Something I'm working on for the clients at work. Maybe someone here will find a use. It's available as a Word document if you want something easier to read.
_________________________________________________
Nothing in life is free.
The same holds true for the internet. That really cool card game or those neat screen savers and wallpapers that you just downloaded also dropped some spyware on your PC, if you were lucky. If you were unlucky, they dropped a file capable of gathering all financial data on your PC and transmitting it to those great people in the Balkans so they can jump start their economy. Or maybe they’re recording all your keystrokes and sending your accounts and passwords to Russia with love. Short of disconnecting from the internet, there are a few things that you can do.
First you have to get rid of the junk then you have to protect yourself from catching it again. Let’s talk about getting rid of it first. (Note: Some of the steps taken to get rid of spyware can disable your operating system. Be sure you have your OS CDs handy. If you’re using Windows XP create a restore point.
To create a Restore Point in Windows XP:
1.Click Start, Programs, Accessories, System Tools, System Restore.
2.The System Restore window will appear. Chose Create a Restore Point and click the Next button.
3.Next, you will be given the opportunity to create a name for the Restore Point. Type in the name and click create.
Preparing to clean up (read this entire section before attempting any of these procedures)
Now that that’s done, open up your browser and go to
http://www.download.com and download the following applications:
Adaware 6.0
SpyBot
These are shareware applications and will work to clean the system to a point. If you purchase either one of these you will gain the use of all the features of the applications.
Another good one and one that I recommend is Pest Patrol. This can be found at
http://www.pestpatrol.com. The cost is $39.99 for home users but it is well worth the price.
Now that you’ve downloaded the applications, install them. After they are installed, open each application individually and run the updater. This will make sure that you have the most current spyware database for the application. When finished, disconnect from the cable/dsl modem and restart your computer in Safe Mode. This is done by pressing the F8 key while the PC is booting up before the Windows splash screen appears. If the Windows splash screen appears just restart and do it again. If you’ve never done this before you might have to press the F8 key several times to get it to take. If you are successful, you’ll get a DOS menu. At the top of the list you should see Safe Mode. Regardless of where it is, highlight Safe Mode using the up and down arrow keys and press Enter. Once the boot process is complete you’ll see the windows desktop. Don’t worry about what the video looks like.
The Cleaning Process for XP and 2000
First we’re going to do a little manual cleaning. Open up My Computer and double click on the C drive.
1. Look for a file that ends in .XML. If you see it, delete it. It shouldn’t be there.
2. On the Drop Down menus at the top of the window click on Tools, Folder Options, View. In the new window look down the list and click the button beside Shall All Files. Then exit by clicking OK on all the windows.
3. Open up the C drive again, if you just closed it, then open up the Windows Folder. Then open up the folder called Temps. Delete all the files in this folder.
4. Close these windows until you are viewing the contents of the C drive.
5. Open the Windows folder. Look for the Temp folder and delete the contents of the folder. Navigate back to the Contents of C.
6. Open the Documents and Settings Folder
7. Open the folder that is named the same name that you use to log onto the computer. If you don’t have to login open the Administrator folder. Open the Local Settings folder.
8. Next, open the Temp folder and delete all the files out of it.
9. Open the Temporary Internet Files folder. Delete the files in this folder. Sometimes login information is stored here for things like web forums, and web sites that require a log in and password. Unless you want to go through every file and delete them one by one, delete everything. You’ll just have to enter an account and password for the web forum you go to all the time.
10. Open up Internet Explorer. Click on Tools, Internet Options, Settings, View Objects. These are application plug-ins like Flash Player, Real Player, etc. If any are listed as “unknown” remove them.
When finished, close all open windows. Look on the desktop for the Adaware icon. Double click the icon and run the application. It could take 15 or 20 minutes to run.
Next, do the same with Spybot. There’s a good chance that Adaware will get everything but it never hurts to be sure.
Now that you’ve gotten rid of the registry entries and cookies, we’re going to get rid of the applications themselves.
Open up the Control Panel then double-click the Add/Remove Programs icon. It’s time to remove some applications. Look for any of the following and remove them:
• EBates
• GAIN
• Golden Retriever
• IGetNet
• IPinsight
• King Solomon's Casino
• MyWay Speedbar
• NetPalNow.com
• Purity Scan
• Sidestep
• Webhancer
• Sidesearch
These are just a few.
Now go through the applications and make a list of the ones that you don’t know what they do. (Did that make sense?) If you’re sure that you didn’t install them and know that you don’t need them, remove them. If you’re not sure, look them up on the internet. If you take the second option there’s a good chance that you’ll have to go through this process again.
If at anytime you are prompted to reboot the computer DON”T DO IT! If you reboot before you uninstall these apps you’ll have to start the whole process over again. Sometimes this can’t be avoided. If the PC reboots its self during the process make a note of the application you were uninstalling when it happened. Next time do it last.
Once you’ve made it through all this you should have a clean PC. Now we need to keep it that way.
Keep from getting re-infected
1. I highly recommend purchasing Pest Patrol or one of the others. The shareware version is okay for removing the pests but the full version will help keep you from getting re-infected again.
2. Tighten up the security settings on you browser. Set it up so that you are prompted to download plug-ins and read the agreement carefully.
3. Don’t use any file sharing software. Using Kazza and other file sharing services is like giving a thief the keys to your house.
4. Read the agreement before you download something. NOTHING ON THE INTERNET IS TRULY FREE!
Make informed decisions.
Linear Mode
