Saturday, March 27, 2010

Special Bob's
Comprehensive Malware Removal Guide

 
The title of this article is a
funny one, Special Bob's
Comprehensive Malware Removal
Guide. However, when
you actually visit Special Bob's
web page, it makes sense:

Malware Removal

Here's a guy who clearly loves
computers. He would not have
compiled such a comprehensive
list of malware removal tools
if he did not.

No one would do what he has done
just for the money. It takes a
special kind of dedication to
learn how to fix computers and
remove malware. Furthermore, it
takes much time and energy
discovering all of these malware
removal resources and learning
how to use them.

Time put in and patience brings a
happy result. Clearly Bob has
put in the time and he has the
patience to work with all these
tools. No doubt that's why he
is called Special Bob.

Ed Abbott
Posted by at No comments:

Friday, March 26, 2010

Removing Malware
Using Windows Safe Mode

 
Here's an article that describes
how to get into Windows Safe Mode:

Windows XP Safe Mode Explained

As the article explains, getting
into safe mode is a two-step
process:

  1. Start Windows (boot it up)
  2. Hold down the f-8 key

Why Safe mode? Why would you want
to boot up in safe mode to remove
viruses and spyware?

In some cases, you can prevent malware
from running by booting up into safe
mode. If you can do this, you stop
the malware from running and thus taking
steps to protect itself.

Malware is famous for protecting itself.
Try to remove it and it will try to protect
itself from removal. Of course, the malware
has to be running in order for it to
practice self-protection.

You might say that Windows Safe Mode
is the middle path. It is the middle path
between two extremes.

Running your copy of Windows in Windows
Normal Mode is one end of the extreme.
This is the mode that will almost surely
allow your malware problem to be running
concurrently to you running something that
is trying to remove your malware problem.
If this happens, you will likely have two
pieces of software doing battle.

One piece of software is the evil piece
of software, the malware that has infected
your computer. The other piece of software
is the good software, the malware removal
tool that is trying to fix your computer.
Both do battle with each other if both
are allowed to run at the same time.

Sometimes the battle is over before it
begins. Try to visit a website that has
a malware removal tool on it and you
are prevented from visiting that website
by the offending malware itself. I call
this phenonema malware redirection.

With maleware redirection any attempts
to visit a website that will help you to
remove malware are redirected to another
website. Often this redirection is to
a site that runs advertising of some kind.

I don't have enough experience to know
whether or not running your computer in
safe mode will solve this problem for you.
However, I'd at least give safe mode a try
if I had this problem.

Here's my hierarchy of good, better and
best when it comes to removing malware:

  1. It is good to try to remove malware
    while running your copy of Windows in
    mormal mode. This often does some good,
    especially if your computer is not too
    badly infected. This has worked for me
    for years as of this writing.
  2. Better yet is to run Windows in
    Safe Mode as this may knock
    out some malware temporarily. Of course,
    I can't guarantee this. However, it
    is worth a try.
  3. For profound malware infections,
    it is best to run Windows off of a
    separate boot disk. For example, a
    copy of Windows on a CD or a DVD.

Of the three ways to run malware removal
tools, the bootable disk option
is the best in terms of effectiveness.
While I've not tried this mywelf, because
I've never had to, I can see that doing
this has a great advantage:

The advantage of a boot disk is that your
infected copy of Windows becomes a passive
entity that is asleep and totally dormant.
In other words, the infected copy of Windows
has no way to defend itself against malware
disinfection.

Here's a post that I've written that gives more
information about running Windows off of a
stand-alone disk for malware disinfection
purposes:

Michael Horowitz on Removing Spyware

Here's something to keep in mind when trying
to remove malware from your infected copy
of Windows: A good decision represents
a balance of interests.

Here's the two interets you want to consider
when trying to remove malware from your system:

  1. Convenience
  2. Effectiveness

Balancing these two interests might lead
me to try to remove malware in this order of
preference:

  1. Try removing the malware in Safe Mode
    first using an online malware scanner.
  2. If Safe Mode fails, use your credit card
    to order a bootable disk that has malware
    removal utilities on it.
  3. If your problems are very minor,
    or you are very lazy about discovering Windows
    Safe Mode, then you might as well try running
    a malware removal tool in Windows Normal
    Mode     first. Normal mode is better than
    nothing and hey, it might work.

Here's a broad outline of how to remove
malware in safe mode:

  1. Boot up in safe mode
    by holding down the
    f-8 key on the
    top row of your keyboard.
  2. Go to a website that has
    a malware removal tool that
    comes highly remcommended by
    more than one reputable source
    of information
  3. Run the malware removal
    tool

It is important that you read
about your malware removal tool
first. Make sure it does malware
removal, not malware installation.

Your read this right. Some tools
that purport to remove malware
actually install it instead. Be
sure to seek out independent reviews
to make sure that your so-called
malware removal tool is not in fact
evil software masquerading as your
friend.

Ed Abbott
Posted by at No comments:

Wednesday, March 24, 2010

Michael Horowitz on Removing Spyware

 
Here's a page I've just discovered
while doing research on removing
maleware in safe mode on
a Windows machine:

Removing Spyware

The above link references 3 articles
written by Michael Horowitz. Seems
that some of the best things in life
come in a series of 3. These articles
are no exception.

In article number 1, Michael Horowitz
goes over two things:

  1. Removing malware from inside of
    Windows
  2. Removing malware from outside of
    Windows

In article number 2, Michael Horowitz
assumes that you will be removing
malware from a bootable CD. In this
second article he discusses two choices:

  1. Running the boot CD in the infected
    machine
  2. Running the boot CD over a network

Note that however you run the boot CD,
you are running the CD outside the infected
machine in the sense that the infected hard
drive is a passive entity only.

In article number 3, Michael Horowitz describes
what is essentially a two-step process.

  1. Run a series of anti-malware programs on
    the ultimate boot CD to clear your computer
    of the worst of the infections
  2. Boot the newly disinfected machine and
    run a series of online scanners to further
    correct anomalies.

In a world of misdirection and wasted time,
Michael Horowitz gets right to the point.
He tells you how to remove malware from
your infected machine in the most effective
way possible.

Ed Abbott
Posted by at No comments:

SUPERAntiSpyware Free Edition

 
Here's another malware removal
tool I've recently become aware
of:

SUPERAntiSpyware

This tool installs on your system
as a .exe file. You download
the file and run the .exe.

In the case, the .exe fill is called
SUPERAntiSpyware.exe, appropriately
enough.

Here's where I found out about this
program:

How to Remove Malware From Your Computer

I ran SUPERAntiSpyware Free Edition
and it found approximately 32 adware
cookies. This was more than I expected as
I keep a very clean machine.

I'm trying to help someone clean up their
machine. They have an adware redirection
problem. At least, that's what I call
it.

Basically, if they try to run malware removal
software, they get redirected away from the
malware scanner site to a site that runs
an ad instead. This makes it very hard to
clean their machine.

I'm beginning to believe that the solution
is to send them a bootable CD-ROM with
.exe files that remove malware. If this
bootable CD-ROM were to run in safe mode,
it might do the trick.

Ed Abbott
Posted by at No comments:

Saturday, March 20, 2010

TDSSKiller.exe Malware Removal Tool

 
Today I'm trying out an application
called TDSSKiller.exe. It is
a malware removal tool.

I don't have any known malware on my
Windows XP machine. The only reason
I'm trying this is to do research.

Here are the steps I've taken to obtain
this malware removal utility:

  1. Fire up the Google Chrome browser
  2. Go to the TDSSKiller webpage
  3. Download TDSSKiller.zip
  4. In Chrome, click on tdskiller.zip
  5. Look for folder tasks on
    the left side of you screen
  6. Choose Extract all files
    underneath folder tasks
  7. Unzip the file into a folder of
    your choice

For easy reference, here's the webpage
that TDSSKiller.exe comes from:

Viruses and solutions

Here's where I chose to place
TDSSKiller.exe

c:\tdsskiller

Here's how I created the
tdsskiller folder:

  1. Right click on the Windows XP
    start button
  2. Click run
  3. Fill in the blank with
    the word cmd
  4. Look for the DOS
    prompt
  5. at the DOS prompt, type
    cd c:\
  6. type mkdir tdsskiller
    to create a temporary folder
I've followed the following steps to run the utility:
  1. Right click on the Windows XP
    start button
  2. Click run
  3. Fill in the blank with
    the word cmd
  4. Look for the DOS
    prompt
  5. at the DOS prompt, type
    cd c:\
  6. Look for the c:\
    prompt
  7. At the prompt, type
    cd tdsskiller to
    change directory to the
    tdsskiller folder
  8. Type tdskiller.exe to
    run the TDSSKiller malware removal
    utility

Doing any kind of computer work
is very detailed. That's why I
write out how I do things so
carefully.

Even when I write carefully, I
realize that it is hard for others
to duplicate precisely what I did.

Here's a post that gives some helpful
information:

How to Remove Rootkit.Win32.TDSS using TDSSKiller

Ed Abbott
Posted by at No comments:

Thursday, March 18, 2010

Search Results Hijacked by Malware

 
I tutored someone over the phone
today. We were trying to install
the Google Toolbar on his home
computer.

I thought it was going to be an
easy task. I was wrong.

Seems that everytime this man
tried to install the Google
toolbar on his browser, he got
redirected by adware to a site
advertising something.

The same thing happened when he
tried to go to the the home page
for Trend Micro's Housecall software.
Again, he was redirected to adware.

I just found it so hard to believe
that this was actually happening.
Keep in mind that the man is describing
all this to me over the phone.

After we hung up our phones I did a
Google search on adware redirection.
Here the web page that came up:

Search Results Hijacked

OK. Now I know it is possible. Now I
know that is malware out there that will
hijack your search results. I'm loosely
calling this adware though this may
not be the correct term.

The lesson? Always challenge assumptions
by seeking out hard evidence to either prove
or disprove the assumption.

In this case, I had assumed that it was not
possible to get your search results hijacked.
It was not a strongly felt assumption. It was
just an assumption based on the fact I had
never thought of this possibility before.

I'll be looking more into adware hijacking
in the future.

Ed Abbott
Posted by at No comments:
Subscribe to: Posts (Atom)