Adware/spyware scanners can dig up more harmful programs and services than you would imagine possible. They hide everywhere in your system, perpetrating malicious activity and syphoning your valuable system resources.
A great program for detecint adware/spyware is Lavasoft Adaware SE Professional.
The second of defense against adware and spyware is Spybot Search and Destroy.
A good antivirus program that is also free of charge is Kaspersky.
Check out the official sites for each of these programs, or go to Download.com or PCWorld.com. Both sites offer an extensive collection of programs to download, usually for free.
Here's a utility included with your Windows XP installation that will help you defend against viruses. It's called Data Execution Prevention. Highlight the Start Menu in the lower left-hand corner of your screen, and Right click My Computer. Choose Properties, and click the Advanced tab. Under Performance, click the Settings tab. Click the Data Execution Prevention tab. Click where it say -- Turn on DEP for all programs and services except those I select. I've noticed that, every now and then, Messenger and Tunnel are closed by this utility, so you might need to add your Yahoo! Messenger and Y!Tunnel programs to the exceptions list. This utility prevents programs and services from executing malicious code and spreading to infect your system. Make sure there are no other exceptions. Now open your Internet Explorer, click the Tools tab, then choose Internet Options. Click the Security tab, then Custom Level. Click the Prompt option beneath Download unsigned ActiveX controls, and do the same for the Download signed ActiveX controls option. Click Ok.
Next, Click the Privacy tab under the Internet Options menu. Click Advanced, and put a check in the Override Automatic Cookie Handling box. Choose to block Third-party cookies, and Accept First-party cookies. Click Ok.
Under the Pop-up Blocker menu on the Privacy tab of Internet Options, and click Settings. Make sure the Filter Level is set to Block All Pop-ups.
Always click Apply to save your changes, and click Ok to finish up.
Now, your internet browser is not totally locked down against adware and spyware, but you have much more control over what is and is not added to your system. You might also look into alternate browser choices, such as Avant Browser or Mozilla Firefox.
These excellent browsers help defend your system against adware/spyware by giving you more options and control over what is added or installed to your system. You can also choose to disable pictures or flash animation to speed up your browsing speed.
Run scans for Adware/Spyware/Viruses about once a week, and run a quick scan of your system32 folder fairly often to ensure that you aren't infected.
You can check for some virus/trojans not caught by anti-virus software by checking the registry manually, and here's a few common methods.
Click the Start button, then Run. Type in regedit to bring up your system registry. Locate the following Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run
Notice what programs are listed to initialize when your system starts up. Check all the Run keys to make sure no alien programs have been added to your system startup.
Go to Start, Run, and type in sysedit. 4 boxes should appear, two of which should be blank. Look for suspicious information in the System.ini box and the Win.ini box. Some viruses are known to hide here.
Autoexec.bat Winstart.bat Win.ini System.ini The Startup folder (C:\WINDOWS\Start Menu\Programs\StartUp)
Find the files mentioned above and check them for suspicious activity.
If you know you are infected, but your anti-virus software isn't able to locate or remove the infection, try this:
Restart your computer in safe mode by pressing F8 during startup. Choose Safe Mode so that your system loads only what is absolutely necessary to function. If you know where the virus/trojan is, delete the .exe file.
Open the registry by using the regedit command, and locate the keys below:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\RunOnceEx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\RunServices HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\RunServicesOnce HKEY_CURRENT_USER\Software\Microsoft\Win dows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Win dows\CurrentVersion\Runonce
If you locate a string that you think might be a virus, then place a : in from of the string. For example, if the string is "c:\infection.exe", then change it to ":c:\infection.exe". The colon negates the value and renders the virus mostly useless. If you are absolutely certain that this string is a virus, just delete it.
Also, use your Task Manager, accessible by pressing ctrl+alt+delete, to see a list of services running on your computer. Click the Processes tab and look for suspicious process names. If you find something that you are pretty sure is the virus, then right-click the process and end it.
Also check the following keys in your registry to see if a trojan might be running on your system:
[HKEY_CLASSES_ROOT\exefile\shell\open\com mand] ="\"%1\" %*" [HKEY_CLASSES_ROOT\comfile\shell\open\com mand] ="\"%1\" %*" [HKEY_CLASSES_ROOT\batfile\shell\open\com mand] ="\"%1\" %*" [HKEY_CLASSES_ROOT\htafile\Shell\Open\Com mand] ="\"%1\" %*" [HKEY_CLASSES_ROOT\piffile\shell\open\com mand] ="\"%1\" %*" [HKEY_LOCAL_MACHINE\Software\CLASSES\batf ile\shell\open\command] ="\"%1\" %*" [HKEY_LOCAL_MACHINE\Software\CLASSES\comf ile\shell\open\command] ="\"%1\" %*" [HKEY_LOCAL_MACHINE\Software\CLASSES\exef ile\shell\open\command] ="\"%1\" %*" [HKEY_LOCAL_MACHINE\Software\CLASSES\htaf ile\Shell\Open\Command] ="\"%1\" %*" [HKEY_LOCAL_MACHINE\Software\CLASSES\piff ile\shell\open\command] ="\"%1\" %*"
If the keys listed above don't show the "\"%1\" %*" or are changed to "\"server.exe %1\" %*", then it is most likely telling a trojan to run at startup.
Another good way to protect your PC from Trojans is to follow a few simple rules while browsing. Never download a program and open it without first scanning the file thoroughly with at least two antivirus programs. (I prefer Kaspersky and Nod) Never download an email attachment without submitting it to the same scrutiny. Trojans might even be bound (or attached) to picture files, so be extra careful when browsing that questionable site. Also, try to locate a Malware Scanner such as A2 Trojan Scanner or a similar program.
A second line of defense against trojans an viruses is defeating the program before it starts up. If it manages to install itself or open on you system, programs such as Prexv Security or Process Guard will log the attempts and ask if you wish to allow this program to startup, make changes to the registry, overwrite other files, use another programs memory space, etc. This effectively blocks most Trojaned programs from running and viral infection from spreading.
Prevx and Process Guard can usually be found at Download.com.
Yet another way of telling if your system has been trojaned is to watch alerts from your firewall. If you use a firewall such as Zone Alarm or Sygate, the firewall will alert you when any program or service tries to connect to the internet. If you do not recognize the program, just click deny. If the trojan can't communicate with the attacker, most can't do much damage. Then go to the file listed in the alert and see if you can determine what it is, or delete it if you know the file is a virus. Be careful, though, because if a critical system file has been infected, you may do more damage than you realize by deleting the file.
Go to Download.com and grab these two powerful firewalls. If you can't find them there, check elsewhere. Many Yahoo! sites carry these programs.
Script-blocking tools are also very useful when defending against viruses. I won't go into much detail here, as it would take pages upon pages to explain properly, but try to google script blocking or something similar. You should come up with a wealth of useful information.
As far as programs for script blocking, I like the AnalogX program called Script Defender. Stop by their website and check it out.
That certainly isn't every method used to remove adware/spyware and viruses/trojans, but it is certainly a start, and will place you light years ahead of the average user in terms of taking control of such rampant infections.
Enjoy...
No comments:
Post a Comment