Your Friendly Neighborhood Computer Guy

I would guess that roughly 10-15% of the conversations (phone calls especially) I have from week to week start with some version of "Ba, something is wrong with my computer... I think I have a virus". I'm not here to complain, those calls usually allow me to trade information/services rendered for beer or small amounts of cash that usually end up buying beer. But lately I've run into a couple of nasty viruses myself (through very little fault of my own) that cost me a half a day at work and made me reformat my hard drive at home. The worse of the two calls itself XP AntiVirus 2009, and it essentially hijacks all of the links in your web browser in an attempt to make you think you need to buy a $50 software package. The second virus I came across was Zlob.DNS.Changer. It inserts a little program that constantly changes the default DNS settings in your TCP/IP configuration. Or in layman's terms it blocks you from getting to the internet. Awful awful stuff.

So I am going to lay out the best combination of free virus/malware/spyware removal tools that I have come across in quite some so that you can install them and perhaps one day give your friendly neighborhood (family) computer guy a night off.

The Tools:

AVG Free
A full-featured anti-virus program, free for personal use. In my experience, the software (like all super protection anti-virus suites) are a little clunky and irritating in the way it slows down your computer's startup times. Once you install this you're probably going to want to disable most of the tools and just leave it in place as a weekly virus scanning tool.

Lavasoft Ad-Aware Free
A great secondary spyware/malware removal tool. This primarily identifies and eliminates dialers, Trojans, viruses, bots, rootkits, data miners, aggressive advertising, parasites, browser hijackers, and tracking components. This program doesn't generate a whole lot of false positives, so you're going to be able to quarantine/delete pretty much everything that comes up in your scans.

Spybot Search & Destroy
Spyware/Malware removal tool. This digs a little deeper than Lavsoft Ad-Aware because it gets into the elimination of problematic registry entries. The best feature about this program is that the spyware/malware definitions are updated almost weekly. This program doesn't generate a whole lot of false positives, so you're going to be able to quarantine/delete pretty much everything that comes up in your scans.

Hijack This
A free utility which quickly your computer to find settings that may have been changed by spyware, malware or other unwanted programs. This program does NOT discriminate between legitimate programs and intruders. It simply generates a list of the processes being run on your computer and allows you to enable, disable or delete them. You probably DON'T want to run this without at least consulting with your local "computer guy".

Winsock XP Fix

This tool can often cure the problem of lost connections after the removal of Adware components or improper uninstall of firewall applications or other tools that modify the XP network and Winsock settings.

So here is a quick order of operations for how to use these tools, should you ever get an infection:

1. Turn Off System Restore: Go To My Computer -> Right Click -> Properties -> System Restore -> Turn Off System Restore.

2. Reboot Your Computer Into Safe Mode: Restart the computer, Hold F8 and then choose Safe Mode.

3. Run Ad-Aware. Approximately 30 minutes. Quarantine/delete findings. No restart required.

4. Run Spybot Search & Destroy. Approximately 40 minutes. Write the names of the scan results on a piece of paper, then Fix/delete findings.

5. Go to Start -> Run -> then type msconfig. Click 'Startup' tab and select "disable all". Reboot into Safe Mode. Approximately 2 minutes.

6. Call your "computer guy". Run Hijack This while he's on the phone. Read results and ask for advice. He should be able to tell you what to look for based on the results of the Spybot findings you wrote down. Approximately 5 mins.

7. Run Winsock XP Fix. Approximately 3 minutes.

8. Restart your computer. As you enter your normal windows startup Spybot S&D should begin another scan. Let it complete, fix/delete the findings (30-40 minutes) and then see if your computer behaves normally.

Since the nastiest viruses block/alter your internet connection, I recommend downloading these programs and saving them to either an old thumb drive you have lying around, or your computer's desktop. The steps I listed obviously take a long time, but its going to take twice as long if you have to use a second computer or leave your house to download and transfer all the necessary tools.

I'm not even joking when I say that I might stop by Office Max, buy a handful of their old generic/clearance $5 thumb drives, load this software on them and give away as Christmas gifts.


Peter said...
This comment has been removed by the author.
Rach said...

Hey Ba,
I think you have to pay for the AGV one. For some reason I couldn't find the free version.

baorao said...

try this

that should get you the free version.