Get the free tool Microsoft Baseline Security Analyzer (MBSA) to analyze your PC security for prevention purposes. MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities, disabling unnecessary services and your IE Browser security settings, among other things.
Get the download here: Microsoft Baseline Security Analyzer.
For Windows 98 & ME users, there is a free tool that does some of the same things called Belarc Advisor. Get the download here: Belarc Advisor.
Scan and follow the directions to make the necessary corrections.
The following topic was written by AntiSpyware Expert Tony Klein and has been posted in numerous Security Forums.
Hopefully, these tips and tools will help you understand how to stay safe and prevent any future infections. I have added some additional information at the end.
said by TonyKlein  :
SO, HOW DID I GET INFECTED IN THE FIRST PLACE?
You usually get infected because your security settings are too low.
Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:
1) Watch what you download!
Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself.
Pre-Scan downloaded files for viruses and malware at one of these multi-engine single file scan sites for free! Each one uses a dozen or more well-known AntiMalware scanners in one quick easy scan with a report of results from all.
Virus Total (10mb limit)
»www.virustotal.com/xhtml/index_en.html
Jotti's Malware Scan (15mb limit)
»virusscan.jotti.org/
2) Go to IE > Tools > Windows Update > Product Updates, and install ALL Security Updates listed.
It's important to always keep current with the latest security fixes from Microsoft.
Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.
Windows Update:
http://v4.windowsupdate.microsoft.com/en/default.asp
3) Adjust your security settings for ActiveX
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.
Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option/security.
So why is activex so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
Would you run just any random file downloaded off a web site without knowing what it is and what it does?
And some more advice:
4) Install Javacool's SpywareBlaster.
SpywareBlaster
http://www.wilderssecurity.net/spywareblaster.html
SpywareBlaster will protect you from all spy/foistware in it's database by blocking installation of their ActiveX objects. Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer)
Press "select all", then "kill all checked", and you're done.
The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer.
Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
Don't forget to check for updates every week or so. Let's also not forget that SpyBot Search and Destroy has the Immunize feature which works roughly the same way.
It can't hurt to use both.
Download Spybot Search and Destroy
http://www.safer-networking.org/
5) Another brilliant program by Javacool we recommend is SpywareGuard.
It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.
SpywareGuard
http://www.wilderssecurity.net/spywareguard.html
An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware! And you can easily have an anti-virus program running alongside SpywareGuard.
It now also features Download Protection and Browser Hijacking Protection!
6) You can use a customized HOSTS file to block known bad sites. This is accomplished by blocking these sites through the hosts file. For more information and recommended sources see here:
»Security »What is a Hosts file and where can I get it?
Finally, after following up on all these recommendations, why not run Jason Levine's Browser Security Tests.
http://www.jasons-toolbox.com/BrowserSecurity/
They will provide you with an insight on how vulnerable you might still be to a number of common exploits.
said by CalamityJane :
To add to Tony's excellent advice above, you many find the additional programs and Security Sites helpful in malware prevention and removal:
7. Three free programs available to remove spyware from your system:
Download, Update and Scan with Adaware 2008 (get the free edition).
Download and install Adaware 2008
»www.download.com/Ad-Aware-2008/3···10844457
Reboot your PC after scanning and cleaning with Adaware
Download, Update and Scan with Spybot Search and Destroy. (Be sure to Update the program first)
Download and install Spybot Search & Destroy (free)
http://www.safer-networking.org/
A comprehesive Tutorial by the Author of Spybot Search & Destroy:
http://www.safer-networking.org/index.php?...p?page=tutorial
Windows Server 2003, WinXP users (English versions only):
Download, Update and Scan with Windows Defender (free)
Download here:
»www.microsoft.com/athome/securit···ult.mspx
Complete instructions on using Windows Defender can be found here:
Using Windows Defender
»www.microsoft.com/athome/securit···ult.mspx
*Validation of genuine Microsoft Windows Required*
8. Scan for Viruses and common trojans online and free
»Security »What are some web based virus scanners and encyclopedias?
9. If you still have problems and think you are infected after following the various scans and help above...... get HiJackThis (another free program & diagnostic tool)
NOTE: See: »Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance before posting a HijackThis log and may only be posted in our »Security Cleanup forum for assistance:
Instructions for HijackThis:
* Download Trend Micro Hijack This™
»download.bleepingcomputer.com/hi···tall.exe
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log.
Copy and paste the contents of the log in your next new topic.
NOTE: Most of what it lists will be harmless or even essential, don't fix anything yet. Someone will be along to tell you what steps to take after you post the contents of the scan results.
10. Some Security Sites worth reading and bookmarking for reference and to help you get started in your PC Security.
Security At Home:protect your computer
Spyware
Home Computer Security
http://www.cert.org/homeusers/HomeComputerSecurity/
Protecting Your Home Network
http://www.microsoft.com/windowsxp/pro/usi...tecthomenet.asp
Home Network Security
http://www.cert.org/tech_tips/home_networks.html
Malicious Code Propagation and Antivirus Software Updates
http://www.cert.org/incident_notes/IN-2003-01.html
National Institue of Standards and Technology
Computer Security Resource Center
http://csrc.nist.gov/
Stay Safe Online
http://www.staysafeonline.info/
Protecting Your Privacy & Security on a Home PC
»www.spywarewarrior.com/uiuc/
IE-SPYAD: Restricted Sites List for Internet Explorer
»www.spywarewarrior.com/uiuc/reso···#IESPYAD
»Microsoft Application Tips and Tweaks »Concerning Internet Options Security, what do some of the settings mean
Internet Explorer 7 for Windows XP is available now
»www.microsoft.com/windows/ie/default.mspx
Internet Explorer works with Windows Defender to help prevent spyware from sneaking onto your computer in common ways, such as part of a larger software downloa
Edit 19 Nov 2008 by CalamityJane: Removed IESPYAD and AGNIS (from #6 recommendation to block bad sites). Added link to HOSTS file FAQ to use instead.
Edit 07 Aug 2008 by CalamityJane: Removed CWShredder (obsolete)
Updated HijackThis instructions, Ad-Aware and Spybot versions and download links.
Edit 15 Oct 2007 by CalamityJane: Updated Windows Defender download link. Updated HijackThis download instructions (now available from Trend-Micro). Added IE7 and download link.
Edit 12 Aug 2006 by CalamityJane: Name change for Microsoft Antispyware to Windows Defender
Edit 30 Jan 2006 by CalamityJane: Added Microsoft Antispyware, updated MBSA to v. 2.0; adjusted step 9 to include Security Cleanup Forum rules.
Edit 24 Jan 2006 by CalamityJane: New URL for IESPYAD
 feedback form
 feedback form
by CalamityJane
last modified: 2008-11-19 19:19:05 |
