HOW TO CLEAN AN INFECTED COMPUTER
May 1, 2008
Cleaning an infected computer today has become harder than ever. To effectively clean your system you must first learn a little about what you are trying to get rid of and what tools you need to get the job done. I'm going to try to give you some of the background, followed by the basics of getting rid of these pests.
Today there are a variety of things that can infect your computer such as viruses, worms, trojans and spyware. I refer to all of them as parasites since that word seems to best describe them. I find it best to use a multi-pronged approach to fighting parasites, so I use several software programs to find and get rid of them. Hopefully, by giving you a little of the background, you will be able to learn what tools to use and when to use them so that you may clean your computer of these parasites.
Viruses were the first computer bugs, and anti-virus (AV) software was made specifically to detect and get rid of these. Worms are a little different than viruses, which is one reason why AV software has a harder time catching them. Finally came trojan horses, usually just called trojans. These are very different than both viruses and worms. They actually take advantage of the weaknesses that are inherent in AV software. For one, most trojans actually try to hide from being detected by AV software. They also work "smarter" by creating hidden copies of themselves so that when they do get detected and cleaned, they can re-infect the computer with the hidden copy right after the AV software cleans the original infection. Basically, trojans are AV software's worst nightmare simply because AV software wasn't designed to specifically go after this type of threat. Today, AV software is much better at detecting all types of parasites than before but they will need to be redesigned and start using multiple methods if they are ever going to be effective against all parasites.
Spyware isn't a new breed of parasite. It is simply a combination of various computer exploits and they utilize various combinations of scripts, trojans and worms. Currently they take advantage of trojans the most since they are harder to detect and clean properly. Anti-spyware (AS) software was created specifically for detecting and cleaning this type of parasite, so when it comes to trojans and some worms, AS software is much better equipped to fight these than the AV software is.
First, you will need to get some software programs to help you. The following programs are what I use personally. Not only do I trust them, but they are also free for personal use. The companies that provide the free software, also provide software that they sell for use in a commercial environment. Usually, the free versions are just as good but simply don't have as many of the extra features which make the commercial versions even more attractive to use.
CCleaner (crapCleaner... don't mean to offend but that what it's called), find it at www.ccleaner.com
After running this software for the last couple of years it seems solid and safe. It does all the things recommended below for cleanup and more.
Top in my list is AVG 8.0. Just released in its free form we are still in the testing but it looks excellent. Before you needed additional proactive spyware protection like SpywareBlaster. Looks like now AVG Anti-Virus has incorporated Anti-Spyware into the base AVG Component.
Lavasoft's Ad-Aware2007, you can find it at [www.lavasoftusa.com] You must select a download site like download.com.
SuperAntiSpyware, find it at [www.superantispyware.com] I have heard about this program for a while now and am just taking a more serious look at it. It may be an answer to some of the latest "Computer Extortion" parasites and hard to remove spyware.
SpywareBlaster, you can find it
at [ http://www.javacoolsoftware.com/downloads.html
] Update Freqently to stop new
bad guys. It does not run per-se. When you install it changes are made to your
registry which prevent the really bad spyware (activeX
spyware) from ever getting on your system. This seems to provide PROactive
protection by not letting the bad guys in in the first place. It also
stops most of the very bad REDIRECTIONS. Redirections are when you go to one
website and they redirect you to another site for advertising purposes. SpywareBlaster seems to
stop the worst of these redirections that download malware to your
Grisoft's AVG 8.0 Free!!! Find it at [free.grisoft.com] Has frequently found viruses that Norton, McAfee, and Avast (all up to date) have missed!!
First, you will want to download each of the above programs and then install them. After you install them, you MUST update them so you will have the latest protection. If you don't update these programs and you are infected with the latest parasites, you will not be able to effectively detect and clean them from your computer, so remember to update, update, update.
For normal operation now I recommend only CCleaner and AVG 8.0. These two provide excellent protection and cleaning.
First... Make sure you have the latest updates to Both the above. (Note: Safe Mode is optional. If you are seeing no problems and are only doing a normal scan every couple of weeks it is not necessary.) If you suspect a virus or trojan Shutdown and Start up in Safe Mode. This is done by pressing the F8 key after power up, right at the beginning of Windows Startup. After you see the first logo or hardware screens start pressing the F8 key a couple of times a second. You should get a screen that allows you to start in Safe Mode. This starts with very few drivers and no programs running in the background. It allows a more thorough cleanup and removal.
Run Windows Add/Remove (Normal Mode)
Open the Windows Control Panel and run the Add/Remove Programs applet. More and more many of todays spyware will place an Uninstall item in this list in order to look more like a real program. Browse through this list and remove suspicious items that you don't recognize.
Be aware that if you use AOL Instant Messenger, and lots of people do, you have probably installed 'Precision time' and/or ' Weather Bug'. These two are spyware bigtime! Ever notice the amount of popups after setting up AOL Instant Messenger. It probably put in Weather Bug. Some of us older geeks will remember a spyware application called 'Gator'. After it got a black eye it changed its name to Claria, then again now to GAIN which distributes Weather Bug. GAIN stands for 'Gator Advertising Information Network'. Please delete these programs from Add/Remove Programs.
Do a Disk cleanup with CCleaner
I use the defaults of all items checked with one exception. I uncheck cookies. There are good and bad cookies. Let AVG 8.0 remove the advertiser's spyware cookies and leave your good cookies alone. This little program does, in minutes, what used to take as much as an hour before. And it gets more junk off your computer. Do your really want to keep Windows program dump files??
Now Run The AVG 8.0 Program
Have it scan the whole system (Hard Drive) for Viruses and Spyware. Viruses and Trojans will probably be automatically removed but cookie type spyware will only show as warnings. After the scan finishes select the warnings tab at the top then "remove all unhealed infections" at the lower right. This will put them in the Vault and they should be removed later after you are sure you have not removed something a necessary program may need.
Runing the tests in Safe Mode if you are having problems
After starting in Safe Mode turn off System Restore. Sometimes parasites hide in the System Restore area. Turning it off will remove all system restore points. Click Start, rt. click My Computer, left click properties. Click System Restore tab at the top of the window then check "turn off system restore".
There are some really bad guys out there today. I call them "Computer
Extortion" because they take over your computer. They flood your screen with
advertisements for cleanup and spyware removal. Don't buy into it!!! Many
of them even change your Administrative mode to Guest mode making removal and
cleanup virtually impossible. Most of the time they replace your desktop
background with something ugly or unwanted. They then tell you if you want it
cleaned up "buy their program". Now its time for Safe Mode and some of the other
programs like SuperAntiSpyware and/or a special desktop restoration
program such as [Desktop
Hijack Fix 1.1].
These procedures should have cleaned most causes of infection that you will find. Yes I said MOST because there are some infections that are very hard to detect and remove. The really tough ones sometimes require a Format and Reload. Generally, if you have one of these, you will need the assistance of an expert to help you get rid of it while backing up and/or not destroying your personal data.
I recommend testing for parasites as often as you can, probably at least once a month if not more. The sooner you catch them, the less damage they can do to your computer, and the less chance of a hacker finding your sensitive information such as checking account info, passwords, etc.
Chris Mayer Owner: C&C Computers Hendersonville, NC