================================================== ==================================================



Please note: The information in this thread is provided for users whose PCs have been checked and disinfected by PCHF security analysts. If you believe your computer is infected with malware, please follow the Prework instead.



First of all, congratulations! Your computer is now clean and secure. I'm sure you must have experienced firsthand how frustrating and annoying malware infections are.

************************************************** **************************************************

Important! If you have installed and ran ComboFix under the guidance of a PCHF security analyst, it is important that you remove all instances of this program once you have been given the all-clear. If you have not already done so, please go to :
Start > Run then copy and paste the following highlighted text below and click OK.

ComboFix /u


************************************************** **************************************************


By following these tips, and installing these programs (And keeping them up to date) you greatly reduce the potential for a new Malware infection in the future, and keep your computer clean and running smooth. We highly recommend reading and following the information in this thread closely.

Most of the anti-malware programs that we recommend are all free. They are also reliable and trusted applications that have been used by millions of users and security professionals worldwide.

Please at least make sure to update Windows and Java. And make sure to have an antivirus program, a firewall, and some form of anti-spyware protection installed.

If you have any questions regarding any of the advice here, you can post it on the forums.


INDEX:

1: ANTI VIRUS / ONLINE VIRUS SCANS
2: ANTI-SPYWARE / ADWARE SCANS
3: FIREWALL / KEEPING THE DOOR CLOSED
4: UPDATING YOUR PC
5: GENERAL INFO
6: CLEANING / SPEED
7: ALTERNATE BROWSERS
7: GIVING BACK

================================================== ==================================================

================================================== ==================================================



Make sure to have an up to date anti virus program installed and running on your pc. We also recommend running some online scanners once in a while just to get a second opinion.



Free anti virus programs:

Avast - AVG Free - Antivir
BitDefender Free -

(Never have two antivirus programs running realtime protection next to each other, or that could cause conflict and performence problems.)



Online AV scans. If you need a second opinion regarding the state of your computer, you can consider running one of the online scanners below. Will not cause any conflict problems with your resident anti-virus program.


BitDefender - TrendMicro - Symantec - McAfee
Panda - F-Secure - eTrust

(Most of these scanners require the use of Internet Explorer to download the ActiveX controls.)


Online single file upload scans, just in case you just downloaded a file off the internet and want to check whether it is clean:

VirusTotal - Jotti - Fortinet - kaspersky

================================================== ==================================================

================================================== ==================================================



Unlike anti-virus programs, it is generally fine to run multiple anti-spyware programs together. Make sure to have at least one anti spyware program running realtime protection , and it is highly recommended to manually scan with multiple programs now and then as not one app can "do it all" so to say. However, do not download too many anti-spyware applications as it may just serve to decrease system performance.

Free detection, cleaning, and protection programs:

Spybot-S&D - Ad-Aware - - Windows Defender - SpywareGuard
SpyCatcher Express - Win Patrol - Bazooka -

You may also keep MalwareBytes Anti-Malware on your PC, which you should have downloaded while following Prework instructions.


To prevent spyware from being installed:
(Without having to run in the background)


IE-Spyad - SpywareBlaster.


There are criminals out there who are always out to earn a quick buck. Some of them have caught onto the "anti-spyware" wagon and created rogue anti-spyware programs that will usually install trojans on PCs. They may also force users to pay to remove non-existant viruses. Hence if you intend to install any unknown anti-spyware program that is not listed here, you may wish to ask in PCHF first, or simply check the Rogue App List before downloading/installing/buying any anti spyware program.


================================================== ==================================================

================================================== ==================================================



Make sure to use a Firewall. Just by using a Firewall in its default configuration can lower your risk greatly.

Check out what Lawrence Abrams has to say: Understanding and Using Firewalls

Also, you may find it useful to peruse our Firewall FAQ.


Free software firewall programs:

Zone Alarm personal - Comodo - Sunbelt Kerio Personal - Outpost
(Never use more then one (software) firewall)


Along with your software firewall, you may also choose to install a hardware firewall. Routers and NAT-enabled modems can serve as a hardware firewall.



Some other tips to "keep the door closed":

Blocking ads/Ad Servers by using the Windows Hosts File.

Make your Internet Explorer more secure - This can be done by following these simple instructions:

• From within Internet Explorer click on the Tools menu and then click on Options
• Click once on the Security tab.
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
• Change the Download unsigned ActiveX controls to Disable
• Change the Initialise and script ActiveX controls not marked as safe to Disable
• Change the Installation of desktop items to Prompt
• Change the Launching programs and files in an IFRAME to Prompt
• Change the Navigate sub-frames across different domains to Prompt
• When all these settings have been made, click on the OK button.
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
• Next press the Apply button and then the OK to exit the Internet Properties page.

More info here: Making I.E. more secure

And why not run Jason Levine's Browser Security Tests.
They will provide you with an insight on how vulnerable you might still be to a number of common exploits.

Jason Levine's Browser Security Tests.

================================================== ==================================================

================================================== ==================================================



Windows update

It is important that you have Auto-Update turned ON, or visit Windows Update on a regular basis. This will ensure you always have the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

(WARNING!, Only install XP SP2 if you are sure your pc is malware and virus free!, or that could cause major problems.)

Get your PC ready for Windows XP SP2 - 60 useful Windows XP SP2 Links - Known SP2 issues, and FAQ



Sun Java update

It is also important to keep your Java updated as there is the possibility that some malware use out-dated Java installs to infect PCs. Test if your version is the latest here.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) Version 6 Update 11 .
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (12.6 MB).
• Close any programs you may have running - especially any web browsers.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the installer to install the newest version.

Other programs:

And just like Windows and Java, keeping everything else up to date, like anti-virus, anti-spyware scanners, firewalls, browsers, etc. is also an important part of keeping your PC secure.

There are of course too many different programs to explain exactly how to update each, but most of the time the update function will be in an prominent place and hard to miss.
If you do run into problems, or have questions then just ask in the forums.

================================================== ==================================================

================================================== ==================================================



Know what you click on.
Avoid illegal sites, because that's where most malware is present.
Don't click on links inside popups, just close them by clicking on the X.
Don't open email attachments from people that you do not know.
Don't click on links in spam messages.
Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Use Custom Install.
If you feel comfortable with software installation, you can choose Custom Install. (as opposed to Typical Install) Custom Install allows you to select only the software components you wish to install, and leave out others. (such as potential spy and ad ware , often refered to as "sponsors")

Know What You're Installing.
Check the source. Do a search on Google for "program name" and search words like "spyware" "adware" "malware" ect. and see what comes up. Often the results will give a pretty good indication if there is something not right with the program.
To avoid malware, make sure your software comes from a reputable source. Be particularly suspicious of sponsored software (software that relies on advertising) or software that claims to speed up your Internet connection. Also be carefull with things like P2P programs, free smilies, free screensavers, cracks and keygens, anything "adult" related", and even anti spyware programs (see here.)

An excellent free tool to help you with the above is SiteAdvisor:

McAfee SiteAdvisor is a security add-on for your Internet Explorer browser (Also available for FireFox) that helps you identify sites that are linked to spyware, adware, spam, viruses, browser-based attacks, phishing, or online fraud. The SiteAdvisor service is based on a huge database with detailed test results for more than 100,000 pieces of software and covers more than 90% of the world`s Web traffic. The program integrates with search engine results from popular search engines (Google, Yahoo, MSN) and also adds an icon to the browser toolbar that indicates whether a site is safe to use, or should be used with caution. If SiteAdvisor has negative information for a site, you can review a very detailed report that shows any spam received from that site, harmful downloads, and association with other sites. An excellent browser add-on, that provides an in-depth site analysis that is based on actual test results, rather than assumptions.

Available here: McAfee SiteAdvisor

And/or SiteHound:

Introducing SiteHound, the safe way to browse the Internet.
With SiteHound, when you browse the Internet, you're shown a warning page every time you go to a site which is a known scam, potentially loads viruses or spyware on to your computer, has questionable content or anything you would not consider reasonable.
Of course we don't want to block you completely from visiting the site if you really want to visit it, instead you are shown a warning page with information about that site. From there you can choose to enter the site or go back.

Available here: Firetrust SiteHound

Some reading tips:

Article written by our resident LadyGreenWitch

80 Super Security Tips

Clean/infected P2P programs

Making I.E. more secure

Malware/spyware/virus/trojan etc. what are they?

Inside Spyware - 4 part article

Spyware and Adware: A Warrior's guide

Stopping Viruses, Worms And Trojan Horses

Inside Spyware: A Guide


Some video tips:

• Security basics for beginners (3:34 minutes)
• 3 things you can do to prevent spyware (2:56 minutes)
• What you should know about phishing scams (3:32 minutes)
• Defending against viruses and worms (3:44 minutes)
• Keeping your computer up to date (3:18 minutes)
• Dealing with spam e-mail (3:13 minutes)
• Protecting your privacy and personal information online (3:14 minutes)
• Using online newsgroups (3:26 minutes)
• Teaching your kids about online safety (3:54 minutes)

See them here.

================================================== ==================================================

================================================== ==================================================



Cleaning

Clean up unnecessary and tempory files with an program like one of these:

ATF Cleaner - BeClean - Ccleaner
(make sure to de-select the optional Yahoo toolbar when installing Ccleaner)

Defragmenting your harddisk

Go to Start/Run and type dfrg.msc. Select the first partition/HD and select analyze , if the disk is fragmented (Lots of red bars) then click defragment.
Repeat for multiple partitions/harddisks.

Registry Cleanup
Please exercise due caution when running any registry cleanup programs. Always make a backup.

Reg Supreme pro
Install and run RegSupremePro.
It will want to make a backup of your registry, let it do so. Once it has finished, click on the Registry Cleaner tab, select Aggressive. When it has completed, click on Select, choose All. Click on Fix, and let it fix everything that it has found.

System restore cleanup instructions
(If you have just gone trough the "Prework" and finished cleaning malware, then System restore should already be disabled. Now is the time to turn it back on)

If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files left in a restore point. (All restore points will be deleted that way)
You can find instructions on how to disable and re-enable system restore here:

Windows ME System Restore Guide - Windows XP System Restore Guide

Reading tip:

COMPUTER HEALTH, Getting greater stability from Windows

================================================== ==================================================