both of these freeware programs and would recommend either one of these over Norton!
Avast
http://www.avast.com/eng/avast_4_home.html
or AVG
http://www.grisoft.com/doc/289/lng/us/tpl/tpl01
..........................
If you are still having problems then try these helpful forums where someone can really get down and dirty with your infection!
Help forums:
http://forums.spywareinfo.com/
http://spywarewarrior.com/index.php
http://castlecops.com/forums.html
http://forums.tomcoyote.org
http://forums.majorgeeks.com/
*HiJackThis program: http://www.majorgeeks.com/download3155.html
You will need this program for folks in these forums to help you! Don't remove anything with this program unless you know what your doing or someone is helping you!
--------
The recommended AntiSpyware programs list:
http://spywarewarrior.com/asw-features.htm#rec
"Bad" Antispyware list:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
--------
As always, you can also contact me. If I have the time I will gladly try to help!
I sent someone this info who PM me about an infection. I thought it might be useful to others as well! I (used to) do this for a living and these are the steps I recommend to remove most infections...
----------
The following freeware and instructions will help prevent and get rid of "most" malware infections. First download, install and fully update these programs if you don't have them already:
First, STOP using Internet Explorer 6 as your default web browser!!!! This is the single best thing you can do to prevent getting (re)infected with spyware/malware! Download FireFox web browser: http://www.mozilla.com/ or Opera http://www.opera.com/ (I use both FF and Opera). Install FireFox and/or Opera and set one of them to be the default browser (very important!) Then and use FireFox/Opera not IE to download the rest of the products.
*If you have IE6 still on your system then please upgrade to IE7 even if you aren't going to use it as your default browser (or even at all). The popularity and adoption of Firefox finally forced Microsoft to update IE (which sat without major updates or development for more than 4 years!). Internet Explorer 7 has numerous security advantages over IE6. One of the most important is that it is no longer "integrated" into windows explorer shell. This means that web content trying to open in windows explorer will be redirected to the default web browser.
SuperAntispyware: http://www.superantispyware.com/index.html
Cheesy name but a great product!
Spybot: http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10401314.html?tag=lst-0-1
Spyware Blaster: http://www.javacoolsoftware.com/spywareblaster.html
a very good preventative tool. A must have no matter what else you use!
AVG Anti-Spyware: http://www.ewido.net/en/download/
This is commercial software but also has a freeware mode. *AVG purchased Ewido a while back...
Install SuperAntispyware, Spybot, Spyware Blaster and AVG and update them all but do not run them yet (you may go ahead and update/run spywareblaster).
Close IE if open (you should be using FF/O!) and go into Internet options (right-click on the IE icon on desktop or go to control panel and choose internet options). While in the General tab of internet options, click on the "delete files" button in the middle of the window to delete all "cache" or temporary internet files (also check delete offline files). Click on the settings button next to delete files and this will open a new window (settings). In this new window click on the "view objects" button to open yet another window (downloaded program files). In this window select all objects and delete them. This will get rid of all the IE plugins (good and bad). Since you are going to be using FireFox you don't need any of them anyway! Even if you do need to use IE, any plugins you may need can be easily reinstalled later...
Make sure all programs are fully updated!
Run the SuperAntispyware scanner first and let it remove anything it finds.
Reboot into safe mode by restarting your pc and hitting F8 when you pc is first starting to boot. Choose Safe Mode no networking.
Then run the SpyBot and any other software scanning tools you have and let them remove anything they find. Then run the same programs again when you boot back to regular mode under your normal profile(s). This is important because safe mode will be using a different profile than "normal" mode.
Then run Trend Micro Housecall if you don't have a good up-to-date antivirus
http://housecall.trendmicro.com/
These steps should eliminate "most" infections.
If you are still having issues then a trick you can try is to first close all open programs and then run task manager (hit ctrl-alt-del) go to the processes tab and end explorer.exe. This will blank your screen but don't panic! Hit ctrl-alt-del again to get task manager back. Choose File, New Task (Run..) and browse to AVG (C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe) or SuperAntispyware (C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe) or Spybot (C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe) and run them. Explorer can sometimes get infected and this will let you run the scans without explorer in the way.
If you have XP: After cleaning your system up please disable then re-enable system restore to flush out infected backup copies: http://forums.majorgeeks.com/showthread.php?t=31668
And as always make sure your system is completely up to date with the latest service packs and patches. http://update.microsoft.com/ You will have to use IE for the Microsoft sites! (make sure IE doesn't steal back default browser). If you have MS Office or other MS programs be sure and update them as well. http://office.microsoft.com/en-us/officeupdate/default.aspx
Microsoft also has setup a site that will scan to see how healthy your pc is: http://safety.live.com
*On that note I would check all of your software to see if there are security updates and/or patches for them. Here is a great site that has updates and patches for most of your common software all in one place! http://www.softwarepatch.com/ I use this site all the time and highly recommend it!
Additional programs:
Microsoft Defender (used to be Giant Antispyware) http://www.microsoft.com/athome/security/spyware/software/default.mspx
And these good commercial antispyware programs:
Spyware Doctor http://www.pctools.com/spyware-doctor/
Pest Patrol http://www.ca.com/products/pestpatrol/
Webroot Spy Sweeper http://www.webroot.com/consumer/products/spysweeper
Antivirus recommendations:
Trend Micro PC Cillin Antivirus http://www.trendmicro.com/en/home/us/personal.htm
The most popular antivirus does not make it the best (very far from it actually and yes I am talking about Norton and McAfee. Neither are recommended). Trend Micro is one of the antivirus programs I use on my own PC's. PC Cillin is a full suite (antivirus, firewall, antispyware etc.) so if your looking for just AV there are some even better options:
NOD32 - very light on resources, one of the best!
http://www.eset.com/
F-Prot
http://www.f-prot.com/
BitDefender
http://www.bitdefender.com/
F-Secure
http://www.f-secure.com/
If you want a good freeware antivirus program try one of these. I have used both of these freeware programs and would recommend either one of these over Norton!
Avast
http://www.avast.com/eng/avast_4_home.html
or AVG
http://www.grisoft.com/doc/289/lng/us/tpl/tpl01
..........................
If you are still having problems then try these helpful forums where someone can really get down and dirty with your infection!
Help forums:
http://forums.spywareinfo.com/
http://spywarewarrior.com/index.php
http://castlecops.com/forums.html
http://forums.tomcoyote.org
http://forums.majorgeeks.com/
*HiJackThis program: http://www.majorgeeks.com/download3155.html
You will need this program for folks in these forums to help you! Don't remove anything with this program unless you know what your doing or someone is helping you!
--------
The recommended AntiSpyware programs list:
http://spywarewarrior.com/asw-features.htm#rec
"Bad" Antispyware list:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
--------
As always, you can also contact me. If I have the time I will gladly try to help!
Last edited: