Recovery from a Virus or Spyware-Adware Infection and Protection Against Future Problems
Recovery from a Virus Infection and Protection Against Future Problems
While the best way to recover from a known malware infection is to "nuke and install" (back up you data, reinstall Windows by reformatting your drive or using your "Restore CD" you got with the computer, then installing all applications), that can be difficult, not to mention the problem of reinstalling all your programs and restoring your data files.
So, here's an alternative. It may take a bit longer, but might be helpful.
Print these instructions first.
1. Backup your data files. If you have a CD writer, copy all your "My Documents" files onto the CD (it may take more than one). An alternative is to copy all the files to a USB hard disk, or a bunch of "thumb drives". Since we aren't doing a "nuke and install", this is just a safety measure.
2. Install all critical Microsoft updates. Go to http://www.microsoft.com/protect , and follow the prompts to install all updates. If prompted to install the Microsoft Updates, do it. If you have to restart your computer, keep repeating this step. And then repeat this step until there are no more critical Microsoft Updates to install.
3. At the same site, download and install Microsoft Windows Defender (you should be able to find it via the above link). Then do a full system scan, and remove any nasties that are found.
4. Update/Scan for Viruses. If you have an anti-virus program, get the current updates. You can usually find them by right-clicking the AV program's icon on the task bar, and selecting "Update Now" or something similar. After installing the current updates, start up the anti-virus program and do a full scan of your hard disk. If any infected files are found, delete them (if any of those infected files were in your "My Documents" folder, make a note so you can delete them from your backup copies). Only run one anti-virus program; don't try to run two of them at the same time. They usually don't play well together. Pick the one you want to use, and uninstall the other one before you install the one you like. If you can't purchase a commercial anti-virus program, there are some free ones. They might not be as easy to use, but you must have an anti-virus program running. (And you must keep it current.)
5. Although Windows Defender will protect you from spyware/adware, download/install/run two additional anti-spyware programs: Lavasoft Ad-Aware and Spybot-Search and Destroy. Update the program's definitions first. Then run a complete system scan with both programs. Delete/remove/quarantine all nasties found with those programs. Although 'cookies' are usually benign, you might also want to delete those, since your malware may also be using cookies.
6. At this point, you should be fairly safe. Just to make sure, do these steps again:
- Microsoft Updates
- Windows Defender full scan
- Anti-virus program full scan
- Spybot Search and Destroy full scan
- Ad-Aware full scan
7. As a final check, go to the HijackThis! pages. Trendmicro bought the HijackThis program, but it's still free (as are the support forums). Start here: http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=quick_start_guide
Follow their instructions carefully. Do each step in the "Preparations Before Posting" section, even if you already did them once. They will repeat many of the above steps, and then ask you to send them the results of running the HijackThis! program. When you post those results in a message on their forum, enable the checkbox that will alert you to a response. You'll get some email from the forum helpers telling you what to do next. Follow their instructions carefully.
Although the HijackThis! program is at the above site, the free support forums are here: http://www.bleepingcomputer.com/forums/forum22.html . You might start on that forum page first, it's got a tutorial on how to run the program and post the results in the forum.
At this point, your system will fairly safe, at least until you forget to follow the "Safe Computing" practices. Now it's your responsibility to make sure that you stay safe. Start here for more info: http://forums.spywareinfo.com/index.php?showtopic=60955 .
posted by Rick @ 8:29 AM
2 Comments
2 Comments:
A couple of other things I do on client and family PCs to help prevent malware infections:
1. Have them use Firefox instead of IE.
2. Install a malware-blocking hosts file. I use the one at http://www.mvps.org/winhelp2002/hosts.htm.
The "use Firefox instead of IE" is a common refrain. But I am not convinced.
I use IE at work and at home, and sometimes have to visit some 'grey' sites due to my role as a security dweeb. I even run as the 'admin' on my Windows boxes. And I haven't had a malware infection in years.
Of course, I follow my own "Safe Computing" practices (current patches and anti-virus, careful clicking, don't open up unknown email attachments, etc). And those have protected me several times from 'drive-bys' and 'zero-day' type of attacks.
So I believe that it is possible to use IE and still be protected against malware.
One can find lots of articles comparing the safety of IE and Firefox. (Do a Google search of "compare firefox explorer" with advanced options to limit entries within the last month.)
So I don't think that "use Firefox instead of IE" is the only protection needed against malware. Use the one you like the best, but follow the other 'safe computing' practices.
Post a Comment
<< Home