Reformating: Spyware Protection

I am going to do my 6 month wipe and reformat my drives on two computers. Just want to start over and clean from the begining. I have been reading alot, especially on this site (all stickies) and SWI forums, about preventing Spyware, Adware, along with other nasties. I have used hijackthis and been helped by bjgarreck as well as others on this site and on SWI with my logs and would like to run a couple things by a Spyware Expert on this site regarding the prevention I plan to use once I reformat.

(chaslang / bjgarreck feel free to add anything regarding my list or advice on things I do not need, your advice would be appreciated. Most of this came from your sticky)

Here is my list:

Windowx XP wsp2 all updated
Mcafee Viruscan
Mcafee Firewall Plus
Mcafee Privacy Service - web bug blocker, add blocker, popup blocker (worthwhile or not)
IE options as per sticky at Majorgeeks (are these the only ones needing changing)
Adware SE wVX2 addin
Xcleaner from Xblock (found 3 spyware nothing else caught)
Spyblaster - all active components enabled
Microsoft Antispyware Beta1 -all active components enabled
CWshredder
Hijackthis
CCleaner
New Hosts File: http://www.mvps.org/winhelp2002/hosts.htm
(Excellent for IE, it redirects anything listed back to the originator, has anyone here used this)


My purpose, as with anyone on this site, is to keep my machines as popup, spyware and virus free as possible while not losing the functionality of the internet, causing conflicts between software or slowing down my computer. Any advice here is welcomed

Also, (for bjgarreck or chaslang) would it be possible to post my hijackthis log here once I have reformated to make sure that I am clean from the get go. I know that bjgarreck found a browser hijacker in my first log that dell told me was a false positive. It was on my machine out of the box, imagine that.

KM1

 

OOPs, almost forgot. Also run my internet through a Linksys Router with Hardware Firewall.

 

Anyone???

KM1

 

Never used Xcleaner so I cant say if its good or not. As far as everything else, you should be ok just dont get too much protection.

The tools should be kept in a folder somewhere just in case you ever need them but keep in mind, new versions release often so keep them up-to-date.

As long as you keep your OS, firewall and antivirus updated you should be ok.

If you like, go ahead and attach a HJT log and we will make sure everything looks ok.

 

bjgarrik,

Thanks for the response. Will get back to you guys in about a week or so. By the way have you tried or used that new host file from MVPS.org before?

KM1

 

Also, might you recomend leaving anything off this list, say like spyblaster?

KM1

 

Thanks Chaslang,

I will do as you suggest. However, I am not familiar with Spybot and because of this am uncomfortable downloading it and using it. Everything else in my list seems more straight forward and easy to use. I would be willing to download Spybot Search and Destroy if you could either direct me or tell me the best settings to use so as to not have any software conflicts when using or running it with what I will be using once I reformat. That is the only reason I have been reluctant to download it. Just seems complicated to me, could be wrong though.

Based on what I have listed, with the exclusion of the host file, do you still recomend using Spybot??? Your help is respected and valued by all I can assure you of that.

KM1

 

Ok Chanslang,

Have done as you have suggested. I do notice right off the bat that the version 1.4 seems to be more streamlined than the 1.3 version. Am I correct in this or is my inexperience with this program showing. (example: did not select tea timer and don't see it as an option in tools or settings anywhere)

Also, did as you suggested with the Ignore Products option but when in the all products tab, the window was empty. However, I did still right mouse click and selected deselect all anyway but don't know what this did. Did I do this right?

I ran one scan in advanced mode and very quickly it came back with no problems. Hope I have everything set right. I will play with this program for about a week before I reformat, which I was planning to do anyway. Once finished I will be updating Windows XP, Mcafee's Suite, and downloading all my spyware protection through your site or directly from the manufacturers website and placing in a folder on my desktop (except for hijackthis which I will run right from my C drive).

In recaping, once I figure out how spybot works a little more I will add this to my list, which now includes:

Windowx XP wsp2 all updated
Linksys Router w/hardware firewall
Mcafee Viruscan
Mcafee Firewall Plus
Mcafee Privacy Service - web bug blocker, add blocker, popup blocker (worthwhile or not)
IE options as per sticky at Majorgeeks (are these the only ones needing changing)
Adware SE wVX2 addin
Xcleaner from Xblock (found 3 spyware nothing else caught)
Spywareblaster - all active components enabled
Spybot Search & Destroy - Version 1.4 (Set up Per your suggestions)
Microsoft Antispyware Beta1 -all active components enabled
CWshredder
Hijackthis
CCleaner

This does seem to be alot of stuff and it begs the question whether they all work together well and whether it will slow either of my two computers down? I guess the only active components will come from Mcafee's 3 products, MSAS, and Spywareblaster. I don't think any of the others have active components, is that correct? Also, am I about as protected as I can be now without having to much?

KM1

PS - Will be posting two hijackthis logs once I get reformated and set up just to see how I did. Thanks again.

 

Xcleaner is just like the others. It is a free program that also has a payed full version if you want like spysweeper. It found 3 variants, including one form of cool web search, that adware did not find. However, I did not have MSAS or the other programs at that time so I have elected to keep and use it. It does not use anyother resources. Runs when you ask it, unless you buy the full version.

How do I check the Ignore products window. Mine was blank, how do I make sure this was done correctly??? Is this a concern???

Lastly, I also no that my machine came with Myway Search Assistant which bjgarrick explained to me was a hijacker. Panda's free online scan found it and when I called Dell they said it was a false positive, of course, this was not true. When I do my reformat on this machine it will be back since it came with some of the software I got from Dell. My question is can I or should I delete the myway search assistant before I even connect to the internet. Then update Windows, Mcafee, and get all my spyware downloaded. Then run hijackthis and follow the same procedures bjgarrick gave me from this post http://forums.majorgeeks.com/showthread.php?t=63632&page=1 POST #7. Or should I leave everything as is until I am finished updating everything then do my hijackthis log. Post it here for you guys to evaluate, then follow those procedures.

KM1

 

I am reformatting just as a general maintenance tool. I have some time this summer and dell provides there new computers with a mirror image, behind a partition, of what was sent to you from the factory. In 10 minutes I can have my computer back to out of the box condition.

I have tried so many different programs as well as deleted so many others I would like to just clean up my hard drive. This is one reason for my original post. I want to have tested and used the items you have suggested and then start from scratch.

The second reason for the reformat on my larger more important computer is because I have had this intermitent problem with IE either hanging up (hangapp) and/or the familiar microsoft box that says "Internet Explorer has encountered a problem and needs to close" with the buttons to send and not send a report to microsoft and/or an error that pops up every once in a while, after I have completely closed down IE, stating that "the memory can not be read". Nothing happens after or before this error I just click OK without any problems, can even go right back on line without trouble. In fact I can go back online with all three of these issues without trouble and they are very very intermitent. Maybe one or possibly two of them within a 2 week span or longer. I have worked with Dell, Microsoft, and others for 6 months on this issue with no help. So, coming back full circle, I am going to determine what spyware/addware/virus programs are best for me to use and start over updating and downloading what I need BEFORE I really start using the internet again. Trying to cover all bases, I am pretty sure these issues are from some type of 3rd party software conflict or spyware that came with the machine or got on there somehow. WEW, that was a long explanation but that is it.

By the way, It was very interesting to find that none of the protection I have mentioned in this post has found anything, with the exception of Xcleaner, on the machine I am talking about in the above paragraph. However, when I downloaded and ran Spybot Search & Destroy today, the way you recomended, it found 57 items, and they were all registry entries, that needed to be fixed. Interesting. More interesting, my daughters computer that I am also working with (and which has the identical OS, Virus, and spyware software on it) did not exhibit any of the three behaviors mentioned above and when I downloaded and installed Spybot on that machine it found absolutely nothing. So I am going to reformat both machines, with all the testing I have been doing, and start clean with the spyware stuff I have found to work well together.

Once I am back up and running I will post my hijackthis log here for both machines to see if machines are actually clean right out of the gate. Well, I would like to do this if that is OK to do.

KM1

PS - for some reason the list in Ignore Products area did not appear right away. When I went into it again today there were many more tabs and the list of items was there. So I completed your instructions with this today, thanks

 

Then that gets back to the original reason for my list. I want to cover as many bases as I can without causing software conflicts or slowing my machine down. You have pretty much answered this already, and the suggestion for spybot, as was shown by what it found already, was excellent.

As far as windows goes, my machine came with SP2 installed. The very first connection to the internet will be directly to Microsofts site to update Windows XP, then directly to Mcafee and updating all of there products, then directly to Lavasoft, Merijns, Xblock, Microsoft for MSAS and your site for the rest of the spyware protection. Once installed and updated I will run all scans in regular mode (and a panda spyware / virus online scan in safe mode) and see what happens. Should really be an interesting experiment to see what they find, if anything. Once completed I will enable hidden files, extensions, etc. then I will run a hijackthis log, remove the myway stuff (I really don't need it), rerun a hijackthis log and post. I cannot think of any better way to try and discover any problems before I start using the internet fully again. If I still have those intermitent IE problems, then it must be something on my machine (like Mcafee) causing them. Once I go through this I will update Office and the rest of my software.

Chaslang, your information and help has been very very valuable. If you have any further suggestions, please feel free to add them.

KM1

 

One last thing then. Based on your suggestion of enabling the firewall first, do you think it better to update Mcafee - Viruscan & Firewall first before doing the Windows XP updates or Windows first then Mcafee. The firewall and viruscan will come up enabled (with XP firewall already off) as part of the reformat and long before connection to the internet. However, neither will be uptodate.

KM1

 

How would I do that. Would I be able to download all the updates and upgrades to a usb key and if so how would I get them from the key into the program.

Hey, is it possible to download all the spyware programs (Adware SE / VX2 plugin / Spybot / hijackthis / CWshredder / Xcleaner / & MSAS) to a USB Key before I reformat then send them to my hardrive from the key after the reformat and install them at that point before I even connect to the internet.

Also, I have a hardfirewall in my linksys router which will help with the fact that the software firewall from Mcafee will not be updated yet. That should offer some protection, correct?

KM1

 

Ok, thanks chaslang. I will start with my smaller machine first, once finished I will run all scans and post a hijackthis log here with in a new post. This should be an interesting experiment. Talk to you soon.

KM1