Thursday, June 23, 2011

10 Steps: Removing Spyware/Malware/Adware from a PC

To completely remove spyware from a PC can be very difficult. Most spyware like malware propagates in many different locations i.e. registry, files, system and folders and removing all the erroneous files can be a challenge.
In some instances spyware software will disable antivirus, firewall and other well known
security software as well as create fake BSODs. Some may even remove the Microsoft Windows Security Center and replace it with a fake one as well as hijack the browser and stop users from clicking on links to security websites. Worse still a PC may stop loading Windows altogether.
So you can see the difficulty in attempting to clean a PC. There are some simple steps to removing most spyware and adware – these are generic and provide useful guidance when identifying and cleaning spyware and self-replicating malware from a PC.

STEP 1:

Reboot PC in Safe Mode with Networking – always log as the same user that was previously logged in
with, in normal Windows mode*.

An analysis of the spyware threat and how to protect a PC

STEP 2:

Launch IE and from Tools>Internet Options>Connections tab click LAN SETTINGS and uncheck the
checkbox labelled Use a proxy server for your LAN.

STEP 3:

Download Process Explorer – iexplore.exe (or explorer.scr) – use this program to look for processes
linked to the rogue program you have installed. Rename the iexplore.exe or winlogon.exe installers.
Alternatively download and use AutoRuns from SysInternals (you can also run this from removable
media).

STEP 4:

Check the hosts file and if it has any entries other than 127.0.0.1, comment them out –notepad
c:\windows\system32\drivers\etc\hosts**.

STEP 5:

Download Malwarebytes Anti-malware – if this doesn’t happen then download both the program and signature update database from another PC and install on the infected PC using removable media.

STEP 6:

Then download Spybot S&D and Spyware Doctor.

STEP 7:

Reboot the PC in Safe Mode again and in most situations the malicious files have been removed. Download/update the antivirus and firewall and any other security products on the PC.

STEP 8:

Run a full scan not a fingerprint scan and then reboot the PC.

STEP 9:

Download and install CCleaner and click the Registry tab to run a registry clean – don’t forget to make a
backup of the registry.

STEP 10:

Download and install NovaShield Anti-malware software – this program uses the OS Kernel to monitor any file; registry; process and network changes. This program will work alongside your existing antivirus and firewall software.

* Sometimes the Safe Mode is disabled by the spyware/malware – this happens because the malicious file has deleted the Safeboot registry keys. It is possible to merge a reg file with the missing Safeboot entries to re-enable Safe Mode.

** Spybot S&D inserts entries into the host file – as long as the host file IP address is 127.0.0.1 then all should be ok. According to Spybot S&D these entries (which can be in their thousands and is known to affect browser performance) are inserted as part of the immunization process.


Did you know?
Antivirus software actually makes silent calls to servers to check application status/virus definition updates and some collect operating system data. The malicious spyware will continue to be a threat. Expect spyware authors to develop more cunning ways to deliver spyware as part of a malicious payload. The attack vectors will include looking for vulnerabilities in Java, Microsoft Windows, website browsers, Active X, and sending users to IFrame websites (can be done from links in search engines) just to name a few.

By the way
You can make some extra $$$ with this guide

1 comment:

Anonymous said...

How do you make $$$ with this guide?