The Educational CyberPlayGround Educational CyberPlayGround

 

SECURITY spyware removal

ARE YOU CRANKY, SCANKY, & INFECTED?

Disclaimer

Since there are no real directions to removing skank (it’s very individual depending on what skank you have)  I have written about things I've done, however you may need to do more research to remove some specific skankware.

Bottom Line

You can be doing everything perfectly right: and still get a nasty something on your machine - WHY? because when you just innocently visit a mainstream website who happens to have an infected ad server that radomly shows (unlucky you) the infected ad called a dropper - (yeah you heard me, it's easy to put exploit code into the ad itself & droppers are being  built into .png - .jpg - .exe - .scr - .zip - postcards & photo files) which pushes the skank malware past all your perfectly updated critical patches  that are installed, even while using the lastest Mozilla Firefox browser with "Allow Web  sites to install software" unchecked while running a a perfectly good Antivirus  Firewall and you still get skanked! The ad serving company really does have a responsibility to police  its advertisers and profile the HTML content that they serve to  user's browsers.

Search engines have become a common tool for spreading malware. Based on results from McAfee's SiteAdvisor anti-phishing tool, up to 72% of sites a search engine suggests for such simple searches as free screensavers, digital music, and popular software should be considered "risky". Overall, MSN returned
3.9% risky sites, Google 5.3%, and Ask had the worst score at 6.1%. Sponsored links returned from two to four times as many risky sites as unsponsored links. The report claims that American users follow links to malicious websites from search engines 285 million times each month.

"I'm not proud," Valentine said, as he spoke to a crowd of developers here at the company's Windows .Net Server developer conference. "We really haven't done everything we could to protect our customers ... Our products just aren't engineered for security."

SPLOIT Metasploit Framework, Part 1 Part 2
(n.) Exploit. A defect in the game code (see bug) or design that can be used to gain unfair advantages. (Source: Dictionary of MMORPG Terms)
Metasploit Project Open-source platform for developing, testing, and using exploit code. Downloads and release notes. Inspiration to get your boss to constantly update and keep your box patched!

7/1/05 There is a 50 percent chance your unprotected Windows PC will be compromised within 12 minutes of going online.

There are two sections here.

  1. Prevention / Tips
  2. Remediation / Removal

Orientation: depending on your hygiene habits . . . don't be surprised when Killing the skank that has infected your 'puter can take more than 8 hours of your time, and 1 thing is for sure . . . a single program won't do everything, it can do a lot but you'll need to use several programs to get the skank out of the machine. <sorry> but No single program removes every Pest, Virus or Trojen.

PREVENTION

  1. Virus Protection
  2. Firewalls
  3. Stay Current with Windows Update
  4. Don’t download known skank.   http://www.spywareguide.com/product_list_full.php

TIPS:

  1. Search “buddies” and helpers aren’t really your buddies they are FREAKING SKANK!!!!
  2. BACKUP IMPORTANT FILES
    Keep your documents in My Document, My Pictures, My Music, it’s easier to backup than if you put it on your desktop or in some folder on the c: drive.

REMEDIATION

  1. If you suspect you’ve been skanked, STOP.. No Surfing.
  2. Start up in Safe Mode
  3. Add/Remove Software that is known Skank.
  4. Disable System Restore
  5. Run Ad Aware SE Personal
  6. Run you Virus Scanner

REMOVAL - TOOLS AND SEQUENCE TIPS

1.)  Get New Host File
2.)  Start in SAFE MODE (Tap F8 when restarting)
3.)     Disable System Restore
4.)    Run AdAware SE Personal
5.)     Run Spybot
6.)     Run HiJackThis

DOWNLOAD a new HOST FILE copy and paste contents into your own corrputed host file found in your system folder.

START IN SAFEMODE Directions - How to Start in Safemode Spyware will hide in System Restore and when you reboot, it will restore itself.  Right click on My Computer and the left click on Properties. Now click on the System Restore Tab and  put a check in the box to Disable System Restore. 

Before removing any spyware be sure that you disable System Restore on your computer.

Run Ad Aware- DOWNLOAD FREE - Ad-Aware is designed to provide advanced protection from known Data-mining - will find, quarantine, and get rid of all the skank ware that doesn't let your machine work right.

DOWNLOAD FREE - SPYBOT Run it

OR

DOWNLOAD FREE - SPY SWEEPER Run it

Download HiJACK THIS CAUTION - This is only recommended for sophisticated geeky 'puter users - not normal everyday people. Now follow these removal instructions: Run the program and take a look at the instructions on this page on which entries to remove.

OTHER THINGS TO DO

 

Windows User can run Error Checking every four weeks or so to improve performance.
Right click on the C drive, choose Properties, choose the Tools tab. Click Error Checking. You have to restart and it takes awhile, then defrag the computer.

Check Your Machine for Skank.

Here is another source to use for checking your machine or checking a single file

Everyone needs a firewall like Trend Micro PC-cillin that monitors wireless connections, alerting you whenever someone new tries to join your network or your network changes suddenly. Use PC-cillin to Check Infected Machine. Or Downlad Free Symantec to see if you're vulnerable and/or have been infected by a virus and/or Trojan Horse.

DO NOT install more than one antivirus program. They will conflict, and provide less protection, not more.

Install Windows XP Service Pack 2 (SP2) however it should not be installed until your system is free from malware. Installing SP2 with malware present can cause many compatibility problems, or even prevent your computer from restarting. If your system has a malware infection, or if you're unsure, use the SP1a download link above first. Then clean machine. Then install SP2.

Be proactive rather than reactive
https://netfiles.uiuc.edu/ehowes/www/main-nf.htm

REVIEW OTHER SPYWARE REMOVAL TUTORIALS for cleaning your system and protecting a new system. Links to  free programs  and a separate page and explanation on how to use it.

Check for Internet Explorer Updates

DON'T USE EXPLORER only USE FIREFOX MOZILLA

PC Hell explains how to edit your Windows Registry. Please be careful however, incorrect changes to the Windows Registry can cause Windows to not boot. Also find Removal Instructions for Other Programs.

RegSupreme, cleans up your registry.  It's free for a 30-day trial and then costs $12.95.
You can also use RegCleaner for free. Also read about the Differences between Regedit.exe and Regedt32.exe

so then . . . for all you hard core wanna be geeks who are ready to temp the computer goddess - you can always erase your hard drive and reinstall all your programs. Luckily, there are folks out there who can help.

Check into Email Virus  & Hoax Information

World's first Mac OS X virus spotted 2006-02-17

BEIJING, Feb.17 (Xinhuanet) -- A mischievous computer worm has been found to hit Apple's OS X operating system, believed to be the first such virus ever to target the Mac platform. Called OSX/Leap-A, the worm is spread via instant messaging programs, according to a posting on the Web site of antivirus software company Sophos. The virus is said to spread using Apple's iChat IM service, forwarding itself as a file called "latestpics.tgz" to an infected user's buddy contacts, according to the Sophos Web site. Clicking on the file allows the malware to install and disguise itself as a harmless-seeming Jpeg icon. "This first Macintosh OS X threat is an example of the continuing spread of malicious code on to other platforms," said Vincent Weafer, senior director at Symantec Security Response, in a statement. The worm will not automatically infect Mac computers, but will ask users to accept the file, Weafer said. Symantec has rated the worm a low-risk security threat.

Best Basic Mac OS X Security - February 16, 2006
Well, now that we have a possible candidate for another Mac trojan (not a virus, not a worm, not an exploit, and not good code) I think now's as good a time as any to cover some basic Mac OS X Security so that people not familiar with such things have more than an ice cube's chance in Phoenix at keeping secure.
Mac OS X is a secure operating system in that it's multi-user and has limits on what some user accounts can do. If an account is setup as a basic user, that user can only hurt himself, not the whole system or other users. However, in the interest of being "friendly" to new users, Apple leaves of a lot of the secure bits off for the first user created and this means that trojans like this week's can cause some pretty nasty problems on your system.
Yet, all of this is easy to correct. Just run over the following and you should be well on your way to a protected computer.

About Us | Privacy Policy | | ©1997 Educational CyberPlayGround™ All rights reserved world wide.