Edit: Thanks to Dani for 'cleaning up' this topic a bit. Should any of our members have links to useful sites, or items of their own which they consider would make a useful addition to the contents here, please send them to one of the Security Forum moderators via PM for consideration and addition.

Note: The procedures and tools described here are for Windows Users. Linux and Mac users should direct their problems to the appropriate Operating System Forum sections.

Disclaimer: It is also a wise move for people to ensure their data files are regularly backed up before using any tools which effect system changes. Under some circumstances, your system could possibly be rendered inoperable or suffer data loss as a result of your efforts to clean it 9or as a result of infections or intrusions themselves). Regularly backing up your data helps alleviate the impact of such an event. The tools and techniques described here are commonly used, and should be fine if you read instructions carefully before using them. If you do suffer data loss, of course, you should not hold DaniWeb or TechTalk responsible. If your data is that important or sensitive, perhaps you should enlist the services of a Professional data protection and recovery service.


A growing trend in recent times has been for people to simply run a tool called 'HijackThis' when they experience system problems, and wait for 'experts' to tell them what to do next. This practice is not really helpful in the long run, however. It does nothing towards assisting you to learn to help yourself, or to prevent the same problems from cropping up again. It should be remembered that tools such as 'HijackThis', which report 'Logs' of processes and software running on your system for experts to analyse, should be used as a last resort.

Whether the problem is a 'Hacker' intrusion attempt, 'Diallers' that have been installed on your system, 'Home Page' hijacks, Virus intrusion, or simply slow-downs from a system bloated with 'Spyware', there are everyday solutions available which will help protect against malicious code which can end up on your system.


If you're on Dial-up Internet, a 'Firewall' such as 'ZoneAlarm' is highly advisable. If you are considering, or are already connected to, Broadband Internet then Firwewall protection is a 'must'. Consider the use of an All-in-one hardware solution, which provides modem, Firewall and Router all in the one unobtrusive piece of equipment. A USB ADSL odem is a long-way second best option, and 'All-in-one' components are now rather inexpensive.

AntiVirus protection is also a necessity. You should have a reputable program installed on your system, updated, and constantly performing background scanning. That scanning should include email protection. If your AntiVirus program hasn't been updated in the past couple of days, then you're running a risk. If it's a 'bundled' program that came free with your system two or three years ago then it's possibly worse than useless!

The third 'Tool' you should be using is 'Spyware Detection and Removal'. There are several alternatives available, including 'AdAware' and 'Spybot Search & Destroy', and you should always have a couple of these installed, with one of them performing background scans and the other regularly used to detect intrusions that have been 'missed' by the other. The most recent version of Spybot should be installed with its 'Immunise' function enabled, for your future protection.

Beyond the use of Software Tools, however, your best protection is always the adoption of safer browsing habits. Malicious software intrudes on your system because you allow it in! In most cases it gets there because you've asked it in! Have a read of this article written by a colleague and myself in response to a reader question at 'Australian PC User' magazine:

How can I avoid the nasties from the Adult sites?


A change to a different Web Browser, such as 'Mozilla' or 'Opera' can help minimise 'Malware' intrusions, but it's by no means a comprehensive protection. Your own habits, and the tools you use, are paramount in keeping your PC clean and functional.

Please, help yourself before you seek help from others. It's always the best way!

If/when you have to post your hijackthis log, please make sure that ALL programs in MsConfig have a check placed next to them before scanning with hijackthis. To do this, go to Start\Run & type in Msconfig & hit enter then go to the startup tab.
Unzip HJT into it's own permanent folder before doing anything in order that the backups it creates cannot be deleted by accident. (Not a temporary folder or directly on the desktop (in a folder on the desktop is fine) & not directly on your hard drive). Close all (browser) windows & rescan with hijackthis.

Example:
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

HijackThis
AdAware
SpyBot Search & Destroy
Setting up and using Spybot
Spywareblaster.
SpywareGuard
CWShredder.
Online virus scan. Set it to autoclean.
Spyware Warrior


For those who wish to use 'HijackThis', the following sites might prove very useful indeed:

HijackThis tutorial
Deciphering the log file

Thanks to crunchie for those!

Some further useful sites, courtesy of caperjack

How I got infected in the first place
FREE AntiVirus
FREE Firewall

For those who have had their Hosts file altered there is a program called *Hoster* that will restore your original Hosts file. You can also edit it yourself then make the file *read only* so that it cannot be changed.
Hoster. Press "Restore Original Hosts" and press "OK". Exit Program.

Recommended Answers

All 3 Replies

A good site for checking your startup program list is http://www.answersthatwork.com/Tasklist_pages/tasklist.htm If you have an hijackthis log you can check entries there against the one listed.
Arguably the most important way to protect your system (Windows) is to keep your critical updates up-to-date.
Please go here to install
them.

In addition to the tools already linked in this topic, here are a couple more which might just prove useful for those persistent infestations which the 'Standard' tools above just don't seem to be successful with:


Trojan Remover http://www.simplysup.com

( A stand-alone tool designed to rid a system of a number of ‘back-door trojans’ which prove difficult for AntiVirus or Anti-Spyware programs to remove once they’ve been ‘triggered’.)

Stinger http://vil.nai.com/vil/stinger

( A stand-alone tool provided by MacAffee which is designed to rid a system of quite a few specific Trojans and virus infestations.)


The use of a combination of tools is often necessary to successfully 'clean' an infested system. If the tools you are using don't seem to be having an effect, you canb also try booting into 'Safe Mode' (by pressing <F8> before you get to the Windows 'Logo' screen at startup) and try running the tools from there. Reboot afterwards and see if they've been successful.

Learning to protect against 'Net Nasties', and to get rid of them once they've infiltrated, is your optimal course of action.

Cheers.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.