Advanced Spyware Fighting Techniques
This is a short late night post that will be expanded into a more comprehensive paper, however, due to the extremely nasty nature of some of the viruses in the wild today I wanted to give a quick intro on how to clean an infected PC.
1. Boot to safe mode, then open msconfig (via Start->Run). Open the services tab, check the box to hide all MS services, then disable all remaining services. Open the startup tab and uncheck anything that seems suspicious. Look at filenames and file locations. Anything weird in the C:windowssystem32 directory or the All Users directory should be noted and unchecked.
3. Unplug any internet connection.
4. Boot into normal mode and be ready to kill any rogue processes and apps via Process Explorer. (IMPORTANT: Disable System Restore. I find this works best if you first reduce the HD space for System Restore to the bare minimum and then disable it. This dumps most of the system restore points.)If you can get control run cCleaner to kill all temp files. Then run Combofix/Malware bytes. (IMPORTANT: Many of the latest viruses are aware of the power of these tools and block the executable by name. Try renaming the exe file prior to running the file). Let the cleaners completely finish.
5. Once you have a relatively stable system you want to install a full Antivirus or Antispyware product, update definitions, and run a full scan of the hard drive. You want to also run Windows Updates and apply ALL of the latest security updates. Ensure your web browser is fully updated and for good measure use Secunia’s Personal Software Inspector to identify any other insecure applications.
Like I said this is by no means complete but in the ongoing fight against malware I wanted to give you an overview of How to clean an infected machine. I welcome your tips and ideas.