Guide to keeping pc's clean/sorting viruses/etc Updated September 2010 Since lot's of peeps have had problems with nasty things on their pc's, thought I'd put up a point of reference for you to turn to before/when you have a problem, and to save people repeating theirselves. This guide is intended for Windurz 7 users, although some of the programs/suggestions will work on Vista & XP. I highly recommend that you download the programs suggested in advance, as you may not be able to when things go wrong. The Basics Switch To Linux No, seriously... look into it. I personally don't like Apple products, but Mac's could also suit you better if you have the cash. Keep Windows Up To Date Ensure that Windows is up to date with all the latest updates. If you're not up to date, you're asking for trouble. You can check that Automatic Updates are turned on, see: here for XP here for Vista/7 You can check if you need any updates now here Use a Decent Firewall XP's built-in firewall is as much use as a condom that doubles up as a cauliflower strainer, you'll be better off turning it off (see here), and using a free third-party firewall instead. Vista and 7 users should still install a decent 3rd-party firewall. Comodo Firewall - is free of charge. The download includes Comodo Antivirus, I'd recommend unchecking the box for it when it asks to install. Avast (see below) is better. Note: Always turn XP firewall off if you are using a third-party firewall instead, or you will have some major connectivity problems. Don't Catch an Infection A thorough, up-to-date and always-on virus scanner is a necessity, luckily there are quite a few free anti-virus programs out there that do their job: avast! Free - The only free anti-virus software I'd recommend. It's the dog's dangly bollocks Norton AV (30-odd quid) - should be called "Not-on", don't bother purchasing it, and if you do have it already, get rid of it. Most new viruses/trojans etc can disable Norton's Auto-protect feature before it even detects it. On-line Scanners These are really useful - as no av program is 100% perfect, these give you a second opinion, and are web-based so that they can't be fucked with by a nasty thing on your pc. Most of these now have in-built spyware scanning too. But do not rely solely on these, make sure you have anti-virus software installed on your pc as well. TrendMicro Housecall ESET Scanner BitDefender Online Scanner Fucking Spyware Okies, spyware used to be really bad, but now there are less ways for it to exploit your system as long as you keep Windows up to date, use decent anti-virus software (avast!), use any browser other than Internet Explorer (e.g. Firefox), and don't download appz/warez/crackz/pornz over open p2p or from dubious websites. So, I'll now only recommend one anti-spyware app: Spybot S&D - run a scan every week/fortnight, make sure you open it as an administrator when using Vista/7. Windows Defender, now bundled with Windows, is also worth using to run a scan every now & again. Safe Browsing Don't use Internet Explorer for web browsing, it has too many security flaws that aren't patched within a reasonable amount of time. Almost every other web browser offers far greater browsing experiences anyway, so try out: Firefox Opera Chromium (also install Chromium Updater) - this is Google Chrome without Google's usage tracking. Safari Whichever browser you use, I'd recommend installing an ad-blocking plugin (e.g. Adblock Plus). More Preventative Measures Windows Security Flaws System Restore - whilst a very useful feature in theory, it causes more problems than it solves - if you clean an infection and later have to use System Restore, shazam!, the infection is back. System Restore is best turned off (see here ). Instead, you can always use Windows Repair (see below), and/or use a snapshot utility such as Comodo Time Machine (free), which offers a more useful & complete way to restore your system. Use a HOSTS File This one here. Make sure to read the special instructions indicated for Vista/7. (Cheers MoS!) Safe Sharing Almost everyone uses some form of p2p network, and there's two rules of thumb to follow to keep sharing safe: Rule 1) Scan your download folders constantly - both with anti-virus and anti-spyware programs, never open anything until it has been scanned Rule 2) Don't download programs (exe's/zips/etc) from e-mule, kazaa, limewire, etc - there's a very high probability that it's infected, some twats share virus-riddled programs for fun. You'll be a bit safer using private BitTorrent trackers for programs, infected torrents are usually pulled straight away (but see Rule 1 above) Also, if you don't want THE MAN (DAMN THE MAN!!!) to be checking up on what you're up to, use PeerGuardian - not 100% efficient, but better than nowt. (Remember, your IP will be all over tracker logs - use private trackers if you want to be safer. Or pay for Newsgroups - worth it ) E-mail Scan all attachments, and don't open any that make your suspicions aroused (oo-er). Don't use the copy of Outlook Express that came with Windows, if you only have that for email use Thunderbird instead. Use web-mail for extra safety. Messenger Programs If someone sends you a message saying something along the lines of "look at this" plus an attachment or hyperlink - don't open it! Message them back and ask if they definitely did send you it, better safe than sorry. Also, Miranda is a good choice if you use more than one messenger application, and it isn't as susceptible to flaws as the original clients. Update ALL Programs That Connect to the Net Always make sure all the programs you use are up-to-date, there may be patches available for flaws that are allowing some wee shite to fuck your system up as we speak. These are the most important: Your antivirus software Your web browser Your email client Your instant messenger software Flash - see here for notes on updating Java - see here Any special applications or widgets that you use to access web services such as Twitter, Facebook, etc. Always Back-up Always make sure that all your important files and documents are copied onto a backup cd/dvd somewhere, it's not that hard to back them up onto a multi-session disc using Nero or Imgburn (free). And if you don't bother, you sure as hell will regret it. Also see Comodo Time Machine. If You Don't Know What Something Does, Don't Touch It If anything weird happens on your pc and you have no idea what to do, don't go clicking buttons or deleting things or you could make things a whole lot worse. This is where Google is your friend. Copy & paste error messages or whatever & do a search. When The Shit Hits the Fan and the Poo Goes Flying Don't Panic! Don't go re-installing Windows! 95% of problems can be fixed without losing all your important data, and if you re-install you may never find out what the problem was in the first place, how to prevent it happening again, and you will have learned nothing. Scan Scan Scan!!! Scanning for viruses & malware is best done in Safe Mode, see here for instructions on how to boot into Safe Mode. Run your anti-virus scanner and make sure it is definitely up-to-date, check the date of the virus definitions as some nasty things can prevent av programs from updating automatically - download a manual update from the av's website if you have to. If you can get online - run as many of the on-line virus scanners listed above as you can. Shut down your net connection (important!!), and run your anti-spyware program. If the scanner finds anything but you can't remove it, Google is your friend. (use someone else's pc if you have to) The Aftermath Clear some of the crap from your system, use CCleaner. Delete any suspect folders that the infected files were found in (be careful though! Don't delete if you don't know!) If you found loads of spyware and you are using Internet Explorer - don't say that you weren't warned. If some of your system files are fucked up - restore a snapshot (if you are using something like Comodo Time Machine, see above). Or: For XP, do a Windows Repair (see here ), remember that you may have to re-install Service Packs and Patches after repairing. For Vista/7, Windows Startup Repair should run automatically the next time you boot the computer, if not see here. When it's Turned Into Rampant Diarrhoea That's Splattering the Walls in a Sickly Shade of Brown Still Can't Fix It? Nasty files keep coming back? The above procedures/programs not getting rid of them? Try the following: Kill the Processes - Die Die Die! If an infected file, for example named titfuck.exe, can't be deleted by yourself or a scanner, press ctrl+alt+del (Vista/7: select Task Manager here) and click the processes tab. Check there isn't a process running called titfuck.exe, if there is highlight it and click 'end process', then try deleting it. If the file still won't delete or the process won't die - use KillBox for XP - one of the handiest things ever . For Vista/7 try Process Assassin, if no joy try PsKill If you can't find the file to delete it, check that no files or folders are being hidden, see here. Still Coming Back After Reboot Go to Start-->Run, type msconfig, click on Startup tab. Google everything that you can see in that list, if something is very suspicious, uncheck it, find out what it is, and remove the file(s). Nope, Still Fucked, and I'm Covered From Head to Toe in Turds Ask For Help Only after you have tried everything listed above, ask for help from someone. If you post in the Tecky Geeks Forum with a problem that can be sorted by doing the above things and you haven't done them, you'll be pointed to this thread. Also, search the Tecky Geeks Forum to see if that problem has already been posted. Once you have tried everything, put up a new thread and make sure you include the following things: What version of Windows that you're using The name and locations of all files that are reported to be infected Full details of error messages Whether you have installed any new software recently A HijackThis log (see below) Any other information that you think is relevant Remember - the more detail the better, whoever will try and help you can't see bugger all of what you can see, so be as descriptive as possible. HijackThis A very useful program, but do not delete anything it shows you unless you are 100% certain of what you are doing. Download it here, and follow the Quick Start guide at that link. Copy and paste the full contents of the logfile to your post for help. And Last of All If Anyone Helps You... Be polite and say thankyou - you'll get much more help that way and in the future too. I'll update this guide when I think of owt else, but I hope it helps you all out dodgy CEO of エピヌキス "Fuck it, fix it, then fuck it again"