|
BB
Join Date: Jul 2003
Posts: 5,341
|
|
Spyware/Adware/Malware tools..
Found this long list on another site, thought it would benefit for some.
Quote:
STEPS TO FIX AN INFECTED COMPUTER
A lot of these applications can be found in the forum
1. Update and run full scans of any anti-virus, anti-Trojan and anti-spyware programs on your computer. (see 4 and 5 if you need these apps) Close all browser windows and do not allow your computer to connect to the the internet while performing these, with the exception of the online scans.)
2. Record the names and locations of any malware that the scans turn up. Quarantine, then delete, repair or rename the files as instructed by the programs.If you have files that will not delete, boot into safe mode and re-scan. You should also check the task manager for any running processes that are unknown and kill them(a search on google should help identify what those processes are.) If you find a suspicious file you can submit it to www.virustotal.com or http://virusscan.jotti.org/ to have it scanned by and submittted to different anti-virus vendors.
3. Run a web based virus scanner (it will take time, so be patient)
Some good ones are:
http://housecall.trendmicro.com - TrendMicro
http://us.mcafee.com/root/mfs/default.asp - McAfee
http://security.symantec.com/sscv6/d...d=ie&venid=sym - Symantec
http://www.pandasoftware.com/activescan/ - Panda
Record the names and locations of any malware that the scan turns up. Quarantine, then delete, repair or rename the files as instructed by the programs.
4. Download if you don't have them already, install, update and run the following programs:
a.http://www.majorgeeks.com/Trend_Micr...der_d3019.html - CWshredder
If cwshredder immediately shuts down, restart it and if it shuts down again download and run http://www.safernetworking.org/files/delcwssk.zip - CoolWWWSearch.Smartsearch killer. Then run cwshredder again.
b.www.safer-networking.org/ - Spybot S&D
c.www.lavasoftusa.com/software/adaware/ - Adaware
d.www.webroot.com - Spysweeper
All of these programs can be found at majorgeeks.com if the links don't work.
5. Download, install, update and run an anti-trojan program. These are some good ones:
http://www.misec.net/trojanhunter/ - Trojan Hunter
http://tds.diamondcs.com.au/ - TDS
http://www.moosoft.com/ - The Cleaner
6. To prevent malware being restored by the operating system, it is often necessary to clear system restore after the malware is deleted. (This is called "clearing the System Restore points". To do this, turn it off, wait 30 seconds, and then turn System Restore back on. Also delete all temporary files and folders by running disk clean up and clear the temp files and cookies in your browser -
(see http://www.pchell.com/support/privacy.shtml and http://www.pchell.com/virus/systemrestore.shtml)
7. Record the names and locations of any malware that the scans turn up. Quarantine, then delete, repair or rename the files as instructed by the programs. After these initial scans, reboot and scan again to be sure that the malware is gone. Perform all of the scans again in safe mode if needed (you may have to be logged in on an administrator account in xp.) The purpose of recording is that everything isn't always going to go away so easily. Some programs reside in the memory and others will move/rename/re-create themselves when you attempt to delete them.
(see http://service1.symantec.com/SUPPORT...rc=sec_doc_nam)
8.If the problem is not gone after performing steps 1-8 download and run HijackThis (see section below for download location):
a) In Windows Explorer create new a permanent folder just for HijackThis. C:\HJT is a good folder name.
b ) Download HijackThis from the website listed below. Move hijackthis.exe to the folder you created (for example C:\HJT).
(Putting HJT in its own permanent folder ensures that HJT will make backups before it deletes something, and that you can locate the backups later. Do not run HJT from a temporary internet files folder or the desktop.)
c) Close all browser windows and double-click hijackthis.exe.
d) Click "Do a system scan and save a log file."
e) When the scan is finished, a text log will appear.
f) Copy the contents of the log and post it in the tech forum (make sure that you use code when you post it as it will often contain hyperlinks.)
Do not delete anything in the log as most of the entries will be harmless and necessary. Myself or someone else will be along to help.
If I see in your HJThis logs that some of the steps to be taken are missing, your post will be ignored. I'm not trying to be harsh, but it takes patience to perform all of these steps, sometimes several hours will be needed. If you want an instant fix then don't waste our time here.
To those of you who would like to help with reading logs- if you do not know anything about them, then do not try and interpret them for the persons seeking help. If the wrong thing(s) get deleted or bad advice is given, you could seriously mess someone's computer up. If you are interested in learning about interpreting the logs and helping others with them, PM me and I can give you a referral to one of the sites that specialize in HJthis analysis and offers training.
-------------------------------------------------------------------------------------------------------------
PREVENTION OF INFECTION
how to keep the crap off of your computer
1. If you perform an install of any windows os, when the installation is complete, make sure that you have a firewall enabled and properly set up before you attempt to connect to the Internet. (If you have windows xp you can enable the Internet connection firewall through your network connections settings. Double click on your connection, on the general tab click properties--> advanced tab--->settings--->on and click OK. It's a simple firewall, but it will allow you to be protected while updating windows and downloading a better firewall.)
2. Keep your operating system updated. Check for updates after an install and at least monthly thereafter. To help make sure your O/S is always kept up-to-date, consider setting Windows Update to Notify you when Updates are released. In winXP, this is under Start---> Settings---> Control Panel---> System-->Automatic Updates. Selecting "Notify me before downloading any updates...." is less intrusive and keeps you in control of what happens, when it happens, and what else is occurring while it happens. No matter what setting you select, it is still a good idea regularly perform manual checks. The recent outbreak of Sasser last year drives home the point. MS issued a fix for the exploit that Sasser used .....a month prior to it's outbreak.
3. Use a software firewall that can stop inbound and outbound connections. Preferably a NAT router should be used also. Once you have chosen one, become familiar with it's settings and operation (see the pinned section for an explanation on configuring a router to work properly with torrents). There are many help sites and forums for them. DO NOT RUN TWO SOFTWARE FIREWALLS AT THE SAME TIME. (If you had to enable the XP firewall as in step one and you have installed another firewall- disconnect form the Internet, disable XP's firewall, enable the new firewall and re-connect to the net.)
4. Use an anti-virus. Keep it updated. Scan your computer once a week. Also periodically use an online scanner to check for things that may have been missed by your installed version. (If you use more than one anti-virus program enable the auto protect, real time, etc. function on one program only and disable the protection when running manual scans with the others. Do not run any other application while those settings are off and It would be wise to stop all internet activity or just dis-connect.)
5. Use an anti-spyware/adware program, preferably one with some type of real-time protection. Become familiar with it's settings and operation (many of these programs have support forums). Keep it updated and run it at least once a week regardless of whether you think you have a problem or not. It would also be wise to use a program that modifies the hosts file (see section on hosts files) or IE's restricted zone to block bad websites and downloads.(I know, I know, IE – you should probably be using another browser. For those of you who don't or must use it to access certain sites see #6)
6. Internet Explorer users should see this site for information on securing your browser - https://netfiles.uiuc.edu/ehowes/www/ (oh....and by the way, there is no such thing as a completely secure browser.)
7. Utilize strong passwords and keep them safe. Periodically make back-ups of critical data. Create a boot disk which may enable you to get going if you have problems booting your OS.
8. Conduct security scans of your computer regularly using port scanners such as GRC's and security scans such as the MS Baseline Security Analyzer. Use Belarc advisor (see other programs) to check the status of updates and info on your system.
9. Conduct virus/spyware/trojan scans of any file that you download whether you trust the file or not. Never trust anything that you download from the net- even if it's from someone you trust. (Remember the virus section at Supernova?)
10. Use common sense- if a box pops up while you are online and asks if you want to install " I'll destroy your computer and burn down your house 2.1," click NO. Internet Explorer users should be extra cautious as it uses active-x and if the security settings for IE are lax, then a site doesn't even have to ask to put anything on your computer, it just does it.
Keeping your computer secure involves a "layered" approach. Your AV isn't going to "kill" all of the spyware that may be on your machine no better than your firewall can keep the viruses at bay. Each application has a specific function and shouldn't be expected to do more or less than such.
On a personal note- I shy away from these "swiss army knife" security suites, just because of the fact that usually if one inter-connected part gets "screwed" it could do harm to the protection afforded by the other parts. (That's what usually plagues MS with IE vulnerabilities- IE is integrated with the OS and because of that, a flaw in IE can rain piss on Windows. The recent fiasco with ZA's new suite is also another good example.)
----------------------------------------------------------------------------------------------------------------------
SECURITY RELATED PROGRAMS
tools of the trade
Online virus scanners:
http://housecall.trendmicro.com/ - Trend Micro
http://www.ravantivirus.com/scan/ - RAV
http://www.pandasoftware.com/activescan/ - Panda
http://us.mcafee.com/root/mfs/default.asp - McAfee
http://www.kaspersky.com/scanforvirus.html - Kaspersky (single file scan)
http://online.drweb.com/ - Dr. Web
http://www.commandondemand.com/eval/index.cfm - Command
http://www.bitdefender.com/scan/licence.php - BitDefender
http://security.symantec.com/sscv6/d...d=ie&venid=sym - Symantec
Virus scanners:
http://www.free-av.com/index.htm - Anti-Vir
http://www.avast.com/index.html - Avast
http://www.grisoft.com/us/us_index.php - AVG
http://www.bitdefender.com/index.php - Bit-Defender
http://www.my-etrust.com/ - E-Trust
http://www.f-prot.com/index.html - F-Protect
http://www.f-secure.com/ - F-Secure
http://www.kav.ch/ - KAV
http://us.mcafee.com/default.asp - McAfee
http://www.symantec.com/index.htm - NAV
http://www.nod32.com/home/home.htm - NOD
http://www.norman.com/en - Norman
http://www.pandasoftware.com/home/default.asp - Panda
http://www.ravantivirus.com/ - RAV
http://www.sophos.com/ - Sophos
http://www.trendmicro.com/en/home/us/enterprise.htm - PC-Cillin/Trend Micro
For those of you who like to argue as to which AV is the best:
http://www.av-comparatives.org/ - AV COMPARATIVE SITE
http://www.pcworld.com/resource/prin...,115939,00.asp - PC World tests
http://www.virusbtn.com/ - Virus Bulletin
http://www.dslreports.com/forum/rema...5827~mode=flat - DSL Reports test thread
Anti- spyware/adware scanners/removal tools:
www.safer-networking.org/ - Spybot S&D
www.lavasoftusa.com/software/adaware/ - Adaware
http://www.majorgeeks.com/download4123.html - Adaware cloak (use when spyware tries to close adaware)
http://www.webroot.com/wb/products/spysweeper/index.php - Spysweeper
http://www.pestpatrol.com/PestPatrolHE/ - Pest Patrol (also have online scanner and good pest dictionary)
majorgeeks.com/download4086.html - CWshredder (Merjin's Old version)
http://www.majorgeeks.com/Trend_Micr...der_d3019.html - New CWShredder
www.majorgeeks.com/download.php?det=3155 - HJThis
www.safer-networking.org/files/delcwssk.zip - CoolWWWSearch.Smartsearch killer (use if cwshredder won't start)
www.microsoft.com - Microsoft Anti-Spyware
Spyware/Adware prevention programs:
www.javacoolsoftware.com/spywareblaster.html - Spyware Blaster
www.javacoolsoftware.com/spywareguard.html - Spyware Guard
https://netfiles.uiuc.edu/ehowes/www/resource.htm - IE-Spyad
mvps.org/winhelp2002/hosts.htm - MVPS Hosts
www.definitivesolutions.com/bhodemon.htm - BHODemon
Trojan detection/removal programs:
www.emsisoft.com/en/software/free/ - A2
http://www.nsclean.com/boclean.html - BO clean
www.ewido.net/en/ - Ewido
http://www.misec.net/trojanhunter/ - Trojan Hunter
http://www.moosoft.com/ - The Cleaner
http://www.agnitum.com/products/tauscan/ - Tauscan
http://tds.diamondcs.com.au/ - TDS
www.3WDesign.es/security - Rootkit detector
Port/Process explorers:
http://www.diamondcs.com.au/portexplorer/ - Diamondcs port explorer
http://www.protect-me.com/freeware.html - Active ports
http://www.sysinternals.com/ntw2k/fr.../procexp.shtml - Process explorer
Software firewalls: Good FW info site(http://www.firewallguide.com/ )
http://www.zonelabs.com - Zone Alarm Zone Alarm help forum- forum.zonelabs.org/zonelabs
http://www.digitalriver.com/dr/v2/ec...N=10&sid=26412 - Black Ice
http://www.kerio.com/kpf_home.html - Kerio
http://www.sygate.com/ - Sygate
http://www.agnitum.com/ - Outpost
http://www.symantec.com/sabu/nis/npf/ - Norton
http://us.mcafee.com/root/package.as...v_firewall.asp - McAfee
http://www.tinysoftware.com/home/tiny2?la=EN - Tiny
IP blocking programs:
home.comcast.net/~zaupdate/ - ZA Update (integrates blocklists into Zone Alarm)
bluetack.co.uk/pw.html - Protowall and Blocklist Manager help can found at bluetack's site.
www.methlabs.org/methlabs.htm - Peer Guardian
Alternatives to IE:
www.mozilla.org/products/firefox/ - Mozilla Firefox
www.opera.com/ - Opera
www.myie2.com/html_en/home.htm - MYIE2
www.avantbrowser.com/ - Avant
kmeleon.sourceforge.net/ - Kmeleon
Port and general security scanners:
grc.com/x/ne.dll?bh0bkyd2 - GRC's Shield UP
www.sygatetech.com/ - Sygate SOS
www.auditmypc.com/ - AuditMyPC
www.pcflank.com/about.htm - PC Flank
http://www.foundstone.com/index.htm?.../freetools.htm - Foundstone's free tools
www.gfi.com/languard/ - Languard
http://bcheck.scanit.be/bcheck/ - Browser check
http://www.gfi.com/emailsecuritytest/ - GFI e-mail security test
http://whacker2.hackerwhacker.com/newindex.dyn - Hacker Whacker security scan
http://www.eicar.org/ - EICAR anti-virus test
http://www.blackcode.com/scan/index.php - Black Code security scan
http://packetstormsecurity.nl/defense/ - Packetstorm- lots of unix/linux tools
https://secure1.securityspace.com/sm...efid=975297074 - SS security audits
http://www.firewallleaktester.com/categories.htm - Several leak tests for firewalls
Pop up/Ad blocking programs
http://www.panicware.com/popupstopper.html - Pop-up stopper
http://ranfo.com/popki.html - Popki
http://www.ad-shield.com/ - Adshield
http://www.admuncher.com/ - Admuncher
http://www.stopzilla.com - Stopzilla
http://www.proxomitron.info/ - Proximotron
http://www.intermute.com/adsubtract/ - Adsubtract
http://www.webwasher.com/ - Webwasher
http://adblock.mozdev.org/ -Adblock for Mozilla
Other Programs:
www.abtrusion.com/Downloads/appersonal.asp - Abtrusion Protector – It prevents Windows from loading unrecognized or unknown software. Only software that has been safely installed or is explicitly allowed can be loaded into memory. (Yes, it will even stop viruses from executing)
http://www.jasons-toolbox.com/progra...cript%20Sentry - Script Sentry is good for preventing/monitoring scripts.
www.xp-antispy.org/ - Xp Anti-spy - Remove WindowsXP "build-in" components that might violate your privacy.
www.belarc.com/free_download.html - Belarc advisor – shows info about your computer that you can save and compare.
Registry Cleaners
http://www.hoverdesk.net/freeware.htm -Regseeker
http://www.rosecitysoftware.com/Reg1Aid/ - Registry first aid
http://www.macecraft.com/home/ - Regsupreme
http://www.majorgeeks.com/download.php?det=2048 - RegscrubXP
Privacy/"eraser" programs
http://www.east-tec.com/eraser/ - East-Tec Eraser
I'll be adding more to the list shortly as I find more info on thier capabilities.
I would not recommend webroot's window washer for un-recoverable deletion (others at a security forum I frequent are showing that it doesn't securely delete files, even with 35 passes.) I can't say that I would list evidence eliminator either, due to thier advertising practices. IF I find anything relating to it being a decent app then I'll place it in the list.
---------------------------------------------------------------------------------------------------------------
BAD spyware/adware programs: (in other words don't use this garbage)
AdProtector
Adware Agent
AdwareHunter
Adware Remover Gold
BPS Spyware & Adware Remover
eAcceleration/Veloz Stop-Sign
Easy Spyware Killer
InternetAntiSpy
JC Spyware Remover & Adware Killer
NoAdware
NoSpyX
Online PC-Fix
PAL Spyware Remover
Privacy Defender
PurityScan
Real AdWareRemoverGold
ScanSpyware
SpyAssasin
SpyBan
SpyBlast
SpyBlocs/eBlocs.com
SpyBouncer
SpyCleaner
SpyDeleter
SpyDoctor
SpyEliminator
SpyFerret
SpyHunter
SpyKiller
SpyKiller 2004
SpyKillerPro
Spyware Annihilator
SpywareBeGone
SpywareCleaner
Spyware C.O.P.
SpywareCrusher
SpywareKilla
SpyWare Killer
SpywareNuker
SpywareRemover
Spyware Stormer
SpywareThis
Spyware X Terminator
SpywareZapper
SpyWiper
System Detective
TZ Spyware Adware Remover
VBouncer/AdDestroyer
XoftSpy
ZeroSpyware
A complete and updated list can be found here:
http://www.spywarewarrior.com/rogue_...e.htm#products
|
|
03-20-2006, 04:51 AM
Similar Threads
Linear Mode
