Well... I have been tying out the following a lot lately... or pasting it in multiple threads... so I figured I would just post it in a central location.

It would be excellent to get a "STICKY" or "Topped" for this thread so people can read it before they post about bad things and also find this resource easily.

To my credit, I work on campus as a computer repair/cleaning/maintence guy. This involves all form of treatment. I have been fixing computers since 1991 to my credit as well. [u]All of the programs I post here</u> are legitimate and used daily to clean and restore student computers to a functional shape.

Heed this thread's advice:
This is a starting point. These are all tried and true programs. We never scan with less than this entire suite of programs. I think you would be wize to so do as well. After all scans are complete, install [u]all</u> of your windows updates. SP2 included. I also highly reccomend the use of firefox. "90%" of the people we install firefox for are not return customers. Those "10%" that are return customers are still using IE and refuse to use Firefox.

[u]On with the helpful information</u>:

[u]Download and install/run</u> (all of the following are completely legitimate and functional programs we use to clean up computers daily at my jorb):
AIMfix.exe (http://www.jayloden.com/aimfix.htm)
MSAS -Microsoft Anti-Spyware (formerly Giant anti-spyware) (http://www.microsoft.com/athome/security/spyware/software/default.mspx)
AVG anti-virus (http://www.grisoft.com/) (make sure you disable or remove NORTON before you install/run this, or you will have a crash when both Norton and AVG anti-virus try to scan the same file)
Stinger.exe (http://us.mcafee.com/virusInfo/default.asp?path=/virusInfo/virusRemoval/Stinger.asp)
Ad-Aware SE Personal (http://www.lavasoftusa.com/software/adaware/)
Spybot Search & Destroy (http://www.safer-networking.org/en/index.html)

[u]Visit the website and run the virusscanner</u>:
Housecall (http://housecall.trendmicro.com)

[u]Carefully use the MSCONFIG by going to</u>:
Start > Run.. >
(type in):
msconfig
<press enter>
Here you can disable specific servies you know to be bad... never disable something unless you research it first (google works well for researching.)

[u]If none of those work, vist this site</u>:
sysinternals (http://www.sysinternals.com)
and download some of their monitoring tools.
[u]I use the following to monitor programs running as well as startup files started</u>:
[u]processexplorer</u> -shows your current running aps; helpful in finding programs that are hidden and should not be running.
[u]filemon</u> -shows all of the files being accessed in real time; can help determine what spyware/virii may be trying to reinstall themselfes.
[u]regmon</u> -shows the current registy action in real time; can help determine if you have a spyware/virus/etc attempting to regenerate itself and tell you where from (if you know how to figure that out.)
[u]tcpview</u> -monitor network connection attempts; can help determine if you have a virus trying to spread itself.
[u]autoruns</u> -allows you to disable specific services from autorunning on startup; these may include malware/spyware/virii.

[u]Finally... after all the above, if you still have problems... use this highly dangerous tool</u> (if you misuse it, your computer will be dead):
HijackThis! (http://www.spywareinfo.com/~merijn/)
[u]This program should be used with extreme care</u>. Use google to search for questionable entries and processes. Do not delete/fix anything unless you know it is bad. Check with google, or zip your log and post it to this thread. I will not be checking back, but some one with know-how probably will.

You should be careful in using these tools, however, because some of them can cause your computer to no longer boot. I reccomend that you post a zip of the log(s) to your next post as well for us to look at. If you are unsure of any thin in the process explorer or hijackthis, then do a google search for the name of the process.
[u]Example of a google process search result result</u>: pronomgr.exe (http://www.liutilities.com/products/wintaskspro/processlibrary/pronomgr/)
(only trust info from sites such as wintaskspro related sites for process information, however.)

If you do not find the process on the internet, do not remove it until you get a second opinion. Several computer manufactures have their own special tools running which may not be found with a google search.

Peace.

Add Avast! Anti Virus (http://www.avast.com) software to the list. Best part about it that its free and works better than Norton!

why didn't you include going in safe mode and deleting programs that start up with windows that you don't know in run, runonce and runonceEx?

that's very important, it worked always for me in the past, no problems.
and you cannot do something wrong as long as you stay in run, runonce, and runonceEx

Thank you. http://forums.3drealms.com/ubbthreads/images/graemlins/smile.gif

Water12356 said:
Add Avast! Anti Virus (http://www.avast.com) software to the list. Best part about it that its free and works better than Norton!


Thanks. http://forums.3drealms.com/ubbthreads/images/graemlins/grin.gif
Gonna try it out.

But does it really work better than Norton?

No one program can do everything so use a variety of programs.

Spyware Blaster is good too. It runs in the background and stop most of this stuff from ever installing. http://www.javacoolsoftware.com/spywareblaster.html

To further improve results, disable system restore and run in safe mode before scanning.

I bought a program called Xosoft, I felt stupid for spending money when there's so many free alternative but I bought it in a panic when my computer was being taken over and I had had hardly any sleep. But just before I ran all my spyware programs and it was the only one to detect a trojan. http://forums.3drealms.com/ubbthreads/images/graemlins/smile.gif

Norton is a perfectly good Anti-Virus application and i don't understand why some people bash it, keep it up-to-date and it will keep you safe, i'v had over 2 years of experience with norton and guess what? i have never been infected by a virus, honestly.

Also i would recomend using a good firewall (other than Windows SP2 Firewall)

I'v heard good things about Kerio but i keep to Sygate Personal Firewall Pro myself, i'v heard bad things about Zone-alarm though.

Norton sucks, its just somethnig about it. But I dont feel like paying for it. I also recomend Spyware Guard, use with Spyware Blaster - http://www.javacoolsoftware.com/spywareguard.html

We run Norton Corporate on our main computer. From time to time I have to run housecall or install/runone/uninstall AVG to remove some virus that Norton didn't catch. Norton isn't terrible... but it's not worth it when the free alternatives are better.

I didn't mention safe mode because I am forgetful and some people manage to break their computers even more in safe mode.

To get to safe mode, press F8, not f5.

You can perform most of the tasks on the posted list from safe mode, but certain installers and updaters will not work; MSAS, WindowsUpdate, and a iTunes, for example.

I also forgot to mention, Empty your internet cache, set the size limit to 5MB and reset your web settings in Internet Options.

I don't get how you people manage to get viruses with norton, 2 years and i have never ever got a virus. Guess i'm just leet or something.

Jokke_r said:
I don't get how you people manage to get viruses with norton, 2 years and i have never ever got a virus. Guess i'm just leet or something.



Word.

It's been probably well over 10 or 12 years since a computer at my house got a virus and required some drastic repair. http://forums.3drealms.com/ubbthreads/images/graemlins/redface.gif

It's called: Campus admin company sucks balls.

It's also called: No network security past a firewall on the servers and gateway to the interweb.

Also called: Some student backups contain virus problems that spread to the backup computer despite the buffered firewall cisco router between them and the backup computer before transfer (sometimes with no back needed they spread.)


My personal computer has not had a virus in about 5 years? The last one I had was Win32.CIH (the chirnobyl virus) and I got it from a friend who claimed to be giving me a legit copy of a program from the company website... turns out he was mistaken and I lost a shitload of data. Other than that; never had a virus on my macs or clones.


I was considering putting a firewall router on the port in my room on campus... but I found out we aren't allowed to do this. I doubt my boss would care... he allready knows about some one else doing the same thing; for security reasons.