Advanced Spyware Fighting Techniques

This is a short late night post that will be expanded into a more comprehensive paper, however, due to the extremely nasty nature of some of the viruses in the wild today I wanted to give a quick intro on how to clean an infected PC.

1. Boot to safe mode, then open msconfig (via Start->Run). Open the services tab, check the box to hide all MS services, then disable all remaining services. Open the startup tab and uncheck anything that seems suspicious. Look at filenames and file locations. Anything weird in the C:windowssystem32 directory or the All Users directory should be noted and unchecked.

2. Download the following apps to regain control and clean the spyware. Combofix, Malwarebytes, Process Explorer, Autoruns, Hijackthis, and cCleaner.

3. Unplug any internet connection.

4. Boot into normal mode and be ready to kill any rogue processes and apps via Process Explorer. (IMPORTANT: Disable System Restore. I find this works best if you first reduce the HD space for System Restore to the bare minimum and then disable it. This dumps most of the system restore points.)If you can get control run cCleaner to kill all temp files. Then run Combofix/Malware bytes. (IMPORTANT: Many of the latest viruses are aware of the power of these tools and block the executable by name. Try renaming the exe file prior to running the file). Let the cleaners completely finish.

5. Once you have a relatively stable system you want to install a full Antivirus or Antispyware product, update definitions, and run a full scan of the hard drive. You want to also run Windows Updates and apply ALL of the latest security updates. Ensure your web browser is fully updated and for good measure use Secunia’s Personal Software Inspector to identify any other insecure applications.

Like I said this is by no means complete but in the ongoing fight against malware I wanted to give you an overview of How to clean an infected machine. I welcome your tips and ideas.

8 responses to “Advanced Spyware Fighting Techniques”

  1. Sly says:

    How about, backup data, wipe, reload.

  2. tsudohnimh says:

    I'm a big fan of wipe and reload but sometimes it isn't a viable option.
    Sometimes you even have to do an amount of cleaning in order to backup
    relevant data. Sometimes you have to actually clean the PC.

    Tsudohnimh
    website: http://Knowthenetwork.com
    follow me on Twitter http://twitter.com/tsudo

  3. Thanks for the info. I have copied it and will try it later. I have noticed that when I run IE, it runs slow and I get a lot of popups. But Firefox seems to run just fine. I have an older version of Norton, but my internet proided gives away McAfee for free, so I may switch.

  4. tsudohnimh says:

    Thanks for reading. If you run into trouble just shoot me an email and I'll
    be glad to help. BTW, great email address.

  5. Thanks for the info. I have copied it and will try it later. I have noticed that when I run IE, it runs slow and I get a lot of popups. But Firefox seems to run just fine. I have an older version of Norton, but my internet proided gives away McAfee for free, so I may switch.

  6. Tsudo says:

    Thanks for reading. If you run into trouble just shoot me an email and I'll
    be glad to help. BTW, great email address.

  7. Thanks for the info. I have copied it and will try it later. I have noticed that when I run IE, it runs slow and I get a lot of popups. But Firefox seems to run just fine. I have an older version of Norton, but my internet proided gives away McAfee for free, so I may switch.

  8. Keith says:

    Thanks for reading. If you run into trouble just shoot me an email and I'll
    be glad to help. BTW, great email address.

Leave a Reply