Spyware, Viruses and Their Removal
From Barbelith
If you have come here you have mostly likely been affected by adware, spyware, viruses or other hostile programs that are filling your screen with porn, crashing your machine and making your online life immensely frustrating.
This page is here to help you.
| Table of contents |
Firewalls
You should have a firewall active. If you don't already, get one. Firewalls close off certain ports that viruses use to attack your PC, and most will also inform you when a program is trying to 'dial out' unexpectedly, giving you the option of preventing unwanted connections.
Recommended: There are a wealth of various firewalls on the market, for a variety of prices, but for general home/small office use a free edition of a firewall will be more than sufficient. This is a list of some of the best free programs, with their respective links:
- ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?lid=dbtopnav_za) - An excellent firewall, and one of the easiest to setup/maintain. Problems have been reported with the ZoneAlarm Pro trial version, so ensure you just get the standard free ZoneAlarm.
- Kerio (http://www.kerio.com/us/kpf_download.html) - Keiro, like ZoneAlarm, is considered to be one of the better free firewalls available. Be aware that versions beyond 2.1.5 have become a little bloated with unnecessary extras.
- Sygate (http://smb.sygate.com/products/spf_standard.htm) - A good firewall, pretty much on par with Kerio and ZoneAlarm in terms of security, but widely considered to be harder to setup, and more complex to maintain.
Not Recommended: This section has been included to cover the likelihood that either you are considering purchasing one of the listed firewalls, or that your PC came loaded with one. Whilst the firewalls in this list will offer some protection, it is preferable to uninstall/deactive them and use one of the above:
- The XP built-in firewall (http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx) - Comes bundled with Windows XP. Fine for mild browsing, but if you are a visitor to crack/porn/warez/P2P sites then the XP firewall isn't secure enough.
- Norton (http://www.symantec.com/sabu/nis/npf/) - Usually comes bundled with the Norton Security Suite (incl. Virus killer, popup killer, etc.). Norton is not only a heavily bloated program, but an increasing number of viruses are being written specifically to bypass it.
- McAfee (http://us.mcafee.com/root/package.asp?pkgid=101&WWW_URL=www.mcafee.com/myapps/firewall/ov_firewall.asp) - Like Norton, McAfee usually comes as part of a Security Suite. It suffers from the same problems as Norton, and really should be avoided.
If you are unsure of whether your firewall is working properly, or giving you adequate protection, you can easily test it. There are a wealth of free online test-centres out there, but one of the best is Steve Gibson's own ShieldsUp! (https://www.grc.com/x/ne.dll?bh0bkyd2), which can test common and individual ports, together with a whole host of other diagnostics. Getting a green TruStealth result on his Common Ports test is a good indication that you are secure.
Getting Rid of What's There
Ok, you've got a firewall up and running, so the chance of reinfection is now considerably lower, but what about the software currently infecting you? Well, there are a lot of programs out there that can help, and we've compiled a list here of some of the better ones.
The programs are divided into three main catagories: Anti-Virus programs (which detect and clean virus infections), Anti-Malware (which will detect and clean malware/spyware/adware infections), and Resident Programs (which run in the background and prevent infection).
Anti-Virus
You should already have Anti-Virus software to detect and eliminate viruses, and most new PCs will come with a package already loaded. If you don't have Anti-Virus software, then you'll need to get some, and, like firewalls, there are a number of available programs on the market.
- Grisoft's AVG (http://free.grisoft.com/doc/2/lng/us/tpl/v5) - Free, and easily one of the best virus killers available. AVG is frequently updated, and highly recommended.
- AntiVir (http://www.free-av.com/) - Another free program. Frequently updated, but not quite as many functions as AVG.
- Norton (http://www.symantecstore.com/dr/sat5/ec_MAIN.Entry17c?CID=39910&SID=27674&SP=10007&PN=5&PID=641220&DSP=&CUR=840&PGRP=0&CACHE_ID=39910) - If you purchased a new PC then there is a chance it came loaded with this. Whilst it will perform adequately, the program is fairly bloated with extras, which may slow your PC down.
- McAfree (http://us.mcafee.com/root/landingpages/affLandPage.asp?affid=101&lpname=linkshare_vso&cid=5617&siteID=qBNKlhsBsB4-%2Aw0xEsLP%2FefXF640yl5gCQ) - If you purchased a new PC then there is a chance it came loaded with this. As with Norton, McAfree will offer moderate protection, but is bloated with extras which may slow your PC.
It is important to always make sure that your Anti-Virus software is up to date so that it catches the latest threats. Ideally, you should really check for updates once every few days, but at a bare minimum you should be updating the program once a week. Be aware that, like firewalls, you should only ever have one Anti-Virus package running at any one time to prevent conflicts.
Anti-Malware (incl. Spyware & Adware)
Anti-Malware software is designed to clean out those programs which have hijacked your PC. These programs include porn dialers, homepage hijackers, and advertising software. It is advisable to have most of these installed, and to run each of them periodically (about once a week is fine). Whilst there are many Anti-Malware programs available, those listed here have been tested extensively, and come highly recommended.
- AdAware (http://www.lavasoftusa.com/support/download/#free) - AdAware, together with SpyBot (see below), is one of the best, and most frequently updated, programs available. Highly recommended.
- SpyBot S&D (http://www.safer-networking.org/en/download/index.html) - Like AdAware, SpyBot is considered to be one of the two essential Anti-Malware programs available.
- BHO Demon (http://www.definitivesolutions.com/bhodemon.htm) - Relevant for IE only, BHO (Browser Helper Object) Demon is designed to show you which programs are installed and currently interruping your browsing. Note that this may include wanted software, such as download managers.
- CCleaner (http://www.ccleaner.com) - A powerful tool designed to cleanup your system files, cookies, and temporary internet files. Can also clean your registry.
- Cleanup! (http://www.stevengould.org/software/cleanup) - Cleanup! is another powerful tool for cleaning system files and temporary internet files. It often picks up some of the things that CCleaner misses.
- RegCleaner (http://www.tweaknow.com/RegCleaner.html) - Probably the single most easy to use, yet powerful registry cleaner. Automatically catagorises registry key types.
- CWS Shredder (http://www.intermute.com/spysubtract/cwshredder_download.html) - Designed specifically to detect and remove the common CoolWebSearch hijacker and its variants.
- Hijack This! (http://www.spywareinfo.com/~merijn/downloads.html) - One of the most powerful cleaning programs, but can be difficult to use if you aren't familiar with PC processes. Use only if you are experienced in the field of MalWare.
- Startup CPL (http://www.mlin.net/StartupCPL.shtml) - Not really anti-spyare as such, this program is nonetheless indespensible, giving as it does control over the programs that Windows loads during startup.
Resident Programs
These are programs which run in the background and either protect you against certain infections, or grant you control over them. Be aware that these are required only if you have IE (Internet Explorer) as your browser. As with the Anti-Malware software, there are many more resident programs available, but these have been tested extensively and are highly recommended.
- EMS Freesurfer (http://www.kolumbus.fi/eero.muhonen/FS/fs.htm) - The best free popup killer available. EMS Freesurfer will prevent website from opening new windows, and thus stop those annoying pop-up ads.
- CookieWall (http://www.analogx.com/contents/download/network/cookie.htm) - CookieWall will capture every cookie which tries to copy itself to your machine, then allow you to either allow them or kill them automatically.
- SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Frequently updated, SpywareBlaster maintains an extensive blacklist of certain websites and types of malware. It prevents unwanted software from ever being installed.
- Spywareguard (http://www.javacoolsoftware.com/spywareguard.html) - From the same group who wrote SpywareBlaster, SpywareGuard sits resident on your desktop and protects against browser hijacks and unauthorised access attemtps.
- XP-Antispy (http://www.xpantispy.org) - Doesn't prevent spyware as such, but has been written to specifically shut off certain code that XP runs and which is designed to monitor your PC activity under the pretense of providing improved customer service.
Nuke From Orbit
There are some problems that are either practically unfixable, or will take so much faffing around to fix that you might not want to bother. An alternative, but guaranteed successful, method is to simply format your entire hard drive, reinstall Windows, and start fresh. Whilst this sounds drastic, it has advantages besides simply removing all the viruses, spyware, and other unwanted nasties currently installed. Through ordinary use, Windows gets bogged down with a great deal of harmless, but often useless, coding. Old web cookies, temporary files, old fonts, redundant drivers, and the like all add up over the years to slow your PC to a crawl, and a reformat is often a better alternative to trying to clean everything manually.
The process for wiping out your PC is actually remarkably straight forward, and doesn't necessarily require any specialist knowledge. However, the golden rule here is 'backup, backup, backup'. If you have a second (or even a third for that matter) hard drive, then the best way to backup is to simply copy everything you need across to the other drive. If you don't have an alternative drive, then the next best option is to burn the data onto a CD/DVD. If you have both an extra drive and a CD/DVD burner, and want to be extra cautious with your data, then you could do both, but regardless of which method you choose it is advisable to double and triple check that you have a copy of everything you want to save. Some commonly missed/forgotten backups are any extra fonts you've added, old emails, and your internet bookmarks/links.
For the process itself, we suggest you read up on it beforehand. Or even better, print out a guide to formatting and reinstalling to work from as you go. One of the best sites for information on this subject is Windows Reinstall (http://www.windowsreinstall.com/).
Important:
- If you are reinstalling from a copy of Windows that has security holes - say you bought it a few years back and have been updating with patches continually since then - make sure you at least have a firewall installed before you go online. Saving the installer package for one of the packages listed above on a CD will allow you to do this. You'll quite frequently find it on PC magazine cover discs as well. XP has a built-in firewall; make sure to activate it if this is what you plan to use.
- Just as viruses and spyware programs are being written to exploit holes in the Windows security, so Microsoft writes and releases patches to plug those holes. A very common mistake when reinstalling Windows is that the user uses their CD of the program to reinstall, but forgets to then download all of the various security patches made available after the CD was released. It is therefor vitally important, once the system is up and running again, to visit Microsoft and obtain the latest security patches. The standard link for this service, usable only through IE, is here (http://windowsupdate.microsoft.com).
Alternatives
Internet - If you are using a Windows installation, and want to continue doing so, then it is at least recommended that you change your browser. A great proportion of the current internet threats rely on the similarity between IE (Internet Explorer) and Windows Explorer to be able to infect your machine. Easily the best alternative to IE is FireFox (http://www.mozilla.org/products/firefox/), which contains an inbuilt cookie manager and popup killer. Another alternative is Opera (http://www.opera.com/), which is similarly well written.
Email - If you are an Outlook user (shame on you), an excellent - and quite possibly the best - alternative is Thunderbird (http://www.mozilla.com/thunderbird). It looks and feels remarkably like Outlook, so you won't need to learn any new software, is massively more secure, has inbuilt spam filters, and can easily import all your current settings, emails, and address books.
System - However, if you're sick and tired of the whole business there's always the option of installing Linux, which does not have problems with viruses or malware. If you want to carry on using Windows software, you can install Linux onto one part of it and Windows onto another, then only go on the net using Linux...
...or you could buy a Mac.
More Information
Just as the internet is full of various threats, so it is almost as equally full of programs claiming to provide a cure-all solution to your problems. The programs listed here, with the obvious exception of those listed as 'not recommended', have been included as a result of long experience and testing, and, in the case of those listed in the Malware section, are fully compatible with each other.
However, there are times when you might want to hunt out other programs more suited to your needs, or want to find out if an unrecognised process is suspicious or not. In these instances, we advise a visit to the SpywareInfo Forums (http://forums.spywareinfo.com/). SpywareInfo is easily one of the greatest repositories of information and expertise on internet security currently available. The forums are free to register with, but even just searching through the site archives should answer any questions you may have.
If you are using Mac OS X
The above advice only applies to Windows. At the time of writing, there are no known viruses or spyware that affect OS X. You do not need a virus checker and it is in fact advisable not to install any of the products out there, which are known to have occasional conflicts with other applications.
OS X comes with a firewall that is switched on by default. You would be advised to leave it on as a precautionary measure unless it is causing problems with another application. You can examine the status of the firewall by going to System Preferences, selecting the Sharing preference pane and clicking on the Firewall tab.
Please note that while there are no viruses "in the wild" that affect OS X, security holes are occasionally discovered, and so you should make sure to use the Software Update feature to make absolutely certain that you are safe should one ever appear. You can set this to check automatically from the Software Update preference pane in System Preferences.
Security Holes in the Wild
There hasn't been any report (as of this writing) of exploits being implemented, but there are two areas of concern to be noted when using Mac OSX. There is an opportunity for downloaded content to launch malicious code when using Safari or utilizing 3rd party Widgets in 10.4.0. In the first case, make sure that the preference to open "safe" files after downloading is turned off. It is possible to create a web page script to download a file and launch it that you didn't intend. In the latter, it is possible to install a Widget that operates outside of its primary function if it is hacked.
Common sense will usually guide you from installing something you didn't personally download, but it's always good to take a moment before you decide to click "Agree" or "OK".
