How to protect and clean your computer from malware

There are 10 kinds of people in the world. Those who understand binary, and those who don’t. This thread is for the latter kind.

There used to be a thread in GQ that gave you some good info on how to fix your computer from viruses or spyware, but that was more than 101 years ago. This is the new and updated version, back by popular demand. Now with shiny new tidbits. Meanwhile, those of you with Macs can just point and laugh.

Even if you don’t currently have any problems, you could prevent future attacks by following the instructions below.

Q. My computer seems infected by some spyware/adware/virus. What do I do?

Here’s what you need to do:

1. Go offline. Turn off WiFi, remove the Ethernet cable, or do whatever you need to go offline.
Note: If you see a fake “anti-virus” prompt, do not click anywhere on the screen. Just turn off your computer and follow these instructions.

If you are already infected with the fake “anti-virus” follow these steps first, then return and follow the rest of the steps in this thread:

How To Remove Antivirus Live and Other Rogue/Fake Antivirus Malware

2. Backup any important data to an external USB drive or CD/DVD.

3. Install anti-spyware software

Download some spyware removers. If you have access to another computer, download these files on the other computer, then transfer them to your computer using a USB stick. Boot into Safe Mode in Windows on your computer, and run the following software:

Note: To boot into Safe Mode, press F8 just after powering on your computer, and keep pressing F8 in 3 second intervals till you see a screen with choices. Select “Safe Mode” (not Safe Mode with Networking) from the options and press enter. If you don’t have access to another computer from which to download the software, then select “Safe Mode with Networking” instead. Once your computer boots up into Safe Mode, proceed with installing the following software.

ATF Cleaner
Note: Run this first to clean out all temporary files. This will greatly reduce scan time.

Malwarebytes’ Anti-Malware

Spybot Search & Destroy
Note: Make sure to select “TeaTimer” and “Spybot Resident” options during install. TeaTimer is a bit heavy on resources, but will protect you from future attacks. If you have more than 1GB of RAM, select it. After running the full scan and cleaning up whatever was found, click on the Immunize icon on the menu on the left, and then click the Immunize button to immunize against known spyware.

Lavasoft Ad-Aware

[URL=“http://www.superantispyware.com/”]Super AntiSpyware

Panda Anti-Rootkit

Trend Micro Rootkit Buster

After installing each of the above, run them one after the other. Make sure to choose “Custom” install whenever possible, because some of these might install additional stuff such as toolbars and other options which you don’t need. Once installed, update the software with the latest definitions before running the scans. Run each of the above in full-scan mode, one after the other. Make sure to clean/fix whatever it finds.

4. Install anti-virus software

Download and install one of the following free anti-virus software:

Avira AntiVir
Note: This is reportedly the best free anti-virus, but some users have reported issues with the definitions update function. If the update function doesn’t work on your machine, uninstall and install another anti-virus from this list. For advanced users, if you want to disable the upgrade nag screen that Avira displays, please see this page.

Microsoft Security Essentials

Avast! Anti-Virus

AVG Anti-Virus

5. Clean out temp files, and other junk

Download and run:

CCleaner
Note: This is a powerful cleaner software, be careful with what you select. Also run the registry cleaner from Tools/Registry Cleaner

6. Remove suspicious and unused starup entries

After using CCleaner to clean up temp files and cookies, go to the Tools option in CCleaner, then click the Startup option. Here, you’ll see a list of all programs that startup when your computer boots up.

If you’re sure of what you’re doing, you can delete entries. If you are unsure, disable the entry instead.

If you want to scan any individual file on your computer against about 40 anti-virus programs, upload the file to the following site (free, no registration):

http://www.virustotal.com/

You can also check each individual entry against the exhaustive list at the following link to decide whether to keep it or delete it:

http://www.sysinfo.org/startuplist.php
Note: Scroll down on that page to see the Search option, then type in the name of the startup entry to see what it’s for.

7. Download and run HijackThis

If, after doing all of the above, you still find that something is not right on your computer - e.g. search results are being hijacked - then your only option to clean up is to get expert help for your individual case.

Download and run HijackThis:

http://free.antivirus.com/hijackthis/

Read the FAQ of HijackThis from the above link. Once you have saved your HijackThis log, upload it to the following forum to get help from a techie:


Note: Please read the instructions carefully before posting to the above forum

If you want to quickly scan your HijackThis log using a web-based automated tool, use this:

http://hjt.networktechs.com/
Note: Use this for reference purposes only. If you don’t understand any of this, just get help from the bleepingcomputer.com forum linked above instead.

8. Re-install Windows

If you still have problems caused by spyware/adware/virus, do a clean re-install of Windows. Make sure to backup your product keys, etc. before doing a clean install. There are freeware tools that will extract keys from existing installations on your computer. One such tool is:

9. Start a thread in GQ
If you believe that the solutions listed above do not apply to you, or you have attempted them and have further screwed up your computer, or if you are unsure about how to proceed, feel free to start a new thread in GQ.

10. Start a thread in the Pit
If you just can’t take it anymore, rant about it.

11. Other useful software
Download and install Ghostery and set it to auto-update the blacklist.

This site contains an exhaustive list of the best free software for Windows, including Firewalls, Disk Deframenters, System Utilities, and other software to optimize your computer:

12. Backup Backup Backup
I cannot stress enough on this. Anyone who has lost data in the past will tell you how important this is. External USB hard disks are available for under $100 these days, and allow you to backup your entire computer.

My favorite backup software is Acronis TrueImage. It’s not free, but totally worth the money:

www.acronis.com

Another favorite is Dropbox. Download and install it, and set your important folders to backup directly to Dropbox.

Other free backup software options are reviewed here:

Note: This post will be updated from time to time. If you have general computer questions, or solutions to common problems, that you think will be of help to others and should be included in this thread, feel free to add it below. Some of the posts from this thead that contain useful info may be copy/pasted into the OP. Some posts may be deleted to keep this thread useful.

Thanks for reading.

-xash

If you wish to discuss this thread (rather than add info to it), feel free to do so in this related ATMB thread:

Where’s the “Read this before posting a computer problem” sticky?

Lifehacker’s guide to protecting yourself from drive-by browser malware attacks:

Link

I would like to suggest the new Microsoft Security Essentials as a free AV solution. Ars Technicia and Cnet like it.

I have to caution about the recommendation to use TeaTimer, though. It relies on the user’s experience to make correct decisions to a far higher degree than other active protection programs. If you’re going to use TeaTimer, though, I must emphasize that you should not get into the habit of clicking “deny” without reading the dialog, especially if it popped up right after you made some change in an existing, legitimate program. I’ve known users who click “deny” every time TeaTimer pops up, regardless of what prompted the check. And, like any other active protection program, you shouldn’t run two simultaneously.

Sometime in mid-Dec., as a result of having picked up some awful thing or another, I was following the directions given in the previous iteration of this message, when my computer failed.

It would not start in Safe mode. After that, it would never start again.

So, before following the steps given, be sure you know what you are doing. I didn’t, and I deeply regret it, as I’m typing this from my old, slow computer, and I’m looking at paying somebody a lot of money to “wipe” my computer. Then I will have to install all my software again, which laborious as it is will be the easy part. The hard part will be finding all that stuff. I have some of it, but a lot of it is residing in a box somewhere in my garage. Hopefully, I labeled the box, because there are about 500 of them out there.
Note that as I was doing them in order I had already done #2, so I didn’t really lose anything important, except I’m anticipating about 40 hours of MY TIME.

You need something for 3 different kinds of people. Knows binary, doesn’t know binary, doesn’t know shit about computers.

And the recommendation for person no. 3 (or would that be no. 11) would be: Find somebody who knows what they’re doing!!!

I saw the sticky, and I noticed that the malware scanner programs will not be able to automatically update their definition files in Safe mode. Most of the time, doing so offline is quite painless, and I wonder if we might should instruct people to do that.

Here are the links I found doing a quick Google Search. All you do is run the update installer after you install the program, but before you run it and do a scan.

[ul][li]Malwarebytes updates (EXE file)[/li][li]Spybot updates (on the main download page.)[/li][li]SuperANTISpyware updates[/li][li]Ad-aware update (a bit more difficult. Follow the second set of instructions near the bottom of the page)[/li][/ul]

I’m not sure about Ad-aware, as updating is a bit less painless. I don’t know if the average user would find it worthwhile. I also couldn’t find any for Panda Anti-Rootkit, and Trend Micro Rootkit Buster seems to always point to the latest version.

[1] First off, it appears there are quite a number of people that are getting this fake “XP Internet Security 2010” program on their computer. You guys are asking how to get rid of it when the real question you should be asking is why you got it on your computer in the first place.

Looking at various posts on the net, “XP Internet Security 2010” is NOT A VIRUS. It is a rouge program. This means that it cannot automatically install on your computer without you actually giving it permission to run. In my experience, it is usually the person in front of the computer that’s at fault for downloading and running these rouge programs because they don’t know any better. I know because I’m the family IT guy and I’m also a programmer. If you are really, really, really, really sure that you were “infected” at no fault of your own, I would like to hear about it.

These best overview of this rouge program is at http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010

[2] Now, onto the question of the “best malware defense”. I would like to say as a computer security enthusiast, that once you’ve had untrusted code run on your computer, it is best to nuke it from orbit with a reinstall of your operating system. There is an easy way and a hard way of reinstalling your operating system.

The hard way is to manually reinstall Windows and all your programs every time you think you’ve been infected with something. The easy way is if you made an image of your hard drive immediately after you installed your operating system and favorite programs, using a tool such as Drive Image XML (free):

With Drive Image XML, you store a fresh copy of your operating system on a external backup hard drive and when you think you’ve been infected, you just boot up from the external hard drive and your computer is quickly restored to when you first installed everything. A full restore will take on the order of 15 minutes compared to hours you could be spending trying to reinstall everything from scratch. The external hard drive will cost you about $50-$100 at your local computer store an can also be used to back up your data.

[3] Now, onto the subject of anti-virus programs. The important thing about anti-virus programs is to only choose ONE of them and let it update itself. Anti-virus programs should be install and forget. Don’t go overboard by installing multiple anti-virus programs, that borders on paranoia and there are better ways to spend your time PREVENTING bad things from happening. On Windows, without a doubt, the best anti virus program is Microsoft Security Essentials (free):

Install it and let it do it’s thing. Forget it is even there. Oh yeah, LEAVE AUTOMATIC UPDATES ON. DON’T FREAKING TURN IT OFF. You NEED updates for Windows and Microsoft Security Essentials updates itself through automatic updates.

[4] Now, for the most effective way of preventing unwanted “infections”: Changing your habits. On Windows, NEVER EVER RUN AS THE ADMINISTRATOR UNLESS YOU ARE DOING SYSTEM MAINTENANCE. Always run as the limited/standard user. If you don’t know what I just said, you are most likely running as the adminstrator with full privileges over your computer and I recommend you get someone to show you how to run as a limited/standard user.

[5] Upgrade to Windows Vista/7 for a better security architecture. Did you know XP is 10 years old? That’s ancient and software security has greatly advanced since then. Windows Vista/7 has UAC, which is a GREAT feature, no matter what your run of the mill techy friend might tell you. If they tell you to turn UAC off, I say get a new techy friend because he/she is not competent with computer security. Vista/7 also has other features like more thorough DEP, ASLR, and kernel patch guard.

[6] I recommend you get the Professional version of Vista/7 if at all possible because it has a great feature called the Software Restriction Policy. This means that if you are an idiot, you can get a techy friend to set up your computer where you cannot run any programs other than the ones that are protected and installed with the administrator password. I can’t stress how absolutely GREAT THIS FEATURE IS! It’s one of the ways of making a computer idiot proof.
[7] Keep your non-Microsoft programs updated with the Secunia Personal Software Inspector: http://secunia.com/vulnerability_scanning/personal/ This program scans your computer and provides you with a list of required updates. It is highly regarded by security enthusiasts.
[8] If you pirate programs, may God help you.

I find that one of the best ways to avoid malware is to use Firefox, or really any browser besides Internet Explorer, which really is a piece of junk. Firefox is definitely the best, with pretty much no security vulnerabilities. A simple piece of advice, but all too many people still use Internet Explorer, despite its vulnerabilities

You can get Firefox at mozilla.com

If you go with Firefox, make it even safer by using a couple of the security plug-ins. At minimum I’d recommend Adblock Plus and NoScript. Adblock Plus disallows ads (duh). NoScript prevents pages from running scripts, and also prevents popups. With NoScript you have to give permission to the sites for which you want to allow scripts/popups, such as your banking sites, but it’s totally worth it.

I have a computer question- Hope this is the right place. Is there a way to have the computer automatically shut itself down after no mouse activity for say 10 minutes. I have a “friend” who just leaves the computer and forgets to shut it down. It annoys me so I would like to know how to make the computer do this.

I missed the edit feature. How do I get a a “system 32” to stop going on the screen everytime I start up the computer. I’ve looked for ways to delete it, but can’t find a way.

If you’re using Windows:-

Right click on Desktop - Screen Saver tab - click Power Button.

Here you have various options to put computer to Stand By, Hibernate or Shut Down

:slight_smile:

When I have to reinstall windows I first
run some version of linux to format the drive
That way the drive is CLEAN.
No lurking virii hiding in some sector that windows cannot touch.
Then I install windows.

Uh… just get a Mac.

Done.

SH

Sorry - Macs, as smarmy as those ads are - have indeed had some virus activity as hackers are turning their attention in that direction. Maybe it’s that smug “Nyaa nyaa We don’t have viruses” taunting? As far as PC protection - I run Avast and also Threatfire (TF runs in the background and will not conflict with your main antivirus software). I found an article - PC Mag Best Freeware 2010 and it had a lot of good stuff.

Does the same go for Malware detection programs like Ad-Aware and Search+Destroy? Both protect actively (while browsing), AdAware with Ad-Watch Live, S+D as Resident and with TeaTimer, so it seems they might not work nicely together. MalwareBytes Anti Malware doesn’t seem to have an active component, it seems to be a cleanup tool after problems occur (and it seems to work very well!). Specifically, I’m adding Microsoft Security Essentials which also protects against malware, and I already have Ad-Aware running Ad-Watch Live actively.

I like your suggestion about Drive Image XML. When there’s a problem and you boot from the external drive, how does the operating system on the original drive get repaired? Data on the original drive (in My Documents and on the desktop) is unchanged?

I’m looking at UAC on Windows 7 on a new system. It seems like it allows you to have administrator privileges but to downgrade yourself to a regular unprivileged user (and add user privileges back whenever needed). If I’m running Windows XP on an older machine, is there anything similar I can do about an existing account which already has admin privileges? I hate to do all the work to essentially setup a new account with everything I’ve done to this account. Can I create a new admin account for use going forward and change the original account to a simple user? Can the original account be changed back to an admin in case it’s necessary?

Excellent advice. Noscript will default to disallow scripts universally so you will have to permit (either temp or permanently) them for each site you visit. But it only has to be done once for sites that you trust and it is easy to do from a rt click context menu.

I would also recommend

  1. flasblock - prevents flash from loading automatically
  2. lastpass - stores your passwords securely and logs you in to sites while bypassing the keyboard and thus defeating key loggers.
  3. Ghostery - identifies 3rd part web bugs on a page
  4. xmarks - sync bookmarks across multiple machines.

Another important safety measure is to set your email client - whether it’s run on your computer (eg, outlook) or is a web client (eg, gmail, yahoo) so that it does not automatically dl and display images. These are used to see if you have opened the email and can also be an entry point for phishing exploits and even malware.

I feel bad that I missed this. Someone created a third party UAC-type program for Windows XP before Vista/Win7 even came out. The latest iteration is called SuRun.

Here’s an online guide to setting it up. It’s pretty simple, and I recommend it to anyone who is running Windows XP and can understand that article. It includes a link to the program.

I will make some alterations: you don’t need to create a new SuRunner account–you can use the account you’re already using. What you do need to do is make sure you have one Administrator account that you do not make a SuRunner. And you will have to install SuRun while you are an administrator.

If you now have two accounts instead of just one, and you want to make one account automatically log in, you can access a sometimes hidden Control Panel at Start > Run > “control user userpasswords2”. And if you want to hide the Administrator account from the login screen, you can get TweakUI, run it as an administrator, and go to Login, and uncheck the appropriate option.

Nasty new malware aromud.

My computer at work was so badly damaged that IT had to replace it.

The Mac is under attack! Again, anyway, but this time it’s a bit more widespread. Don’t Panic. It’s not that bad.

Turns out some entrepreneur has created a fill-in-the-blank malware generator for Macs, just like they have em for PCs. This malware Trojan is going under various names, such as MacDefender, MacProtector or MacSecurity. It does the usual schtick, trying to tell you your Mac is infected and getting you to give them your credit card number. It is NOT a virus in the purest sense of the concept, so it’s relatively harmless and won’t corrupt your computer at this point.

If you already have gotten the trojan, or want to read about it, Apple has issued a support page here that will help you understand and remove any malware that may have latched onto your Mac. If you aren’t sure what to do and are near an Apple store, a Genius can remove it for you for free. Just make an appointment first.

A few steps you can take to help yourself:

  • If you use Safari as your browser, open Safari> Preferences … And under the General tab uncheck the ‘Open “safe” files after downloading’ check box. This will prevent the malware from attempting to load itself if you accidentally download it.

  • NEVER install or allow to be installed a program you are unsure about (goes for Mac and Windows). If something pops up and asks for your password without you being sure what it is, it’s safest to say No (or “Deny” or “Cancel”) and ask someone later.

  • Consider any messages that pop up stating your Mac as being infected with viruses as a hoax, then deny, quit or force quit Safari or whatever browser your using to get away from it.

  • You really don’t need any anti-virus software on your Mac if you take these precautions. If you want to get something, anyway, try Sophos as they have a free version available.

Apple says it will be issuing an update soon that will attempt to prevent these malware attacks. We’ll see.