TechSoup.org The place for nonprofits, charities, and libraries

Removing Malware from Windows

Removing Malware from Windows

  • We recently published an article on ways to remove spyware, viruses, and other maleware from windows:

    http://www.techsoup.org/howto/articlepage.cfm?ArticleId=539

    What has your experience been with keeping this stuff from infecting your computer?
  • Your white paper recommended two really good scanners:
    Spybot Search & Destroy & AdAware

    There are several other spyware scanners that are very good too.

    Pest Patrol - Free download is limited in how it is removed, but should identify.
    http://www.pestpatrol.com/

    Cookie Cop - PC Mag requires an Annual Subscription, which allows access to their other (Free Tools, yes go figure.)
    http://www.pcmag.com/article2/0,4149,2019,00.asp?kc=PCNKT0209KTX1K0100360

    Spyware Blaster - doesn't scan and clean for spyware - it prevents it from ever being installed.
    http://www.javacoolsoftware.com/spywareblaster.html

    Bazooka Adware and Spyware Scanner
    http://www.kephyr.com/spywarescanner/

    In addition there are a number of free online anti-virus scanners that will work in a pinch.

    Trend Micro's Housecall
    http://housecall.trendmicro.com/

    Panda ActiveScan
    http://www.pandasoftware.com/activescan/com/activescan_principal.htm

    -- Andy
  • There's one more tool in this arsenal that's indispensible, and it's literally one of the best pieces of utility software I've seen in my entire life. And I don't say that lightly.

    This great tool identifies each running process, tells you what it is and whether you want it, and easily allows you to turn it off (or back on).

    This is important. In addition to viruses, spyware, and malware, there is a lot of software that causes problems. It might be something that's poorly written and cause crashes, or something that isn't necessary and sucks up resources. It used to be a painstaking process to identify every task that's running, find out what it is and whether you need it, and turn it off. This tool makes it realistic to actually "tune up" a workstation, and doing so is a snap.

    I get all my clients to buy it and no, I don't get a commission. It's called the ultimate troubleshooter from www.answersthatwork.com and it's only $20. Download a demo copy, pay $20 for one workstation, and take it for a drive. You'll love it. And who knows, perhaps they'll offer discount pricing if someone at discountech asks them...
  • I've used most of the above products to remove malware and have generally had good results. However they all fall short when it comes to keeping the malware away.

    My clients can't afford the time (expense) of repeatedly scanning drives and downloading program updates. And they don't want to subscribe to a half-dozen different, marginally effective, on-line protection services.

    I try to configure my clients' networks so as to stop the malware from ever getting in.

    First, realize that Windows and the Internet browsers have been designed so as to allow scripts, applets, "helper objects" and other bits of programming to seamlessly make changes to your computer's operating system. The concept seems especially nifty when Acrobat Reader somehow gets attached into your browser for easier reading of .PDF files. However the same concept seems absolutely insane if you've just spent a few hours digging the latest browser hijacker out of your workstation, for the fourth time this week.

    Also realize that there are going to be some trade-off's. The steps you take to keep the bad guys from making changes to the computers will also prevent the users from easily making changes.

    With that in mind, here are the steps that have kept my clients' networks completely free of malware for the last six months without the need for any sort of anti-spyware software or the time it takes to use it.

    -All workstations have current anti-virus software, updated daily.

    -The group policies of the Windows servers, combined with the security patches in recent versions of Outlook, block ALL active e-mail attachment formats including .ZIP.

    -A firewall appliance with NAT and stateful packet inspection is used to keep out the brute-force "incoming" attacks. (Estimate between $400-$700, depending on features and number of users. IMHO, the cheaper devices that call themselves "firewalls" are just over-hyped routers. The more expensive software-based firewalls are excellent but often require excessive setup and maintenance labor.)

    -The same firewall is used to block a hundred or so of the most aggressive malware sites to block any "outgoing" requests to download the stuff.

    -The firewall also blocks Active-X, except for a few "trusted" sites. Contrary to those "may not display properly" warnings, most sites work just fine without Active-X capability.

    -Users log on to their WinNT/2000/XP workstations with standard, not administrator-level rights.

    -Although the users don't always appreciate it, we block all multi-media activity since on-line radio, music sharing, movie trailers and the like are well known for tieing up bandwidth and downloading all manner of support software, some with devastating consequences.

    -Finally, I briefly review all firewall reports and logs every week or so to see if there is any unusual network traffic that needs to be identified or blocked.

    Careful planning is needed to make sure everyone agrees on what the network will and won't allow. Acrobat reader for example, is loaded ahead of time so that users won't need to download and install it individually.

    Beyond that, the system is fairly bullet-proof. Desired upgrades are made quarterly to all workstations. Maintence time is nearly "zero".

    Note: While the above steps work well for small or medium size networks, some are rather clumsy or expensive if applied to just a couple non-networked computers; especially if the users need to make frequent software changes. I'm still working on a simple, cost-effective approach for that situation.
  • I am a large fan of SpyBot S&D, and Adaware but I also like AVG Antispy, and yahoo toolbar scanner.

    I know Yahoo is not real popular but it's fast and does a very quick scan if you think you have been to an infected site or just used an infected program.

    For me, the best way to keep spyware off my machines is to not let others install programs, preview email until fully opened, and trust every program that I install (everything gets tested on my laptop or home PC)

    Doesn't seem like much but it makes a huge difference in my labs.
    --Guroo-- No coffee, No WORKKEE
  • In our labs Deep Freeze is the way to go.   www.faronics.com . The software allows you setup the workstations with the configuration you intend. Once the computers are setup and then "frozen" with the software, the computer will always return to the original configuration on reboot no matter what the lab user has done to it. We provide a shortcut to a network share for users to save work. Our labs have zero issues beyond occasional hardware failures.

     

    For computers we cant freeze, we rely on Windows updates and Symantec Corporate Anti virus. Every once in a while Malwarebytes Anti-Malware bails us out of a bad malware infection.

  • A free option directly from Microsoft in lieu of Deep Freeze is a product called [ Windows Steady State ].

    Chris Shipley
    Nutmeg Consulting

  • I have tested and continued to use the free Microsoft Security Essentials on Windows XP, Windows Vista and Windows 7. Microsoft Security Essentials provides real-time protection against viruses, spyware, and other malicious software.

    It is a good product and only requires a PC running genuine Windows.

    Michael Marus

    Enterprise Application Solutions Architect, CGIAR                                        

     

    Website: http://ictkm.cgiar.org
    Profile: http://ictkm.cgiar.org/about/michael-marus/

  • Our IT consultant has us using Microsoft Security Essentials now, instead of Norton.

  • Two of the Norton Antivirus applications you mention and seem to offer in this article have been discontinued ... I'm very disapointed

  • Jen, this thread was originally posted in 2004.  A lot of time has passed since then and people have inexplicably revived the thread on several occasions.  Security software has certainly evolved since then, thus changing the many offerings.  Hope this is of some help to you. 

     

    Gary

    Gary Network/Systems Admin Berlin, NH
    Host Non-profit Tech Careers, Security Forums
    Co-Host Networks, Hardware, & Telecommunications Forum

  • Why no mention of MalwareBytes?  This is also a free tool that I have found extremely useful in eliminating malware from infected computers.  I'm wondering if there is something bad about this product that I don't know hence no mention of it here.  ~chris

  • Hi mudmaven - as Gary pointed out, this thread is about 6 years old.  Malware bytes wasn't around in 2004.  Its a good product.

    Chris Shipley
    Nutmeg Consulting

  • mudmaven, as this is an old thread, that would be why malwarebytes wasn't mentioned.  There are many other threads made after this one was made that mention other great utilities for getting rid of malware, viruses, and spyware. 

    Gary Network/Systems Admin Berlin, NH
    Host Non-profit Tech Careers, Security Forums
    Co-Host Networks, Hardware, & Telecommunications Forum

  • I agree. Malwarebytes has been useful and is free. I recommend it as a backup to your existing anti-viral software ( i. e. not running but installed and ready to run secondary scans) or as a free primary.