General discussion

  • Creator
    Topic
  • #2175994

    Any Other Check Lists or additions?

    Locked

    by al k ·

    Checklists

    Here are a couple of checklists to battle spyware and get your computer performing better.. These are compilations of postings on Tech Republic, Tek-Tips and from personal experiance. (I compiled them and did not include the authors when I “cleaned up” the file.

    Must Have before you start – Blank Formatted floppy disc so you can backup the registry before you dig in and start rooting out garbage.

    If you?re not sure don?t do it. Get help from a trusted technical friend.

    You always backup your data don?t you!!!!

    Spyware Removal Checklist

    1. Boot into Safe Mode with Networking (some spyware can only be removed in Safe Mode).
    2. Open Add/Remove programs and remove any application that both you and the principal user do not recognize or deem to be spyware.
    3. Launch HijackThis and click the Scan button. (WARNING: Reference the HijackThis tutorial at http://www.spywareinfo.com/~merijn/htlogtutorial.html before removing anything.)
    4. Install Spybot Search & Destroy, update it, and run it on the infected system.
    5. Install Ad-Aware, update it, and run it on the infected system.
    6. Reboot and run both Ad-Aware and Spybot again until the system is clean.
    7. Launch Internet Explorer and browse the Web to verify Winsock was not broken while removing spyware. If you cannot browse the Web, run the WinSockFix utility and perform another Web test.

    Spyware Prevention Checklist

    Consider using Firefox for all web browsing unless functionality of business critical web applications require Internet Explorer. If you can use Firefox exclusively, then steps 2, 3, 5-9, & 11-15 still apply.

    1. Open Internet Explorer, click Internet Options, click the Security tab, and click Default Level on each Security Zone.
    2. Install all Windows Critical Updates.
    3. Install Spyware Blaster and click the link to Enable All Protection.
    4. Install a recognized popup blocker such as the Google Toolbar.
    5. Either manually disable the Messenger service or run GRC’s Shoot the Messenger applet.
    6. Either manually disable the Universal Plug & Play service or run GRC’s Unplug & Pray applet (Windows XP Only).
    7. Run GRC’s DCOMbobulator, click the DCOMbobulate Me! tab and then click the Disable DCOM button.
    8. Execute DSOStop2 and click the Protect Internet Explorer button.
    9. Execute HTAStop and click the Protect Internet Explorer button (Windows XP Only).
    10. Install IE-Spyad.
    11. Run GRC’s SocketLock utility.
    12. Test browse the Web.
    13. Rename the default Windows Hosts file located at %windir%\system32\drivers\etc and place the Gorilla Design Hosts file in the same directory.
    14. Test browse the Web. If it is significantly slower than the first test, revert to the original Windows hosts file.
    15. Educate the principal user on Internet best practices.

    XP Performance Checklist

    The Spyware Removal Checklists helped some folks, but some performance issues may persist even after your remove spyware.

    1. Remove unnecessary applications.
    2. Remove spyware.
    3. Check for and remove any viruses.
    4. Run Disk Cleanup.
    5. Delete pre-fetch items in C:\Windows\Prefetch
    6. Defrag the hard drive.
    7. Clear out System Restore points.
    8. Disconnect unused network connections.
    9. Remove unnecessary Autostart applications ? use this website to determine legitimacy of startup apps: http://www.sysinfo.org/startuplist.php.
    10. Run Regcleaner, Hdcleaner, and CCleaner.
    11. Tweak swap file usage for computers with 256+MB of RAM. Add the following entry to the System.ini file under [386enh]: ConservativeSwapfileUsage=1
    12. If the user rarely searches for files, turn off indexing (in hard-drive properties).
    13. Right-click My Computer | Properties | Advanced tab | Performance button | Properties.

    Uncheck the following:
    Fade or slide menus into view
    Fade or slide ToolTips into view
    Fade out menu items after clicking
    Show Shadows under menus
    Slide open combo boxes
    Slide taskbar buttons
    Use a background image for each folder type
    Use common tasks in folders

    14. Optimize swap file ? make it 2.5 times the size of RAM.
    15. Using the Group Policy Editor (gpedit.msc), set Windows to clear Page file on shutdown. To do this, launch gpedit.msc at the Run prompt. Expand the following: Local Computer Policy | Computer Configuration | Windows Settings | Security Settings | Local Policy | Security Options. In the Policy pane, double-click Shutdown: Clear virtual memory pagefile. Select Enabled and click OK.

    Ways of Stopping Computer Headaches

    Common Sense

    Always use AntiVirus software

    Update Windows and any definition files regularly

    Get education on how the system got messed up n the first place.

    If using ME install unplugandpray available on major geeks.

    Stop services, like:

    server
    messenger
    DDE
    Remote registry

    Firewalling
    Software firewall ZoneAlarm – Sygate or preferably, a broadband router/firewall OR
    Double-firewalling, i.e. protect the network from DoS and scanning with a hardware firewall, and protect each PC with software based firewall ( Sygate).
    Check http://www.secunia.com for open issues on the hardware
    TOOLS

    (that can be used)

    Recovery CDs You can try these

    Ultimate Boot CD http://www.ultimatebootcd.com/

    Windows Ultimate Boot CD http://www.ubcd4win.com/

    Bootable DOS CD

    Knoppix

    Bit Defender’s LinuxDefender_Live! CD – it is a bootable CD that can scan, remove and repair viruses on Windows systems and you also have a wide range of tools available on the CD. The CD is based on Knoppix so it works on just about any current system. The link is: http://www.bitdefender.com/bd/site/products.php?p_id=40

    XP Boot Floppy (sort of)

    Simply format a floppy on an XP system (this is a must for the floppy to work)then copy NTDETECT.COM, ntldr and boot.ini (if you have one)onto the floppy.

    List of free stuff (I gave up trying to track it. Now I use the list at this site)

    http://www.neowin.net/forum/index.php?showtopic=119821

    Offline NT Password & Registry Key editor:

    This one can change local account passwords, if you need to. Saved when nobody knows the Admin password. http://home.eunet.no/~pnordahl/ntpasswd/

All Comments