This is the "manual" I send to customers and family members that get SLAMMED!
Ok, so your PC got trashed, here's what to do before you resort to my to favorite commands, FORMAT C: and SETUP!
Step 1: Cut off the invaders!
Install a Firewall!!!!!
ZoneAlarm is a nice firewall and their free version is just fine for the task at hand.
Download a HOSTS file and install according to the directions
This particular HOSTS file tells Windows to look for sites listed in it at a certain address, in this case, 127.0.0.1, which is the local host IP address, in other words, a dead end! Needless to say, the sites that are redirected to loacalhost are not accessible. The sites in the HOSTS file you are downloading are the sites of advertising and spyware companies, they need to be stopped or the spyware apps may attempt to repair themselves or bring along some "friends".
Download IESPYAD and install according to the directions
IESPYAD contains a registry file that adds a LOT of spyware and ad sites to your Internet Explorer restricted sites list. Sites in the restricted zone are NOT allowed to download or run ANYTHING on your PC by default. This adds a LOT of protection, even if you do not use IE as your main web browser as IE is always running in some form or another, for example, Windows Media Player uses IE to display web content.
Step 2: Death To ALL!
Download, install, update and then do a FULL scan with the following programs
Spybot Search & Destroy --> www.safer-networking.org
AdAware SE Personal --> www.lavasoftusa.com
Windows Defender --> www.microsoft.com
If you suspect Cool Web Search (CWS), get Cool Web Shredder --> http://www.trendmicro.com/cwshredder/
If the above fails to catch it all, get HijackThis! --> http://www.spywareinfo.com/~merijn/
If you do not know what to do with the results HijackThis! gives, just save the log file and let a computer expert help. You may post your hijackthis log on a spyware forum and they will help you.
If you cannot download the above tools because the infection is blocking access to security sites, download the files from a clean PC and burn them to CD. If the infection prevents you from installing, boot your PC in safe mode by pressing F8 at the first of the boot process.
If the system takes forever to boot or is so bogged down with junk that scans take forever, restart in safe mode as well.
NOTICE: Spybot also contains a immunization function, use it! The fastest update server for it is usually Safer Networking #1.
Delete EVERYTHING these progs find, none of it's good.
Step 2.5: Get some antivirus.
There are many good antivirus programs to choose from. Symantec's Norton Antivirus is my favorite, you can download a trial from www.symantec.com
Use it to scan your PC and then head on down to Walmart and get the full copy.
If FREE antivirus is all you want, get AVG Free or Avast!
Step 3: Lock the backdoors!
Update your software FREQUENTLY! Turn ON automatic updates for Windows and Office if you have it. Go to Windows Update by opening Internet Explorer and selecting "Windows Update" in the Tools menu and follow the on screen instructions.
Don't forget to update your antispyware and antivirus tools too.
Step 4: Improve Perfomance
Ok, this is the easy part. Download a program called CCleaner at www.ccleaner.com
. Run it with the default settings first, then customize what temporary files you want it to save later, right now we need it all gone to remove every last trace of the spyware.
After you run CCleaner's Windows, Application and Issues cleaners, restart your PC. After it restarts, defragment your hard disk
. Defragmentation puts files in order on your PC's hard drive so the PC can find them faster, this speeds up your PC a LOT! To do this, go in the start menu to "Accessories" and select "System Tools" under Accessories. Under System Tools, you will find a program called Disk Defragmenter. Run it and defrag your hard drive. Don't bother analyzing, just do it. If you have not done this in a while, it may take a few hours.
Step 5: Help prevent this from happening again, use secure computing practices!
Here is a list of things you can do to prevent this from happening again:
DON'T use Internet Explorer!! Get Firefox at www.mozilla.com
Firefox is considerably more secure than IE right now.
DON'T use Outlook! There's a reason we call it "Outbreak Express"! Use Mozilla Thunderbird instead, get it at www.mozilla.com
Keep your Antispyware and Antivirus tools current. Update them often and if the subscription to your antivirus lapses, renew it ASAP!
READ the license agreements BEFORE you install! Read the End User License Agreement (EULA) to ALL software you install, software that contains spyware or adware usually contains language like "Ad Supported" or "Special Offers"
Don't use spyware laden P2P clients! If you use P2P, get a P2P client that contains NO ads, get KC Easy at http://www.kceasy.com/
NOTE: Download songs illegally at your own risk, you could get a virus from an infected file or possibly a lawsuit and besides, a CD sounds much better. Use P2P responsibly.
Don't click on those ads that say you'll win something, there is ALWAYS a catch and these days the catch is usually giving up all your personal info and possibly installing spyware. That "Free" iPod is NEVER free!
Beware of ads that look like system error messages!! These are almost always an ad for spyware!
Beware of fake spyware removal tools! NEVER click on ads that say "Your PC is infected!" or something along those lines. If you do click, that ad will be telling the truth!
Beware of free smileys for your email or IM programs, free screensavers or other "cute" things. These are often LOADED with spyware. Check out the company first before you install.
Change your password often, and make it secure. Make your password at least 8 characters and make sure it contains both letters and numbers. The longer, the better! Long alphanumeric passwords are harder for automatic "brute force" password cracking utilities to decipher. Make sure the password you use is not a dictionary word and is not related to you in any way that is easy to guess.
An example of a BAD password: 123456 or johndoe. Never use simple passwords or worse, your name!
GOOD passwords are like this: goodpw001
Truly STRONG passwords contain letters, numbers and at least one special character: strongpw_001 or strongpw_001#
Oh yeah, I almost forgot this one: Keep stupid users OFF your machine!