Copyright © 2005, Norman Scherer
Precession Aquarian Gospel Atlantis Great Pyramid
Here are some tips for removing malicious virus, trojans and other annoying spyware from your computer. I have spent weeks trying to remove some of these stubborn files from my computer so now I can share some of the things I found out the hard way so no one else will have to waste their time on the same problems I encountered.
Step One: Can you logon to Windows? If so, can you open programs? If you answered "no" to either of those questions, you need to run your computer in "safe mode". This will allow you to access your computer so you can try to repair or eliminate the damage done. Many people (including me) have become frustrated trying to start their computer in safe mode because it's hard to time when to press the F8 key (for Windows XP) and therefore they are unable to enter safe mode. This is easily resolved by not attempting to time this step at all. All you have to do is restart your computer and wait for the company logo to appear (Dell, Compaq etc.). As soon as the logo disappears, press and HOLD the F8 key until you enter the "safe mode" choices. This has worked every time and I have never failed to enter safe mode using this method.
The next step is to decide which safe mode you want. There are usually three choices:
1. Safe Mode
2. Safe Mode with Networking
3. Safe Mode with Command Prompt
Move your arrow keys to highlight option #2 "Safe Mode with Networking" and press "enter". This will allow you to access the internet while in safe mode. A whole page of file names might appear next and scroll down your screen. You then may have to choose if you want to run Windows XP or the Recovery Console. Select "Windows XP" and press enter. After you login to Windows a pop-up box may ask you again if you want to run Windows in safe mode or run the Recovery Console instead. It asks something along the lines of "...you are about to run Windows in Safe Mode....to proceed in safe mode click 'yes' to proceed to recovery console click 'no'. Click on the 'yes' box. You are now in safe mode. Any programs that run in safe mode should work now. Some programs will not operate in safe mode. Don't worry about this now. Proceed to Step Two.
Step Two: This step involves scanning your entire computer for any problems so you can eliminate any files that are causing your troubles. An excellent place to start is Trendmicro's free online scan called "Housecall". Follow the directions and delete any files found by the scan. Next download Sophos Anti-Virus Software. This is the best anti-virus software I have encountered and it is FREE. That's right...FREE! All you have to do is fill out a short form that allows you to "evaluate" their program and they will email you a link to download it. To illustrate how good this program is, one of my computers was scanned by Trendmicro and it found 35 viruses of which it could eliminate 33 of them. I couldn't get rid of the other two and so I stumbled across Sophos. After I downloaded it and ran it, Sophos found 27 more viruses that Trendmicro didn't! While Trendmicro's housecall is an excellent scan, Sophos' program is on another level. It employs a database of almost 100,000 viruses (as of 2/1/05) and is constantly updated to give you the latest tools to fight them. I only recommend using Trendmicro because it so easy and anonymous. However, it may not get everything, so use Sophos too.
Step Three: Unfortunately, your problem may not result from a virus. You may have some annoying spyware that has loaded it's files into your registry and runs every time you turn on your computer. There are many products out there that scan for these characters and you should use them even if your computer is working fine now. You can find many of these programs for free. Try a google search for "spyware removal" and download them. The ones I've used are Lavasoft's "Ad-Aware", Spyware Doctor, SpySubtract Pro and Spybot Search and Destroy. All of these were free except SpySubtract Pro which I think cost around $30. The first one I ever used was Ad-Aware which was excellent. The newer version, however, "Ad-Aware SE-Personal" is good when it works. On one of my computers it constantly "hangs" on one folder and never finishes the scan. Very annoying. I've searched all the Lavasoft forums, but apparently there is no fix for this common problem. On my other computers it runs fine. Since it's free, try it and see. Spysweeper is another product that may help you as I am constantly reading on user forums of people using it. I have never tried myself, however.
Step Four: Another product you should be aware of is Hijack This. This an excellent program and works very quickly. It scans for anything that it considers "unusual or unnecessary" and gives you info on why it thinks this could be dangerous to your computer. The problem is you really have to know what your doing before you delete or "fix" any of these entries because you could cause more damage than you fix. Definitely for the advanced user. It's best feature is its ability to create a "logfile" which you can than post on various forums on the internet and ask for advice from the "experts". They then can direct you on what is safe to delete. One of the entries that I finally got the nerve to delete was called a BHO or a Browser Helper Object. While countless software vendors use these things harmlessly (Google Toolbar, for instance), sometimes they are downloaded unknowingly by you and are able to literally control your whole computer as I find out one day when I couldn't log on to Windows. Then after re-booting in safe mode, scanning with the usual programs and deleting files, I re-booted and I was able to logon to Windows. Then I found none of my programs would open! Yikes! This went on for days. Finally I remembered Hijack This! I scanned and saved logs for hours. I ran google searches on every suspicious entry. I finally concluded that it was one of the registry entries starting with BHO. I deleted all of them and re-booted. Everything worked perfectly and better than ever I might add. I recommend deleting any BHO registry entries found by "Hijack This!" All your programs may not load on start-up, but so what? Click on an icon if you want to run a program! It's easier than losing control of your computer for days, like I did.
Step Five: I highly recommend using the product "Evidence Eliminator" only for the simple fact that it will reduce your scan times and may find and delete a lot of infected and needless files that slow down your computer. Virtually every screenshot that has been on your computer is stored somewhere in some folder and is recoverable by people that know how to do this.
Deleting "internet cache and history", will not protect you... your PC is storing EVERYTHING. Even FORMATTING the disk won't work. All those Web Pages, Pictures, Movies, Videos, Sounds, E-mail and everything else you have ever viewed could easily be recovered - even many years later.
Do your children or
their friends use your computers? What have they downloaded and tried to delete?
Did you know for example that every click you make on Windows 98 Start Menu is logged and stored permanently on a hidden encrypted database within your own computer?
Your hard drive
might appear clean... but still be full of 'sensitive material' that you did not
want to download in the first place. Pressing 'Delete' or emptying your 'Recycle
Bin' - or even 'Formatting' your disk - simply will not work, the 'sensitive
material' will still remain on your hard drive!
You will be held responsible for any data which you allow to remain on your computer, even if it was only by accident. Even files and Internet Searches you have made which you thought you had never "saved to disk" can be recorded as permanent evidence on your hard drive.
For example, my wife is a computer programmer so she uses her own laptop at home instead of the home computer our family uses. My son plays the snare drum in the high school marching band. She was given permission to upgrade the marching band's website and used our home computer for a few weeks to work on it. She did minimal browsing on the internet while working on this project. I regularly used Evidence Eliminator (EE) to delete my Internet Explorer "history and cache" files. When I had the recent problem with the BHO's taking over my computer I was trying to think of anywhere there could be a problem. So when I ran Evidence Eliminator this time, under "options" I inserted her Windows Logon name instead of mine to see if there were any files under her logon. To my amazement EE found over 11,000 files in the Internet Explorer cache!! That's a lot.
Here is some info and screenshots from their website:
Evidence Eliminator™ is a powerful and easy-to-use program, no other commercially available program can do the same job. Every day, Evidence Eliminator™ quickly and professionally deep cleans your computer of 'sensitive material', leaving you with a clean PC, and instant peace of mind.
Web-sites put tracking information into your computer which is permanently stored.
Above is a screenshot of the options menu. The "IE" tab is selected at the top. They have selected "Cookies" under this tab. When I found the 11,000 files I clicked on the "History and Cache" tab to the left of "Cookies". There they give you a similar pathway as illustrated above in the "Cookies" menu. You can insert any windows logon name in that pathway to clean out those files. Very simple to use and effective.
While Evidence Eliminator is not cheap, I still think it's worth every penny. You will be amazed at what it will clean up on your hard drive and you'll have a faster more responsive machine. Plus I think it deletes a lot of that junk spyware on its own by cleaning out many of those cache folders that are really not needed but is used by IE to quickly access previously viewed websites. Which brings up the final step of this article....
Step Six: Stop using Internet Explorer!! This browser seems to be the
main target for all these jokers who write all this malicious software and mess
up our computers. They are targeting Internet Explorer because that's what
everyone uses! There ARE alternatives to IE. One of them is
Mozilla Firefox. Works and looks just like
IE but is not as vulnerable. This step could be the most important step of all
of them. Get rid of the source of the problem: all the easy loopholes and
security holes in IE. Another alternative is
Opera. They're both free. Try them both and choose the one you like best as
your default web browser (Windows XP will prompt you for this). You can always
still go back to using IE if you don't like these or other browsers. Just
another alternative that may help.