|
| |
Anti-Spyware / Anti-Virus Suggestions |
The following
suggestions have evolved over a few years, and are based on real experience of clearing
infected PCs, attempts to formulate procedures which prevent infection, and reviewing
excellent advice from many others in similar situations. It'll never be complete!
Every day, new threats arise, or new tools are available, or some established tools are
improved significantly or have become out-of-date.
I'm using the term Spyware in a "general" sense - covering Trojans, Worms,
Keyloggers, etc.
And if you run a 'net search seeking anti-spyware tools, it's likely that the majority of
the resulting tools are ACTUALLY Spyware. They'll masquerade as Clean-up tools, etc, and
they may even remove some Spyware, but they'll infect your system in the process... For
super info on this matter, review the Spyware-Warrior site.
The suggestions are geared towards users of stand-alone PCs, or PC usage in small
organisations. They also assume these PCs are running under Windows/DOS. These notes are
very brief - seek assistance from your IT support folks, as needed. You'll observe that
it's usually adequate to have just ONE Anti-Virus product running. However, no single
Anti-Spyware product addresses all infections, and you'll need to use perhaps 3 or 4 or 5
products to clear out an infected PC, and/or prevent Spyware infections. With many of the
products listed below, you'll probably need to check all the configuration options, and
you may need to activate some of the more "aggressive" ones.
Some products conflict with others. Frequently, multiple Anti-Virus products will not
tolerate each other, and, indeed, their web-sites usually advise you about this. In some
tests, I had very major problems trying to run "Protector Plus 2000" and
"AVG" in the same system. My tests indicated that PP was very upset, and caused
serious random re-boots. But, I did not run exhaustive tests to establish who disliked
whom. I've run NAV and AVG in the same system, with no issue whatsoever - apart, perhaps,
from wasted CPU cycles!
Many of the recommended products are free. Some are free for personal use, and chargeable
for commercial use. You must establish (and meet) the terms which apply to your intended
use of each product.
Some other interesting sites have excellent info on many of the products and procedures
listed below, and indeed on a few products which I've never used. Similarly, I've listed a
few products below which are not mentioned on the other sites:
- CoU (Calendar-of-Updates)
- ASAP (Alliance of Security
Analysis Professionals)
- Arjan
- SomebodyHelpMe
- DefendingYourMachine
(Jim Byrd)
- BleepingComputer
- TechSupportAlert
- Sponge's Security Solutions!
- Wng_z3r0
- SpywareData
- MalwareHelp
- JS Technology
- MalWare-Removal (including Nick's Computer Security blog)
- A-V comparisons
- www.Virus.GR
- Malware Test
If any of the links below don't work for you, you might try MajorGeeks - most products are available there also,
as are updates to Anti-Virus definition files, etc.
I welcome feedback.
Last update: Aug, 2006. |
|
The following products are referenced later, and are recommended:
|
General
Cleanup: |
| |
Crap-Cleaner |
Excellent and very popular utility. |
| |
CleanUp |
New Product. Well supported, highly
recommended. |
| |
JV16 PowerTools |
Highly recommended set of utilities
from Juoni Vuorio. There's an older free build (v. 1.3.0.195) of these tools here, here, here
or here. There's a
free build of his RegCleaner product here. |
| |
RegSeeker |
Highly recommended set of tools;
free for personal use. |
| |
EasyCleaner |
Recommended, but don't activate
options unless you're aware of the consequences. |
| |
Spyware
Removal/Prevention: |
| |
Ad-Aware SE Personal |
Very Highly Recommended. Definitions
should be updated prior to each Run. "Ad-Watch" available for background
monitoring. Must be run manually, as needed, or scheduled. After installing, you should
review the "options", and activate any which might be beneficial. The Lavasoft
website may also have "Add-Ons". Check these (especially this one), and
install any that seem appropriate. |
| |
SpyBot |
Very Highly Recommended. Definitions
should be updated prior to each Run. Background "watcher" available. Full scans
must be run manually, as required, or scheduled. |
| |
MS
Anti-Spyware |
Runs only under Win-2000/XP. Not
Win98. Was initially highly recommended, but ... that was initially!! It's now slated to
be excessively tolerant of some products - MS does not flag them as Spyware, whereas other
Anti-Spyware tools do. Currently free. Includes background monitor. Either activate the
option to automatically download the latest definitions, or manually check for any updates
frequently. |
| |
CounterSpy |
Very highly recommended in recent
tests (2005. 2006). Does run on Win98SE, etc. 15-day Trial period, and then costs about 20
USD per Client per year. Slated to be extremely similar to the MS-AS product, because it's
supposed to use the same internal "engine" (but it may be better; it runs on
W98, etc; and it's not free!). The scanner is fast. |
| |
CWShredder |
Old link,
and newer link.
Designed to remove a specific family of Spyware (CoolWebSearch); check for program updates
before running it. Also, if CWShredder seems to ignore a request to run it, you might need
to run a supplementary tool
(some notes here). |
| |
HomeSearch |
Similar to CWS, focuses on specific
Hijacks. |
| |
ADSSpy |
"A tool to List, View or Delete
Alternate Data Streams (ADS) on Windows 2000/XP with NTFS file systems" |
| |
Repairs
after Spyware Removal: |
| |
LSPFix |
"Repairs Winsock 2 settings,
caused by buggy or improperly-removed Internet software, that result in loss of Internet
access" |
| |
Winsock2 Fix |
Similar to LSPFix, Win 98/98SE/ME. |
| |
XP-TCP-Repair |
|
| |
Virus
Removal/Prevention: (It's probably adequate to choose just 1 from NAV, AVG, McAfee,
NOD32, or Others) |
| |
Norton AntiVirus |
Very Highly Recommended. Chargeable.
Later versions and builds (eg, NAV-2005) include additional Firewall facilities,
"Parental Control" lists, etc. If you cannot run the "Live-Update"
option, you should retrieve and install the most recent "Definitions" file
regularly - perhaps from MajorGeeks. NAV should be carefully "tuned": Eg: use
Smartscan in the background normally; scan ALL files when a manual scan is activated;
don't scan emails; etc (IMO!). |
| |
AVG |
Highly recommended. Some versions
are free for personal use. Ensure definitions are updated very frequently. |
| |
McAfee AntiVirus |
Highly recommended, though I don't
use it. Ensure definitions are updated very frequently. A brief effort to boot a highly
infected PC from CD didn't succeed, even after much wandering around the website. |
| |
NOD32 |
Highly recommended by many. |
| |
(Others) |
Eg, Sophos, Avast, AntiVir, CA eTrust, etc... |
| |
Kill2Me |
Removes "Look2Me". |
| |
Stinger |
Highly recommended. Free. Anti-Virus
tool from McAfee. Handles (removes) about 50 viruses only, but these are very nasty ones!
Download the latest version before running it. |
| |
Removal
Verification: |
| |
ShieldsUp! (etc) |
Steve Gibson's service to check some
of your Internet Security settings - for INCOMING vulnerabilities. Specific link here. Steve has many other useful tools
also: shut down dcom, messenger service and upnp, etc. Check out his site, and decide what
tools suit your setup. |
| |
Leaktest |
Another test from Steve, but
checking for OUTGOING vulnerabilities. |
| |
AuditMyPC |
|
| |
Port Scan |
TCP/UDP Port scan at
BroadbandReports. |
| |
SyGate |
|
| |
PCFlank |
|
| |
HijackThis |
For Techies only! Check for program
updates frequently. Use this utility to check on what's running in your PC, but do not
take any action unless you know what you're doing!! If in doubt, send the list to some
experts, and follow their advice. One site which might help with analyses is here. |
| |
Preventive Actions: |
| |
HOSTS |
Replaces your standard HOSTS file.
Excellent tutorial, etc, on this subject available here. Get the latest
version frequently, and replace your existing HOSTS file with it. Various versions
available: This site contains a
frequently-updated HOSTS file, instructions, and many excellent pages on many security
issues (blocking pop-ups, configuring IE, etc); This site has a smaller one. You might
even combine these HOSTS files!!
You might use the HOSTS File-Manager utility here to assist.
Another HOSTS file (and instructions) is available here.
And another HOSTS manager and excellent related info is here.
A new "manager" is available from http://www.abelhadigital.com.
It looks very impressive. |
| |
No-Ads |
Follow the instructions. The PAC
file contains extensive notes on how to install it. If using IE, you may need to update
the registry using the REG file here. |
| |
IE-SpyAd |
This utility inserts ill-intentioned
sites into the "restricted zones" list in IE (or into AOL's web browser).
Tutorial, etc, available here. If you use this
utility, you should plan on checking for updates regularly - perhaps every few weeks. |
| |
BugOff! |
Disables some IE Browser Hijacks. |
| |
SpywareGuard |
Provides real-time protection
against spyware installation, browser hijacking, etc. |
| |
SpywareBlaster |
SpywareBlaster can help keep your
system spyware-free and secure, without interfering with the "good side" of the
web. |
| |
SpySweeper |
Chargeable, but has faired very well
in many recent tests.
Update (based on personal experiences, and on general comments on the 'net): Version 4
was good, stable, etc. Version 5 may have many extra features, etc, but does not run well
(sometimes?). Early builds of ver 5 consumed a lot of CPU power. Webroot indicate that ver
5.0.7 (1608) has resolved the CPU usage issue, but it is still NOT recommended, IMO. The
product is unstable:
- Sometimes it loads correctly at boot, sometimes it does not. When it does not, it
prevents other apps from loading also.
- It sometimes clobbers other harmless apps - which can initially suggest that the
other apps themselves are problematic.
- If its behaviour leads to crashes/hangs, and the PC has to be reset, then very
many corrupted temp files (from SpySweeper) will be thrown up by ChkDsk/ScanDisk, which
suggests that SpySweeper is leaving temp files "open"...
These issues were not observed in version 4. They may be caused by conflicts with other
AntiSpyware or A-V tools. I've not tried to contact Webroot on these matters - it seems
unnecessary when very many other folks have publicised similar issues already. |
| |
Spyware Doctor |
VERY highly rated in some Reviews. A
restricted free version is available.
Update: I bought it; tried it; was NOT impressed; had problems trying to log issues
with PCTools; got no useful feedback; and I do NOT recommend it. Web and NG searches
suggest many others have had similar issues. Maybe it works OK in an empty XP system, with
no other A-S nor A-V apps installed! Maybe the favourable reviews were run on
"lab" PCs, rather than typical user PCs... Maybe the tests concentrate on
Spyware identification/removal, but miss out on other real-world issues... |
| |
Zone-Alarm |
Very Highly Recommended
"firewall", etc. A free version is available - with reduced functionality.
Requires some technical knowledge to configure it accurately. Alternatives: Kerio, Sygate,
BlackICE, etc. Good Firewall reviews here. |
| |
Comodo |
New firewall; very popular;
recommended... And free! The supplier has a range of security products - Anti-Virus,
Anti-Spyware, etc. |
| |
Kerio |
Generally highly recommended, but
I've not used it. Personal and Chargeable builds available. |
| |
PestPatrol |
Highly rated in tests, and highly
recommended. Shareware. |
| |
WinPatrol |
Highly recommended tool to manage
startup tasks, running tasks/services, Cookies, etc. |
| |
FireFox |
Use FireFox as your Browser! Some
advice here. Some highly
recommended add-ons
are also available, especially NoScript.
See some good notes from Mighty-Joe on FireFox add-ons here and here (the latter link has very good notes
on many freeware products, etc). |
| |
MSN Windows Service |
Ordinarily, to reduce unwanted SPAM,
ads, messages, etc, you should ensure that the "Windows Messenger Service" is
Disabled. Please GOOGLE for lots of info on this matter. Microsoft has KB articles on this
subject, including this one, and this one.
If in any doubt, you might run Steve Gibson's Shoot-The-Messenger utility.
["Windows Messenger Service" is not to be confused with "MSN
Messenger", "XP Messenger", "Windows Messenger", nor with any
other IM/chat (Instant-Messaging) system. To investigate/disable "XP/Windows
Messenger", you might check Doug Knox' notes here and here, Marc Liron's notes, or AXCEL] |
| |
Anti Spam / Thunderbird |
I've not used many AntiSpam products
extensively. I've seen great reports for Cloudmark's SafetyBar.
Some of the ZoneLabs products
include highly recommended Anti-Spam features.
I've been using Thunderbird recently (for email), and using it's Spam-Filtering options,
and the entire package seems excellent. |
| |
|
|
Recommended Removal Procedure:
| 1 |
Decide which tools you need, and download them
in advance. You may have to use an uninfected PC; or maybe ask an IT "friend" to
compose a CD for you. In general, you should ensure you have the latest version of the
software, and, if possible, the latest "Definitions" file - where appropriate.
Ensure you're running behind a Firewall - at least one!!! |
| 2 |
If you're using an OS with Restore-Points (eg,
XP), you probably should disable this facility at this point, and remove all saved
restore-points. Otherwise, all infections which might have been saved within the
restore-points will need to be cleaned out (which might be quite difficult), and you may
need to ensure that old restore-points are not "restored" - in case any old
infections are re-activated. |
| 3 |
Boot to Safe-Mode. |
| 4 |
Run Stinger. |
| 5 |
Some smart viruses will prevent the popular
Anti-Virus programs from Installing and/or Running. If you suspect major a Virus
infection, then you'll probably have to Boot your PC from an Anti-Virus CD. The procedure
is documented on the Anti-Virus documentation. If you do not need to Boot from the A-V CD,
then boot to Safe-Mode, ensure your A-V definitions are up-to-date, and do a full (and
deep) scan. Ensure your A-V program is properly (optimally) configured - you do not need
to "Scan All Files" normally, and you probably do not need to scan all emails as
they are being sent and received - assuming that all emails will be scanned if any attempt
is made to open them. If Viruses are identified (and removed), you should repeat the scan
- until you get a "clear" run. |
| 6 |
Re-boot "Normally". |
| 7 |
Install the relevant tools from the above list.
As you install, you should also download/install the latest definitions - where
appropriate. Do not RUN them. |
| 8 |
Boot to Safe-Mode. |
| 9 |
Run Crap-Cleaner, and/or Clean-Up. |
| 10 |
Run a full AdAware scan. (Download the latest
Definitions, if needed). If spyware is removed, repeat the scan until you get a
"Clear" run. |
| 11 |
Run a full SpyBot scan. (Download the latest
Definitions, if needed). If spyware is removed, repeat the scan until you get a
"Clear" run. |
| 12 |
If using Win-2k or later, run the MS-AntiSpyware
program (Update Definitions). If spyware is removed, repeat the scan until you get a
"Clear" run. Under Win98SE (etc), it might be useful to run a copy of the old
"Giant Anti-Spyware" product - especially if you happen to have a purchased
build of that product. However, if you have not already purchased the Giant version of
that program, it was available only in a 30-day trial build, the trial build is no longer
supported, and up-to-date definitions may not be available for it. |
| 13 |
If running Win98SE (and, maybe even if you're
running W2K/XP), apply all CounterSpy updates, and run it. |
| 14 |
Run CWShredder. |
| 15 |
Under Win2k or later, run ADSSpy. |
| 16 |
Run Kill2Me. |
| 17 |
Run BugOff!, to configure your PC for safer
online usage. |
| 18 |
If any of the above products removed any
spyware, then run AdAware, Spybot and MS-AS / CounterSpy again, until you get a Clear run
of them. (This re-running is required, because some spyware is concealed behind other
spyware...) |
| 19 |
Reboot "normally". |
| 20 |
If you've lost Internet access, you might try
LSPFix or XP-TCP-Cleanup. |
| 21 |
Install a HOSTS file. You should check your
existing HOSTS file, before replacing it, and copy any non-matched entries in your old
file to the new one. Before updating HOSTS, you should make a backup copy. Then, after
updating, check for any entries in your old file that are not in the new one, and copy
these across (or, if you're using the utility, copy these into the HOSTS.CST file for
automatic appending to the new HOSTS). |
| 22 |
Run IE-SPYAd |
| 23 |
If you've lost Internet access (again!), you
might try LSPFix or XP-TCP-Cleanup. |
| 24 |
Run "SFC /SCANNOW", to check the
integrity of your Windows sub-systems. Follow any repair advice that's presented - you may
need to have your Windows-CDs available. (In a DOSBox, type SFC to get some info on the
utility. If it's not installed in your system, you may be able to install it from a MS-Win
CD, or download from the MS site). SFC may undo some Windows-Updates, so ensure you run
that step after SFC has ended (next item!). |
| 25 |
Check for, and install, any relevant
"Windows-Updates". |
| 26 |
Install SpyWareGuard, check for updates,
activate all precautions, etc. |
| 27 |
Install and run SpyWareBlaster, check for
updates, activate all precautions, etc. |
| 28 |
Run full scans of your Anti-Virus and
Anti-Spyware products. |
| 29 |
Disable MSN, unless you have a pressing need to
keep it running. See reference above to Steve Gibson's tools. |
| 30 |
Ensure all "normal" users of all PCs
do NOT normally use "Admin" access. Ensure all passwords are not in any
"Dictionary", and are not "guessable". Long random strings are best,
obviously. As a compromise, you might consider using at least 2 dictionary words, perhaps
joined with digits or other characters - eg: Night58Life. |
| 31 |
If Restore-Points were
disabled above, they should now be re-enabled. |
| 32 |
If your system has a "Restore-Point"
option, take one now. |
| 33 |
Maybe run a DeFrag, etc. |
| 34 |
Use "FireFox" instead of
Internet-Explorer? Most reviews indicate Firefox is more secure and faster (overall) than
IE; repairs are quicker; etc. Seems to be a "no-brainer"! |
|
|
| [ Home ] [ What's New ] [ Contact Us ] [ Referrals ] [ Feedback ] [ Products Summary ] [ DownLoads ] [ Orders ] [ Links ] [ Anti-Spyware ] |
|
