Recommended
Minimal Security Settings
Close all instances of Internet Explorer and
Outlook Express
Control Panel | Internet Options | Click on the "Security" tab
Highlight the "Internet" icon, click "Custom Level"
·
"Download signed ActiveX scripts" = Prompt
·
"Download unsigned ActiveX scripts = Disable
·
"Initialize and script ActiveX not marked as safe" =
Disable
·
"Installation of Desktop items" = Prompt
·
"Launching programs and files in a IFRAME" = Prompt
Click on the "Content" tab,
Click the "Publishers" button
·
Highlight and click "Remove" any unknowns, click
Ok
Click on the "Advanced" tab
·
Uncheck: "Install on demand (other)", click Apply\Ok
To test your setup after making the above changes
How To:
Prevent this from happening again?
The first thing you must remember is that
adware\spyware tools are basically for removal after the fact. The trick
is "layered protection" for maximum prevention!
1) Use a HOSTS file and keep it updated!
2) Make use of IE's Restricted Zone
3) Install a firewall (see - Security Issues)
4) Install an Antivirus program (see - Security Issues)
5) Add a Startup Monitor (freeware) to protect your system
6) Improving
the security of your computer (Microsoft)
How To: Safely
removing these Parasites from your system
Best solution
available free from Microsoft – Download and install Microsoft
anti-SpyWare tool at:
Experienced
Users SpyBot Search and Destroy [freeware] http://security.kolla.de/
Once installed make sure to update via online before scanning!
Fix the items labeled in red, items labeled in blue-green are optional.
Spybot S&D Support Forum: [Net-Intergration] How
To: [Tutorial]
Novice Users Ad-Aware
[freeware] http://www.lavasoftusa.com/
Once installed make sure to update via online before scanning!
Support Forum: http://www.lavasoftsupport.com/
Note: Lavasoft also has a HijackThis section at their Forum
To
double-check your system - (after
using one of the above)
|
|
Go to: http://www.spywareinfo.com/ |
Editors Note: Since HijackThis does not (yet) come with a install
routine, create a folder via Windows Explorer for HijackThis, then move the
file to this folder. This way any backups created are saved in a legit folder.
I've seen too many instances where the user runs HijackThis from a temp folder
and any backups are lost if that temp folder is cleaned out. You should also make
sure you are using the latest version each and every time you run
HijackThis, as there are new detections added all the time.
Unzip, double-click "HijackThis.exe"
and Press "Scan".
When the scan is finished, the "Scan" button will change into
a "Save Log" button.
Click: "Save Log" (generates: "hijackthis.log") HijackThis
Tutorial (recommended read)
Next, go to: http://www.spywareinfo.com/forums/
Sign in, go to the "Spyware and Hijackware Removal" section.
Press "New Topic", copy and paste hijackthis.log into your new
message.
|
|
Visiting the SpywareInfo Forum or one of the other
recommended Forums, to finish cleaning up your system is highly
recommended. As neither Ad-Aware or SpyBot can no longer completely
remove these pests. This is mainly due to new daily threats and the use of
random generated filenames used by these parasites! |
Dealing with
Rapid Blaster (parasite)
·
Special
Information about dealing with RapidBlaster
·
Download: RbKiller.exe
[more info]
Dealing with Coolwebsearch and affiliates
·
CWShredder (Kills Coolwebsearch and affiliates) read
this first!
Download: "cwshredder.zip"
Unzip and run the included "CWShredder.exe"
Then follow up with either Ad-Aware or SpyBot, then HijackThis!
·
More info on Coolwebsearch and the gang [PestPatrol
Article on CWS]
Editors Note: there are now nearly 10,000 Coolwebsearch
affiliates!
They do this as a "Pay-per-Click" scheme, basically getting a few
cents for each user that gets hijacked to Coolwebsearch or one of it's major
affiliates. Nice guys huh? Most of these affiliates are Adult related, so be
careful where you surf and practice Safe Hex!
One of the newer tricks Coolwebsearch uses is
to block the infected user from accessing most major anti-spyware programs and
sites. They are also suspected of the recent DDos attacks. Download: CWS.SmartKiller
from SpyBot S&D. [site2]
Additional
Prevention
Both the HOSTS file and the Restricted Zone entries
target most of the major parasites, hijackers and unwanted search engines. If
you are also having trouble with unwanted pop-ups - [start here] There are
however several severe security risks that still exist in Internet Explorer.
Until Microsoft releases a (hot fix) patch, users can protect themselves by
using Qwik-Fix and several other steps. [more info]
Various
Registry Fixes
·
RepairDefaultPrefix.reg
[right-click and select: Save As]
Repairs the corrupted or altered (spyware) HTTP prefixes
Note: HijackThis can also repair the DefaultPrefix entry [more
info]
·
RepairTabs.reg
[right-click and select: Save As]
1) Restores the missing Tabs in IE (usually spyware related)
2) Unlocks the grayed-out Home Page section
3) Removes the Administrator message in Internet Options
Note: HijackThis can also repair the "Missing Tabs"
restriction [more info]
·
UnlockNoBrowserOptions.reg
[right-click and select: Save As]
Removes the Administrator message in Internet Options
SpyBot also has this option in the Immunize section [more info]
·
EnableRegistryTools.reg
[right-click and select: Save As]
Unlocks the "Disable Regedit" entry, or use HijackThis [more
info]
·
UnlockHomePage.reg
[right-click and select: Save As]
Unlocks the grayed-out Home Page section on the General Tab
Tip: Prevent
your "HomePage" setting from being Hijacked
To use: download - right-click and select: Edit to view in Notepad.
Right-click and select: Merge - to enter the info into the Registry, and
reboot.
Note: always backup the Registry before making any changes. Also be
aware these reg files are intended for stand-alone or home users. Corporate
users are urged to check with their network supervisor before removing
restrictions.