Xxxxxxx Xxxxxx X
xXxxxx xxxxx xx x xxxxx-xxx xxxxxxx xxxx xxxxxxxx XXX Xxxxxxx,
XXX xxxxxxxx, xxx x xxx XXXX xxxx.HEAL & INOCULATE
30 MAXIMUMPC NOVEMBER 2007
AVG Anti-Spyware (free, http://free.grisoft.
com ), and Spy Sweeper ($30, http://www.webroot.
com ). Regardless of the tool you use, dou-
ble-check the URL for typos and be sure
you’re downloading directly from
the source (rogue sites often try to pass
off infected software as authentic spyware
scanners). Above all else, always update
your spyware defi nitions to detect the
latest threats.5: LOOK CLOSER WITH HIJACKTHIS!
Even after running several anti-spyware
scans, you might still have a lingering
infection. HijackThis! (free, http://tinyurl.
com/huyrw ) takes a fi ne-tooth comb to
your system, targeting methods commonly
used by hijackers. Because HijackThis!
doesn’t zone in on specifi c infections, most
of the reported entries will be legitimate,
and disabling them could do more harm
to your system than good. Highlight only
entries that you’ve previously tried remov-
ing but that keep showing back up. For
example, if you’ve uninstalled Bonzi Buddy
and removed any related entries from the
startup queue, you can safely highlight any
references to the program that HijackThis!
fi nds and then click the Fix Selected but-
ton. For all other selections, either leave
them alone or carefully use the online tuto-
rial ( http://tinyurl.com/2et7nb ) for detailed
steps on discerning between good and bad
entries. You can also submit your logs to
Help2Go Detective ( http://tinyurl.com/etujk )
and HijackThis Security ( http://www.hijackthis.
de/en ) for automated analysis.6: VACCINATE YOUR RIG
When you’re sick, you generally make it a
point to avoid others, lest you infect them
with your ailment. But when your com-puter contracts a virus, it looks to spread
the disease to as many other PCs as it
can, turning each one into a remote-con-
trolled zombie. The nefarious do-badder
can then wage a DoS (Denial of Service)
attack on a website, making thousands of
PCs repeatedly request pages, until the
site’s server can’t take the load and the
site goes down.
But that’s not all viruses are capable
of doing. They can record your key-
strokes, including passwords and bank
account information, and pass the infor-
mation along to people who are up to no
good. Other viruses wreak havoc on your
hard drive, erasing data, altering critical
system fi les, and even causing permanent
physical damage in the form of bad sec-
tors. Heck, viruses can even be used to
install more spyware and viruses.
To rid your system of viruses, you
need to perform a sweeping scan. If you
don’t have antivirus software installed,
we recommend you start with Panda
Security’s web-based AV app (free, http://www.
pandasecurity.com/usa ) and scan your PC
right from within Internet Explorer. It will
also detect spyware, rootkits, and dialers,
but will only disinfect viruses. Just click
the Total Scan button, install the ActiveX
control, and let Panda do the rest.7: PERFORM A ROOT(KIT) CANAL
You’ve rid your system of spyware and
nuked any lingering viruses, but your PC
isn’t quite yet eligible for a clean bill of
health. You need to check for rootkits, a
particularly nasty variant of malware that
burrows deep within the OS, where it’sdiffi cult to detect with conventional scan-
ners. Signs of infection can be subtle, or
even nonexistent, thanks to a rootkit’s
ability to integrate with your OS’s kernel.
Whether your system displays symptoms
or not, if you’ve recently discovered any
spyware or viruses, your next step is to
initiate a rootkit scan.
Because rootkits are tightly integrated
with critical system fi les, back up any impor-
tant data right away. Next, head over to F-
Secure and download Blacklight (free for now;
will be part of a $79 security suite, http://www.f-
secure.com/blacklight ). This handy executable
needs no installation, just double-click the
icon and watch as it probes your system. We
also recommend running AVG’s Anti-Rootkit
program (free, http://tinyurl.com/2mqb6n ) for a
second opinion.CHANGE YOUR BOOTS
Severe infections can render a normal
Windows install completely unusable, but
we have a couple of tricks up our sleeve
for infi ltrating a broken OS.1: BOOT INTO SAFE MODE
Sometimes you need to attack malware
before it has a chance to load, and by the
time Windows boots to the desktop, it’s
already too late. It might be that your sys-
tem no longer responds to your input or
does so with a sluggishness that makes
even accessing the Start menu a time-
consuming chore. Or it may be that the
infection’s interfering with your AV and
spyware scanners, shutting them downFirefox has many tricks up its sleeve, but
ActiveX support isn’t one of them. To run
a Panda scan, you need to use Internet
Explorer.Spyware loves to hide, but HijackThis!
makes an even better seeker, uncover-
ing the leftover residue that managed to
elude traditional scans.Rootkits are designed to conceal soft-
ware, including malicious code, but
Blacklight’s able to discover otherwise
undetected spyware.