Saturday, June 05, 2004

Keep your computer clean

You can number me among those who have lost an appalling amount of time eradicating spyware / malware from systems in my house. As a result, and because I am the kind of person who is often approached by others for computer advice, I'm going to offer what I've learned so far and save you the hours I spent learning it.

Also, rather than try to remember everything I've done when I'm at a friend's house swatting spies, I can put it here and follow the links from my own blog.

Your enemy's name is CoolWebSearch. There are others, but that's the best known. A Google search for that phrase will turn up some useful information and plenty of ranting from angry users. Fortunately, some effective eradication tools are available for free.

Step 1: CWShredder. This tool specifically targets CoolWebSearch, the most likely offender.

Step 2: Ad-Aware. Note that once this runs, if you just click the "continue" buttons, you won't have deleted anything, but "quarantined" it. This is intended as a feature, to prevent you from deleting legitimate program components (like virus scanners). It isn't intuitive that you have to right-click on the list of found bugs and choose "select all", then hit the "delete" button to actually delete them.

Step 3: SpyBot.

Step 4: Spy Sweeper.

All of the above offer paid subscription updates with ongoing activity monitors, like your virus scanner (you are using an anti-virus scanner, right?), but all have a version you can simply download and use. I've found no single tool that can catch everything, but these three, between them, caught everything I had.

Sometimes these tools will find each other. They'll tell you what to do if that happens.

Step 2 1/2: After each step, clean out your browser (delete all temporary files, cookies, and your history). This is where these insidious vermin hide pointers to themselves that allow them to re-infect your computer after you'd thought you'd deleted them. Reboot your computer. Yes, this means you'll do this four times.

Step 5: I strongly recommend you abandon Microsoft Internet Explorer and use Mozilla or Firefox as your default browser. Mozilla is the open-source version of the browser that used to be known as Netscape Navigator before AOL bought the company. Firefox is the beta-version next-generation Mozilla.

I don't wish to get involved in any religious arguments between Netscape/Mozilla users and MSIE users (and you Word vs WordPerfect zealots can keep it to yourselves, too). The reason I'm recommending this, though, is that Mozilla and Firefox have options (under Edit > Preferences > Privacy & Security in Mozilla, Tools > Options > Web Features in Firefox) to disable popup windows. This makes it more difficult for CWS and malware like it to hijack your browser, and in general makes for a more pleasant browsing experience.

Step 6: If you're still having problems, you (or your favorite computer guru) are going to have to open the Windows registry and kill 'em with your bare hands. That tutorial is beyond the scope of this entry. Danger, Will Robinson! :) One of the best summaries I've found is at The Collar Purple (no relation), but that particular blog isn't exactly Fun For The Entire Family (unless your family is a lot wilder than mine). And the individual entries don't have target URLs (you have to go to the May archive, linked above, and scroll to "Slaying the (CoolWebSearch) Dragon").

No comments: