Saturday, October 13, 2018

Spyware - Out you Go!

A overview of basic steps to clean computers from most spyware infections. Even though spyware is mutating at a tremendous rate, this strategy of attack will remain viable for quite some time, although some of the minor details will change slightly.

 Despite top of the line antivirus and antispyware protections in place, the spyware creators are still able to create items that get through the filters and cause infections. (But that’s not what this article is about). The most common methods of infection are still infected attachments to emails and “drive-by” hits from websites while browsing the Internet. (But that’s not what this article is about either). Having watched the evolution of some of these infections over the past couple of years, I’ve found a couple of tricks that work on many of these infections. That’s what this article is about: revealing a plan of attack that can eliminate most of these spyware infections.


First, the tools you will need:

Combofix – This free application combines several different cleaners and is updated frequently. Make sure you grab the latest copy. It can be downloaded from bleepingcomputer.com. I usually do an Internet search on “download combofix” and it pulls up as the 1st or 2nd hit.

Malwarebytes Antimalware – also known as MBAM. Another free download available from many sources, including www.download.com.

The operating system’s system recovery CD. This may be the Installation CD for some OS’s (like Windows XP). It doesn’t have to be specific to this computer, as long as it is from the same OS.


That’s all you need. Go ahead and collect them. I’ll be here when you get back.

I didn’t mention that you also need an infected computer to clean, but I took a guess that you knew that already. Depending on the severity of the infection, you have several steps. I’m going to start with the simplest solution, and then get more difficult. Before you get started, keep in mind that spyware evolves all the time and what works now may not work in 6 months, but the basic strategy outlined below should be effective for the foreseeable future. Finally, although I offer these steps as a possible method for cleaning the spyware, keep in mind that it is still your computer. I take no responsibility for any damage caused by the spyware infection or your attempts to clean it up.


Scenario 1 – Computer still works, even though infected.

If you can get to a desktop and run programs, you can often clean the computer before it gets more severely infected.

1. Copy Combofix to the computer and run it. Combofix will check for Windows System Recovery and install it if it is missing. You want to allow it to do that, and it will need Internet access to do do. When it is done, it may also want to reboot to finish cleaning up. You want to do that too.

2.Install MBAM and update it (the pattern files update every couple of days, this is critical). Then run a full scan. It takes longer, but it doesn’t skip other user profiles, where some infected files might be residing.

3. Continue to run MBAM until it comes back with zero infected files. If you repeat the scans and see the same files over and over, you should have enough control of your computer at this point to research those infections and take specific action against those files.

4. Finally, you can repair any specific damage caused by the infections.


Scenario 2 – Normal boot doesn’t work, the Internet is blocked, or you can’t run programs.

Quite often these days, the infection will block your access to your desktop, or prevent programs from running, or reconfigure your Internet settings so that you can’t successfully run the spyware removal tools. Booting to safe mode quite often prevents the spyware from blocking you.

1.Reboot the computer

2.Press the F8 key about twice a second until you get the Safe Mode menu. Then select “Safe Mode with Networking”.

3.Once the computer boots up, you will have access to your Start Menu and can proceed with the steps from Scenario 1.


Scenario 3 – Safe Mode isn’t working

The trickiest solution is when the infection has blocked your access to the desktop in safe mode. In this case we have to reset a couple of registry settings to re-enable access to the desktop for safe mode to work. WARNING! This routine involves modifying the registry.

1. Insert the System Recovery CD in the computer’s CD drive.

2. Boot the computer from the System Recovery disk.

3. Use the menu to open a command prompt.

4. Run the registry editor from the command prompt by typing regedit.exe.

5. Hightlight HKEY_LOCAL_MACHINE, click on File menu, then Load Hive

6.  Browse to the Windows\System32\Config folder on your system drive (It probably will not be labelled the C drive in Safe Mode) and open the Software file

7. Back in the registry, browse to Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Shell under the loaded hive.

8. Remove everything listed there, then add back in Explorer.exe (Anything else you see here was added by the infection)

9. Close the file and power off the computer, then Proceed with the steps in Scenario 2.


Because Windows always checks that registry key when it boots, it will now use the built in Explorer you are used to using, allowing you to proceed with the rest of your cleanup without too much difficulty. I

f none of these techniques work, you can always check back with us to see if new techniques have been developed.




ABOUT THE AUTHOR 

Alan Crowetz brings a wealth of knowledge to InfoStream, including experience in accounting, communications, desktop publishing and troubleshooting among other skills. As the company's President and CEO, he utilizes these abilities to not only review client computer and networking systems, but also to design solutions and educate clients on alternatives: http://http//www.infostream.cc/why-infostream/

Sunday, September 30, 2018

How To Avoid And Remove Spyware

To avoid spyware and have high levels of Internet security, make sure you know what you download, install, or run on your system.With your passwords and account information it is possible that spyware can leave you broke and the victim of identity fraud.

Spyware has become one of the biggest Internet security problems around. Spyware can cause many problems on your PC, and possibly in your life as well. These programs can be prevented many times by carefully reading any agreement before marking the box. Be wary of any fine print, and make sure that any agreement you mark has been fully read and that you understand exactly what you are agreeing to. Some spyware programs will download to your system without any warning or prompt. Spyware runs in the background, using up a large number of resources and slowing down your system. Some of these programs can access passwords, sensitive financial data and records, and even access your bank accounts and other personal financial institutions. With your passwords and account information it is possible that spyware can leave you broke and the victim of identity fraud.

To avoid spyware and have high levels of Internet security, make sure you know what you download, install, or run on your system.This is crucial. many times games you buy will contain some benign versions of spyware that can contribute to pop up ads and other adware programs. Always research any game or disc before you run it or insert it into your system. Use a search engine to verify what the disc contains, besides just the game. If your system starts running slow or experiencing a wide variety of failures, the problem could be some type of malware program. The same is true if you see pop up or pop under advertisements frequently, or your computer freezes up and must be restarted.

Preventing spyware means knowing exactly what is on your system, and only installing safe programs that are spyware free. Stay away from p2p sites for file downloads as well. Many of the files on these sites are safe and secure, but there are others which are infected with many different types of malware. Download drive bys are becoming more common as well, where a legitimate site is hacked and a hidden code is inserted. This code downloads a spyware program from the hidden attacker owned site.

The best way to prevent and remove spyware programs are to use anti-spyware programs. These programs will run a full search on your system to identify any spyware programs or some other types of Internet security programs. When a program is identified by these programs, the anti-spyware software will remove the problem software from your system. There are many good anti-spyware programs available, but be cautious and research before you buy or download one.

There are a few programs that state they are for spyware detection and removal when in fact they actually contain spyware. Make sure that you check out any anti-spyware program thoroughly before you ever install the program on your PC, to ensure it does exactly what is advertised, instead of creating a bigger problem instead. This will help you prevent spyware and increase your Internet security.



By: Remy Na

ABOUT THE AUTHOR

To know more on spyware infections and if you want the best internet security tools do visit our site: http://www.webhacker.com/