SEQUENTIAL VIRUS PREVENTION, DETECTION, +
REMOVAL INSTRUCTIONS – Nov 09 - Windows XP http://hammernews.com/virusprevention.htm
UPDATE NORTONS or AV
whenever have an update (twice daily now) (notify me of
updates or do updates automatically); You must set antivirus
options to "automatically repair" or "disinfect,
then delete". "Notify me" means "tell me I'm
infected" (humans don't move at 286,000 mps). [All one has to do to
catch trojans is LOOK AT A WEBSITE!!!!] Worms come in straight
through Internet without any page or message viewed. Many nonsense tales claim
you only get infected from porn. Rootkits are evil programs that start up at
lowest level just as computer does- hard to find, hard to clean. Some Digital
Rights Management (DRM) software use this and can expose you to other attacks -
caution on installing any “viewing” program on movies or music. Worst
infections constantly change and hide everywhere, and are almost unstoppable
except by a Boot Disc Scan (D)
SET WINDOWS UPDATE to DOWNLOAD
UPDATES + NOTIFY and install them immediately. Windows releases them all at
once on a Tuesday, and virus writers are off to the races instantly. Once a month scan on smart scan OK, or
comprehensive scan whenever have a problem or suspicions. Usually viruses first
disable Nortons or AV, though, so a rigorous hunt is needed. SET e-mail to scan
in and out, auto scanning to smart or comprehensive (slower). Scan all USB
drives + home burned CD’s + DVD’s
BEFORE USING (must disable AUTOPLAY +or autorun)
---------------------------------------------------------------------------------------------------------
ONCE a WEEK
run DISK CLEANUP + G + H
Windows/Accesories/SystemTools/DISK
CLEANUP Delete temp internet files (doesn't remove
cookies), temp files (from installation or media play), recycle
bin, (don't compress files!!)
This makes AV scan much much faster, and will
remove many viruses, which ARE temp internet files!!!!! Once these become
more than 80meg, slow Internet way way down, because tries to compare a
new page to all these files to, ha ha, load faster. Could set limit to 30 megs to avoid this. Some movie
temp files are 800megs and clog up whole system (check any video folders)
IF NO PROBLEM, JUMP TO "G" (some
problems are Spyware, so can do this first)
-----------------------------------------------------------------------------------------------------
SIGNS of VIRUS: strange sent mail
returning, system instability, strange message or behavior on
shutoff, HARD Drive suddenly has +1.5 gigs more on it or
disappearing free space, System resources maxing out at 100% (control alt delete/ performance),
Programs won't load or run, Crashes or freezing,
Too few files on AV scan, Unusual long load times on start-up
or unexplained drive activity (drive light keeps flashing), Internet
connection constantly active without reason (click on internet
icon to see activity- you could be part of an evil zombie botnet!) Windows XP Firewall shut off!! (check this periodically on “show all
connections”- IT SHOULD NEVER BE OFF)
Extra new Icons on
start bar (not virus, but maybe junkware, or spyware) Click RUN,
type “msconfig” and click startup tab for programs set to run at startup- have
expert uncheck unnecessary programs one at a time (many lousy programs change
entry to start at startup, unnecessary unless it’s something you use +30% of
time); A very few hardware driver files
need to be checked on startup (modem, scanner, display, AV scan); Over 12-15 is
too much; AUTORUNS
is a small powerful program that shows you everything in world that’s running,
in different catagories
DAMAGED WINDOWS: IF Windows
doesn’t boot up, try 0 or B- if Safe
Mode doesn’t work, try Last known good configuration, C , or
most powerful and maybe first
D. Avira boot AV scan disk (which keeps infection
from doing further damage)
0. If possible scan main hard drive from
another computer or unaffected drive (by attaching crossover LAN (Ethernet) or
USB cable to drive in or out of comp); HARD for infected comp to scan itself
and viruses can’t hide if OS is off (oot from some other CD)
A. Nortons or AV scan (if too few files
or something funky) comprehensive (all files) and scan inside compressed) write down number of files found- should
be consistent within ten thousand (very important
number to assess health); With virus
infection will only find 1/3-1/10th as
many files; Comprehensive scans about 3 times more files than smart
scan; Also check and track FREE SPACE
on C drive- this should never be less than 1-2 gigs
B. (first w problem) Nortons or AV scan
in plain SAFE MODE -F8 just as XP starts (if convinced have
virus)- under SAFE MODE some viruses can't hide + often can't sabotage Nortons or
AV program (takes several hours- full scan only); Most AV’s can do this, but
they rarely find things once they’ve been corrupted
C. Scan with downloadable big Kaspersky scanner program- this found a
space-eating bug I had and gave me back 2 gigs. This is an exc. constantly
updated beta program that doesn’t expire and can be updated (not on their
regular pages). Install + Scan
in SAFE mode better. Russians are the best comp. hackers + criminals so make
the best AV. This also has an analyze and submit report to Kaspersky experts,
which may be invaluable IF FIND
ANYTHING goto D2.
D. Download the AVIRA rescue system iso cd file (60 meg, not the .exe, which will try to run your
burner) and burn it on a CD on
another computer (or yours- ISO’s
aren’t infectable). This is a bootable simple Linux AV scanner with
the latest definitions that can be updated. The computer runs off the CD, not
Windows so the infection (inc. rootkits) can’t defend itself-
very powerful- and only one of its kind. May have to set boot order in computer
bios to CD first, but that’s normally default. May give positives on negligible
threats. Set to repair, and delete only if unrepairable and not vital
system files (windows directory). AVIRA cleaner
tool also useful.
IF FIND ANYTHING goto D2
E. If still nothing detected use
On-line AV SCANNER on trendmicro or f-secure.com or kaspersky.com (takes long
time w no use!- don't disconnect and must have stable
Internet)
F. Exc method (maybe only if Windows
doesn’t boot up besides Avira rescue boot disk) is get Nortons Ghost, download
latest Nortons definitions from another updated computer (boot from Ghost disc)
and store on a jump drive, then boot from Ghost CD on infected computer with
jump drive inserted, and scan computer using new defs- this should find and fix
most problems. Also allows viewing and copying essential files. Other free
Linux boot disks are INSERT (small) and KNOPPIX or UBUNTU that have a plethora of recovery
tools, but you need a Linux jock to help
run them
-----D2. Look up found viruses on Nortons
http://www.symantec.com/avcenter/vinfodb.html
ftp://ftp.f-secure.com/anti-virus/tools/ or http://www.kaspersky.com/removaltools
Follow exact removal instructions- if downloadable removal tool, get it
+ RUN IT! [Nortons, Kaspersky, Trend, + F-secure often
use slightly different names for same virus;
all have removal tools] SHUT OFF System
Restore if required- otherwise it auto restores important
infected files STOCKPILE removal tools on a jumpdrive or
CD; These are small 200k built in .exe scanners
that will clean virus and fix damage. Most
also have a 6meg executable cleaner tool
for the 20 most popular infections (like
the creepy MS monthly malicious software
cleaner that hides like a virus). These can
be run anytime and can be effective, if you
happen to have a bug they were designed for. If problem has no
cleaner tool, try disinfect first, if that
impossible delete (as long as not a
Windows System file). Infected files in old
system restore folders (or old mail
folders) aren’t too important, unless you
restore from that point, but nice to
kill.
ONCE you are clean of primary infections, update
AV and AntiSpyware and WINDOWS Update again, and RESCAN COMPUTER- often other
problems are then detectible and curable. If you have pirate OFFICE (or even
Windows) many downloadable Update Files are available on Microsoft Downloads
(with IE)
G. Ad Aware (free) scan (update
every week)- removes spyware that can steal your life but not cause problems.
Most are stores spying on purchases and viewing (don't delete MRU lists or you
erase your file history- critical items only) Excellent essential
program- fast scan on smartscan; Some AV programs
include AdAware so will delete it. Smart
scan usually finds everything a full scan
does. Used to be small, but has become bloated, and subject to unknown removal.
DOWNLOAD all 3 free from zdnet.com or
downloads.com
H. Spybot or Spycatcher- free antispyware
(update) inoculate after scan prevents
any of spyware from infecting later
Spysweeper is best paid spyware
product; WITHOUT PROBLEM jump to L
I. If have problem, JAVA box on
control panel- delete java cache (some java trojans + EXPLOIT
hide here)
J. If Nortons or AV acting strangely,
and sure virus gone, may be damaged; REMOVE + REINSTALL
(retains exp. dates)
K. Turn on
System Restore again, which may protect your vital system files from
attack, but is mostly useless cause you have to turn it off to clean any
infection. Uses about 1gig space
PREVENTING
THE NEXT ATTACK
L: ACTIVE
AV PROGRAM: From another
computer Download latest Kaspersky AV, which even as 30 day trial will find
most problems and has a vulnerability detector that prompts you with exact
links to get latest version of every program with AV flaws (Winamp, Quicktime,
Java, etc) and even will one click correct Windows vulnerabilities, like the
horrible AUTOPLAY
default that infects you the second you stick in a USB
drive or drives you crazy with dialog boxes on plugging in an ext HD. F-Secure
AV 58megs (1 month free), install it + run -Finnish company many
regard as best AV- humans actually immediately answer the phone, support gets back
to you within minutes and subscription for 3 machines was $65; It also
finds deadly rootkits and even viruses in old OE6 messages; or TREND
MICRO; Because 60% of people have Nortons all viruses are written to
cripple it, so it is usually useless. AVG free is
excellent
AVOID INTERNET SECURITY versions of AV- they are all-in-one
solutions that shut off other defenses (F-Secure even shut off XP FIREWALL!),
so if they screw up you are naked! ANTIVIRUS
only!!! Different AV products will find different viruses so it’s good
to alternate them, but you should totally deactivate or remove old one after
installing new one,
NEVER RUN 2 AV scanners or 2 spyware scanners at once-
they will interfere with each other (some AV's come with spyware detectors); one each is OK, with XP
Firewall and a router that’s 4 layers of security. Install vital defense
software after a clean reboot without other programs running and try to
DOWNLOAD DEFINITION UPDATES (esp on bought CDs) to install them offline. One is
infected within 10 minutes on the Internet without functioning AV software, and store bought
programs sometimes need a half-hour of updates
and 3 reboots. If some AV is expiring, set
a timer to go off the day before- mine once
expired in NH and used Wifi for 2 hours,
and caught a bunch of bad bugs.
M. Use a ROUTER, which pretends to be computer
so viruses attack it instead: it gives a
lot of protection. Make sure WIFI always
has strong password and watch for unsecure
auto connections, or use only wired LAN.
Whenever you do public Wifi, whoever operates
it (and often anyone within range) can do
anything to you- within 2 months of using
it in Moscow, my lappy was fried. In new city, I was looking at pics of Rome
when idly tried to connect to neighbors wifi, but
had password. Left Wifi on and 2 hours later
found I was connected to new WiFi named...
Rome. And had 10 new viruses.
N. ALWAYS Show Live Internet connection on taskbar (set in device/LAN adapter, Wifi control, or Internet connections). ALWAYS BOOT-UP AND SHUT OFF WITH INTERNET + WIFI OFF- computer is DEFENSELESS THEN (can disable/enable LAN with right click on device manager that you can drag onton taskbar or just press WiFi button). Shut Off Internet if you aren’t using it for hours, esp WiFi. If you can’t figure out how to do it unplug LAN or USB cable.
O.
Don’t run multiple Instant Messengers and
make sure they are updated-
they are huge avenue of attack. Finally check
all your program vulnerabilities
with Trend
Micro (needs IE) or Kaspersky Health Check, and
update to new versions.
Every 2-3 months, 12 major common programs
develop deadly vulnerabilities but
Windows won’t tell you about them. Most legal
programs can do CHECK FOR UPDATES
under tools.
P.
COPY ALL YOUR NEW DATA FILES once a month-
pics, articles, mail, news, downloads, onto
an external drive (or non C drive on same
computer) or jump drive, or burn them on
DVDs. You will be so glad you did. Or just
copy the whole C drive onto an external (but
make sure it’s clean first + exactly the
same size partition)- with the right disk
copy boot program, you can simply restore
it to that exact point by copying it back.
I’ve had 2 computers in 15 years fried, but
lost only a few files.