Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

Getting Rid Of Malware, Step 1*

What do you do when your PC is displaying all the signs of having been infected, but your antivirus and anti-spyware scan reports come back clean?

This was the case for a fella who called me for advice recently. He had done things ‘right’ — and by that I mean he has a firewall, he keeps his antivirus definitions up to date, sick and he runs a couple of anti-spyware applications — but suspected his machine had been hacked anyway.

He couldn’t do things he was used to doing (like deleting a file) and his machine was “really slow.”
But according to his scanners, his machine is in perfect shape.

Tip of the day: If you should find yourself in a similar situation there are several steps you can take to help resolve your questions and (hopefully) fix your machine without taking the drastic step of wiping your hard drive, formatting, and reinstalling Windows.

The first step is to use a scanner that isn’t installed on your machine. Here’s two ways to do that: one, if your antivirus allows it (and most of them do these days), follow its instructions and make an antivirus recovery disk. This is a bootable disk that scans your system before Windows loads.

To use one, put it in your CD tray and restart your machine. A plain-text sentence will appear telling you to “press any key to boot from CD…” (if you don’t see this, click here.) When you see it, hit your spacebar or, well, any other key, and then follow the instructions. When it’s finished, remove the CD and restart your machine again.
[note: you may also use a properly prepared USB thumb drive. Click here to read my article on how to do that.]

A second method is to use an online scanner. I have a list, with links, of several good online scans on my Website, here. Quite a few of the online scanning tools will try to sell you their full application, but you’re under no obligation to buy. The big advantage to these two methods lies in the fact that they have not been compromised, or altered, and the files and scanners on your machine may be– the modification being done by the virus or hacker.

Another thing to do is scroll down to my “Today’s free link” and download HiJack This! Run it and dump the result into a .txt file (there’s instructions for this) and then register on one of the HiJack This! forums (there’s instructions for this too) and post your results there. Before too long, an expert anti-malwareologist [don’t bother looking: I just now made that word up] will have looked over the intricacies, and will post his analysis and instructions. These guys (and gals) are really, really good at what they do, and you can trust their answers.

Also run CheckDisk with the “r” “f” switches (this probably will require a reboot) to make sure the problem is not your hard drive.
Click on Start >Programs >Accessories >Command prompt. In the white-on-black window type “chkdsk /r /f” (no quotes, and be sure to include the spaces). You may be told that certain files are in use, and asked if you want to “schedule this at the next reboot Y/N?” Type in a “y” and restart your machine.

Hopefully these efforts will be rewarded with a rejuvenation of your machine, and you will be back in business again.  If not, you have my sympathy. You may have a rootkit and then your best solution is to re-format your hard drive and reinstall everything, or enlist the aid of a professional

Today’s free link: HijackThis™ is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs. HijackThis does not clean infections, but creates a report, or log file, with the results of the scan. A large community of users participates in online forums, where experts help interpret the scan results to clean up infected computers.

Copyright © 2007-8 Tech Paul. All rights reserved.jaanix post to jaanix

Share this post :

October 7, 2008 Posted by | advice, anti-spyware, antivirus, computers, file system, how to, PC, permissions, rootkits, security, software, tech, Windows | , , , , , , , , , , , , | 7 Comments

Is that anti-spyware program really spyware?

Over the 200+ articles I have written, I have tried to help educate people about the dangers we face in this era of ‘always-on’ Internet connections — such as hackers, cyber-criminals, phishing, and malware — and offered advice on how to get protected.
Yesterday, and continuing on into today, I have been assisting a client in trying to rid their machine of malware
(trojans, worms, etc.) infection and to do so short of wiping their drive and starting over. Folks, you do not want to let this stuff onto your machine. Part of this person’s problem was they were tricked into installing a rogue anti-spyware program.. which in fact infected their machine. So I have decided that I will re-post my article on such applications, in case you missed it the first time. Originally titled “25 years since the first virus”, it appeared 9/12/07–

Time marches on.. twenty five years ago a High School freshman wrote the first “true” virus, and distributed it to his friends (via floppy disk) as a practical joke. That the “Elk Cloner” virus was harmless, and the young man went on to become a heavyweight in the computing industry, allows us to bear him no ill will. If it hadn’t have been him, it would’ve been someone else; there were “experimental” viruses written before his.

Those of you who have been around for a while may remember the evolution of viruses: from a harmless prank to system destroyers to profit-centric spyware. Security experts generally agree to the important historical malware events as being as follows: Elk Cloner, 1982; Brain, 1986; Morris, 1988; Melissa, 1999; Love Bug, 2000 (aka ILOVEYOU); Code Red, 2001; Blaster, 2003; and Sasser, 2004. (For a much more complete history of viruses, worms, and trojans, click here.) (Today, we have the Storm worm in the news.)

Today, the business of keeping data and communications safe from viruses and other malware is a $38 billion dollar industry.. and growing. Yes, a lot has changed in twenty five years: I have gray in my hair now, for one.

Tip of the day: Beware of “rogue” anti-spyware programs. There is so much money to be made off of stealing corporate data, identities, and sending spam that the malware writers have created spyware that claims to prevent spyware. You think you’re installing a spyware remover, but you’re not. You are actually installing their malware.
Some claim to give you an anti-spyware scan for free, and they “discover” a critical infection (again bogus) which, if you buy the “Professional” version, they’ll clean up for you. Please, Dear Reader, never fall for this. The quality anti-spyware programs are well-known and are routinely rated and compared by reputable sources like PC World and PC Magazine and C/Net.
[Note: there is an excellent list of know rogue anti-spyware apps posted on Spyware Warrior.]

One such program is currently sending a few people my way for assistance, named Spy Shredder. There is plenty about this nasty on the Internet. Most reputable anti-spyware utilities will detect and remove this (see today’s free link as well) item. The people infected with it (who contacted me) had no protections except an antivirus, and it was kind of hard to feel sorry for them. There is no excuse, in this day and age, to not be running Internet Security programs. Full Internet Security Suites are easy to find that are free after rebate, after all.

For those of you looking here to find out how to remove Spy Shredder, I suggest you click on the word “anti-spyware” in my Tag Cloud, download and run the anti-spyware programs I have suggested in the “Today’s free links” area (always at the bottom of Tech-for Everyone articles), as well as today’s — do not try the manual removal methods found at other websites unless you’re a skilled and experienced Registry editor.

[Update 4/5/08: Bill Mullins has just posted a wonderful article on rogue anti-spyware programs which includes a list of known villians, and a tool useful for removing them (prevention is better, but..). http://billmullins.wordpress.com/2008/04/05/don%e2%80%99t-download-antispywaremaster-%e2%80%93-rogue-security-software/. I also recommend looking at his How Fake/Rogue Software Affects Real People]

Today’s free link: SpyCatcher Express from Tenebril. From website:

  • Allows novice PC users to remove aggressive spyware
  • Stops next-generation, mutating spyware
  • Blocks reinstallation of aggressive spyware
  • Removes spyware safely and automatically  
  • Copyright 2007 © Tech Paul, All Right Reserved

     

     

     

    Share this post :

    February 6, 2008 Posted by | advice, anti-spyware, computers, how to, PC, rootkits, security, tech, Windows | , , , , , , , , , , , , | 7 Comments