We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Guide to Removing Malware/Adware
Browntoa
Posts: 49,597 Forumite
in Techie Stuff
read this in the Telegraph Online Yesterday, Technology section , Bootcamp !!
the links don't seem to work in the copy below of the article, a link to the original is here
http://www.telegraph.co.uk/connected/main.jhtml?menuId=1503&menuItemId=-1&view=DISPLAYCONTENT&grid=P8&targetRule=
really good guide to clearing your computer and could'nt spot anything on here as good
Full article below :-
Last week we showed how your PC could become infected with 'malware' just by visiting a website or clicking on a 'pop-up' ad. I suggested switching to a safer browser, like Mozilla Firefox, and concluded by recommending a trio of freeware 'cleaners', including the impressive new Microsoft AntiSpyware, that between them will safely eradicate the most common parasites.
However, the idiots who create this junk are extremely cunning and some malware infestations simply won't go away, so this week we'll be looking at the techniques and tools you can use to remove the more deeply rooted intrusions.
The majority of malware components either make use of a PC's internet connection or attach themselves to Internet Explorer - hence the advice to change to a less vulnerable browser. The most virulent ones do so by making changes to the Windows Registry and whilst most cleaners scan the Registry they can miss entries that have been subtly altered or disguised.
Some, but by no means all malware programs are configured by the Registry to start with Windows so this is the place to begin when dealing with a troublesome pop-up, dialler, homepage hijacker or 'search assistant' that the cleaners can't remove. Go to Run on the Start menu and type 'msconfig' (without the quotes) and select the Startup tab. You will then see a list of items that launch at boot up.
Some you should recognise from the 'Startup Item' filename and it will include things like your virus scanner, firewall, utilities for your printer, scanner, modem and any programs that you have chosen to start with Windows. The rest are either suspect or unnecessary so take a note of the names in the Startup Item column and check them on the list at: [url="file:///connected/exit.jhtml?exit=http://www.sysinfo.org/startuplist.php"]www.sysinfo.org/startuplist.php[/url]. Deselect the ones you want to get rid of (no more than one or two at a time) reboot and see if the problem has gone away.
Even if it hasn't, and your PC continues to work normally, it's a good idea to leave unchecked entries disabled as they are not needed and are mostly 'services' that waste resources, so your PC should run more efficiently. If you later encounter a problem you can easily reselect them. See also [url="file:///connected/main.jhtml?xml=/connected/2004/12/08/ecrboot08.xml"]Bootcamp 355[/url] in the archive for more advice on using the msconfig utility.
If a spring clean of the Startup list hasn't helped the next step is to run a Registry scanner. My personal favourite is Hijack This (HJT to its friends), which specifically looks for Registry entries that affect Internet Explorer and your internet connection. It's freeware and can be downloaded from: [url="file:///connected/exit.jhtml?exit=http://www.tomcoyote.org/hjt/"]www.tomcoyote.org/hjt/[/url].
HJT is very easy to use and once installed simply click the 'Scan' button and a few seconds later it displays a long list of Registry keys, which can be saved as a plain text 'log' file; unwanted entries can be deleted by ticking the checkboxes on the list. However that's all it does, it is left up to the user to interpret the scan results and since most items on the list are probably legitimate, on its own it can be of limited use to novices. It should be used with care since it doesn't have a backup facility but seasoned Windows users should be able to pick out the dubious entries or use a Google search to track down any they are not sure of.
Fortunately for everyone else there is a large and very willing community of 'helpers' and experts on the Tom Coyote forums ([url="file:///connected/exit.jhtml?exit=http://forums.tomcoyote.org/index.php?act=idx"]http://forums.tomcoyote.org/index.php?act=idx[/url]) where you can 'post' your log and they should be able to identify the dubious entries, which you can then delete.
If Hijack This sounds a bit scary don't worry, there's a safer alternative called X-Ray PC, (free from: [url="file:///connected/exit.jhtml?exit=http://www.x-raypc.com/"]www.x-raypc.com[/url]). It's based on HJT and carries out the same thorough Registry scan but it goes much further. It displays details of every item on the list and checks them against a database of known malware threats, labelling them as 'Good', 'Bad' or 'Unknown'. Bad entries can be instantly removed and the Unknowns, which will mostly turn out to be benign, can be investigated at your leisure by delving deeper into the File Details section.
Unfortunately a small number of the more persistent malware invaders still manage to evade the most thorough cleansing operations in which case the only option is to seek a remedy on the web. A Google search of the name usually throws up a good number of hits but you need to be selective as a lot of them will be from companies offering to sell you removal tools that probably do not work. The best source of information and possible cures are the many support forums and user groups but be careful to read as many posts as possible and look for solutions that have yielded positive results, before you try anything, especially if it involves editing the Registry (see also Tip of the Week).
the links don't seem to work in the copy below of the article, a link to the original is here
http://www.telegraph.co.uk/connected/main.jhtml?menuId=1503&menuItemId=-1&view=DISPLAYCONTENT&grid=P8&targetRule=
really good guide to clearing your computer and could'nt spot anything on here as good
Full article below :-
Last week we showed how your PC could become infected with 'malware' just by visiting a website or clicking on a 'pop-up' ad. I suggested switching to a safer browser, like Mozilla Firefox, and concluded by recommending a trio of freeware 'cleaners', including the impressive new Microsoft AntiSpyware, that between them will safely eradicate the most common parasites.
However, the idiots who create this junk are extremely cunning and some malware infestations simply won't go away, so this week we'll be looking at the techniques and tools you can use to remove the more deeply rooted intrusions.
The majority of malware components either make use of a PC's internet connection or attach themselves to Internet Explorer - hence the advice to change to a less vulnerable browser. The most virulent ones do so by making changes to the Windows Registry and whilst most cleaners scan the Registry they can miss entries that have been subtly altered or disguised.
Some, but by no means all malware programs are configured by the Registry to start with Windows so this is the place to begin when dealing with a troublesome pop-up, dialler, homepage hijacker or 'search assistant' that the cleaners can't remove. Go to Run on the Start menu and type 'msconfig' (without the quotes) and select the Startup tab. You will then see a list of items that launch at boot up.
Some you should recognise from the 'Startup Item' filename and it will include things like your virus scanner, firewall, utilities for your printer, scanner, modem and any programs that you have chosen to start with Windows. The rest are either suspect or unnecessary so take a note of the names in the Startup Item column and check them on the list at: [url="file:///connected/exit.jhtml?exit=http://www.sysinfo.org/startuplist.php"]www.sysinfo.org/startuplist.php[/url]. Deselect the ones you want to get rid of (no more than one or two at a time) reboot and see if the problem has gone away.
Even if it hasn't, and your PC continues to work normally, it's a good idea to leave unchecked entries disabled as they are not needed and are mostly 'services' that waste resources, so your PC should run more efficiently. If you later encounter a problem you can easily reselect them. See also [url="file:///connected/main.jhtml?xml=/connected/2004/12/08/ecrboot08.xml"]Bootcamp 355[/url] in the archive for more advice on using the msconfig utility.
If a spring clean of the Startup list hasn't helped the next step is to run a Registry scanner. My personal favourite is Hijack This (HJT to its friends), which specifically looks for Registry entries that affect Internet Explorer and your internet connection. It's freeware and can be downloaded from: [url="file:///connected/exit.jhtml?exit=http://www.tomcoyote.org/hjt/"]www.tomcoyote.org/hjt/[/url].
HJT is very easy to use and once installed simply click the 'Scan' button and a few seconds later it displays a long list of Registry keys, which can be saved as a plain text 'log' file; unwanted entries can be deleted by ticking the checkboxes on the list. However that's all it does, it is left up to the user to interpret the scan results and since most items on the list are probably legitimate, on its own it can be of limited use to novices. It should be used with care since it doesn't have a backup facility but seasoned Windows users should be able to pick out the dubious entries or use a Google search to track down any they are not sure of.
Fortunately for everyone else there is a large and very willing community of 'helpers' and experts on the Tom Coyote forums ([url="file:///connected/exit.jhtml?exit=http://forums.tomcoyote.org/index.php?act=idx"]http://forums.tomcoyote.org/index.php?act=idx[/url]) where you can 'post' your log and they should be able to identify the dubious entries, which you can then delete.
If Hijack This sounds a bit scary don't worry, there's a safer alternative called X-Ray PC, (free from: [url="file:///connected/exit.jhtml?exit=http://www.x-raypc.com/"]www.x-raypc.com[/url]). It's based on HJT and carries out the same thorough Registry scan but it goes much further. It displays details of every item on the list and checks them against a database of known malware threats, labelling them as 'Good', 'Bad' or 'Unknown'. Bad entries can be instantly removed and the Unknowns, which will mostly turn out to be benign, can be investigated at your leisure by delving deeper into the File Details section.
Unfortunately a small number of the more persistent malware invaders still manage to evade the most thorough cleansing operations in which case the only option is to seek a remedy on the web. A Google search of the name usually throws up a good number of hits but you need to be selective as a lot of them will be from companies offering to sell you removal tools that probably do not work. The best source of information and possible cures are the many support forums and user groups but be careful to read as many posts as possible and look for solutions that have yielded positive results, before you try anything, especially if it involves editing the Registry (see also Tip of the Week).
Ex forum ambassador
Long term forum member
Long term forum member
0
Comments
-
Thanks- that's great. I am always on the look out for decent help in this field. I've registered with the telegraph now as it was so good!Moneysaving since 2004!0
-
Thanks for this - wish id had it a week ago. Ive been plagued by Malware for a while - I got a blue tool bar at the bottom of my screen and what looks like dividers across the top of my homepage.
I posted a Hijack this but Im not a tachie and hadnt got a reply in 7 days - these forums are so busy.
I decided to wipe my computer clean to factory settings, and reload everything - drastic but I dont have alot of stuff on it, This took on and off about a day.
Im going to keep this thread for reference - Thanks so much.Thanks to everyone who posts comps :T0 -
The art of keeping a computer clean is constant vigilance(or is it paranoia)having Spywareblaster installed , a good firewall and antivirus, Firefox browser (to stop a lot of browser vulnerabilities)and a set of removal tools in case of mistakes. No-one will always be clear but you can only hope to be 99% sure. Don't use p2p software and windows messenger(not the same as msn messenger)and don't use messenger plus.If in doubt don't open files or attachments and always ask for help. There is no sense in tearing your hair out trying to cure a problem, other people have had it before and can assist.
Always, at least once a week, check to see if your programs are up to date.Down south where, unfortunately, the government does remember us.0 -
Where do I find the "free" version of mailwasher? I can only find free trial period offers.0
-
I've just picked up a variant of a trojan which none of the spyware killer apps can seem to get rid of.
It's becoming like viruses with a constant battle between the protection and the spyware....
I've tried spybot, spysweeper, trend housecall, ad aware and another I can't recall.
ad aware see's it but can't kill it, the others can't even see it....
Am waiting now for the ad-aware techie guys to catch up and release a fix....0 -
I found some new ones the other day on a XP machine, one was called Salm.exe, hid themselves in c:\temp...would not let me delete them or let ad software remove until i I cleared Internet Explorer temp files, went in Xp safe mode (f8 key on boot up) then I could delete from temp folder and recycle bin...then ran microsoft anti-spy software in safe mode and cleaned up ..
Pc was then clear on a restart...Ex forum ambassador
Long term forum member0 -
Another very useful programme is obtainable from https://www.sandboxie.com. Sandboxie creates a safe 'sandbox' from in which you can browse and use any relevant programme (email client). The idea of being in a 'sandbox' is that it is designed to protect and to prevent anything malicious or registry changing taking place while online. Everything downloaded goes into a special folder (cookies also) which you can delete at the end of your session online. I've ran it for a while now and for me it works well and nothing seems to get past the sandbox. It does seem to have some problems in installing though, not everyone can get it to function, even though it is a tiny app. It works well for me when I use Firefox (my default browser) but if I use IE then I find that the tool bars aren't shown on the browser. No hardship because I very seldom use IE anyway.
Sanboxie is small and has an uninstaller so if it doesn't work it is easily deleted.
Edit. 'it does seem to have some problems in installing though.' By this I don't mean it is difficult or demands lots of knowledge, it's just that for some unknown reason the programme fails to install. The programme is very easy to install otherwise and to run.0 -
I've just tried the front end program for hijack this that tells you waht is good or bad...works quite well !!Ex forum ambassador
Long term forum member0 -
seen a few new questions about this so thought i'd bump itEx forum ambassador
Long term forum member0 -
seen a few new questions about this so thought i'd bump it
???......Where?
This thread is already mentioned in FAQs. Why does it need to be bumped up in the main board as well. Every time a thread is bumped it knocks everything else further down the line. Threads that aren't mentioned in FAQs and are equally useful to members as well.
Bumping up your own posts....tut tut tut.How many surrealists does it take to change a lightbulb?
...
...
...
...
Fish0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.2K Banking & Borrowing
- 252.8K Reduce Debt & Boost Income
- 453.2K Spending & Discounts
- 243.2K Work, Benefits & Business
- 597.6K Mortgages, Homes & Bills
- 176.5K Life & Family
- 256.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards