Over the weekend a good friend asked me to take a look at his sons computer. He’s a great kid, and like all his peers, he loves music. He downloads songs, pirated of course, at an alarming rate. Because this was my third time cleaning his pc, I decided to take note of what I found.
In the past it had always been a single Hijacker, or a couple of spyware items. They were easily removed with Exterminate or Hijack This. This time the problem was much worse. By the time I was finished, the top 10 Malware items for 2008 were all there, with another 20 or 30 thrown in. They are listed here.
TOP 10 TROJANS, HIJACKERS AND SPYWARE OF 2008 |
||
1 | Win32 | Backdoor W32 Trojans steal passwords and send critical info (CC numbers, phone number, address, and banking info) to an awaiting server. The best cure is a clean install. |
2 | Smitfraud | Known for it’s fake “Blue Screen of Death, Smitfraud alters your registry and hides in your physical memory or boot sector. |
3 | My WebSearch | Part of FunWeb Products and My Way Speedbar it is easily removed. |
4 | CoolWeb Search | Has it’s own spot in WIKIPEDIA. It will change your homepage. |
5 | Winfixer | Gives exaggerated security threat reports. It’s latest release version is June 14th, 2008. |
6 | ContraVirus | Also known as ExpertAntiVirus. It is a fake spyware removal application that tricks you into buying and installing it. |
7 | Spy-Shredder | Here’s the verbiage”NOTICE: If your computer has been running slower than normal, it may be infected with Viruses, Adware, or Spyware. Spy-Shredder will perform a quick and completely FREE scan of your system for malicious programs. Download Spy-Shredder for FREE now!†|
8 | FakeAlert | Easily identified, this trojan displays false alerts in a balloon type pop-up in the system tray. |
9 | Virtumonde | First discovered in 2003, the latest was spotted on June14th ,2008. Is someone putting their kids through school with this money? |
10 | Virus Protect | This Zlob Trojan is found in codecs used to play video files. Especially associated with adult content sites. |
For the fun of it, I spent 6 hours cleaning and removing one infamous intruder after another, hundreds of infected files. Eventually the list grew to 2 pages and included things I had never heard of. I removed them, but opted to reinstall because of the obvious destruction to the registry. I found out later that the reinstall was a good decison. Once a system is infected with the Win32 bot a reinstall is a must.
Taking action before things were completely out of hand would have made recovery much easier. Also keeping the antivirus up to date and active would have helped. Knowing the correct steps to remove this junk is paramount to the success of restoring your system. Knowing which tools detect and remove the problems is equally important. To reduce the amount of time needed to make these repairs, I’m listing the necessary steps and providing links to free removal tools. It’s my hope that it doesn’t take you 6 hours or an operating system installation to achieve a clean and clear pc.
REMOVAL INSTRUCTIONS
1. Run the following detection tools in the order given. No single product detects all known threats. It’s important to use a number of good solid detection tools to find all pests on your system. Take note of the problems found but do not use any of the removal options yet. First identify the threats.
- OverDrive: Register for a free account or run anonymously. Most informative free software available, plus it lists the dangerous applications running on your system.
- Ad-Aware 2008: This is one of many excellent detection and removal tools.
- Spybot Search and Destroy: One of the best free tools.
- Avast Antivirus: Although it seems that Virus infections are diminishing don’t be fooled, check your system.
A word of caution is necessary here. You should not run more than one Antivirus at a time. If you already have an antivirus installed, use that. If you are using an antivirus and are still infected then I suggest using an online scan. Pitstop’s own Jacee suggests; Kaspersky, Dr.Web CureIt, TrendMicro’s HouseCall, ESET Online Scanner, or Panda.
2. Next you will need to enable “show all system files and folders†in Windows Explorer. To do this in XP close all programs and click: Start/ Double click My Computer/ Tools/ Folder Options/ View/Check “Display the contents of system foldersâ€/ Under Hidden Files and Folders select “Show hidden files and foldersâ€/Uncheck Hide file extensions for known file types/ Uncheck Hide protected operating system files/ Apply/OK. The system files are hidden for a reason, be sure to hide them again when you are clean and finished.
To show all system files and folders in Vista you will need to close all programs and click: Start/ Control Panel/ Classic View/ Double click folder Options/ View/under Hidden files and folders click “Show hidden files and folders/ uncheck “Hide extensions for know file types/ uncheck “Hide protected operating system files/ Apply/ OK.
3. When removing malware it is best done while in SafeMode. Many systems can access SafeMode by tapping the F8 key during the boot process. Once presented with the options screen be sure to choose SafeMode with Networking. If you are having trouble accessing safe mode, there is one sure fire way to get there. In XP go to: Start/ run/type “msconfig†without the quotes/ boot ini/ SafeBoot/ Network/ Apply/ OK. Now reboot your computer and it will take you directly to SafeMode.
WARNING: Do not change any other settings in the msconfig utility.WARNING
Systems using Vista are essentially the same. Go to: Start/ All Programs/ Accessories/ Run/t ype “msconfig†without the quotes/ Boot/ Safe boot/ Network/Apply/ OK.
Please note, if you have used the configuration utility to enter safemode, you will need to uncheck the Safeboot box in the configuration utility to boot into Windows normally.
4. Once you have identified the Virus, Hijacker, or Trojan, clean your system and flush System Restore. Many of today’s pests will hide there while you are removing them from other locations. They return to infect you again as soon as you reboot your pc. For systems using XP go to: Start/Help and Support/Undo changes with System Restore/ System Restore Settings/ Turn Off System Restore/ OK As soon as your completed this step go back and create a new clean restore point.
For Vista users the process is just as simple, go to: Start/ Right Click Computer/ Properties/ System Protection/Uncheck the Drive or Drives listed/ Turn System Restore Off/ OK.
5. For minor spyware infections you may be successful using only the Adaware and/or Spybot programs. If you are getting repetitive warnings and your system is exhibiting Trojan and HiJack behavior, you will need to use some more serious removal programs.
Regardless of the type of malware, I suggest running the removal programs in the normal Windows mode, then SafeMode with Networking, and then a final time after a reboot into normal mode.
6. For more severe infections you can remove most of the TOP 10 by using one or more of the following removal tools.
7. Hijackers and some stubborn infections may require drastic measures to clear your system. “Hijack This” is a powerful tool that should not be used without help form trained advisors. PC Pitstop has advisors ready to help you use this program. Do not attempt using “Hijack This” without assistance.
8. When you are sure you are clean be sure to check that you have created a new clean restore point and “re-hide” your System Files..
9. Do a final scan with OverDrive and Adaware. You should notice a significant improvement in your OverDrive results. Also note the difference in the virus and spyware processes shown under Software and Processes. They will be color coded in red and yellow.
10. Reinstall your antivirus or use the free Avast for future protection. Once installed, set it to automatically update it’s definitions. An antivirus or internet protection suite is only as good as its latest update.
How do we avoid these problems? It’s simple, visiting sites to pirate music and movies will guarantee you an infected system. It doesn’t matter what internet protection suite you use, if you expose yourself to BearShare, PirateBay, and Limewire you will have problems. Once you click OK, it’s too late! Keep your protetion suite active and updated. Stay away form shareware, adult content, and pirating sites. Your system will stay a lot healthier.
If you are having trouble and feel a little overwhelmed by these pests, you can increase your chances of success to 100% by visiting our Free Help Forum. It is full of people who want nothing more than to rid your computer of these irritating pests.
__________________________________________________________________________
A special thanks to our own “Jacee” for helping me with the information on these nasty bugs. Jacee and the whole crew of Trusted Advisors are responsible for the success of our Virus, Spyware, and AdWare Forum. Thanks Jacee