top apps for pc malware/spyware infested???

[willhenderson]

so my friends a basic user on his pc, he's got limewire i know the devil, hardly ever cleans his pc and the thing is infested in malware/spyware you call it. ive seen it first hand. you start up his pc it takes about a half hour to just load with how infested it is. numerous start up icons which i know shouldnt be there and most likely installed themselves.


well my question - i'm going to help the guy out and try clearing some stuff out, install some apps and what not, what are the best programs to take a stab at it with??

so far ive got

autoruns - to try and clear out some of the junk that starts with his pc
tune-up utilities- to just clear out some of his history get things runnin smooth
spybot s&d-
ad aware -
pest patrol-

[edDV]

Find the restore CD and start over.

[normcar]

Adaware and Spybot S&D are two of the best.

You should also look at his startup and try to remove as much as possible. Even "good" programs can be removed such as printer software. After you stop all programs that you can see running, look at the Task Manager CPU Usage. CPU Usage should idle near 0%, if it does not, then you have more programs, spyware, etc. to remove.

I would also try to get him to stop using Norton or McAfee software packages. These antivirus programs use a lot of system resources. AVG Free antivirus uses little system resources and is free. It has daily updates. It is considered better than either of the other 2.

[normcar]

Find the restore CD and start over.

Try other things first, and uninstall unused programs first. Starting over can be a time consuming procedure, during which you may lose data if you forget to back something up. As with most people, he may not be able to find all the sotware CDs to reinstall all programs again.

It won't help if he just starts his bad habits again. Get him to use the spyware removing software every week or so.

[edDV]

I've wasted so much time trying to "clean" a computer like you describe. Some of the viruses/malware seem to destroy or replace system files making manual restoration frustrating. The registry gets scrambled. In the end, you will probably need to do the dreaded reformat if the machine is in that bad a state.

Worse, the person you are helping will probably blame you for future problems.

[redwudz]

If the malware has really taken over, sometimes a repartition, reformat and reinstall is the best solution. I've had some luck with a free online scan from TrendMicro. Worth a try, anyway: http://www.trendmicro.com/hc_intro/default.asp

Another tip is to run your anti malware programs while in safe mode, disconnected from the internet. If the malware is in the registry and the restore volumes, it's very hard to eliminate without crippling your system beyond all repair.

[slacker]

Take a look at PREVX over at www.prevx.com. Found it accidentally, tested it for 30 days and found it worked unusally well on a PC I cleaned under the same circumstances. Found files none of the others could.

Good luck!

Mark

[TBoneit]

I have to go with the others if the computer is that infested, based on past experiences cleaning customers computers. It will never be completely right even if you get rid of all the pests. The registry changes form one malware piled on top of others changing things....

However having said that if you can find a copy of the older Spy Sweeper Trial that actually cleaned, Version 4.5, the new version 5.x doesn't clean, then that is a first step.

http://www.ewido.net/en/download/
Spybot Search and Destroy
Ad-Aware
HiJack This
A Good Antivirus to get rid of all the trojan horses his computer is likely riddled with
If he is getting popups that say your computer is infected with spyware, click here, Don't. Get Smitrem to remove them they just want money for the bogus adware they put on in the first place.
Host File Reader and many others
Some o fthis stuff integrates it self into the desktop, IOWs when Explorer loads as the desktop the malware also loads making it hard to get rid of

However Much quicker to remove partiton and start over from scratch and mor elikely to succeed too.

[TBoneit]

Almost forgot, don't even try to clean the computer except in safe mode. Turn off System restore.

[CrayonEater]

Here are the "must have" apps:
HiJackThis (http://www.majorgeeks.com/download3155.html)
Ewido (http://www.ewido.net)
Smitfraudfix (www.filepedia.com/desktop_software/desktop_security/smitfraudfix.cfm)
Spybot Search and Destroy (http://www.safer-networking.net)
Ad-Aware (http://www.lavasoft.de)
Spywareblaster (http://www.javacoolsoftware.com)

Make sure you get this stuff from those links or other reputable sites - many of these products are impersonated by sleazoids peddling spyware-ridden "anti-spyware" tools, and some of them even use similar website addresses to confuse you.

Except for Ewido, and also Pest Patrol and SpySweeper, as a rule, avoid anti-spyware software that you have to pay for. The free stuff is the best. However you don't need PP or SpySweeper with the others anyway. To a somewhat lesser extent, this is also true of anti-virus software.

BTW, consider a total reformat, esp. if Smitfraudfix is suspected. Once a machine is compromised, it is never fully trustworthy, especially today what with the trend towards rootkits and all.

[Xylob the Destroyer]

msconfig and regedit will do wonders

[dLee]

Worse, the person you are helping will probably blame you for future problems.

A contemporary restatement of the old computer maxim: "If you touch the iron, you own it."

One of the quickest ways to get a friend angry is to work on their computer - for free!

Give yourself a short leash for repair of this system 1 - 2 hrs max. If the OS installation is 6 months to a year old, it's probably better to reformat and reinstall anyway.

[kschang]

If it's that far gone, I'd say save the documents, then reformat and start over. Except this time, use the Ultimate Boot CD for Windows, save some backups of the files and such, then "clone" the HD so if it's time to "reset" you'll have an easier time later.

[EltonJohnBonJovi]

Spyware Doctor

[Bjs]

Base tools : avg free , plus adaware se .

For simple backup of data where complete fix may not be possible : puppy (mini linux distro) .
Boot pc from cdrom with puppy (win virus's and trojan's cannot be active)
Mount hd where win system reside's .
Create a folder , and search for user data for backup , place in this new folder via copy method .
When done ...
Check win folder , backup ie favs (compress first)
Also search for user's "wab" (email address book) , and email folder (win98 should be either in wins or programs dir)

In xp , there under users account (hidden) , but puppy will see them .

When done , run puppy's cd burning program ... add content , set burning parameter's ... puppy will spit it's cd out and you place a blank one in and let it go ...

Download the "new hd install" app from hd manufacturer's web site .
Use it to wipe out and recreate the partitions ... simpler .

If no floppy drive on pc ... download "insert" , linux rescue disc for pc ... it contains these hd management tool's ... burn to cd with nero ... boot pc from cdrom using insert ... welcome menu ... hd tool's ... choose the one that matchs your hd manufacturer , and go from there .

After , reboot pc using win98 cd or xp cd , depending on os and start from scratch .

------------------------

The biggest pain in the a ... is user's in most case's nolonger have the cd's that came with the motherboard , vga , sound , network ... modem after about 3 year's ... and in many case's now ... they may be impossible to find online ... if not gone forever .

That's the main problem .

------------------------

To have a crack at removal of nasties , you need :

Hijackthis , SmitfraudFix , ATF-Cleaner , combofix , bfu (brute force uninstaller) , ewido , killbox .

Use hijackthis to scan pc ... and visit the forum and post the info ... from here , you will find many user's that can help kill most out of the pc ... if not all .

The only true issue is you may have corruption in the registry , and system file's which may cause the pc to fail to reboot correctly ... in this case ... you start from scratch ...

Personally , from the above tool's , I have not had any problems removing all nasties .

Largest virus infection : 122
Largest trojan count : 200+

In the last month , it's been a case of seeing who can break the previous record ... the last pc took an hour before user could use it ... and as soon as it connected to the net ... that's all folk's ... no control .

I was able to clean "all" of these from xp , and the pc has been flawless since .

[TBoneit]

Just curious how long did the cleaning take in the one hour startup case?

You have to wonder how they could have put up with the computer even before it started taking an hour to boot. It had to take forever just to get to the menu after clicking the atart button. I've seen them take minutes and lots of disk swapping going on just for the click on the start button to do anything.

Cheers

[Nelson37]

Worst case I have ever had was a household with TWO teenage boys. Count of infected files from Spybot was over 50,000. Scan took over 8 hours, clean as well.

Spybot, HijackThis, AVG, Windows Defender is my basic kit. Regedit and safe mode very important.

Severe infections make the format and restore strongly recommended. From a professional standpoint, this is the only way to GUARANTEE the PC is not infected. Disconnect from the Internet and leave it that way for a day or so. This is to demonstrate what a clean PC runs like. Also will isolate any hardware issues. Then hook up to the Internet later so they see what the infection does to performance.

My teenage daughter hits MySpace regularly. Spybot and Norton mandatory runs after each visit (theoretically). I have told her I will no longer waste my time cleaning her repeatedly infected PC, and under NO CIRCUMSTANCES is she to get within 5 feet of my keyboard, or I will severely embarass her in front of as many of her friends as possible. (this works).

[Soopafresh]

TBoneit speaketh truth about Safe Mode. Otherwise, the spyware apps have already opened, making it hard for any cleaner to remove them.