HOW TO CLEAN AN INFECTED COMPUTER
May 1, 2008
Cleaning an infected computer today has become harder than ever. To
effectively clean your system you must first learn a little about what
you are trying to get rid of and what tools you need to get the job
done. I'm going to try to give you some of the background, followed by
the basics of getting rid of these pests.
Today there are a variety of things that can infect your computer such
as viruses, worms, trojans and spyware. I refer to all of them as
parasites since that word seems to best describe them. I find it best
to use a multi-pronged approach to fighting parasites, so I use several
software programs to find and get rid of them. Hopefully, by giving you
a little of the background, you will be able to learn what tools to use
and when to use them so that you may clean your computer of these
parasites.
Viruses were the first computer bugs, and anti-virus (AV) software was
made specifically to detect and get rid of these. Worms are a little
different than viruses, which is one reason why AV software has a
harder time catching them. Finally came trojan horses, usually just
called trojans. These are very different than both viruses and worms.
They actually take advantage of the weaknesses that are inherent in AV
software. For one, most trojans actually try to hide from being
detected by AV software. They also work "smarter" by creating hidden
copies of themselves so that when they do get detected and cleaned,
they can re-infect the computer with the hidden copy right after the AV
software cleans the original infection. Basically, trojans are AV
software's worst nightmare simply because AV software wasn't designed
to specifically go after this type of threat. Today, AV software is
much better at detecting all types of parasites than before but they
will need to be redesigned and start using multiple methods if they are
ever going to be effective against all parasites.
Spyware isn't a new breed of parasite. It is simply a combination of
various computer exploits and they utilize various combinations of
scripts, trojans and worms. Currently they take advantage of trojans
the most since they are harder to detect and clean properly.
Anti-spyware (AS) software was created specifically for detecting and
cleaning this type of parasite, so when it comes to trojans and some
worms, AS software is much better equipped to fight these than the AV
software is.
First, you will need to get some software programs to help you. The
following programs are what I use personally. Not only do I trust them,
but they are also free for personal use. The companies that provide the
free software, also provide software that they sell for use in a
commercial environment. Usually, the free versions are just as good but
simply don't have as many of the extra features which make the
commercial versions even more attractive to use.
Cleanup Software
CCleaner (crapCleaner... don't
mean to offend but that what it's called), find it at www.ccleaner.com
After running this software for the last couple of years it seems
solid and safe. It does all the things recommended below for cleanup
and more.
Anti-Spyware Software
Top in my list is AVG 8.0. Just released in its free form we are still in the testing but it looks excellent. Before you needed additional proactive spyware protection like SpywareBlaster. Looks like now AVG Anti-Virus has incorporated Anti-Spyware into the base AVG Component.
Lavasoft's Ad-Aware2007, you can find it at [www.lavasoftusa.com] You must select a download site like download.com.
SuperAntiSpyware, find it at [www.superantispyware.com] I have heard about this program for a while now and am just taking a more serious look at it. It may be an answer to some of the latest "Computer Extortion" parasites and hard to remove spyware.
SpywareBlaster, you can find it
at [ http://www.javacoolsoftware.com/downloads.html
] Update Freqently to stop new
bad guys. It does not run per-se. When you install it changes are made to your
registry which prevent the really bad spyware (activeX
spyware) from ever getting on your system. This seems to provide PROactive
protection by not letting the bad guys in in the first place. It also
stops most of the very bad REDIRECTIONS. Redirections are when you go to one
website and they redirect you to another site for advertising purposes. SpywareBlaster seems to
stop the worst of these redirections that download malware to your
system.
Anti-Virus Software
Grisoft's AVG 8.0 Free!!! Find it at [free.grisoft.com]
Has frequently found viruses that
Norton, McAfee, and Avast (all up to date) have missed!!
First, you will want to download each of the above programs and then install
them. After you install them, you MUST update them so you will have the latest
protection. If you don't update these programs and you are infected with
the latest parasites, you will not be able to effectively detect and
clean them from your computer, so remember to update, update, update.
For normal operation now I recommend only CCleaner and AVG 8.0. These two
provide excellent protection and cleaning.
First... Make sure you have the latest updates to Both the above. (Note: Safe Mode is optional. If you are seeing no problems and are only doing a normal scan every couple of weeks it is not necessary.) If you suspect a virus or trojan Shutdown and Start up in Safe Mode. This is done by pressing the F8 key after power up, right at the beginning of Windows Startup. After you see the first logo or hardware screens start pressing the F8 key a couple of times a second. You should get a screen that allows you to start in Safe Mode. This starts with very few drivers and no programs running in the background. It allows a more thorough cleanup and removal.
Run Windows Add/Remove (Normal Mode)
Open the Windows Control Panel and run the Add/Remove Programs applet.
More and more many of todays spyware will place an Uninstall item in
this list in order to look more like a real program. Browse through
this list and remove suspicious items that you don't recognize.
Be aware that if you use AOL Instant
Messenger, and lots of people do, you have probably installed
'Precision time' and/or ' Weather Bug'. These two are spyware
bigtime! Ever notice the amount of popups after setting up AOL
Instant Messenger. It probably put in Weather Bug. Some of us older
geeks will remember a spyware application called 'Gator'. After it got
a black eye it changed its name to Claria, then again now to GAIN which
distributes Weather Bug. GAIN stands for 'Gator Advertising Information
Network'. Please delete these programs from Add/Remove Programs.
Do a Disk cleanup with CCleaner
I use the defaults of all items
checked with one exception. I uncheck cookies. There are good and
bad cookies. Let AVG 8.0 remove the advertiser's spyware cookies and leave your
good cookies alone. This little program does, in minutes, what used to take as much as an hour before. And it gets
more junk off your computer. Do your really want to keep Windows
program dump files??
Now Run The AVG 8.0 Program
Have it scan the whole system (Hard Drive) for Viruses and Spyware. Viruses and
Trojans will probably be automatically removed but cookie type spyware will
only show as warnings. After the scan finishes select the warnings tab at
the top then "remove all unhealed infections" at the lower right. This will put
them in the Vault and they should be removed later after you are sure you have
not removed something a necessary program may need.
Runing the tests in Safe Mode if you are having problems
After starting in Safe Mode turn off System Restore. Sometimes parasites hide in the System Restore area. Turning it off will remove all system restore points. Click Start, rt. click My Computer, left click properties. Click System Restore tab at the top of the window then check "turn off system restore".
There are some really bad guys out there today. I call them "Computer
Extortion" because they take over your computer. They flood your screen with
advertisements for cleanup and spyware removal. Don't buy into it!!! Many
of them even change your Administrative mode to Guest mode making removal and
cleanup virtually impossible. Most of the time they replace your desktop
background with something ugly or unwanted. They then tell you if you want it
cleaned up "buy their program". Now its time for Safe Mode and some of the other
programs like SuperAntiSpyware and/or a special desktop restoration
program such as [Desktop
Hijack Fix 1.1].
These procedures should have cleaned most causes of infection that
you will find. Yes I said MOST because there are some infections that
are very hard to detect and remove. The really tough ones sometimes require a
Format and Reload. Generally, if you have one of these, you will need the
assistance of an expert to help you get rid of it while backing up and/or not destroying your
personal data.
I recommend testing for parasites as often as you can, probably at
least once a month if not more. The sooner you catch them, the less
damage they can do to your computer, and the less chance of a hacker
finding your sensitive information such as checking account info,
passwords, etc.
Chris Mayer Owner:
C&C
Computers Hendersonville, NC