Wednesday, December 13, 2006

http://docs.google.com/View?docid=ddh9xk76_14ck4xk3


How to rid your PC of a nasty spyware infection


Introduction


Most everyone is familiar with computer viruses. Periodically, there are headlines in the newspapers about some new computer virus that manages to cripple major computer systems. There are widely-used anti-virus packages that are heavily advertised to fend these off. Microsloth routinely issues patches to their Windows operating systems to cover vulnerabilities that they didn't think about while creating their systems.


Well, viruses aren't the only software pests out there. Spyware or adware are also infecting computers. Collectively, viruses., adware, and spyware are termed "malware." They can slow or cripple a computer also. Unfortunately there is no single software package in existence that eliminates all malware. In my experience, the major "antivirus" packages (McAfee, Norton Anti-Virus, others) routinely miss most of the pests afflicting a typical PC.


Personally, I run an anti-virus scan about once a week, and periodically also run three other anti-malware scans. Overkill? Definitely not; each package routinely ferrets out pests that the other three packages have missed. Sigh. Someone will get rich by figuring out a way to cover the whole waterfront with a single software package. Call it MasterFerret, maybe.


Some symptoms of malware infections:


atrociously slow performance

inability to run certain browsers

inability to navigate to specific web sites

inability to download, install, or run anti-malware packages



That last symptom deserves special mention. The malicious, ugly people who create malware are bright enough to try to prevent the removal of the pests. The quickest way, in my experience, to tell if malware is running on a PC is to try to download and install Yahoo Toolbar (which is packaged with an excellent anti-spy program). Since this step is both diagnostic of an infection, and possibly curative, it's really the first step in addressing this problem for any PC that is acting up.



Suggested steps for diagnosis and removal of malware



1. Try Yahoo Anti-Spy

Yahoo Anti-Spy is packaged in Yahoo Toolbar. The toolbar gets integrated with either

Internet Explorer, or Firefox. You cannot intall it into Netscape or Opera or any of those

others. So, using either IE or Firefox, go to


http://toolbar.yahoo.com/


And download Yahoo! Toolbar with Anti-Spy. Once it's installed, you should see the toolbar

with an orange square, with a bull's eye target. Click that, let it update itself, and let it do it's

thing. If this goes smoothly, you probably didn't have any particularly bad pests. You may

still want to download and install a couple of anti-malware packages as backup.


If this process does not go smoothly (can't navigate to that site, can't install, can't find the

toolbar on the browser, or the anti-spy program won't run), then you almost certainly have an

infection that you definitely want to remove. Proceed with the other steps below.



2. Try AdAware SE, personal edition


This may also be blocked, but we should try it. This package is free for personal, home

users. Go to


http://www.lavasoft.com/support/download/


Then download, install, and run. This doesn't work either? Go to the next step. You may

want to go to the next step anyway, to install extra protection for your PC.



3. Try SpyBot-Search&Destroy


This package deserves some commentary. I've personally had great results with this

package. However, I've run into a couple of people who say it harmed their computer when

it attempted pest removal. Use at your own risk. SpyBotSD can immunize your PC against

future infections. The site also hosts FileAlyzer, a nifty geek-tool for looking into the guts of

files you may be curious about. Go to:


http://www.safer-networking.org/en/download/


Again, download, install, and let it do it's thing. This package is a little peculiar to use.

When you start it up, you'll typically first want to have it update itself, then immunize the pc,

then run a scan. These steps run from clicks on the left side of the program's box, from

bottom to top.



4. Try Bit-Defender


This package gets great reviews. Parts of it, I quite like. Other parts, I detest. It won't let you

just install the package and let you run periodically by clicking an icon. Instead, it sets itself

up to load at every boot. I prefer to run scans on MY schedule, and not have background

tasks running constantly (if I can avoid them). BitDefender really doesn't let you work it this

way.


I've had some trouble with BitDefender grinding to a halt when scanning very large drives.

Still, it seems to do a good job of finding pests and eliminating them. Go to


http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html



5. Other approaches


This is where you really start pulling out your hair. Maybe you haven't been able to download

any of the above packages. Maybe some pest refuses to be removed by them. I have

some general suggestions that might help:


Remove auto-loading programs from the boot sequence.

Many malware programs install themselves to be loaded at every system boot. Often, they'll

appear in the list of boot prgrams that Windows will show you when you go to to the Start

button, select Run, and type "msconfig"


Here, you select "Selective startup" and de-select "Load startup group items." Then

reboot...you'll notice a faster and cleaner boot to the desktop, without all the initial tasks

starting up. Hopefully, in this state, you can install one of the above packages and run it,

without the effort being thwarted by malware that was loading itself before you could take

action against it.



Even if the malware is prevented from loading as a startup program, it may be initiated by

running the Windows shell, explorer.exe, or by starting up the browser. Booting into Safe

Mode, Command Prompt Only may permit you to install and/or run one of these removal

tools.



Download removal tools using command-prompt FTP.exe

Maybe you haven't been able to download any of these packages because the malware just

won't let you use a browser. Nobody seems to use this any more, but the windows OS will

let you download programs on the FTP protocol without using a browser at all. The

command-line program FTP.exe is not for the faint of heart. The syntax of its use is arcane.

It is not user-friendly. Also, I can't at the moment give a URL for any package to be

downloaded by FTP. But if you can find an FTP download site with suitable software, this

might just save your butt.



Hack an installation of Yahoo Anti-Spy without the rest of the toolbar.

Yahoo doesn't let you do this easily. Turns out that while Yahoo Anti-Spy only installs as part

of Yahoo Toolbar, once it's installed onto the PC, it can be run without starting up any

browser. The actual program is ypsr.exe, and it's typically installed to

c:program filesYahoo!YPSR


In a typical Toolbar installation there will be somewhere on the hard drive a setup program

file for YPSR with a name like "ypsr_dat_06.01.17_setup_.exe". If you can find this file, or

acquire someone's, you may be able to install Anti-Spy without the rest of the Toolbar.

Running this while in Safe Mode--Command Prompt Only may accomplish the task at hand.


This bare Yahoo Anti-Spy installation does NOT result in any icon or shortcut that you can

click on. You have to manually navigate to c:program filesYahoo!YPSR and then double-

click on ypsr.exe. If it's gotten installed somewhere else, you can do a file search for

ypsr.exe. You may want to right-click on ypsr.exe to create a shortcut that you can drag to

the desktop.


If all the above has failed to solve your problem, it's time to actually shell out some cash to

pay a professional.



Maintenance Procedure


Run an anti-viral package plus a couple of these anti-spy packages regularly. How often? Depends on how much web browsing you do, how many software programs you install from dubious sources, how many porn sites you visit, how much copyright-covered material you try to obtain. Once a week is reasonable.


Personally, I disable all and any of these nifty programs from loading as a startup item on system boot. The reason for this is that nothing seems to slow computer performance as much as having anti-virus/anti-malware software running constantly in the background. The fastest PC cheetah will turn into a sloth if sufficient startup software is permitted to run.


Instead, I set up a schedule of scans to be initiated automatically at times when I don't need to be using the PC. The scans get run, pests are found and eliminated, and I'm not kept waiting for these tasks to happen. The particular packages I run are Norton Anti-Virus, Yahoo Anti-Spy, Ad-Aware SE, and SpyBotS&D. Go to "My Computer" and then select "Scheduled Tasks" to schedule these.


Steve

SteveMDFP4@yahoo.com



This document on the Web: http://docs.google.com/View?docid=ddh9xk76_14ck4xk3


No comments: