Make sure you get your system protected from ocurrences of malware problems. Below are some simple steps you can take to reduce the chance of infection in the future. I strongly encourage you to do them all. There is no perfect solution for totally preventing malware from getting on your PC, however, these steps will help. Please do not make the false assumption that this thread is old or out of date based on the date the thread was started ( 10-10-04 21:52 ). Look at the Last Edited date at the bottom of this message as this procedures does evolve with time. IMPORTANT NOTE: It is getting more and more difficult to find real true freeware these days that does not include bundleware, toolbars...etc and junk you just don't want. Make sure you pay attention during installation of anything you download and read license agreements. Be sure to uncheck check boxes for the bundleware and toolbars where you can so that you opt out because the defaults are always to opt in. 1. Visit Windows Update: Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS. For anyone who is not yet running at least Windows 7 (which you really should be running at a minimum if your PC supports it) see the below link before updating. Note: Windows XP is not longer supported by Microsoft and is hence a security risk. Windows 7 Upgrade Advisor You should check for Windows Updates at least once a month. Use the below procedure to get your updates or check to see if you need any: Use your Start menu to check for updates. Windows Update is included in Control Panel. To check for updates: Click the Start button, click All Programs, and then click Windows Update. Note: If you have problems getting your Windows Updates, see if the below thread helps: Help with Windows Update VERY IMPORTANT NOTE: Before you decide to skip getting your Windows Updates for whatever reason you think you have, make sure you read the below link and understand the possible risks to your security. Cleaning a Compromised System 2. Anti Virus: make sure you have one and keep it updated. Here are some good free ones if you don't have one already: AntiVir Personal Edition - for Win 2K/XP/ Vista 32bit and 64 bit TIP: Installing Avira without the AskToolbar junkware. See https://www.raymond.cc/blog/disable-avira-searchfree-ask-com-toolbar-popup-nag-alert/ Avast! Home Edition - Be careful of the bundleware and make sure you opt out. Comodo AntiVirus - for Windows XP (SP2) / Vista (32 and 64 bit versions) WARNINGS: Make sure that you choose custom installation and don't allow Comodo to install any other junk you don't want or need. Like Ask Toolbar, Geekbuddy......etc. This includes both the a firewall and an antivirus. Do not install the firewall part if you already have a firewall. Whatever you choose remember to Only Run ONE AV! You can also find some additional antivirus programs here: AntiVirus Downloads These are not the only choices. There are many other commerical tools. Who is the best is an ever changing debate as performance tests performed one month will be different the next month. 3) Firewalls A firewall is software or hardware that acts like a gate to help protect your computer against hackers and some computer viruses and worms that try to find unprotected computers that are connected to the Internet. This gate allows you to you to accept connections from sources you trust, and it keeps the gate closed for ones you don't trust. A firewall works by examining information coming from and going to the Internet. It identifies and blocks information that comes from a dangerous location or seems suspicious. If you set up your firewall properly, hackers searching for vulnerable computers cannot detect your computer (often referred to as a stealthed connection There are two kinds of firewalls: Hardware Firewall - normally built into a router if you use one. If you do have a router with a firewall, make sure you enable it. And also password protect your router, especially if it is a wireless router. Wireless routers can be less secure because they use radio frequencies to communicate with your PC. So if you use a wireless router, you can help enhance the security of your network by enabling the firewall and by requiring a password to connect to your network. Make sure you also enable encryption on your wireless network. Software Firewall - special software that you must install. Use a software firewall even if you do have a hardware firewall. But only use one software firewall. Running multiple software firewalls is unnecessary and using more than one software firewall on the same connection could cause issues with connectivity to the Internet or other unexpected behavior. If you don't have a Software Firewall, get one of these below. You can try the ones listed below. They are listed in an order of best to worst based upon leaktesting that has been perfomed by Matousec You will notice that the Windows XP SP2 is the worst performer on the list. I don't care if you're on dial up or High Speed....you must have a firewall or you can get infected faster than you can download any tools to fix your problems. If you use Vista, make sure you check for compatibility before choosing a firewall. The firewalls list with blue links are free, the ones in green are not free. Comodo Personal Firewall WARNINGS: Ask Toolbar may be installed by default but you can uncheck this during the install or uninstall it anytime afterwards if you decide you do not want this feature later. This includes both the a firewall and an antivirus. Do not install the antivirus part if you already have an antivirus. Private Firewall - highly rated like Comodo. See that Matousec link above for test results. Jetico Personal Firewall PC Tools Firewall Plus <-- make sure you uncheck the options to install Google Toolbar and Threatfire free edition. There's is no sense in installing excess baggage. NOTE: While this free firewall will still likely work and is better than the Windows firewall, it has recently (Aug 2010) been retired to be included in their pay internet security suite. ZoneAlarm Pro - this is not the free version ZoneAlarmFree - no longer supports Win9x or Me platforms. Also not very highly rated anymore. The new 7 version of Zone Alarm free includes Zone Alarm Security Suite, making the download larger then it used to be. Do not install the Security Suite. Also the free firewall now has some minor nag screens. Filseclab Personal Firewall Professional Edition Notes: For Win XP SP2 users, after installing any of these firewalls, you must make sure to disable the firewall that is part of WinXP SP2. It is enabled by default, and it does not provide adequate protection and is only an incoming (uni-directional) firewall. Similar to antivirus applications, you must use only one software firewall. The information in the following will help you disable the firewall: Windows Firewall Some of the above firewalls may automatically disable the Windows firewall for you, but it is best to check for your self. For additonal info about the problems with Windows XP SP2 firewall read these: How Secure is Windows Firewall Is Microsoft's Firewall Secure? Windows Firewall Flaw may hide open ports For Vista users, your built-in firewall is better than the one in XP but most still feel that it is not a adequate firewall and lacks certain capabilities. We often get questions about testing your firewall for security and open ports. You can use sites like the below to do this: http://www.hackerwatch.org/probe/ http://www.auditmypc.com/ http://www.grc.com/lt/leaktest.htm http://www.personalfirewall.comodo.com/onlinetest.html 4) Get a Temp File/Cookies Cleaner CCleaner 5) AntiSpyWare Tools Three types of tools exist: Realtime blocking (i.e. protection) tools that may also be a scanner and removal tool after the fact scanner non-realtime protection no scanner Realtime blocking tools - pay tools and free tools - ONLY USE ONE REALTIME BLOCKER Pay Tools SUPERAntiSpyware - if you purchase this, you get protection. It will only be a scanner (see below) if you don't buy it. Malwarebytes Anti-Malware - (recommended purchase) If you purchase this, you get protection. It will only be a scanner (see below) if you don't buy it. Free Tools AntiVir Personal Edition - includes antispyware, anti-rootkit and more ( see: http://www.free-av.com/en/pages/6/comparative_chart.html ). Do not install another AV if using this. Microsoft Security Essentials for Windows Vista\Windows 7/8 - includes antivirus and antispyware Comodo AntiVirus + Firewall - Provides antivirus and firewall protection. WARNINGS: Ask Toolbar will be installed by default but you can uncheck this during the install or uninstall it anytime afterwards if you decide you do not want this feature later. This includes both the a firewall and an antivirus. Do not install this if you already have an antivirus. IObit Malware Fighter - free and provides realtime protection too. Supports Win 2000 thru Win 7. Be sure to unselect any additional addons during installation. Microsoft Windows Defender - this version is only for Windows 2003, XP and is not highly recommended as protection and scanning is not adequate. Windows Defender for Vista For Vista, Windows Defender has been much improved ( but still not the best choice but better than none ) and may be a useful free alternative and it comes already installed. On many PCs it is enabled by default. On others it is disabled by default. This may be a matter of the country where the PC is purchased. After the fact scanning tools SUPERAntiSpyware - free version has no realtime protection but provides a useful scan/removal feature. See the below link for a comparison of the free and paid version which is recommended http://www.superantispyware.com/superantispywarefreevspro.html Malwarebytes Anti-Malware - free versions is only a scan/removal tool. Non-realtime protection no scanner SpyWare Blaster Install it, click Download Latest Protection Updates, Check for Updates, and then Enable All Protection, then exit. SpywareBlaster is not a malware scanner or removal tool and uses no system resources except a little disk space. It does a great job of preventing malware from being installed in the first place! It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them from malicious websites. What do we recommend for antispyware? One realtime blocking tool from the list. Malwarebytes would be top of the list. SpywareBlaster with all protection enabled. IMPORTANT NOTEs: Use only one realtime blocker - I do not recommend using multiple full blown blocker/scanner/removal tools (like IObit MalwareFighter, Malwarebytes, MS Windows Defender, SpySweeper, and SUPERAntiSpyware) at the same time as a long term solution. Doing that temporarily to clean a system is okay, but long term you may find that it slows your system down too much. It is okay to run one of these, along with the other items listed antivirus programs above because the others are not too resource hungry. Beware of Rogue Tools - There are loads of bad (also called rogue) anti-spyware programs available out there. You should familiarize yourself with the list maintained at the Spyware Warrior website. See: Rogue/Suspect Anti-Spyware Products & Web Sites 6) Install a backup browser just incase you run into problems with Internet Explorer Some malware can affect your browser's ability to connect to the internet. Since Internet Explorer is the built-in default browser for Windows, most people still have and use it. Thus it is the most likely candidate for being attacked by malware. At the current time ( Jan 2010 ), Internet Explorer is actually more secure than FireFox, Chrome, Opera and Safari. And IE8 does a better job at blocking malware too. In the past, people used to say use Firefox, it's safer, this was never really true, it just was not used as much as IE and therefore you saw fewer people taking time to hack it. And also, this is not the case anymore since Firefox's popularity grew. And it is infact along with Chrome, a reason why we frequently now have more people requests for help in malware removal forums. In addition, recent reports show Firefox to have a greater number of security holes than IE. The above being said, it is still a good idea to have a couple alternative browsers installed for the case where one gets broken ( either due to malware or for other reasons ) and internet access may be blocked with one browser and not the other. A few choices that you may want to look at are included below: Mozilla FireFox Google Chrome Opera Apple Safari for Windows You must also remember that no browser will protect you from yourself. If you access questionable sites, download illegal pirated or cracked software, keygens...etc or go to porn type websites then no browser will be secure enough. 7) Make sure you are running the current version of Sun Java See this: Updating Sun Java Make sure you check that you have the lastest version of Sun Java installed by clicking the link. If you have an older version, install the new version and then remove all old versions. It would also be a good idea empty the Sun Java cache periodically because many baddies will store themselves there. 8) Disable the AutoRuns Feature used to spread malware See this tool: Autorun Eater - Note that some protection software may falsely detect this program as an infection. For example, Malwarebytes will detect it as a Trojan.Injector.OM. You need to add the C:\Program Files\Autorun Eater\oldmcdonald.exe ( for x 64 >> C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe ) file to the Ignorelist.- 9) Use Passwords & Create Restricted User Accounts All user accounts should have password protection. Especially on Win NT, 2K, XP, and 2003 systems. Make sure you do not leave the Administrator password account password blank. This is the default. Also it is a good idea to completely disable the Guest account. When you choose your passwords, choose them wisely. Do not make them too short and do not choose anything that would be easy to guess. Make sure you use a strong password. This logic applies to everything you password protect. See the below link: Create Strong Passwords When creating user accounts on WinNT, 2K, XP, and 2003 systems, it would be a good idea to only have one account with administrator priviledges. Create all other user accounts as restricted users. Especially for your children. This will prevent them from installing anything that you do not approve and install for them. It will also save you a lot of time cleaning up the mess that will occur when they have unrestricted access to the PC. It the most secure option would be to never surf the internet on an account having administrator priviledges, but doing this will cause certain difficulties for some people. 10) Security starts with you! Becareful what you download and from where! There are loads of free programs and services out there that people just love to download from. These are programs like BitTorrent, uTorrent, Kazaa, Imesh, etc. They quite often come bundled with lots of malware that will cause you significant problems. Misconfiguring these programs can leave you open to sharing personal and sensitive information from your PC (even passwords and financial information). See the below on risks of identity theft: http://www.consumer.ftc.gov/articles/0016-p2p-file-sharing-risks You are downloading unknown/untested files which may be infected from unknown sources directly onto your PC and while these programs are running you are sharing your PC with the whole world since these programs will allow others access to your PC bypassing the firewall and other security programs. I strongly advise avoiding these programs and servers completely. Avoid installing services and applications which you do not use in your normal daily routines. It is not necessary for them to be loaded all the time. The above P2P programs are a great example of this. Many programs that autoload at startup can just be run on an as needed basis. Also it should go without saying but....avoid the porn sites! They are notorious spreaders of more than one kind of smut. In addition many porn (and some non-porn) sites that have various forms of videos that they are trying to get you to watch online or download and watch, are causing vast amounts of people to become infected. These infections typically occur because the trick you into downloading a codec required (supposedly) to view the videos. What you normally wind up with is an infection that is grouped into the SmitFraud aka Zlob family of infections! Thus, DO NOT DOWNLOAD CODECS from anywhere except from a reputable site like Major Geeks! Don't download cracks, serial numbers, cheats etc for commercial programs. Besides being illegal, you will often find you are getting more than you bargained for (i.e. malware!!!!). Also be very careful to read popups before clicking on them. You probably do not want what they are selling and sometimes the correct answer may be the opposite of what you think. They will choose wording meant to confuse you. Do not open e-mails coming from unknown or distrusted sources. Many viruses and trojans spread via e-mail messages. You can always check with the originator to see if they sent something to you. Especially be careful with attachments. Do not open the attachments of messages with a suspicious or unexpected subject. If you want to open them, first save them to your hard disk and scan them with an updated antivirus program. Delete any chain e-mails or unwanted messages. Do not forward them or reply to their senders. This kind of messages is considered spam, because it is undesired and unsolicited and it congests the Internet even more than it already is. If you respond to their email where it says something like to be removed from our list, all you are doing is confirming your email address is valid and you just got yourself added to a load more spamming lists. Never add any site to your Trusted Sites Zone unless it is absolutely necessary to run something you really need (like for work). Finally, when installing any software, read the license agreement carefully before accepting. You may be surprised what you will find. Like thousands of people who had to have LOP infections and other malware removed from their PCs who did not read the license agreement in Messenger Plus (which is not related to Microsoft). Also make sure that you do not accept to install any "optional software" like toolbars or similar that frequently are package with free software. This is a common practice these days. Even antivirus/antispyware programs have the "optional" programs packaged into the installers and you have to read the info that comes up and tell it not to install them because the defaults are always to install. 11) The True Story About Cookies! First let's get right to the point. Cookies are not problems that you need to be concerned with. Too many antispyware programs flag cookies and make them sound like they are high risk items. The truth is that they are not high risk problems and in most cases are actually very useful to you. This subject has long been debated on the internet and obviously there are many opinions about cookies. Cookies are not executable programs. They are simple text files stored on your PC to help websites (and you) track useful user settings and non-personal information, like which advertisement you last saw (which prevents you from seeing the same ad over and over again). Yes some cookies are often referred to tracking cookies, but tracking is more complicated then just having a cookie. Every website you visit would have to have knowledge of the particular cookie so that they could use it to add tracking info to it and to make use of it. You will see many antispyware programs indicating various cookies as tracking cookies and this can artifically make detection counts look very high. It is also a sore point when doing comparisons between antispyware programs. If one program detects cookies and another does not, it can make the one that does not detect them look like it is doing a bad job. Similarly it makes the one detecting them look like a great product since it picks up things the other missed. Thus most (not all) programs will detect cookies to avoid this hazard. Don't be fooled by cookie counting. If cookies are the only thing showing up, you are in good shape. They are not harmful and you can just ignore them or if so desired, you can easily clean them using your browser or other tools like CCleaner. 12) What to do if you do get infected! If you still get an infection or already have one, you should follow the procedure given here READ & RUN ME FIRST. Malware Removal Guide . If this does not fix your malware problems then follow the instructions in the READ & RUN ME and create a new thread in the Malware Forum requesting help. Be sure to attach all of the logs requested in the READ & RUN ME and clearly explain your remaining problems. 13) How often should you run scans? A very common question is how often should I run scans. A good rule of thumb would be to run full scans at least twice a month. If you do an excessive amount of surfing and downloading (especially P2P or torrent downloading) you may want to make it a weekly scan. If twice a month is too much for your schedule then at a minimum you really should complete full scans once a month. And make absolutely sure that you keep all of your protection software up to date. Some scanners update multiple times per day so you should always update before running a scan. 14) Miscellaneous Tips Keep System Restore Enabled: Do not permanently disable System Restore. Many people do this and lose the safety net that it provides. It just could be the thing that saves you from having to do a total reinstall. User Account Names: Since many people are sensitive about their real names being seen in logs (although we do not consider it an issue), it would be a good idea to not use your real names on user accounts you create on your PC. Also it is a good idea to not use spaces or special characters (like & or others) in your account names. And use separate accounts for each user. Do not use combined accounts. For example, Kathy & Jim should have separate user accounts named Kathy and Jim And My User Account should be MyUserAccount Use Restricted User Accounts to Surf: It is highly recommended that you only use a Restricted User account ( note in Windows XP these are called Limited User accounts and in Vista they are called Standard User accounts ) while surfing the internet. This can help to keep certain malware infections off your PC since they may require admin level priviledges to do their dirty work. Some people find using restricted accounts full time to be too much of an annoyance. You can safely surf using an Admin account if you practice safe surfing, but many people are their own worst enemies and should really consider using Restricted User accounts. In line with # 3 above, don't give administrator priviledges to all user accounts. Have one user account ( the most knowledgable and reasonsible person ) be the administrator to keep tabs on what is being installed and used on the PC. Avoid Making Online Purchases On Public Computers - A hacker or thief can easily put a keylogger on a public computer that allows them to know everything you've typed including your credit card numbers and passwords. Stay away from public access computers when doing online shopping! Don't Save Your Credit Card Numbers Online - Many reputable sites give you the option to save credit card numbers online to make future purchases easy. However, if the company's database is ever successfully hacked, your information could be exposed. It's safer to re-enter your numbers with each transaction. After all what is more important to you, you financial security or saving a little bit of time typing. If you have Bluetooth software loading and Bluetooth is not required for mobile devices, it should be turned off. If you require its use, make sure that the device's visibility is set to Hidden so that it cannot be scanned by other Bluetooth devices. If device pairing must be used, make sure that all devices are set to Unauthorized, requiring authorization for each connection request. Do not accept applications that are unsigned or sent from unknown sources.