My Tech Fundas: Tips and Techniques

If you own a computer and especially if you use it for browsing the internet, I’m sure you have had to deal with some sort of virus or spyware. They both cause problems with your PC and give you headaches. So what is the difference between the two? I’m glad you asked.

One of the main differences between the two is how you get them. Viruses are usually brought upon by files opened from e-mail attachments or transferred from other computers via floppy disk or CDROM. Viruses usually do more damage by deleting important files and spreading throughout your system or network and sometimes e-mailing themselves to people you know.

Spyware is usually brought upon by YOU going to shady websites and clicking ok to download programs which you should never do unless you know what you are downloading and know it’s safe. You can get spyware just by visiting a page and browsing around. Another way to get spyware is by downloading “free” software which installs the spyware along with it. Many times the software supplier won’t tell you that it is being installed as part of your free software. Visit our spyware page for more information on how to get rid of spyware - Spyware Removal and Information

How to Avoid Getting Viruses

There is no 100% effective way to avoid getting a virus except for leaving your computer off 24 hours a day. It is essential to have antivirus software installed on your computer and keep it up to date and do complete system scans periodically.

One of the most popular and effective antivirus software packages is Norton Antivirus by Symantec www.symantec.com. It’s easy to use and offers regular updates to the virus definitions. If you have a broadband connection that’s always on it will download and install the updates automatically. You can also schedule virus scans at the times you choose.

Another way to avoid viruses is to watch your e-mail carefully and don’t open e-mail from people you don’t know especially when there is an attachment. Learn to watch for files with .exe, .vbs, .scr or .bat among other file extensions on the end. Viruses can also spread through Word documents as well.

You should always scan disks given to you by other people before copying files to your computer. You never know what’s on somebody else’s computer! Most antivirus software has an auto protect feature which will scan files as you access them to hopefully catch the virus before its too late.

There is no 100% effective way to avoid getting a virus except for leaving your computer off 24 hours a day. It is essential to have antivirus software installed on your computer and keep it up to date and do complete system scans periodically.

One of the most popular and effective antivirus software packages is Norton Antivirus by Symantec www.symantec.com. It’s easy to use and offers regular updates to the virus definitions. If you have a broadband connection that’s always on it will download and install the updates automatically. You can also schedule virus scans at the times you choose.

Another way to avoid viruses is to watch your e-mail carefully and don’t open e-mail from people you don’t know especially when there is an attachment. Learn to watch for files with .exe, .vbs, .scr or .bat among other file extensions on the end. Viruses can also spread through Word documents as well.

You should always scan disks given to you by other people before copying files to your computer. You never know what’s on somebody else’s computer! Most antivirus software has an auto protect feature which will scan files as you access them to hopefully catch the virus before its too late.

Welcome to the Online Computer Tips virus resource page where will find helpful links to anti virus recourses that you can use to rid your computer of viruses and keep it clean.

Symantec Antivirus Center
http://www.symantec.com/avcenter/

Here you will find useful information about the latest virus threats and how to avoid them. You will also find virus software updates and removal tools as well as descriptions of what certain viruses can do to your computer.

Macintosh Users Virus Resources
http://antivirus.about.com/od/macintoshresource/

Useful information for all you Mac users out there.

About.com Antivirus Information
http://antivirus.about.com/

Provides updated news on the latest virus threats.

F-Secure Security Information Center
http://f-secure.com/virus-info/

Provides up to date virus information and fixes.

McAfee Virus Information Site
http://us.mcafee.com/virusInfo/default.asp

Provides virus information and removal tools as well as a virus glossary.

Trend Micro
http://www.trendmicro.com/en/home/us/enterprise.htm

Has a free online virus scan as well as a virus encyclopedia.

Zotob is a mass-mailing worm that opens a back door and exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability. It performs such actions as disabling the Windows Firewall, steals system information, transfers files via FTP, lowers security settings, and gathers e-mail addresses from the Windows Address Book.

You do not necissarily have to get this virus from an e-mail. The worm sets itself up as a service and runs on it's own.

If you are running Windows 2000, one of the symptoms of the Zotob worm is that your computer will constantly reboot.

It also uses its own SMTP engine to send itself to the email addresses that it finds. The e-mail may have one of the following subjects:

• *DETECTED* Online User Violation
• Important notification
• Security Measures
• WARNING: Your Services Near to be Closed
• You have successfully updated your password
• Your Account is Suspended
• Your Account is suspended for Security Reasons
• Your Password has been updated

There is a new MSN Instant Messenger worm that is starting to find it's way through the Internet and to the various organizations. It presents the user with a link in English stating "haha i found your picture!", and if your system supports other languages, it may appear in another language.

If a user clicks on the link included with the message, a copy of the Kelvir.HI W32.Spyboot worm is automatically downloaded to the users systems. The worm will then close security applications on the system and attempt to spread further via IM.

The Kelvir.HI worm affects computers running Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, and Windows XP.

The newer versions of Norton Antivirus enable you to have the program download and install the virus definitions automatically so you don’t have to remember to do it.

But if you need to install the updates on multiple computers, a computer without an internet connection or a slow internet connection you can download the update file and put it on a CD or other removable media. This way you will not need to download it on every computer.

You can go to the following link to download the update file. http://securityresponse.symantec.com/avcenter/defs.download.html

From here all you need to do is select your version of Norton Antivirus and click on the Download Updates button. It will then take you to a page where you can click the link to download the appropriate file. The Norton Antivirus update is an executable file that you simply double click and let it do the rest. It will display a conformation message when it completes successfully.

There are many viruses out there and they do many different things. If you were wondering what virus does what then you can use the following links to find specific information about a particular virus.

• CIAC Virus Database (No longer maintained)
  http://www.ciac.org/ciac/CIACVirusDatabase.html
• Computer Associates - Virus Encyclopedia
  http://www.cai.com/virusinfo/encyclopedia/
• F-Secure Virus Info Center
  http://www.f-secure.com/vir-info/
• IBM antivirus research
  http://www.research.ibm.com/antivirus/
• McAfee - Virus Information Library
  http://vil.mcafee.com/
• Panda Software - Virus Encyclopedia
  http://www.pandasoftware.com/library/
• Proland Software - Virus Information
  Viruses
  http://www.pspl.com/virus_info/
  Trojan Horses
  http://www.pspl.com/virus_info/trojans
• Sophos Virus Information
  http://www.sophos.com/virusinfo/
• Symantec AntiVirus Research Center
  http://www.symantec.com/avcenter/index.html
• Trend Micro - Virus Encyclopedia
  http://www.antivirus.com/vinfo/virusencyclo/default.asp
• Virus Bulletin - The Project VGrep Home Page
  http://www.virusbtn.com/VGrep/

Attachments - Files added to an outgoing email and downloaded with an incoming e-mail

Blended Threat - Combines characteristics of viruses, worms, Trojan Horses, and other malicious code with server and Internet vulnerabilities to spread itself.

Boot Sector Virus – A virus that affects a section of a floppy or hard disk that contains operating system. Each time you start your computer with an infected disk, the virus can spread

Bug - A programming error in a software program that can have unwanted side effects such as security issues.

Client computer - A computer that runs a client program.

Disabled - A status indicating that a program, job, or scan is not available.

Distribution - Measures how quickly a threat is able to spread.

Download - To transfer data from one computer to another. Usually over the internet.

Encrypted Virus - A virus that uses encryption to hide itself from virus scanners.

Exploit - A program or technique that takes advantage of a vulnerability in software to attack its host.

Heuristics - designed to detect previously unknown viruses based on known virus attributes or characteristics.

Hoax – Hoaxes usually arrive in the form of an e-mail designed to tick people into thinking there is some sort of security risk.

Intrusion Detection - A service that monitors system events used to warn about unauthorized system access.

Macro virus - A virus hidden within an application that must be executed in order to execute the virus.

Master Boot Record - The first logical sector on a disk containing the partition table and master boot loader.

Network – A number of computers connected together to share information and hardware.

Payload - The malicious activity that the virus performs to the host.

Payload trigger - The condition that causes the virus to activate its payload.

Polymorphic Virus - A virus that can change itself when it replicates to avoid detection.

Port - An interface through which data are sent and received.

Quarantine – A way to isolate files that may contain a virus so that the files cannot be opened or executed.

Threat assessment - The severity rating of a virus.

Trojan Horse – A virus that portrays itself as something other than a virus upon execution.

Upload - To send a file from one computer to another.

Variants - New strains of viruses that use some of the code from other viruses.

Virus - program or code that replicates itself onto other files and can affect many different things such as other program, files, documents etc, and cause various degrees of damage.

Virus Definitions - Software that identifies viruses by checking files against a profile of each known virus.

Worm - A program that makes and distributes copies of itself

There is a new form of virus/malware making its rounds recently. Its called Mywife.E@MM. It is also known as Nyxem, Blackmal or Kama Sutra worm. It comes in the form of an attachment in an e-mail most likely as a zip file and if the recipient opens the file, the malware sends itself to all the contacts that are contained in the system’s address book. It can also spread itself through network shares if they have blank administrator passwords.

This virus has the capabilities to destroy documents on the 3rd of every month. It may modifies or deletes files and registry keys associated with certain computer security-related applications. This prevents these applications from running when Windows starts. The worm adds data to the registry so that the worm runs each time Windows starts. It can destroy all files with the following extensions by overwriting the file:

*.doc, *.xls, *.mdb, *.mde, *.ppt, *.pps, *.zip, *.rar, *.pdf, *.psd, *.dmp

Removal instructions:

Manual Recovery

Symantec's web site offers visitors a place to see the latest virues (threats) on almost a daily basis. It provides detailed information including information on such things as:

• The category rating of the threat
• Name of the threat
• The day on which the threat was identified
• The day on which a virus definition was added to protect against the threat.
• They also provide a link to thier online database for non recent threats.

McAfee now offers a free online virus scan to anyone with an internet connection. All you need to do is go to the site here and let it download an ActiveX control to you computer and install it. You will then have a choice of what you want to scan. You can pick your hard drive, My Documents or just Windows files.

The scan will run and will display what files are being scanned and how many threats it has found. It will also show a list of infected files. Just make sure to disable any your anti virus programs auto protect before doing the scan and don't forget to turn it back on when finished. The scan will take about 30 minutes depending on how many files you have and what type of scan you run.

When its completed it will give you a status report about what it found or didn't find including the number of files scanned.

If you are looking for a quick, easy and free way to scan your computer for virues then check out this section on free anivirus tools and online scans. Some you will need to download and others you can run online. Check them out and see which works the best for you.

Panda ActiveScan
Free antivirus utility that works within your browser to scan your hard drive. Click here to go to run the scan.

Avast! Home Edition v4.5
Avast! Home Edition doesn't just scan your hard drive from time to time, it attacks viruses at their preferred points of invasion. This antivirus program uses resident protection for real time protection from the viruses that would board your pc. Click here to download.

AVScan
Scan for more than 8000 virus signatures. Click here to download.

Symantec Security Check
Scan for viruses with this free online tool. Scan for Viruses will detect known viruses and Trojan horses. It won't fix the infected files; to do that, you'll have to install Norton Anti-Virus.Click here to run the scan.

HouseCall
Scan and eliminate viruses with this free tool. It will show the name of the virus so you can find out more about it, clean the virus, or delete the infected file. Click here to run the scan.

ViruSafe Web
Scan your downloads and e-mail. Click here to download.

F-Macro
Search for and eliminate macro viruses in Word and Excel 6.x and 7.x documents. Click here to download.

Kaspersky Labs offers free downloadable virus tools for a wide variety of modern viruses. All you need to do is go to the site and find the virus you have and see if there is a tool to fix it.
They also offer free trial versions of their antivirus and firewall software for home and business use. Plus they provide up to date information on current virus and spyware threats.

The Dept of Homeland Security is urging Windows users to apply a patch to protect themselves from possible worm attacks. “Attempts to exploit vulnerabilities in operating systems routinely occur within 24 hours of the release of a security patch” said a statment from the Department.
There is a flaw in the Server Service function of Windows which affects all versions of the operating system after Windows 2000. A buffer overrun could open up a remote code execution risk that could result in your system being taken over by an attacker. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Unpatched systems run a serious risk of being infected by a worm attack. The US-CERT recommends that users make sure their antivirus software is installed and updated, and that they are using a firewall. Additionally, it recommends you don’t open e-mails and attachments from unknown sources.

Windows Live OneCare safety scanner is a free service designed to help ensure the health of your PC. All you need to do is download and install the software and run the scanner. It will scan your computer for viruses and adware, clean up unneeded files on your hard drive, check your disk to see if it needs to be defragmented and check your internet connection for open ports that may be a vulnerability.

PC Safety Scan Features

Fix specific PC issues
Use the full service scan to check everything. To help fix particular problems on your PC, turn to the individual scanners below.

Protection Center
Use the protection scan to check for and remove viruses, spyware, and other potentially unwanted software and to find vulnerabilities in your Internet connection.

Clean Up Center
Use the clean up scan to find and get rid of unwanted stuff on your computer that might be slowing it down.

Tune Up Center
Use the tune up scan to see if you should defragment your hard disk to help improve performance, and then let us do it for you.

The PC Safety Scan Process

The installation process.

The Virus and spyware scan

The registry scan

The scan results

The repair process

The scan summary

All you need to do is go to the Microsoft PC Safety Scan website to downoad and run the scan

Symantec DeepSight Alert Services provide early warning of potential security threats. These warnings are sent to you via e-mail, SMS, phone, fax, or checking their website. You can use these warnings to be proactive against virus and security threats before they affect your computer or network.

DeepSight features

Symantec analysts review new vulnerabilities and research and monitor their exploits constantly. All the analysis and alerts are stored in the industry’s leading vulnerability database where users can conduct queries on the data.

Tracks vulnerabilities in more than 18,000 operating systems, applications, and technologies from 2,200 vendors

An analysis of every vulnerability and malicious code is provided along with

DeepSight Alert Services saves time and money by eliminating the need to dedicate valuable staff resources to search for and evaluate the latest vulnerability and exploit information from multiple sources.

Central administration for alert status consolidation, coupled with detailed historical alert information, means that administrators can analyze and generate reports on successes and failures in the security process

But at a price of $5000 you may want to implement this in your business environment!

More information

For a free solution you may want to check out Symantec’s DeepSight Analyzer.

Symantec DeepSight Analyzer is a free service that gives you the ability to track and manage attacks and incidents on your network. DeepSight Analyzer automatically correlates attack data from your firewall and intrusion detection systems, and offers customized reports through a web based console.

Symantec (makers of Norton AntiVirus) offer a free online service called Threat Explorer to make keeping track of the latest viruses easier. You can find out about current threats so you can stay one step ahead of them.

Symantec’s Threat Explorer is a resource for daily, accurate and up to date information on the latest threats, risks and vulnerabilities.

You can view by the latest threats, all threats, risks, vulnerabilities, and an alphabetical listing of threats. You can also search by keywords to find the information you are looking for.

It shows the date the virus was detected and the date it was protected against assuming you are using one of Symantec’s antivirus programs.

You can also view the latest known spyware, adware, hoaxes and other useful information using the Risks tab.

The Vulnerabilities tab shows weaknesses in computer operating systems and other software that you need to be aware of that may affect your computer’s or network’s security.

When you run LiveUpdate for Symantec AntiVirus, LiveUpdate displays the message "All Symantec products and components installed on your computer are currently up to date. Remember to check for new updates frequently." However, you are certain that more recent virus definitions are available from LiveUpdate

Verify that the Symantec AntiVirus service is started

New virus definitions that have been downloaded cannot be processed if the Symantec AntiVirus service is not started.

Delete the contents of the Downloads folder

The Symantec\LiveUpdate folder contains settings and configuration files for LiveUpdate and one or more subfolders. One of these folders is Downloads. In some cases, the files or subfolders in the Downloads folder may be damaged.

**Do not delete the Download folder itself, only its contents**

To delete the contents of the Downloads folder

1: Start Windows Explorer.

2: Click the View menu (Windows 95/98/NT) or the Tools menu (Windows Me/2000/XP/2003), and then click Options or Folder options.

3: Click the View tab.

4: Uncheck "Hide file extensions for known file types."

5: Do one of the following:

• In Windows 95/NT, click "Show all files."
• In Windows 98, in the Advanced settings box, under the "Hidden files" folder, click Show all files.
• In Windows Me/2000/XP/2003, uncheck "Hide protected operating system files." Under the "Hidden files" folder, click "Show hidden files and folder

6: Click Apply, and then click OK.

7: Browse to the Download folder. The location varies depending on the version of Windows:

• In Windows 98/Me, the location is C:\Windows\All Users\Application Data\Symantec\LiveUpdate\Downloads.
• If Windows 98 was updated from Windows 95, the default location is C:\Windows\Application Data\Symantec\LiveUpdate\Downloads.
• In Windows NT, the location is C:\Winnt\Profiles\All Users\Application Data\Symantec\LiveUpdate\Downloads.
• In Windows 2000/XP/2003, the location is C:\Documents And Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads.

8: Delete any files or folders that are contained in the Downloads folder.

In most cases, these will be Autoupdt.trg and Livetri.zip and maybe one or more folders. Delete them all.

Delete the Settings.LiveUpdate file

• Browse to the LiveUpdate folder. The location varies according to the operating system:
• In Windows 98/Me, the location is C:\Windows\All Users\Application Data\Symantec\LiveUpdate.

If Windows 98 was updated from Windows 95, the default location is C:\Windows\Application Data\Symantec\LiveUpdate.

• In Windows NT, the location is C:\Winnt\Profiles\All Users\Application Data\Symantec\LiveUpdate.
• In Windows 2000/XP/2003, the location is C:\Documents And Settings\All Users\Application Data\Symantec\LiveUpdate.
• In the LiveUpdate folder, delete the Settings.LiveUpdate file

Check the virus definitions for corruption (Symantec Antivirus Corporate)

Open My Computer or Windows Explorer and navigate to C:\Program Files\Common Files\Symantec Shared\VirusDefs and you will see files and folders similar to the following.

The numbered folders are named by date in the format YYYYMMDD

Check for the following:

• Temporary folders identified by a .tmp extension are indications of corruption.
• Any files in the Incoming folder are indications of corruption.
• Open the Definfo.dat file with Notepad and verify that the "CurDefs" value equals the most recent folder and that the "LastDefs" value equals the previously dated folder.
• Open the Usage.dat file and verify that the numbered folder heading inside the square brackets [ ] matches the folder referenced by "CurDefs"in Definfo.dat. Verify that there is a single square bracket.

Note: If you have other Symantec products running on the same system, there may be other entries in the Usage.dat file. It is important that all entries are under the same numbered folder heading.

Norton 360 from Symantec is a complete security, backup and tune-up service that automatically protects you, your data and your computer from online threats while carrying out your daily activities. This software package includes new functionality for automated backup of your important files and fraud protection during your online transactions. Norton 360 is provided as an annual subscription and automatically installs both definition updates and product upgrades

Norton 360 supports advanced rootkit detection and removal as well as real-time virus and spyware detection and removal. It also includes an auto protect feature which provides continuous monitoring of any files that are opened or executed to prevent viruses or malicious code from infecting PCs.

Some of the features of Norton 360 include:

Go to the Symantec website for a free trial of Norton 360

If you have the desire to try out the next edition of the popular Norton AntiVirus software then here is your chance. Symantec is offering users the chance to download and install a test (beta) version of Norton AntiVirus 2008. The new edition claims to not only detect and remove viruses but also block spyware attacks on your system. It also includes the new SONAR (Symantec Online Network for Advanced Response) technology which provides behavior based protection that can detect emerging spyware and viruses even before traditional signature based definitions are available.

The Norton AntiVirus 2008 beta is only available for Windows XP and Vista with the following minimum system requirements.

There is no technical support available for the beta version and it is not recommended that you install it in a production environment.

The Microsoft Windows Malicious Software Removal Tool checks computers for infections by specific malicious software such as Blaster, Mydoom, and Sasser and removes any infection found. After the scanning and removal process is complete, you can view a report of the outcome including which, if any, malicious software was found and removed.

Microsoft also releases an updated version of this tool on the second Tuesday of each month through Windows Updates. The version of the tool used by Windows Update runs in the background once a month and then reports if an infection is found. The manual Malicious Software Removal Tool can be run whenever needed by the computer user.

After you download the executable file you can double click it to run the program. For most cases you will pick a quick scan unless you want to scan the whole computer or have specific folders you want scanned.

After the scan is complete it will show the results. You can view detailed results if the scan found any threats.

If you want to see what the scan checks for you can click on the link that says View a list of malicious software that this tool detects and removes on the main program screen.

To download the Malicious Software Removal Tool click here.

Supported operating systems:
Windows XP, Vista, 2000, and Windows Server 2003

The Norton Add-on Pack is a free add-on for users of Norton Internet Security 2007 and Norton 360. This add-on includes features such as Parental Controls, Spam and ad blocker and Confidential Information Protection. These features are used to protect your children from inappropriate web sites and emails and control your confidential and personal information.

McAfee offers a collection of tools that can be used to perform tasks that are not commonly encountered during typical use of their antivirus products. Each tool was designed to solve problems caused by viruses or Trojans or to be used for data gathering for analysis of virus caused damage.

Some examples of the tools provided include:

McAfee Rootkit Detective - McAfee Rootkit Detective is a program that is used to detect and clean rootkits that are running on the system. A rootkit is a program or programs designed to take control of a computer system, without authorization by the system's owners or administrators. It enables an attacker to have "root" access to the computer, which means it runs at the lowest level of the machine.

SaveInfo – This is a utility to capture possible boot sector viruses. The tool saves the MBR, the first 2 tracks of your hard disk, as well as the last track of each partition and the last track of the physical drive.

DAT File Updates – DAT files (virus definition files) contain up to date virus signatures and other information that McAfee antivirus products use to protect your computer against virus attacks. You can download Beta pre-release, beta, or test versions of these .DAT files for use in emergency situations, to combat a virus or malicious code outbreak, or to provide a first level quick response to virus attacks.

Check out the McAfee tools page for more details and more tools.

94ak.com is a browser hijacker that can redirect Internet Explorer homepage to www.94ak.com. If your virus scanner or spyware software won’t find the infection and clean it automatically then you can perform the manual method.

1. Disable System Restore

Windows XP instructions

• Right Click on My Computer
• Select the System Restore Tab
• Check the Turn Off System Restore box
• Click Ok.
• A message “This deletes all existing restore points” will appear, click on yes
• Click Ok
• Make sure to turn on System Restore after you complete the removal process

Windows Vista instructions

• Click the Start Button
• Click Control panel
• Double click the System icon
• On the Left of the System properties window you will see a list of Tasks, click on the System protection link
• In the System Protection window remove the check mark from beside all your drives
• A message will now appear asking: 'Are you sure you want to turn System restore off'
• Click the Turn System Restore Off button
• Make sure to turn on System Restore after you complete the removal process

2. Reboot the computer in to Safe Mode with Networking Support

3. Download the Ewido Micro Scanner and perform a scan - Download Now

• It will download the updated Signature Database before scanning
• When the update is completed, disconnect computer from Internet by unplugging your network cable, disabling your network connection or turning off your modem or router
• Click Start scan to begin the scan and let it run
• When finished scanning, click Save Report because this will be used later as a reference when modifying the registry.
• Save the Ewido report on your Desktop
• Click Remove Infection to delete infected files. Do not close the Ewido Micro Scanner

4. Perform a Disk Cleanup

• Click on Start, All Programs, Accessories, System Tools, Disc Cleanup
• Let it scan for files.
• When prompted for files to delete, check all and click Ok
• Click yes to confirm

5. Delete/Modify any values added to the registry

• Click Start and then Run
• Type regedit
• Click Ok
• Navigate to the following key
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
• Delete the values on the right pane that are related to .exe and .dll files detected earlier by the Ewido Scanner. Use Ewido report as reference.
• Delete entries that contain any of these files:

• AVPSrv.exe
• TxoMou.exe
• LotusHlp.exe
• MsIMMs32.exe
• MSPrint32D.exe
• 35691M.exe
• upxdnd.exe
• SvTh.exe
• gjcsczc.exe
• swrcfac.exe
• rarjetl.exe
• sos.exe
• SSLDyn.exe
• ntuser.com
• cmdbcs.dll
• mszxaab32.dll
• FTCCompress.dll

• Close the registry editor when done.

6. End any processes that shouldn’t be running

• Press Ctrl+Alt+Del
• Click the Process Tab
• End any.exe and .dll processes from the files that were detected earlier by Ewido Scanner if present
• Also end any processes from the malicious files list from above

7. Search for and delete any malicious files

• Click on Start and then Search
• Click all files and folders
• Enter the malicious files filename on the All or part of the filename field.
• Click on Search
• If found, right click on the file and Delete it
• Do the same for all of the malicious files one at a time

8. Delete any hidden and autorun files

• Click on Start and then Run
• Type cmd and click Ok
• A command prompt will appear
• Type cd\ [Press Enter]
• Type dir/ah [Press Enter] (This will display hidden malicious and autorun files)
• There should be two files such as sos.exe and autorun.inf
• Then type “ATTRIB” which will list files with corresponding attributes. Usually files of the Downloader.Agent have an attribute of SHR.
• Type “ATTRIB -S -H -R C:\soS.Exe” (Where filename.exe is the name of the file in the autorun.inf file)
• Type “ATTRIB -S -H -R C:\Autorun.Inf”
• Type “del soS.Exe”
• Type “del Autorun.Inf”
• Type “ATTRIB” again to see if the two files are deleted
• If clean, type “Exit” to close command prompt window

9. Scan again with Ewido

• While Ewido Micro Scanner is still open, click Start a new Scan to perform another scan.
• Delete any infected files found

10. Restore your Internet Explorer default page

• Click on Start then Run and type gpedit.msc and click Ok (Windows XP Pro only- see note)
• Navigate to User Configuration / Administrative Templates / Windows Component / Internet Explorer
• Click “Disable changing home page settings” and set it to Disabled
• Exit Group Policy Editor
• Open Internet Explorer
• Click Tools and then Internet Options
• On the General tab enter the URL of your desired website

**NOTE**
If you don’t have Windows XP Pro you can use the registry editor to enable the task manager and change your IE homepage.

Click Start and then Run
Type regedit and click Ok

To Enable Task Manager

• Navigate to the following registry key
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
• Change the value DisableTaskMgr to 0

To Change your IE homepage

• Navigate to the following registry key
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
• Modify the value of Start Page

If you are looking for a cheap or free antivirus product for your computer then you may want to check out AVG Anti Virus. It has been around for many years and has a reputation for being an effective antivirus program. They have a version you can buy and a free version. The version you pay for has additional features such as:

• Support of multiple languages
• Access to guaranteed high-speed servers for downloading updates and program upgrades
• Technical support via e-mail (24x7x365) provided by experienced anti-virus specialists
• Options for configuring multiple program and test settings
• The ability to create user-defined tests and schedules
• Both versions provide the same protection against viruses. These are the main features of the AVG software:

• Anti-Virus & Anti-Spyware Protection
  Anti-Rootkit - Protection against hidden threats that deliver malicious content
  Safe Downloads - Screens your downloads for malicious content
  Safe Instant Messaging - Protects your ICQ and MSN communication
  Safe Search - Safely click search results
  Safe Surf - Real-time protection from poisoned web pages
  Free Support

  

  When you purchase an AVG product, everything you need is included in the price for the full license duration - technical support, virus updates, and new program versions. All users of paid AVG products also qualify for discounts on subscription renewals and product upgrades.

One of the biggest problems for computers these days seems to be spyware and adware. It seems like everyone has had some form of it and its only getting worse. But what exactly is spyware and adware and how can you get rid of it?

Webopedia.com defines spyware as “Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.”

Adware on is similar to spyware except you are informed that it will be placed on your computer. It is usually part of a free software offer where you agree to have it installed as a part of using the software. It usually consists of popup advertisements that you have to look at while using the software.

So how do you know if you have spyware or adware on your system? If your computer suffers from the following symptoms you may be a victim.

There are a few things you can do to avoid getting spyware on your computer.

There are many software programs available today to get rid of spyware but 2 of the most popular and best working programs are Spybot and AdAware and it just so happens that they are free!

Below are the links to download the software to your computer. Then you can install and run the software to get rid of most spyware you may have on your computer. One important thing to remember is that there is always new spyware being developed just like viruses. So you need to make sure to update the software just like you would with your antivirus software.

Spybot
http://www.safer-networking.org/en/download/

**note that the first time you scan with version 1.4 it may complete quickly and tell you no threats were found. If this happens you need to run it again to do a complete scan**

AdAware
http://www.lavasoftusa.com/software/adaware/

Other Free Spyware Removal Tools

Hijack This
This tool is a little more difficult to use because it will only show you things it found and its up to you to decide if its safe to remove them. Many people save their Hijack This logs and have more experienced people look them over to help them decide what to remove.

CWShredder
This Tool is desinged to look for specific types of spyware. CWShredderT finds and destroys traces of CoolWebSearch. CoolWebSearch is a name given to a wide range of different browser hijackers.

Other Methods

There are other ways to get rid of spyware that may be necessary to try if the anti spyware software can’t do the job.

You can go to your Add/Remove Programs utility in Control Panel to see if there is anything installed that doesn’t look like it should be there. Examples of installed spyware may be toolbars or shopping related items.

You can also look at your startup items for unusual looking items that don’t belong. See the using MSCONFIG page for more details.

It may be necessary to edit the registry to completely get rid of some spyware items. The registry is the Windows database that stores configuration information about software, hardware and user settings. It shouldn’t be touched unless you are an advanced user. Don’t forget to make a backup of the registry first just in case something goes wrong.

Sometimes your computer may become so infested with spyware that the only solution is to wipe out the whole system and start over again. This may be your only solution especially if you allow too much spyware to take over your computer. Plus certain types of spyware are harder to get rid of than others. Just make sure to back up your important documents before doing so!

Spyware Doctor
Spyware Doctor has the most advanced update feature that continually improves its Spyware fighting capabilities on daily basis. As Spyware gets more complex to avoid detection by AntiSpyware programs Spyware Doctor responds with new technology to stay one step ahead.