Got a virus/trojan or adware/spyware?

[MikeWarner]

What are these grotesque things?

• Virus - A computer program that can reproduce by changing other programs to include a copy of itself. It is a parasite program, needing another program to survive.
• Trojan - A trojan is a program that does something undocumented that the programmer intended, but that some users would not approve of if they knew about it. According to some people, a virus is a particular case of a Trojan, namely one which is able to spread to other programs. According to others, a virus that does not do any deliberate damage is not a Trojan. Finally, despite the definitions, many people use the term "Trojan" to refer only to *non-replicating* malware, so that the set of Trojans and the set of viruses are disjoint.
• Spyware - any software that covertly gathers information about a user while he/she navigates the Internet and transmits the information to an individual or company that uses it for marketing or other purposes; also called adware

How do they get on to your system?

• You may have opened an attachment from someone you don't know or even someone you do know which contains some executable code within it.
• There are flaws in one of the most major browsers out there known as Internet Explorer which hackers regularly exploit. It's vital to keep this up to date.
• You may have gone onto a P2P file sharing program and downloaded a file which looked legitimate but in fact contained executable code as well as music for example.

Viruses/Trojans - How to keep clean

• Don't open email attachments! This is the most common way that viruses and trojans are getting into users systems. If you don't know who the email is from it's simple. Do NOT open it. Also if you're not expecting an email off a friend especially with an attachment chances are they have got a virus and the virus has forwarded itself to you within the email from your friend.
• Be careful what you download and where it's from! Many of the large P2P networks are now full of viruses and trojans. If you're stupid enough to download stuff off there, then chances are you're stupid enough to get the virus trojan too. It's simple and easy. Just go out and buy your music,software,games, movies You'll be much safer in the long run! (Note to RIAA: you can pay me later )
• You should have a virus checker on your system at ALL times and keep it up to date and regularly scan There are now so many trojans and viruses out there it was inevitable that the software makers would have a huge market of innocent users to cash in on. There are lots and lots of virus scanners and trojan removers out there but which one is for you. That is not for me to decided and I won't sit down here and give my (possibly biased) personal opinion on each and every one of them but there is one virus scanner which stands out from the rest. Simply because it's a good free solution for those that don't want to spend the money on protecting themselves. This virus canner is AVG Anti-virus FREE EDITION. The definitions are updated on a daily basis and it's a good tool for helping you get rid of those nasty evil viruses
• Get a firewall There's no excuse if you don't have one of these. Don't believe all this hype about microsofts firewall as I guarentee things will still manage to slip throug your system. You need a custom-built solution that is regularly updated. Again like anti-virus programs there are loads of firewalls out there and it's up to you and do the research, read the reviews on the best out there. Again I'm just going to offer you the most popular free solution which is Zone Alarm. It's free and whilst the pro version is far better it'll again provide a first line of defence of things trying to get in. And also things that are are already in trying to get out.
• Just use your common sense You don't have to be a computer genius when browsing online. Don't go on silly sites which host warez, porn and other stuff as chances are they have viruses on their sites too. Just keep mainstream, enjoy the internet and have fun !

Spyware/Adware/Browser Hijackers
Now with spyware you need to take a different approach. You can follow the tips above but we also need to outline some other tips to keep yourself clean. The main way that these pesty things get into your system is via vulnrabilities in your browser. Their aim is to take your credit card details, log your keystrokes, take over your homepage, bombar you with popups.

Now a lot of people claim the cause of the huge rise in spyware is due to the flaws and vulnrabilities in internet explorer (IE). I myself have been using internet explorer for quite some time until about 6 months ago when I decided to migrate to another browser. The main reason for this was due to it's failure to follow standards and keep itself up to date. I wanted something new, fresh with new features and plugins. My answer was a great product released by the Mozilla foundation called Firefox. For me this is my favorite browser out right now. I just can't heap enough praise on it but I'm not going to bore you going on about it. I'm going to explain the security reasons why you should move away from IE and to an alternative browser and if you insist on carrying on to use IE then how to make it a little more secure.

The great browser war
Do you want to carry on using IE but make it a little more secure?
Go here and take a look at the great tutorial on how to beef up IEs security settings. The problem with IE is most of the security settings are disable by default and your average joe bloggs who knows little about computers is not going to know anything about tweaking software settings, let alone care about it. So what we need to do is heighten the security of it. Follow the instructions in the tutorial and you should be just a little bit more secure. However due to the regular exploits being discovered in IE and windows almost every month, unless Microsoft starts upgrading its software and adding functionality and more security then you're just going to be at constant risk if you don't update your security settings.

Also another important point to tweaking your security settings is to update your windows as often as possible. There's an option to enable auto-updated but I do it manually every day when I get on just to be safe. To go to windows update navigate to your start menu and go to 'Programs > Windows Update'. (It's in the first, far left column almost right at the top)

Want to move away from IE and step into the light?
The alternative browsers that are around right now are superb. We have new features, plugins, skins and lots more. There's several right now but two which stand out for me are:

• Firefox - This browser is my favorite. Yes I'm biased, yes I love it and yes I will stand by it besides anybody elses genuine arguements against it It follows web standards, is upgraded regularly, has plugins, skins and renders pages much quickly compared to IE. Oh hold on. I forgot. It's FREE!
• Opera - Another great browser. I've used it once and it worked quite nicely. A lot of people rave about this browser also just like they do about firefox. I'll leave that one up to you The only obvious disadvantage is you have to pay a fee to remove a little ad banner in the top of the browser. But saying that after using it for a couple of weeks it's no inconvenience of annoyance at all and it's definately worth giving a go!

You've got spyware already huh?
Ok well there are literaly hundreds of spyware/adware removers out there. Some are free, some are paid. Just be careful of what you're using and if you're reading reviews of them make sure they are coming from an unbiased source.

Freebies:
Ad-Aware - Probably the most popular free one out. They update their definitions on a regular basis and have an active community base for trying to resolve problems.
Spybot, Search & Destroy - Another hugely popular free one. I will warn you now though I've been using it for about 2 months and they haven't updated the definitions once. It's good and will clean up quite a lot of the clutter on your system and also prevent it from ever getting on your system but unless it keeps up to date with the latest spyware technologies it'll be of little use in the next year or so.

Paid or Free Trial:
SpySweeper - This one only recently came into my light but boy oh boy it does the job. It can run in the background, protect your memory and monitor cookies. Also it regularly updates its definitions and the scan finds a lot of stuff which the others will not.
PestPatrol - This one's great too. Ignore the horrific interface and navigation. It does the trick and finds so much horrible things on your PC. I've found all sorts from decompilers to tracking cookies. It's a great tool to have.

Still got spyware in IE?
Ok well this is not a foolproof method and you will need help unless you're a genius and can follow the jargon presented in the range of tutorials for this software. It's called HijackThis and was developed by a programmer not too long ago. It basically list the component parts of the registry used by legitimate programmers and also hijackers. It'll produce a log but I must urge you do not do anything with this program other than look at it unless you know what you're doing. I will not be held responsible if you use this program and end up with a mucked up PC. Now what I do reccomend you do is just generate your log file and pop on over to ComputerCops and they have a dedicated forum where users can post their HijackThis logs and have an expert analyse it and tell you what to edit/delete. Yet again I must stress this is something which should be done only if you know what you're doing and the people over at ComputerCops and myself cannot be held responsible for any accidental damage to your computer that you may cause.

That's about it
I hope you enjoyed reading the article and if you have any further resources which you reccomend then send me a private message with the link and I'll think about adding it to the list. Please only reccomend the software if you have personal experience with it.

Copyright/Disclaimer
This tutorial was written by Dean Clatworthy and is copyrighted material. It may not be posted on any forum or website without my written consent. If you wish to post this on your website then please contact me and I'll let you know if you can use it. Anyone found re-distributing, translating or modifying this article without permission will be reported to their appropriate host and internet service provider.

Also I will not be held responsible for any damaged caused to your PC as a result of information provided in this article. All software, changes to your sytem you do at your own risk.

[MikeWarner]

Thanks to Dean for allowing me to post this here.

[cavweb]

Nice guide but it fails to mention the excellent Spyware Blaster which imunises your machine from spyware from even installing itself in the first place:

http://www.javacoolsoftware.com/spywareblaster.html

Also the anti-spyware beta from Microsoft does a very good job of removing spyware and when running it alerts you if anything suspicious is trying to add itself to the registry:

http://www.microsoft.com/athome/secu...e/default.mspx

[Mike]

Also misses worms.. amazing the number of hits I get on my firewall every day.
Definitly becoming a heavy hitter.

[andrew_lumb]

i run a router for my internet/network at home, and it also acts as a hardware firewall..
i also have avg free edition on my pc, and i do a scan maybe once a week at most, and it NEVER picks anything up..
plus i think it helps that i am sensible with regard to what i open in emails, and what sites i visit

[JoeyB]

eWido is the new Antispyware program on the block....and i must say its the best we've used yet. Microsofts program is a close second. A combination of the 2 always seems to clear customer PC's

[Novartic_]

AVG Anti Virus is a free and good anti-virus software program, you can download this off the internet via download.com. You must regally download the updates though every week to keep it up to date and secure against viruses.

[alex1981]

AVG is naff. Lots of PCs come into me with AVG on it that are infected. The Microsoft one seems to do the best job at the moment. Although everyone is missing a huge point....these removal programs are best run in safe mode...thats the trick to getting rid of them really.

[Novartic_]

well mines fine, iv had loads of viruses on my pc and i always get them off. Its just that people dont bother to update it or scan there pc every week. I do mine when im at work or college. Iv just done one persons pc for them, a new one that is and 2 weeks later its full of viruses, now dont ask me why but when i went to scan the pc i notest the **** hadent updated anything on there even tho i told him about 100 times to update it every week and update everything once iv gone. Did he? well bugger all he did, thats why i got anouther £50 off him sorting it out for 2 dam hours. Norton is good to, everyone says thats rubish. Yet again they dont update it. There are at least 3 or 2 updates a week for AVG and Norton.

[alex1981]

well mines fine, iv had loads of viruses on my pc and i always get them off

If yours was fine, and your protection was sufficient, the viruses wouldnt get on your PC in the first place, nevermind! Is it AVG you use then?

[JoeyB]

AVG is naff. Lots of PCs come into me with AVG on it that are infected. The Microsoft one seems to do the best job at the moment. Although everyone is missing a huge point....these removal programs are best run in safe mode...thats the trick to getting rid of them really.

eWido has removed countless items that the Microsoft program wouldnt. Also, as well as safe mode....stop the explorer.exe before you run the scan aswell....

[sbd16vastra]

**** all that just lost me

[mystery machine]

wow it moniters so much i didnt know about, i'll be spending the $19.99 on the full version when the trial expires, its proper good. nice thread mike.

[rodgerq]

i use norton and a few good adware/spyware checkers inc spybot and now that ms one. also use a program called hijack this which shows all processes and allows you to get rid of ones you dont want/need.

rodgerq

[alex1981]

If anyone does have spyware on there PC, and get get rid of it, feel free to post their Hijack log (best in a new thread) and I will go through it for you.

As for Ewido....absolutely fantastic. Did a job that the others couldnt do by themselves. Although very often is the case is that you have to use various programs together. Depending on the spyware that you have, there may be a specific fix tool to get rid of it. So it is often a good idea to have a search on the net and see what other people have done to get rid of it. There is also a handy program located http://www.greyknight17.com/spy/KillBox.exe which can end processes better than a lot of the others do, which has come in handy a few times.

[Holiok]

thanks

[alex1981]

Umm can a mod delete the last post unless you think having a sticky endorsing pirate software is a good idea!

[MSG]

I don't have any anti-virus protection, my computer is riddled with viruses, adwares, spywheres, and all the crawling and creepy creatures, bitting me here and there, but now everytime I want to try and down load a free vesion of any anti-virus software these creatur4es block it from downloading it !

So they have now developed total immunity, and nothing works as far as anti-virus is concerened, so I just let these bugs do what they want...my blood, and money! but they aren't getting any of that as not only I am anemeic and also scint. Lol

[alex1981]

MSG - run into safe mode with networking support - more chance of downloading a spyware removal packages etc than in normal mode if you are having problems. You could also try downloading it from a different computer and putting it on a disk.

Regards

Alex

[MSG]

cheers mate, I will try that.

[JoeyB]

I came across this the other day

SDFIX

Run it and it will extract to the root of C:\

Reboot into Safe Mode and run C:\SDFix\RunThis.cmd

Awesome little program. When it prompts you to reboot, do so normally...no need to go back into Safe Mode. It will then carry on and give you a log file stating what it found and what it did with it. I used this the other day where ewido and all others couldnt remove a nasty exe file in the TEMP directory. This program owned it and another 5 viruses previous undetected.

Well worth a try.

[Jack]

MIG Peformance PC Repair?

Anyway, that's beside the point. In my experience I've found AVG and Spybot to be about all you need to completely clean a PC of nastiness. AVG in particular is fantastic considering it's free, very easy on the resources and doesn't infect every corner of your PC like Norton.

[JoeyB]

AVG took over ewido. So yes, now it has a good antispyware application.

[MSG]

Hope Jack can help me here. Right Jack I hope you listening, I checked the other thread by Candy Apple, http://www.migweb.co.uk/forums/elect...nti-virus.html and from there I took some advise and followed your reccomendation that AVG is a good anti-virus and for free, so I installed the free version on my computer (ME)

Now I ran the AVG scan, and after scanning almost 90,000 files it found 25 trojans and then it said it has fixed all but 3 which it can't fix due to corrupted files.

so what happens to these 3 files?

second question:

Intersrtingly I ran AVG the second time after I had been on the internet, visiting Mig and some other sites, I ran the scan again and it found 14 trojans this time, and after a complete scan, which took almost an hour, it came back with 14 infected files and it said that it has repaired the 11 of the 14 and 3 it couldn't fix.

I then switched my computer off and restarted it and without opening any programmes or files, I double clickied on AVG to scan again, and I was not expecting that it should fi9nd any infeceted filoes other than the 3, but I was surprised that it found the same 14 infected files again, I thought it was going to mend these 14 files then not detect them again as infected files, as I thought thye programme (AVG) removes these infected files or destroys them , but it finds them again and again, so what is happening there mate?

I will appreciate your input or anyone else who may have an idea. thanks

[Jack]

Taking a wild stab in the dark...

The three files that it can't remove are in use while it is trying to remove them (ie. currently running in the background), and as soon as AVG removes the trojans, the three that are running are re-creating the rest.

A lot of the time there will be a few instances of the same virus, and they will just keep copying themselves around to avoid being removed.