SEQUENTIAL VIRUS PREVENTION, DETECTION, + REMOVAL INSTRUCTIONS – Nov 09 - Windows XP http://hammernews.com/virusprevention.htm

spyware or software problems and can be fixed. Recommend getting Kaspersky or F-Secure, a Russian or Finnish Co. widely regarded as best AV companies (see end). AVG free is excellent and kept me safe for 2 years in high threat environments in FSU and Europe w some Wifi. AVAST, AVIRA, and NOD also make free products but aren’t as good (see end)

UPDATE NORTONS or AV whenever have an update (twice daily now) (notify me of updates or do updates automatically); You must set antivirus options to "automatically repair" or "disinfect, then delete". "Notify me" means "tell me I'm infected" (humans don't move at 286,000 mps). [All one has to do to catch trojans is LOOK AT A WEBSITE!!!!] Worms come in straight through Internet without any page or message viewed. Many nonsense tales claim you only get infected from porn. Rootkits are evil programs that start up at lowest level just as computer does- hard to find, hard to clean. Some Digital Rights Management (DRM) software use this and can expose you to other attacks - caution on installing any “viewing” program on movies or music. Worst infections constantly change and hide everywhere, and are almost unstoppable except by a Boot Disc Scan (D)

SET WINDOWS UPDATE to DOWNLOAD UPDATES + NOTIFY and install them immediately. Windows releases them all at once on a Tuesday, and virus writers are off to the races instantly. Once a month scan on smart scan OK, or comprehensive scan whenever have a problem or suspicions. Usually viruses first disable Nortons or AV, though, so a rigorous hunt is needed. SET e-mail to scan in and out, auto scanning to smart or comprehensive (slower). Scan all USB drives + home burned CD’s + DVD’s BEFORE USING (must disable AUTOPLAY +or autorun)

---------------------------------------------------------------------------------------------------------

ONCE a WEEK run DISK CLEANUP + G + H

Windows/Accesories/SystemTools/DISK CLEANUP Delete temp internet files (doesn't remove cookies), temp files (from installation or media play), recycle bin, (don't compress files!!)

This makes AV scan much much faster, and will remove many viruses, which ARE temp internet files!!!!! Once these become more than 80meg, slow Internet way way down, because tries to compare a new page to all these files to, ha ha, load faster. Could set limit to 30 megs to avoid this. Some movie temp files are 800megs and clog up whole system (check any video folders)

IF NO PROBLEM, JUMP TO "G" (some problems are Spyware, so can do this first)

-----------------------------------------------------------------------------------------------------

SIGNS of VIRUS: strange sent mail returning, system instability, strange message or behavior on shutoff, HARD Drive suddenly has +1.5 gigs more on it or disappearing free space, System resources maxing out at 100% (control alt delete/ performance), Programs won't load or run, Crashes or freezing, Too few files on AV scan, Unusual long load times on start-up or unexplained drive activity (drive light keeps flashing), Internet connection constantly active without reason (click on internet icon to see activity- you could be part of an evil zombie botnet!) Windows XP Firewall shut off!! (check this periodically on “show all connections”- IT SHOULD NEVER BE OFF)

Extra new Icons on start bar (not virus, but maybe junkware, or spyware) Click RUN, type “msconfig” and click startup tab for programs set to run at startup- have expert uncheck unnecessary programs one at a time (many lousy programs change entry to start at startup, unnecessary unless it’s something you use +30% of time); A very few hardware driver files need to be checked on startup (modem, scanner, display, AV scan); Over 12-15 is too much; AUTORUNS is a small powerful program that shows you everything in world that’s running, in different catagories

DAMAGED WINDOWS: IF Windows doesn’t boot up, try 0 or B- if Safe Mode doesn’t work, try Last known good configuration, C , or most powerful and maybe first D. Avira boot AV scan disk (which keeps infection from doing further damage)

0. If possible scan main hard drive from another computer or unaffected drive (by attaching crossover LAN (Ethernet) or USB cable to drive in or out of comp); HARD for infected comp to scan itself and viruses can’t hide if OS is off (oot from some other CD)

A. Nortons or AV scan (if too few files or something funky) comprehensive (all files) and scan inside compressed) write down number of files found- should be consistent within ten thousand (very important number to assess health); With virus infection will only find 1/3-1/10th as many files; Comprehensive scans about 3 times more files than smart scan; Also check and track FREE SPACE on C drive- this should never be less than 1-2 gigs

B. (first w problem) Nortons or AV scan in plain SAFE MODE -F8 just as XP starts (if convinced have virus)- under SAFE MODE some viruses can't hide + often can't sabotage Nortons or AV program (takes several hours- full scan only); Most AV’s can do this, but they rarely find things once they’ve been corrupted

C. Scan with downloadable big Kaspersky scanner program- this found a space-eating bug I had and gave me back 2 gigs. This is an exc. constantly updated beta program that doesn’t expire and can be updated (not on their regular pages). Install + Scan in SAFE mode better. Russians are the best comp. hackers + criminals so make the best AV. This also has an analyze and submit report to Kaspersky experts, which may be invaluable IF FIND ANYTHING goto D2.

D. Download the AVIRA rescue system iso cd file (60 meg, not the .exe, which will try to run your burner) and burn it on a CD on another computer (or yours- ISO’s aren’t infectable). This is a bootable simple Linux AV scanner with the latest definitions that can be updated. The computer runs off the CD, not Windows so the infection (inc. rootkits) can’t defend itself- very powerful- and only one of its kind. May have to set boot order in computer bios to CD first, but that’s normally default. May give positives on negligible threats. Set to repair, and delete only if unrepairable and not vital system files (windows directory). AVIRA cleaner tool also useful. IF FIND ANYTHING goto D2

E. If still nothing detected use On-line AV SCANNER on trendmicro or f-secure.com or kaspersky.com (takes long time w no use!- don't disconnect and must have stable Internet)

F. Exc method (maybe only if Windows doesn’t boot up besides Avira rescue boot disk) is get Nortons Ghost, download latest Nortons definitions from another updated computer (boot from Ghost disc) and store on a jump drive, then boot from Ghost CD on infected computer with jump drive inserted, and scan computer using new defs- this should find and fix most problems. Also allows viewing and copying essential files. Other free Linux boot disks are INSERT (small) and KNOPPIX or UBUNTU that have a plethora of recovery tools, but you need a Linux jock to help run them

-----D2. Look up found viruses on Nortons http://www.symantec.com/avcenter/vinfodb.html
ftp://ftp.f-secure.com/anti-virus/tools/ or http://www.kaspersky.com/removaltools

Follow exact removal instructions- if downloadable removal tool, get it + RUN IT! [Nortons, Kaspersky, Trend, + F-secure often use slightly different names for same virus; all have removal tools] SHUT OFF System Restore if required- otherwise it auto restores important infected files STOCKPILE removal tools on a jumpdrive or CD; These are small 200k built in .exe scanners that will clean virus and fix damage. Most also have a 6meg executable cleaner tool for the 20 most popular infections (like the creepy MS monthly malicious software cleaner that hides like a virus). These can be run anytime and can be effective, if you happen to have a bug they were designed for. If problem has no cleaner tool, try disinfect first, if that impossible delete (as long as not a Windows System file). Infected files in old system restore folders (or old mail folders) aren’t too important, unless you restore from that point, but nice to kill.

ONCE you are clean of primary infections, update AV and AntiSpyware and WINDOWS Update again, and RESCAN COMPUTER- often other problems are then detectible and curable. If you have pirate OFFICE (or even Windows) many downloadable Update Files are available on Microsoft Downloads (with IE)

G. Ad Aware (free) scan (update every week)- removes spyware that can steal your life but not cause problems. Most are stores spying on purchases and viewing (don't delete MRU lists or you erase your file history- critical items only) Excellent essential program- fast scan on smartscan; Some AV programs include AdAware so will delete it. Smart scan usually finds everything a full scan does. Used to be small, but has become bloated, and subject to unknown removal.

DOWNLOAD all 3 free from zdnet.com or downloads.com

H. Spybot or Spycatcher- free antispyware (update) inoculate after scan prevents any of spyware from infecting later

Spysweeper is best paid spyware product; WITHOUT PROBLEM jump to L

I. If have problem, JAVA box on control panel- delete java cache (some java trojans + EXPLOIT hide here)

J. If Nortons or AV acting strangely, and sure virus gone, may be damaged; REMOVE + REINSTALL (retains exp. dates)

K. Turn on System Restore again, which may protect your vital system files from attack, but is mostly useless cause you have to turn it off to clean any infection. Uses about 1gig space

PREVENTING THE NEXT ATTACK

L: ACTIVE AV PROGRAM: From another computer Download latest Kaspersky AV, which even as 30 day trial will find most problems and has a vulnerability detector that prompts you with exact links to get latest version of every program with AV flaws (Winamp, Quicktime, Java, etc) and even will one click correct Windows vulnerabilities, like the horrible AUTOPLAY default that infects you the second you stick in a USB drive or drives you crazy with dialog boxes on plugging in an ext HD. F-Secure AV 58megs (1 month free), install it + run -Finnish company many regard as best AV- humans actually immediately answer the phone, support gets back to you within minutes and subscription for 3 machines was $65; It also finds deadly rootkits and even viruses in old OE6 messages; or TREND MICRO; Because 60% of people have Nortons all viruses are written to cripple it, so it is usually useless. AVG free is excellent

AVOID INTERNET SECURITY versions of AV- they are all-in-one solutions that shut off other defenses (F-Secure even shut off XP FIREWALL!), so if they screw up you are naked! ANTIVIRUS only!!! Different AV products will find different viruses so it’s good to alternate them, but you should totally deactivate or remove old one after installing new one,

NEVER RUN 2 AV scanners or 2 spyware scanners at once- they will interfere with each other (some AV's come with spyware detectors); one each is OK, with XP Firewall and a router that’s 4 layers of security. Install vital defense software after a clean reboot without other programs running and try to DOWNLOAD DEFINITION UPDATES (esp on bought CDs) to install them offline. One is infected within 10 minutes on the Internet without functioning AV software, and store bought programs sometimes need a half-hour of updates and 3 reboots. If some AV is expiring, set a timer to go off the day before- mine once expired in NH and used Wifi for 2 hours, and caught a bunch of bad bugs.

M. Use a ROUTER, which pretends to be computer so viruses attack it instead: it gives a lot of protection. Make sure WIFI always has strong password and watch for unsecure auto connections, or use only wired LAN. Whenever you do public Wifi, whoever operates it (and often anyone within range) can do anything to you- within 2 months of using it in Moscow, my lappy was fried. In new city, I was looking at pics of Rome when idly tried to connect to neighbors wifi, but had password. Left Wifi on and 2 hours later found I was connected to new WiFi named... Rome. And had 10 new viruses.

N. ALWAYS Show Live Internet connection on taskbar (set in device/LAN adapter, Wifi control, or Internet connections). ALWAYS BOOT-UP AND SHUT OFF WITH INTERNET + WIFI OFF- computer is DEFENSELESS THEN (can disable/enable LAN with right click on device manager that you can drag onton taskbar or just press WiFi button). Shut Off Internet if you aren’t using it for hours, esp WiFi. If you can’t figure out how to do it unplug LAN or USB cable.

O. Don’t run multiple Instant Messengers and make sure they are updated- they are huge avenue of attack. Finally check all your program vulnerabilities with Trend Micro (needs IE) or Kaspersky Health Check, and update to new versions. Every 2-3 months, 12 major common programs develop deadly vulnerabilities but Windows won’t tell you about them. Most legal programs can do CHECK FOR UPDATES under tools.

P. COPY ALL YOUR NEW DATA FILES once a month- pics, articles, mail, news, downloads, onto an external drive (or non C drive on same computer) or jump drive, or burn them on DVDs. You will be so glad you did. Or just copy the whole C drive onto an external (but make sure it’s clean first + exactly the same size partition)- with the right disk copy boot program, you can simply restore it to that exact point by copying it back. I’ve had 2 computers in 15 years fried, but lost only a few files.