- Joined
- Nov 12, 2002
- Location
- Rootstown, OH
Original Article
I wrote this for the frontpage, and I think many of you are already familiar with it, however since Newbie_Doo has recently made it clear that this is the official forum for malware trouble, I wanted to post it here...
I wrote this for the frontpage, and I think many of you are already familiar with it, however since Newbie_Doo has recently made it clear that this is the official forum for malware trouble, I wanted to post it here...
Overclockers.com said:Malware Warfare – A Step-By-Step Infantry Training Camp
***Disclaimer: Take note that the intended audience for this guide is the techno-geek. Those less geek than myself may find the following instructions somewhat obtuse, but I am assuming that expending my efforts on anyone less geek than myself is likely working towards a lost cause. Joe Sixpack doesn't know or care about the malware infecting his system, at least not until it doesn't turn on anymore – and at that point, he'll bring his system to the techno-geek with wallet in hand***
Does the computer you know and love have the malware blues? How about your “PC-savvy” friends or family – you know the ones who figured out how to use ctrl-alt-delete and believe they know whats good for their computer?
When it comes time for a good old-fashioned passionate PC ***-whooping, your best to not step onto the field of battle without the proper arsenal at your disposal. How best to beat the odds when your outnumbered by these techno-nasties?
Call in the reinforcements – pay a visit to the OC Forums and let them make sure you are getting the following procedure correct – there's no reason to go in alone as the people there are a welcoming and extensively knowledgeable group.
Required Software – Go to MajorGeeks and Download, Install, and Update all of these:
Mcafee Stinger
CWShredder
Spybot Search and Destroy
Lavasoft Adaware
SpySweeper
HiJackThis!
SpywareBlaster
jv16 Powertools
___________________________________________________
Procedure:
Disable System Restore and reboot into Safemode.
- Step 1: Clear all temp files.
Clear internet and system temp files, along with cookies files.
- Step 2: Run Mcafee Stinger.
This step has the potential to detect and remove 40+ viral attacks and all of their known variants from your computer. It is a good standalone program that is quick to find common infections.
- Step 3: Run the Online Virus Scan at Symantec Security Response.
On the Security response mainpage, you will find an image labeled Check for Security Risks. Click on that and choose to run the online Virus Scan. This is an extensive scan which will find all known virii hiding within your system. Removal instructions are available on site at Security Response if you search for the virus name – help is ready and waiting at OCF also.
- Step 4: Run CWShredder
This program is a sign from the heavens that we are not forsaken on this planet. The CoolWWWSearch/CoolWebSearch malware component is one of the hardiest, nastiest nasties around. This program automatically finds and fixes a CWS infection, seemingly effortlessly... Doing this manually would not only require some extensive education as to the nature of this beast, but a single mistake could bring down your system as CWS has its claws hooked into some vital system components. Be thankful for this tool, and be certain to run its latest version as CWS seems to constantly be released in new variants.
I want to re-emphasize how important it is to download and run the latest version of this software... Any battle waged against Malware without this utility in hand is fated for defeat. CWS is tremendously common, and this is THE tool to remove it. (The semi-final release of this software is from 6-28-04)
- Step 5: Run Spybot Search and Destroy, Lavasoft Adaware, and SpySweeper.
Run these programs, one after the other, finding and removing everything they find. If you need help on specifics in doing this, visit OCF... These programs are fairly intuitive and self explanatory however, so you should have no problem. It is known throughout the online community that each of these programs all can potentially recognize malware which the other two programs may miss – so yes you should run them all.
- Step 6: Run HiJackThis.
This software application creates a log file which outlines what is going on behind the scenes of the system and can remove problem entries. This is the trickiest part of this article as it may be hard to recognize problem entries – once again, visiting OCF for assistance here would be wise. Take a look through and remove only things you are certain should be removed – this tool is a powerful weapon in this battle and it has the potential to cause serious damage if wielded incorrectly.
- Step 7: Run SpywareBlaster.
This application has protection schemes for common vulnerabilities within IE and Firefox, and it also protects the computer from restricted sites which are known to cause problems. It will not protect you from the computing catastrophe which is Joe Sixpack, but it will ease the pain and make up for any accidental deviances you have from techno-geekdom.
- Step 8: Run jv16 Powertools
The registry cleaner in this package does the best job of any application I have come across and comes with other powerful features also. Running this can remove many errant or no longer valid entries from the windows registry. A popular alternative to this is RegSupreme, but I prefer jv16.
- Step 9: Run a HDD Defragmenter.
I believe diskeeper to be the best, however the windows defragmentation utility will work fine on a client's system. Running this often gives them a performance difference they can feel after you've worked on their system, and setting up a defragmentation task can keep their disk in good working order in the future.
- Step 10: Run Services.msc from the run prompt.
Tweaking the systems service configuration can free up suprising amounts of RAM – 40 MB's more of available ram in a system with 512MB RAM is not unheard of. This will also make the users performance appear much better.
A great site for referencing in this respect is www.blackviper.com as he has a feature called Windows Service Configurations which explains and outlines what is safe to disable and what is not. Here is a quick breakdown of services you can disable - Alerter, Error Reporting, Human Interface Device, Messenger, Remote Desktop Helper, Remote Registry, Telnet, WebClient, and Wireless Zero. Be sure to disable messenger as this service can be responsible for receiving pop-ups, and it is never used for its intended purpose (this service has nothing to do with MSN).Reboot normally and re-enable system restore if you wish.
- Step 11: Tweak windows configurations
After right clicking on my computer, go to advanced tab, then performance settings, set XP to best performance and then recheck “use visual styles” to preserve appearance.
Set the pagefile to a custom static size by setting min and max to equal values and be sure to click on the “set” button to apply those settings.
Schedule automatic windows updates while you are here and tell it not to ask, but just install.
Change their browser homepage to something useful like google if it is at a default setting.
Run devmgmt.msc from the run prompt and ensure system devices are using the latest drivers.
Go to control panel>Add/Remove Programs and “slap anything that looks as shifty as a politician in a sorority house.”
Consider setting up a schedule for antivirus, defragmentation, and spyware scans.
Consider installing/discussing a better firewall application for the user, like BlackIce.
___________________________________________________
Conclusion:
Each one of these applications are essential to waging this war – if any one of them are overlooked or not included, a major component is being left out. Steps 6 thru 9 may not directly involve malware solutions, but they will give the end user a tangible improvement which will help to get them cooperating with what you tell them they need to do.
After running them, task manager and msconfig should be checked to confirm they are free from any abnormalities. For systems running anything aside from windows 2k or XP, walk to any top floor window and just toss them out – the user's computing experience, from this point-in-time forward, will be a far more positive one.
Another closing point of interest - Running Mozilla Firefox is a good alternative to continually trying to fix IE vulnerabilities – it isn't susceptible to BHO's and ActiveX controls the way IE is, and it makes popups history.
Keep in mind that switching from IE to Firefox is a functional solution, but its a lot like putting a band-aid on a bullet wound – its not fixing the problem, its just covering it up. It can be a great alternative to use when waiting for an application update to include a detection for a new variant of Malware infection that isn't currently recognized, and I have used this for clients in the past.
Ultimately, there are many malware problems which require personal attention to resolve, much like a virus can... I would not install any program not on my list here as many anti-malware programs themselves come with infections, or adware – so just installing everything and running it is a VERY poor option. Which brings me to my next point - often times, in particularly difficult malware situations, it is necessary to consult a group of knowledgeable peers...
I can't fully impart to you just how important of a role OC Forums has played in my techno-geekness and solving issues for me in the past. Stop by and introduce yourself, and let us help you solve any problem you may have!
___________________________________________________
Acknowledgements to the OCForums members who have contributed to this information, especially Wedo and Kendan, amongst countless others.
Last edited:
, and btw, cool avatar 
