[24hoursupport] Cleaning and preventing spyware

  • From: "Jerry Mills" <jmills@xxxxxxxxxxxxxxx>
  • To: "24hr Help Desk" <24hoursupport@xxxxxxxxxxxxx>,<24hrsupporthelpdesk@xxxxxxxxxxxxxxx>
  • Date: Sun, 29 Jun 2003 09:18:40 -0400

 
I am seeing a lot of posts lately with people having problems that are
directly related to spyware.  I do not like to profess myself as an
expert on anything since I have learned in the years I have been
supporting PC's that things change constantly and what was right
yesterday is damaging today.  However, in my present position I am
spending way to much time cleaning spyware off of my clients system so
they can work without losing productivity due to the dastardly deeds of
spyware.  I feel I have enough experience with this to speak with some
authority on how to keep this stuff under control.  So, here are the
steps I think one should take.

First, get rid of your existing spyware.  Download both Ad-aware and
Spybot.

Link to Ad-aware website:
http://www.lavasoft.de/support/download/

Link to direct download of Ad-aware file:
http://ftp.pcworld.com/pub/new/privacy___security/aaw6.exe

Link to Spybot website:
http://security.kolla.de/index.php?lang=en&page=download

Link to direct download of Spybot:
http://studserver.uni-dortmund.de/~su1669/spybotsd12.exe

Install and run both of them one at a time.  Be sure and update each of
them before running the scan.  This update step should be performed
anytime in the future that you run a scan.  DO NOT CHANGE THE SETTINGS
ON EITHER SPYBOT OR ADAWARE, they both install with the settings you
should be using.  On the first scan, make notes of the name of the
spyware detected and DO NOT REMOVE any of the spyware detected.  After
running both and getting a list of the type of spyware, close both
programs and go to your Control Panel / Add Remove Programs.  Look
through your list of installed programs and uninstall anything that you
can that appears on your list.  If you have any doubt as to whether or
not an installed program is spyware, go to:

http://www.spywareguide.com/product_search.php

And search for it.  You can also check:

http://www.doxdesk.com/parasite/

For details on some of the more common parasites that like to latch onto
the browser.

Do not expect to find everything you detected in Add Remove programs.
It isn't going to happen.  Much spyware is installed in the background
and never appears there.  Once you have uninstalled whatever software
you can, go back and run Ad-aware and Spybot again.  You may notice
fewer items found due to the uninstall, but do not be surprised if you
still see software you uninstalled still listed.  That is one of the
nice things about spyware.  They install it on your system and even
though you uninstall the software later it leaves the spyware behind.
No sweat though, Ad-aware and Spybot will get them.  It does not matter
which one you run first.  Just run them both and this time remove
whatever they detect.  By default both programs keep what is removed so
they can be restored if needed.  I recommend you keep your removed items
for 30 days before deleting them.  In Spybot, Click on the Immunize
button and activate the immunize and browser block feature.

If you are running Windows 2000 or Windows XP, go to Control Panel /
Administrative Tools / Services and find the "Messenger" service in the
list.  Double click it and set the startup type to "Disable".  (this has
no adverse effect on any Instant Messaging software)

Next, go to Tools / Internet Options in IE.  If you use IE6, click the
Privacy tab.  Click Advance and put a check in the box to over ride
default.  Set first party cookies to accept and third party cookies to
block.  Click the Programs tab.  Click "Reset web settings"  Click the
Security tab.  Highlight the Internet Zone and click on Custom Level.
Set Internet Zone to at least disable unsigned Active X and disable
initializing scripts not marked as safe.  Suit yourself on the signed
Active X but I prefer to set that to prompt.  Personally I also prompt
on many of the other scripting types of settings in there.  Then
highlight the Trusted Sites Zone.  If you find yourself getting prompted
a lot on sites you visit regularly, simply add those sites to the
Trusted Sites zone by clicking on "Sites".  Note, be sure and uncheck
the box at the bottom of the sites list that refers to secure websites
(https).  Clicking on Custom Level in Trusted Sites, you can enable most
of the items in here assuming you are being careful when you add a site
to this zone.  I still like to set the unsigned stuff to Prompt in this
Zone.  Next, go to the Restricted sites Zone and click on Custom Level.
DISABLE EVERYTHING IN THIS ZONE.  CHOOSE THE MOST RESTRICTED OPTION
AVAILABLE.  You also have a sites area in here where you can put
websites in here that you want to lock down.  Of course, who's to know
what sites to lock down.  Well, that work has been done for you.  There
is a great resource available that has taken many of the known
advertising and spyware websites and created a registry file that you
can merge into your registry that will add these sites to your
Restricted Sites list.

Link to IE-Spyad page

http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD

Link to direct download of the file:

http://www.staff.uiuc.edu/~ehowes/res/ie-spyad.zip

Save the file to your disk and then open the zip file.  You will see a
registry file for both IE6 ads and IE6 adults along with uninstall reg
files should you later decide to remove them from your registry.  Once
you merge them, you can go back into your Internet Settings and look at
the Sites list in the Restricted Sites zone to see what your registry
merge did.

If you are running Outlook or Outlook Express for your email, you should
go to Tools / Options / Security and insure that you are set to use the
Restricted Sites zone.

These steps should leave you with a nice clean system in terms of
spyware.  To keep things that way you should run Ad-aware and Spybot at
least monthly.  When you find that really cool piece of software on the
Internet that is free, you should first run your spyware scans, then
install your really cool program and then run the scans again.  If you
come up clean, enjoy the software.  If not, decide how cool the program
really is.

Spider


For a web-based membership management utility and information on list policies, 
please see http://nibec.com/24hoursupport/

To unsubscribe, send a blank email to 24hoursupport-request@xxxxxxxxxxxxx with 
"unsubscribe" (without quotes) in the subject.


Other related posts:

  • » [24hoursupport] Cleaning and preventing spyware