NetworkClue.com
NetworkClue Home PageHome Contact UsContact ConsultingConsult
Bulletin Board
Internet Services covers Secrets to hosting websites, Hosting your own web server, and using DNS Servers.Operating Systems leads you through the decision of Linux vs. Windows, ideal installations and setups to create an efficient and redundant environment for your business, and great features to make management easier.Routing & Firewalls contains articles that will allow you to take control of your router. Learn how to protect your company with access lists and advanced firewall techniques.Hardware answers the common questions about Switches vs. Hubs, recommends SysAdmin Tools, and recommendations for adequate power protection.Utilities will cover fighting spam, using Anti-Virus programs effectively and the must haves for every administrator's software toolbox.

Administrative Utils
Anti-Virus
Anti-Spam
Search
Amazon Search

Bulletin Board

Removing MalWare

By Michael Guyett

General Removal

There's a good chance you already have some malware on your system so it is a good idea to use a free scan tool periodically. The quickest and easiest way to remove spyware is with 2 free programs. Adaware and SpyBot's Search and Destroy work great and will catch almost everything. Adaware from Lavasoft has Plus and Professional versions that allow you more control and customizations, but they are retail products. Also, Spybot has a feature that will immunize your computer against around 500 known spyware programs. It also comes with a hosts file that will stop your computer from connecting to most known spyware websites. More on that below:

DNS Redirects

This is when you type in www.yahoo.com and you end up at something like www.coolsearch.com. What's happening is that whatever webpage attacked you, managed to change your hosts file. The hosts file is located in C:\%windir%\system32\drivers\etc. You can open this file in notepad and see if there are any entries for websites you visit. SpyBot has a hosts.sbs file that will automatically fix entries in your computer's hosts files and add entries that will redirect known spyware sites back to your computer. So whenever your computer tries to access those sites, it just sees itself.

Clue: DNS redirects are also a fun way to trick your friends into visiting your webpage! Here's and example of what a modified hosts file looks like:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft
# TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to
# host names. Each entry should be kept on an
# individual line. The IP address should be placed in
# the first column followed by the corresponding host
# name. The IP address and the host name should be
# separated by at least one space.
#
# Additionally, comments (such as these) may be
# inserted on individual lines or following the
# machine name denoted by a '#' symbol.
#
# For example:
#
#    102.54.94.97     rhino.acme.com  # source server
#     38.25.63.10     x.acme.com      # x client host

127.0.0.1       localhost
# Entries inserted by Spybot - Search & Destroy
127.0.0.1      images.real.com
127.0.0.1      real.com
127.0.0.1      ct5.hypercount.com
127.0.0.1      acme.bfast.com
127.0.0.1      ads.bfast.com
127.0.0.1      affiliates.bfast.com

Notice that all the sites have the same 127.0.0.1 address. The 127. address range is actually the computer's local loopback address, which will lead their web browser to nowhere.

Homepage Hijack

Most of these attacks should be fixed by Adaware and SpyBot, but there has recently been one active that they aren't able to update against as regularly as needed. This is Coolwebsearch. Unfortunately the author of this hijack program works constantly to update it and keep it from being recognized by spyware removal programs. Luckily there is a program to remove it: CWShredder, that is updated as soon as they find out about a new version. Also at this site is the 'HijackThis' program, that is useful for resolving other homepage hijacking issues.

References:

MalWare General Description

MalWare Prevention

Avoiding Pop-up Windows

AdAware - Spyware Removal Tool from Lavasoft

Search and Destroy - Spyware Removal Tool from SpyBot

Google Toolbar - Pop-Up Window Blocker

Article last reviewed: 02/17/2005

Created by: Digital Foundation, inc.

Copyright © 2002-2005 Digital Foundation, inc. www.networkclue.com

All content of the NetworkClue website is copyrighted. Articles, notes, outlines, and all other materials may not be stored on the Internet or sold or placed by themselves or with other material in any electronic or printed format in whole or part. However materials may be referenced by links to the site.

 

Related Articles:
Avoiding Pop-ups
Firewalls
Blocking Spam
Virus Protection

Software:

 



Top Articles:
Windows 2000/XP
    Commands
Unattended Installations
Subnet Masks
Cisco Access Lists
Network Wiring