Do this first:
Disabling system restore in Win Xp
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239?Open&src=sec_doc_nam&docid=2001111912274039&nsf=tsgeninfo.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl
Do not re-enable until you are 100% clean.
Do a general clean up:
Dunmp TIF, Cookies, %TEMP%, recycle bin,
Scan disk disk clean-up
then these, do both:
Trojan Hunter trial version:
http://www.misec.net/
SWATIT:
http://swatit.org/download.html
Then scan:
http://housecall.trendmicro.com/
security.symantec.com/ (security.symantec.com)
www.ravantivirus.com/scan/ www.ravantivirus.com/scan)
http://www.bitdefender.com/scan/licence.php
http://www.pandasoftware.es/actives...ivescan-com.asp
they're all free, do as many as you can, I'd do them all.
Your Norton NIS isn't keeping the trash out, I use this:
http://smb.sygate.com/products/spf_standard.htm
Download, update and run (I use) these:
http://www.javacoolsoftware.com/mrublaster.html
http://www.javacoolsoftware.com/spywareblaster.html
My settings for Adaware and Spybot:
Spybot:
update and run every 3 days or LESS
Download and Read the SpyBot tutorial here:
http://www.safer-networking.org/
Download it, Unzip the program, and immediately check for updates, install the updates and then do the scan.
Let it fix everything marked in red. Reboot but not with restart, shut it down for two full minutes. You’ve got two measely minutes and it’s worth it, and let Spybot run if it indicates.
To add an item to your ‘Ignore List” click on the little ‘+’ sign next to the item and left click it to highlight it, then right click it and a menu appears, select the function you want.
When you are done reboot again same way. Two full minutes shut sown is best.
Also, go to the update page. Notice 3 icons across the top. Between "Search For Updates" and "Download Updates" there is an icon for the download mirror location. After you click on ‘search for updates,’ the one in the middle will change. If it doesn't say "Spybot.US by Rootboxen.net USA" click on the dropbox arrows and click on Rootboxen, and use only that one. If you got a "checksum error" trying to download --that's why.
Adaware:
update and run every three days or LESS
http://www.lavasoft.de/support/download/
check for updates at "webupdate".
I use these settings (green check)
From main window click "Start" then make sure " Activate in-depth scan" has a green check next to it.
Put a black dot nest to "Use custom scanning options” and click Customize" next to it, then green check these options:
"Scan within archives" ,"Scan active processes", "Scan registry",
"Deep scan registry" ,"Scan my IE Favorites for banned URL"
"Scan my host-files"
At the top of the “STATUS” page notice the Tweak (gear) icon. Click on it.
The first setting is “Scanning Engine.” Click on the little plus sign next to it, and in the drop-down green check "Unload recognized processes during scanning", and “include basic Ad-Aware settings in log file”. Next click on the ‘+’ next to "Cleaning Engine" and in the drop-down green check "Let windows remove files in use at next reboot" and Delete quarantine objects after restoring”
Click "proceed", that will save those settings.
Click "Scan"
When the scan finishes, mark everything for removal and delete it. Right-click the window and choose "select all" from the drop down menu, press ‘next’ and then ‘yes’ to the prompt: “remove all these entries”.
However, if you have certain programs running that will give a false indicator of a browser hijack attempt, such as Script Sentry, which places a monitoring function in the registry and looks like a browser hijacker but is not, then you may want to add that to the ignore list because you want to keep it there to do it’s job. To add an item to the ignore list, put the a cursor on the file it reveals and left click it to highlight it, then right click it and a menu appears. Click on ‘ignore list.’
Shut down, two minute shut down is best, and let Adaware run on reboot if it indicates.
Downloading Tip:
One other thing I do on downloading is, after you get the download (M$ does not structure its downloads so you can’t do this for some reason on an MS download), after download BEFORE YOU CLICK THE INSTALL ICON, #1. log off the net, #2. disable AV (right click tray icon), #3. then ctrl-alt-delete to close AV in close-program, THEN (and only then) #4. click on the install procedure. Otherwise your AV might read the install as an invader and mess with it. Then manually shut down for two full minutes.
Run Adaware, Spybot, and your AV from Safe Mode.
If they all come clean, re-enable system restore.
Defragment your disk, make sure all systems are updated, even if you do not use Outlook, update it if you have it installed-- its settings will affect IE.
Thresher
