christine2448
Retired WS Staff
- Joined
- Mar 30, 2005
- Messages
- 10,392
- Reaction score
- 330
(I hope I'm not repeating LOL)
This advice is reposted from the advice given by Tony Klein, the acknowledged spyware & malware expert who supports many forums on the net.
I have added a few minor updates to it
You usually get infected because your security settings are too low.
Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:
1) Watch what you download!
Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself.
2) Go to IE > Tools > Windows Update > Product Updates, and install ALL Security Updates listed.
It's important to always keep current with the latest security fixes from Microsoft. Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.
3) Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.
Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option/security.
So why is activex so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
Would you run just any random file downloaded off a web site without knowing what it is and what it does?
And some more advice:
4) Install Javacool's SpywareBlaster It will protect you from all spy/foistware in it's database by blocking installation of their ActiveX objects.
Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer)
Press "select all", then "kill all checked", and you're done.
The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer.
Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
Don't forget to check for updates every week or so.
Let's also not forget that SpyBot Search and Destroy has the Immunize feature which works roughly the same way.
It can't hurt to use both.
5) Another brilliant program by Javacool we recommend is SpywareGuard.
It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.
An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware! And you can easily have an anti-virus program running alongside SpywareGuard. It now also features Download Protection and Browser Hijacking Protection!
6) IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
7) The IE hosts file blocks ads, banners, cookies, web bugs, and even most hijackers. This is accomplished by blocking the Server that supplies these little gems.
Example - the following entry 127.0.0.1 ad.doubleclick.net blocks all files supplied by the DoubleClick Server to the web page you are viewing. This also prevents the server from tracking your movements.It Now includes most major parasites, hijackers and unwanted Search Engines!
In many cases this can speed the loading of web pages by not having to wait for these ads, banners, hit counters, etc. to load.
This also helps to protect your Privacy by blocking servers that track your viewing habits, known as "click-thru tracking".
However as time has progressed the focus of this project has changed from blocking ads/banners to protecting the user from the many parasites that now exist on the Internet. It doesn't serve much purpose if you block the ad banner from displaying, but get hijacked by a parasite from an evil script or download contained on the web site. The object is to surf faster while preserving your Safety, Security and Privacy.
Incidentally, another site with an enormous amount of information on computer security, and which is well worth a visit is http://www.wilders.org/
Finally, after following up on all these recommendations, why not run Jason Levine's Browser Security Tests.
They will provide you with an insight on how vulnerable you might still be to a number of common exploits.
If you are using XP or windows 2000 or 2003 then this application will also help a lot to prevent hijacking
https://www.prevx.com/homeoffice/pr...e/prevxhome.htm
And make sure your Antivirus and firewall is switched on and kept updated
Run these tools to see if they clean any junk off your computer!
All tools can be downloaded at the link below:
. SpyBot search and destroy
. AdAware SE
http://www.majorgeeks.com/downloads31.html
ADAWARE
First, in the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.
Then, in the main window: Click Start and under Select a scan Mode tick Perform full system scan.
Then, deselect Search for negligible risk entries.
To start the scan, click the Next button.
When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next).
Reboot and now run spybot
Spybot: Search and destroy.
Delete what spybot finds marked in red. After updating spybot hit the
immunize button.
How to boot to safe mode
http://service1.symantec.com/SUPPOR...src=sec_doc_nam
--------------------------------------------------------------------------
Delete your temporary files:
In safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit - Select All then Edit - Delete to delete the entire contents of the Temp folder.
Go to Start - Run and type %temp% in the Run box. The Temp folder will open. Click Edit - Select All then Edit - Delete to delete the entire contents of the Temp folder.
Finally go to Control Panel - Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.
Empty the recycle bin.
This advice is reposted from the advice given by Tony Klein, the acknowledged spyware & malware expert who supports many forums on the net.
I have added a few minor updates to it
You usually get infected because your security settings are too low.
Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:
1) Watch what you download!
Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself.
2) Go to IE > Tools > Windows Update > Product Updates, and install ALL Security Updates listed.
It's important to always keep current with the latest security fixes from Microsoft. Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.
3) Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.
Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option/security.
So why is activex so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
Would you run just any random file downloaded off a web site without knowing what it is and what it does?
And some more advice:
4) Install Javacool's SpywareBlaster It will protect you from all spy/foistware in it's database by blocking installation of their ActiveX objects.
Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer)
Press "select all", then "kill all checked", and you're done.
The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer.
Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
Don't forget to check for updates every week or so.
Let's also not forget that SpyBot Search and Destroy has the Immunize feature which works roughly the same way.
It can't hurt to use both.
5) Another brilliant program by Javacool we recommend is SpywareGuard.
It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.
An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware! And you can easily have an anti-virus program running alongside SpywareGuard. It now also features Download Protection and Browser Hijacking Protection!
6) IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
7) The IE hosts file blocks ads, banners, cookies, web bugs, and even most hijackers. This is accomplished by blocking the Server that supplies these little gems.
Example - the following entry 127.0.0.1 ad.doubleclick.net blocks all files supplied by the DoubleClick Server to the web page you are viewing. This also prevents the server from tracking your movements.It Now includes most major parasites, hijackers and unwanted Search Engines!
In many cases this can speed the loading of web pages by not having to wait for these ads, banners, hit counters, etc. to load.
This also helps to protect your Privacy by blocking servers that track your viewing habits, known as "click-thru tracking".
However as time has progressed the focus of this project has changed from blocking ads/banners to protecting the user from the many parasites that now exist on the Internet. It doesn't serve much purpose if you block the ad banner from displaying, but get hijacked by a parasite from an evil script or download contained on the web site. The object is to surf faster while preserving your Safety, Security and Privacy.
Incidentally, another site with an enormous amount of information on computer security, and which is well worth a visit is http://www.wilders.org/
Finally, after following up on all these recommendations, why not run Jason Levine's Browser Security Tests.
They will provide you with an insight on how vulnerable you might still be to a number of common exploits.
If you are using XP or windows 2000 or 2003 then this application will also help a lot to prevent hijacking
https://www.prevx.com/homeoffice/pr...e/prevxhome.htm
And make sure your Antivirus and firewall is switched on and kept updated
Run these tools to see if they clean any junk off your computer!
All tools can be downloaded at the link below:
. SpyBot search and destroy
. AdAware SE
http://www.majorgeeks.com/downloads31.html
ADAWARE
First, in the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.
Then, in the main window: Click Start and under Select a scan Mode tick Perform full system scan.
Then, deselect Search for negligible risk entries.
To start the scan, click the Next button.
When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next).
Reboot and now run spybot
Spybot: Search and destroy.
Delete what spybot finds marked in red. After updating spybot hit the
immunize button.
How to boot to safe mode
http://service1.symantec.com/SUPPOR...src=sec_doc_nam
--------------------------------------------------------------------------
Delete your temporary files:
In safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit - Select All then Edit - Delete to delete the entire contents of the Temp folder.
Go to Start - Run and type %temp% in the Run box. The Temp folder will open. Click Edit - Select All then Edit - Delete to delete the entire contents of the Temp folder.
Finally go to Control Panel - Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.
Empty the recycle bin.
