[TechAssist] Cleaning and preventing spyware *Please do not reply to this message*

This is a copy of an article posted to another list. I asked 
if it could be reposted here on techassist. It is very clear 
and concise. For those of you that do not have ad-aware or 
spybot, the links are contained in the post.
Doug
techassist adm.

-------- Original Message --------
Subject: [24hoursupport] Cleaning and preventing spyware
Date: Sun, 29 Jun 2003 09:18:40 -0400
From: "Jerry Mills" <jmills@xxxxxxxxxxxxxxx>
Reply-To: 24hoursupport@xxxxxxxxxxxxx
To: "24hr Help Desk"
<24hoursupport@xxxxxxxxxxxxx>,<24hrsupporthelpdesk@xxxxxxxxxxxxxxx>

 
I am seeing a lot of posts lately with people having 
problems that are directly related to spyware.  I do not 
like to profess myself as an expert on anything since I 
have learned in the years I have been supporting PC's that 
things change constantly and what was right yesterday is 
damaging today.  However, in my present position I am
spending way to much time cleaning spyware off of my 
clients system so they can work without losing productivity 
due to the dastardly deeds of spyware.  I feel I have enough 
experience with this to speak with some authority on how to 
keep this stuff under control.  So, here are the steps I 
think one should take.

First, get rid of your existing spyware.  Download both 
Ad-aware and Spybot.

Link to Ad-aware website:
http://www.lavasoft.de/support/download/

Link to direct download of Ad-aware file:
http://ftp.pcworld.com/pub/new/privacy___security/aaw6.exe

Link to Spybot website:
http://security.kolla.de/index.php?lang=en&page=download

Link to direct download of Spybot:
http://studserver.uni-dortmund.de/~su1669/spybotsd12.exe

Install and run both of them one at a time.  Be sure and 
update each of them before running the scan.  This update 
step should be performed anytime in the future that you 
run a scan.  DO NOT CHANGE THE SETTINGS ON EITHER SPYBOT 
OR ADAWARE, they both install with the settings you should 
be using.  On the first scan, make notes of the name of the
spyware detected and DO NOT REMOVE any of the spyware 
detected.  After running both and getting a list of the 
type of spyware, close both programs and go to your 
Control Panel / Add Remove Programs.  Look through your 
list of installed programs and uninstall anything that you
can that appears on your list.  If you have any doubt as to 
whether or not an installed program is spyware, go to:

http://www.spywareguide.com/product_search.php

And search for it.  You can also check:

http://www.doxdesk.com/parasite/

For details on some of the more common parasites that like 
to latch onto the browser.

Do not expect to find everything you detected in 
Add Remove programs. It isn't going to happen.  Much 
spyware is installed in the background and never appears 
there.  Once you have uninstalled whatever software you 
can, go back and run Ad-aware and Spybot again.  You may 
notice fewer items found due to the uninstall, but do not 
be surprised if you still see software that you uninstalled 
still listed.  That is one of the nice things about 
spyware.  They install it on your system and even though 
you uninstall the software later it leaves the spyware 
behind. No sweat though, Ad-aware and Spybot will get them.
It does not matter which one you run first.  Just run them 
both and this time remove whatever they detect.  By default 
both programs keep what is removed so they can be restored 
if needed.  I recommend you keep your removed items for 30 
days before deleting them.  In Spybot, Click on the Immunize
button and activate the immunize and browser block feature.

If you are running Windows 2000 or Windows XP, go to Control 
Panel / Administrative Tools / Services and find the 
"Messenger" service in the list.  Double click it and set 
the startup type to "Disable".  (this has no adverse 
effect on any Instant Messaging software)

Next, go to Tools / Internet Options in IE.  If you use 
IE6, click the Privacy tab.  Click Advance and put a check 
in the box to over ride default.  Set first party cookies 
to accept and third party cookies to block.  Click the 
Programs tab.  Click "Reset web settings"  Click the 
Security tab.  Highlight the Internet Zone and click on 
Custom Level.  Set Internet Zone to at least disable 
unsigned Active X and disable initializing scripts not 
marked as safe.  Suit yourself on the signed Active X but 
I prefer to set that to prompt.  Personally I also prompt
on many of the other scripting types of settings in there.
Then highlight the Trusted Sites Zone.  If you find 
yourself getting prompted a lot on sites you visit 
regularly, simply add those sites to the Trusted Sites zone 
by clicking on "Sites".  Note, be sure and uncheck the 
box at the bottom of the sites list that refers to secure 
websites (https).  Clicking on Custom Level in Trusted 
Sites, you can enable most of the items in here assuming 
you are being careful when you add a site to this zone.  
I still like to set the unsigned stuff to Prompt in this
Zone.  Next, go to the Restricted sites Zone and click on 
Custom Level. DISABLE EVERYTHING IN THIS ZONE.  CHOOSE 
THE MOST RESTRICTED OPTION AVAILABLE.  You also have a 
sites area in here where you can put websites in here that 
you want to lock down.  Of course, who's to know what 
sites to lock down.  Well, that work has been done for you.
There is a great resource available that has taken many of 
the known advertising and spyware websites and created a 
registry file that you can merge into your registry that 
will add these sites to your Restricted Sites list.

Link to IE-Spyad page

http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD

Link to direct download of the file:

http://www.staff.uiuc.edu/~ehowes/res/ie-spyad.zip

Save the file to your disk and then open the zip file.  You 
will see a registry file for both IE6 ads and IE6 adults 
along with uninstall reg files should you later decide to 
remove them from your registry.  Once you merge them, you 
can go back into your Internet Settings and look at the 
Sites list in the Restricted Sites zone to see what your 
registry merge did.

If you are running Outlook or Outlook Express for your 
email, you should go to Tools / Options / Security and 
insure that you are set to use the Restricted Sites zone.

These steps should leave you with a nice clean system in 
terms of spyware.  To keep things that way you should run 
Ad-aware and Spybot at least monthly.  When you find that 
really cool piece of software on the Internet that is 
free, you should first run your spyware scans, then 
install your really cool program and then run the scans 
again.  If you come up clean, enjoy the software.  If not, 
decide how cool the program really is, and whether it is 
really worth the hassle of keeping.

Spider


For a web-based membership management utility and 
information on list policies, please see 
http://nibec.com/24hoursupport/

To unsubscribe, send a blank email to 
24hoursupport-request@xxxxxxxxxxxxx with "unsubscribe" 
(without quotes) in the subject.
*****************************************************************************
CHECK OUT THE NEW CHATROOM! Just login and click on chat!
http://www.tech-assist.org/secure/tip/main.htm
The Tech Address Book:
http://www.tech-assist.org/secure/tip/contact.htm
Add a Repair Tip Here, or Change/Remove your Email Address:
http://www.tech-assist.org/secure/tip/main.htm
Lost Password:
http://www.tech-assist.org  and select "Lost your Login Info?".
Email Archives:
http://www.freelists.org/archives/techassist/

Other related posts: