Security FAQ - Windows - Anti-Spyware

Status
Not open for further replies.
D

draconius

2[H]4U
Joined
Apr 8, 2002
Messages
2,081
Category: Operating System Security :: Windows :: Anti-spyware
3/9/05
Rev 1.0 :: draconius
Spyware Section added

See the Security FAQ for all the details

Respect to all the people who helped make the Official [H] Anti-Spyware thread,and the Rampant Paranoia 101 thread where much of this information comes from.
This thread is all about those things we have come to know and love as spyware. Removal tools, information, and helpful software and tips on how to avoid it in the first place are seen below:
(remember...RTFM and google first, try it yourself, then ask questions please!)


  • Spyware Removal (Tools, Tips)
    • Spybot Search and Destroy 1.3 FinalWith the release of 1.3, there are two new features that will start to help you cut of Spyware before it starts...though some do slip through. TeaTimer is a new feature that will prompt the user to allow or disallow any registry changes. A bit on the annoying side, but worth the effort. ResidentIE is a feature that will block some tracking cookies. Double Click and Avenue A are some of the most prevelent on the net.

    • Adaware SE

      Adaware has been around for a while and has done a good job. This should be one that is always installed on a machine. Update it often for best results.

    • HiJackThis!
HiJackThis is a new software that shows you exactly what is running currently. This program will not scan all files and registries... It creates a log file that one can analyze later and can post online for others to review.

Information | Download

    • CWShredderthis is another small application written by merijn, however it does one thing that Spybot and Adaware do not: it will kill off CoolWebSearch…however, see the quote below for a bit of info!
Information | Download



  • merijn said:
    [font=&quot]There is a variant of the Coolwebsearch trojan spreading that closes several anti-spyware apps when you try to open them. [/font][font=&quot]If this is happening to you, download PepiMK's CoolWWWSearch.SmartKiller removal tool first and run it. After it does its job, CWShredder and HijackThis will run properly (as well Spybot S&D, Ad-aware and several anti-spyware forums).[/font]
    Click to expand...



  • Spyware Removal Guides
    • Review Schadenfroh's excellent Spyware Removal Guide
    • Read Junkware 101 @ overclockinghq
    • Look at how we do on the [H]: Spyware Removal Procedures
    • Read Ice Czar's Outline Below:
      • Ice Czar said:
        Frist run Adaware (freeware edition), Spybot (freeware)

        and CWShredder (freeware) CWTrojan removal tool a which is common hijack mechanism

        then run HijackThis (freeware)

        then post your log at Spywareinfo forums read the FAQ 1st ;)

        HijackThis reports classes of aps, processes and registry keys where hijackware gets entered

        legitimate aps and malware are both reported, so you need to know the difference

        after they help you get cleaned up

        make a note of which aps have vaild entries (make a copy of the legitimate log file)

        and run hijackthis after you install legitimate software so you can note new entries

        (replace the copy of the legitimate logfile)

        its then real easy to spot new invalid entries ;)
        Click to expand...
  • Spyware Avoidance!
    • Don't use Internet Explorer! Here are some alternative Browsers
    • Dont use Outlook / Outlook Express! Here are some alternative email clients:
    • If you must use IE, here are some good tips:



      • Shado2351 said:
        Internet Explorer - Strict Internet Options

        To make IE safer for browsing, you can adjust your internet options. The idea is to have security on high and cookies off for all sites that are not trusted. This can be annoying for sites that you don't have as trusted or set to allow cookies because you don't frequent those sites, but it's worth the trouble if you use IE.

        In Internet Explorer: (always click apply after making a change)

        tools>internet options>advanced tab

        uncheck "install on demand(internet explorer)"

        uncheck "install on demand(other)"

        select "do not search from the address bar" //limits the effects of some browser highjackers

        privacy tab:

        click the "advanced" button

        check "override automatic cookie handling"

        select "block" for both first and 3rd party cookies

        make sure "always allow session cookies" is unchecked.

        Then, no sites will be able to set cookies unless you click the "edit" button under the privacy tab, type the site/domain and click "allow".

        security tab:

        Set the internet and restricted zones to "high"

        Set the trusted and local zones to "default level" (click apply) and then change them to medium (make sure to click "apply" again).

        Click the "custom level" button for the trusted zone and disable "user data persistence".

        Click the "custom level" button for the trusted zone and disable "user data persistence".

        Now javascript, java and activeX will be disabled for all non-trusted sites.

        select the trusted zone and click the "sites" button.

        uncheck "require server verification"

        Add your trusted sites. e.g.. *.microsoft.com *.hardforum.com
        Click to expand...
      [*]If you are an experienced computer user, you can use the tea-timer software that comes with spybot S&D to literally control what programs can do period on the computer...from startup registry values to activeX installs..
      [*]If that's not your game, try these different apps


 
Actually, like I stated just now in the other thread, I am waiting for BobSutan (or RichardParry) to lock these....they are going to be just linked from the actual Security FAQ that already is stickied...but thanks for the good responses :D
 
Status
Not open for further replies.
Back
Top