Wednesday, December 31, 2008

Generic Virus Removal Guide

STEP 1: SCAN COMPUTER FOR INFECTIONS AND FIX OPTIONS

1. The most important thing you can do is make sure you know what you’re up against. Run these online scanners to help figure out what is infecting your system:
-http://housecall.trendmicro.com/
-http://www.pandasecurity.com/homeusers/solutions/activescan/


STEP 2: TURN OFF SYSTEM RESTORE

1. Turn off Windows System Restore Points:
a. Right Click on My Computer
b. Click Properties
c. Click System Restore Tab
d. Check the box next to: Turn off System Restore on all Hard drives
i. Malware can sometimes be restored from previous restore points, this will help the removal process run more smoothly
2. Click Apply and OK


STEP 3: GO TO ADD/REMOVE PROGRAMS TO CLEAR KNOWN MALWARE

1. Before scanning the computer you can remove certain malware programs from the Add/Remove Programs list in the Control Panel in Windows XP
2. Open the Start Menu and select Control Panel
3. In the Control Panel, select Add or Remove Programs
4. Look through the list for anything suspicious
5. Search http://www.google.com/ for any program you are not sure about.
6. Uninstall and follow the directions on any program that you decide to remove.


STEP 4: REMOVE TEMPORARY FILES

1. Go to the Start Menu and select Control Panel and click Internet Options.
a.Click the “Delete” button and delete all browsing history (temp files, internet files, cookies) and any settings stored by add-ons.
2. Open My Computer and click the Tools Menu and select “Folder Options.”
a. Next click on the View Tab and click in the circle next to “Show Hidden Files and Folders” then click OK.
3. In My Computer click on the C Drive > Documents and Settings > USERNAME (do this for as many names as you have on the computer) > Local Settings > Temp.
a. Now go to the Edit Menu and click “Select All.”
b. Once all the files are selected hit the “Delete” key.
4. Open the Start Menu, mouse over All Programs> Accessories> System Tools> and select Disc Cleanup
a. Select C Driver and click OK
b. Check any boxes listed here
c. Click OK and Yes
5. Download, install, and run CCleaner:
-http://www.ccleaner.com/


STEP 5: MALWARE REMOVAL TOOLS

1. Trojans, Worms, Key Loggers, Viruses, and Spyware are all very difficult to remove with just a single program. That is why it is recommend to run several programs to aid in the removal process. I recommend running each of the following programs listed below in order. Not all the programs are freeware and require purchase, you don’t have to run that program but I recommend looking into it if the results come back with your computer still being infected. Still, after all the freeware programs have run through your computer should be clean of any infection.

NOTE: It is recommend to run these programs in Safe Mode for the best results!

2. Freeware – Rogue Remover: This is a handy little program that can help remove some of the well known programs that plague computers. It's good at removing false antivirus programs that might be popping up while you are on the computer.
-http://www.malwarebytes.org/rogueremover.php

3. Freeware - Malwarebytes' Antispyware - This program has gained a lot of popularity for the text document it creates to outline what has been removed. On overall removal it is about par for antispyware, but it does a good job getting some of the Vundo files out at the beginning. A good program for the first sweep.
-http://www.malwarebytes.org/mbam.php

4. Freeware – Spyware Doctor: In my personal experience and on sites like PC World, PC Magazine, AV-Testing, Spyware Doctor is the #1 at removing malware. If there is one tool you use then make sure it is this one.
http://www.download.com/Spyware-Doctor-Starter-Edition/3000-8022_4-10754824.html

5. Freeware – AVG Anti-Spyware: I’m not a huge fan of the AVG Antivirus but I’ve found that their Anti-Spyware does have a good kick to it. It can find a lot of the obscure malware programs some of the others might miss.
http://free.grisoft.com/

6. Freeware – SUPERAntiSpyware: This program has the capability to detecting a lot of annoying pieces of malware, not quite as top notch as the paid versions but good enough.
-http://www.superantispyware.com/

7. Freeware – Spybot: This one gets a lot of advertising bots and other malicious programs.
-http://www.safer-networking.org/en/index.html

8. Trialware – Counterspy: With a surprisingly powerful engine I find that Counterspy will power through the system and pick up the mess a lot of the previous programs might have missed.
-http://www.sunbelt-software.com/Home-Home-Office/Anti-Spyware/

9. Trialware – Spy Sweeper w/AV: I always save one of the best for last. Although Spy Sweeper may not have the best removal engine, it has been proven time and time again as the best active protection Spyware program. Also their Spy Sweeper with Antivirus is powered by Sophos which makes it quite a powerful program. It’s a $30 or more depending on the version you want but this is well worthwhile. This is one that you want to have for active protection.
-http://www.webroot.com/registration/trialRegistration.php?lang=en

10. Trialware – Registry Mechanic – You can purchase the full version for $30 but I find it does a pretty good job of cleaning up in the end even with just the trial.
-http://www.pctools.com/registry-mechanic/?ref=afl_onenetwork

STEP 5: ADDITIONAL MALWARE REMOVAL TOOLS
Note: These Programs should not be necessary after running the previous programs, but they are good enough to do a nice cleanup if necessary.
11. With a few stubborn files I find that the following programs will sometimes have a slight edge.
Smitfraud Removal:
- http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
Vundofix:
-http://vundofix.atribune.org/

12. Freeware – Ad-Aware 2007: Just because, does a great job finding cookies and small time malware.
-http://www.lavasoftusa.com/software/adaware

13. Freeware – Spyware Terminator: Although you might have almost cleaned out the complete infection it doesn’t hurt to run this guy to double check your work.
-http://www.spywareterminator.com/


STEP 6: HIJACKTHIS

1. Many times malware can hide itself in the computer to avoid detection, or change the file name it uses. HijackThis examines certain key areas of the Registry and Hard Drive and lists their contents. These are areas which are used by both legitimate programmers and hijackers. Some items are perfectly fine. You should not remove them. Never remove everything. Doing that could leave you with missing items needed to run legitimate programs and add-ins.
-http://www.download.com/3000-8022_4-10781312.html
2. If you are unsure how to use this program then follow this guide.
-http://www.whatthetech.com/hijackthis_v2/
3. After running a scan make sure to post the log on the following website so the experts can analyze it for you.
-http://www.geekstogo.com/forum/register.html


STEP 7: SCAN COMPUTER FOR INFECTIONS

1. Once more I recommend going to the online scanner just to be sure that you were able to remove all the malware infections:
-http://housecall.trendmicro.com/
-http://www.pandasecurity.com/homeusers/solutions/activescan/


STEP 8: TURN ON SYSTEM RESTORE

1. Turn on Windows System Restore Points:
a. Right Click on My Computer
b. Click Properties
c. Click System Restore Tab
d. Uncheck the box next to: Turn off System Restore on all Hard drives
2. Click Apply and OK


STEP 9: WINDOWS UPDATES

1. It might seem simple butting running the Windows Updates on the system will help it against vulnerabilities of future malware problems.
-http://windowsupdate.microsoft.com


STEP 10: SETUP PROTECTION

1. Now that the system has been cleaned you want to protect it from happening again. I would recommend the following anti-virus and anti-spyware programs to help protect the machine.
2. Anti-Virus
a. Avast: In overall scans I found that this comes in at the top for virus and spyware protection amongst the free anti-virus programs.
http://www.avast.com/
b. Avira: In the same scans I found that Avira comes in a very close second to Avast for virus and spyware protection.
http://www.avira.com/en/pages/index.php
3. Anti-Spyware
a. Spyware Blaster: This is a powerful utility that helps to block potential spyware problems from browsers and websites.
http://www.javacoolsoftware.com/spywareblaster.html
b. PC Tools Threatfire: This program is a behavioral detector that is capable of blocking a vast majority of malicious programs. Best part is, it’s free! This is a must have on your freshly cleaned system.
http://www.threatfire.com/
c. Spy Sweeper w/AV: As I said before this one is the best that I’ve come across. You will have to pay for it yearly for the protection but the price is not to high to deter from the purchase.
-http://www.webroot.com/En_US/index.html?rc=5082
4. Firewall
a. Comodo Firewall: With amazing ratings this free firewall has stormed to the top of the list.
http://www.personalfirewall.comodo.com/


STEP 11: SYSTEM RECOVERY

1. In a worst case scenario if the following steps do not clean your system, even after purchasing the software, you would want to do the system recovery on the computer. Just make sure you backup your important files before formatting. This will format the hard drive and erase any problems the computer was happening before restoring it to a factory default state that it came from the manufacturer.


REVIEW SOURCES:

Spyware Doctor: http://www.pcmag.com/article2/0,1759,2106191,00.asp
AVG Antispyware: http://www.pcworld.com/article/id,136193/article.html
Super Antispyware: http://www.pcmag.com/article2/0,1759,2127210,00.asp
Spybot: http://www.pcmag.com/article2/0,1759,1830047,00.asp
Counterspy: http://www.pcmag.com/article2/0,1759,2100539,00.asp
Spy Sweeper w/AV: http://www.pcmag.com/article2/0,1759,2152041,00.asp
Ad-Aware 2007: http://www.pcmag.com/article2/0,1759,2155541,00.asp
Spyware Terminator: http://www.pcmag.com/article2/0,1759,2167808,00.asp
Avast: http://www.pcmag.com/article2/0,2704,1864592,00.asp
Avira: http://www.pcmag.com/article2/0,1759,1864580,00.asp
PC Tools Threatfire: http://www.pcmag.com/article2/0,1759,2191333,00.asp
Comodo Firewall: http://www.pcmag.com/article2/0,1759,2236657,00.asp


See Also:
http://ultcomprepair.blogspot.com/2008/07/generic-virus-related-issues.html

Thanks to TechGuru for this information

Tuesday, December 30, 2008

The Mysterious Black Screen of Death - Is It Vista?

It goes like this: Your Vista system boots up to a black screen with a mouse cursor. That's it, no rest of the user interface, no nothing to do. This is showing up in sporadic reports since about early November. They call it the blacK Screen Of Death, or KSOD (because BSOD was already taken).

What is causing it? That's unclear for now. But there is a fix, courtesy of Mark from the SBSC & MSP Buzz Blog. He says the problem is related to the RPC service running under the LocalSystem account as opposed to the NT Authority\NetworkService account, and I quote:


  • On the affected machine, boot using the Vista Media and Select "Next" and then in the bottom left you will see "Repair your Computer"; select Next and then Select Command Prompt.

  • At the command prompt, launch regedit.exe and load the SYSTEM hive, follow the below steps.

    • a. Select HKEY_LOCAL_MACHINE

    • b. On the File menu, select Load Hive.

    • c. Browse to %WINDIR%\System32\Config Folder and select "SYSTEM"

    • d. Select Open.

    • e. In the Load Hive dialog box, type in "MySYSTEM" box for the registry hive that you want to edit.

  • After the hive is loaded, modify the following key value per the instructions below: You will need to know what ControlSet the machine is currently running on, this can be determined by going to HKEY_LOCAL_MACHINE\MySYSTEM\Select and find the "Current" value in the Right hand side. (Example: Current value is 1 then the ControlSet will be ControlSet001)

    Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00X\Services\RpcSs (X is the Number from the Current Key from above)

    Value Name: ObjectName

    Old Value: LocalSystem

    New Value: NT AUTHORITY\NetworkService

  • Unload the SYSTEM hive by selecting the key "MySYSTEM" and then select "File->Unload Hive" menu item.

  • Exit regedit.exe

  • Reboot the system normally

Susan Bradley of the ever-entertaining SBS Diva Blog has some interesting perspective to add to this: we don't know what's causing this, so it may not actually be Vista, or at least not something simple about it. Something is changing the ObjectName key value, but we don't know what. Remote vulnerability? Malware? Stray neutrinos?

Windows doesn't normally log things to this level of detail so post-mortems on KSOD'd systems are not informative. But—and this is your mission, should you choose to accept it—you can turn on Auditing on the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs key to see what did it, should you get the KSOD bug. Susan shows you how to do it here.

Next stop for me: Regedit.

Saturday, December 20, 2008

Simple telephone reminders

Wakerupper is the web's easiest telephone reminder tool.
Schedule reminder calls on the web. It couldn't be simpler.


Use Wakerupper to...

Tick Set a wake-up call at a specific time
Tick Remind yourself of important events
Tick Remember to take medication on time
Tick Escape from a boring date or meeting
Tick Remind child or spouse to do chores
Tick Set reminders for tasks and follow-ups

...and much more!

Wakerupper is a telephone reminder service that aims to make telephone alerts as simple as possible. Just enter the number of the phone you would like to be called, the time you want the call to be placed, and an optional 140-character reminder message. That's it - you will receive a call from Wakerupper at the time you have specified and your message will be delivered.