The Thracean Rebels
31-05-2005, 15:58
Intro
A short Introduction:
Many people have various issues with their computer - it's running too slowly, games aren't working, pop-ups appearing out of nowhere, internet connection going to the dogs, general problems (eg annoying pop-ups appearing while playing, lots of text in-game is turning in to links to other websites, pages aren't loading, cookies aren't saving despite enabling them in IE or privacy programs like Norton/ZoneAlarm). But where many people go wrong is having too much trust in themselves and their PC - people think "Oh nothing bad will ever happen to me" and also largely think "A PC can take care of itself". It will happen, and your PC can't.
The following steps are things that may seriously help your PC out, and anyone who has never done these things before should do it - be aware that a lot of this is largely directed at Windows XP Professional & Windows 2000 Professional, but anyone with a Windows machine can use most of the advice in here (just some menu options etc. may be slightly different).
Do note that some of these steps involve you closing down all running programs, including your web browser, so either ensure you have a good memory, or print this out if possible (or try to do some fiddly browser loading/closing with this page bookmarked between each task). By "All running programs", this includes things such as: MSN, Internet Explorer, Mozilla, Opera, IRC, Winamp, Media Player, Outlook Express, AIM, Yahoo Pager, Skype, Kazaa etc. If you don't close these things down, then it will prevent the "spring clean" being fully effective, and you may as well just not bother.
Step 1 (cleaning old temporary files, cookies, history):
The first step in doing a "Spring Clean" is to remove all temporary files. To start with, go in to "My Computer", right click on your "C:" drive, choose "Properties", and from there, click on "Disk Cleanup". Now for some people this can take a long time, even up to half an hour - so be patient.
Eventually you'll have a list of tick-boxes, tick everything in here, click "OK", and again wait for it to finish. After this, come back to/load up an instance of Internet Explorer, click on "Tools" -> "Internet Options" and then the "Clear History" button at the bottom. Now click "Delete Files", tick on "Delete All Offline Content" and click "OK". Next click "Delete Cookies" and "OK" again (be aware this will mean you need to log in to any sites that previously had you "Remembered" - but is worth doing as many computers gain "corrupt cookies" which can cause all kinds of problems when browsing).
Note Windows XP users: Did the "Disk Cleanup" freeze up completely on "Compress Old Files"? Taken longer than half an hour and still not doing anything? You may need to reboot your PC, then afterwards, follow these instructions, before trying again:
(You may want to back your registry up before doing this)
Start -> Run -> "regedit" (without the quotes) and hit the Return key.
In registry Editor, locate through the "registry tree" to this location:
HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows -> CurrentVersion -> Explorer -> VolumeCaches
Right click on the "Compress old files" registry key, and delete it. Try the Disk Cleanup again now.
Step 2 (removing all your old games & programs):
Now you need to uninstall everything that you don't want any more, or don't need any more.
Be ruthless here - do you really play that game so often? Do you really need that application which simply saves you pressing 2 keys?
Go to your Start menu -> Run -> "control panel" (without quotes), and choose "Add Remove Programs".
Uninstall everything you no longer use, want or need - if there's anything that you aren't sure what it is, try searching for it's name on Google and find out. Next go through your entire "Programs" list in the Start Menu and check for any uninstalls here (because not everything shows up in Add/Remove Programs) and delete any "Empty Directories" from your start menu (some uninstalls leave directories in your start menu, or if you have uninstalled games incorrectly in the past - eg simply deleted them without uninstalling - there may be traces of the game/program here - delete everything that is no longer installed but still shows in the menu).
Step 3 (get rid of all that spyware and adware!):
This step requires you to download a few pieces of (free) software that will aid in automatically removing a lot of "spyware", "adware" and other general nasties from your computer (not the same as viruses). It is advised you download and install all these programs first, then put your computer in to safe mode before actually running them. Instructions for booting in to safe mode can be found in the link at the bottom of this step.
First, head on over to;
http://www.safer-networking.org/en/download/index.html
Download & install "Spybot Search & Destroy v1.3" (if you have any older versions, uninstall the older versions first). Close down all running programs. Now run Spybot Search & Destroy, "update" it (from the main window of SS&D, choose "Search For Updates" - get the updates one at a time, not all at once, to avoid problems)... now click the "File" menu, and choose "Search for Problems" and wait for it to scan your PC (be patient).
Once it has finished, click on "Fix Selected Problems" at the top and hit "Yes". Close the program once finished.
Now go on over to;
http://www.lavasoftusa.com/support/download/#free
download and install "Ad-Aware SE Personal v1.05" (2.48Mb) from the link near the bottom. Once installed, close down all running programs, start up Ad-Aware SE Personal and "update" it's definitions files by clicking the "Check for updates now" link or the "World" icon in the top-right corner.
Wait for this to finish and then click "Start". Select the "Perform full system scan" setting and hit the "Next" option.
It is generally advisable to fix every entry found in Ad-Aware SE but if you are in anyway concerned about any of the entries, don't hesitate to post a log of the scan in a new thread here. (click the "Show Logfile" button, "CTRL+A")
You can also run the automated CWShredder to get rid of yet more spyware:
http://www.computercops.biz/downloads-file-349.html
Running all of the above programs in safe mode will net you the best results - but you will have to download them in normal mode first. Instructions on booting in to safe mode for various Windows versions can be found on the Symantec site here:
http://service1.symantec.com/SUPPORT/...OpenDocument&src=sec_doc_nam
Step 4 (HiJackThis):
Step 4 is where things might start to get "complicated", but help is at hand. You need to rid yourself of the worst of the spyware/adware on your computer, and also while you're at it dispose of all "pointless tasks"
(for example programs like "QuickTime", "WinZip", "WinAmp Agent" are great on your PC - but you do not need them always running with an icon in your bottom right task bar - they'll run fine without these).
Now really, for Step 4, the "safest" and most reliable way for you to do this, is to seek outside help, so here's what I recommend... Head to:
http://www.spywareinfo.com/~merijn/downloads.html
Scroll down the page to find "HijackThis" select any mirror and "unzip" it somewhere sensible (Such as "C:\HiJackThis\") so that HJT can create backups.
Close all running programs and locate & run HiJackThis, click on "Scan Now", and then click on the "Save Log" button (formally "Scan Now"), save it somewhere (such as on the desktop), open the log, and then paste the entire log in to this forum.
and wait patiently - somebody who has experience in all processes/tasks/spyware etc./me/ somebody very good at researching such things online, will reply to your post (in time, it's not always a quick job) and instruct you further. It's not recommended you go any further until this step has been taken, but after you do take this step (after somebody replies to your post), it's recommended you perform every step beyond this in "one fell swoop" to aid in preventing "nasties coming back" (which they often do when you reboot if they haven't been removed fully & correctly).
Step 5 (Windows XP users - get rid of possible popups!):
Many people new to Windows XP and not protected/hidden behind a router will experience "pop-up adverts" that aren't in a browser window, but are actually in a "normal looking" alert box (but advertising things like "buy your diplomas" etc. Even if you don't, but you use Windows XP, you should still check that "Windows Messenger Service" is disabled - note that this is not the same as "MSN Messenger".
To check/disable, click on your Start Menu, Click on Run, and type in "services.msc" (without quotes). You should now have a large list of "services" within your PC. Scroll down to "Messenger", and double-click on it. Near the bottom, if the "Services Status" says "Started", then click "Stop" (row of 4 buttons along the bottom - "start stop pause resume"). Now under "Startup Type", select "Disabled". Click "Apply", then "OK", then close the services window.
Step 6 (get a decent virus scanner!):
Now, there's many different virus scanners out there. But... unless you currently run either "AVG" or "Norton AntiVirus 2004 Professional", then I say this to you: Uninstall your current virus scanner. Go on, remove it, kill it, say bye bye. "Bye bye old virus scanner!". That's it. And in with the new... totally free, and nicely powerful, with frequently updated "Auto Virus Library Update" abilities. Head on over to:
http://free.grisoft.com/freeweb.php
Click "Get AVG FREE", scroll right down, hit "Next", hit "Yes, I agree" and fill in your name & email address (nothing else is required). You will then be emailed a link to download the software, and after doing so, you will receive a follow-up email with your free "serial key". Everything about this is free - it's not a trial, or a demo, it's pure and simple free anti-virus software. Once downloaded, install it, go through the options so they suit you (make sure anything involving "Auto Update" is on), choose to "Update" it on the spot, and then let it run a complete "Scan" of your entire system. Make sure no other programs are running while this happens. Once finished, let it try to fix, and if not quarantine/remove all the infected files.
Step 7 (update your Windows!):
Possibly the simplest step of all, with the only complication being this before you start: Disable any proxy server you are using in Internet Explorer. Broadband users open Internet Explorer, head to "Tools" -> "Internet Options" -> "Connections" -> "Lan Settings" and un-tick "Use a proxy server". Hit "OK", then hit "OK" again, and close down your web-browser.
Re-open it again and head over to;
http://www.windowsupdate.com/
Click "Scan for Updates" - if a security warning pops up, hit "Yes" (one of rare, rare few sites that you should ever hit yes to a security warning while web browsing - anything else is probably evil spyware, adware or viruses). Get all Critical Updates found, and reboot your computer. Head back to http://www.windowsupdate.com and repeat the process (get all critical updates and reboot). Continue to do this until there are no longer any critical updates to obtain.
Step 8 (driver updates...):
Updating drivers is a huge topic, and one best suited to Google - however, some quick advice I can give is:
Drivers you should update relatively often, or when doing a "spring clean" are: Motherboard drivers (NVidia NForce, Via Hyperion drivers), Soundcard Drivers (usually Soundblaster), Graphics cards (usually NVidia or ATI). If you don't know what make/manufacturer/model any of your hardware is, then a great free utility for finding out just about everything you need to know about your computer is "Everest" by "Lavalys", available here:
http://www.lavalys.com/...ad.php?pid=1&lang=hu
Step 9 (secure yourself further with a software firewall...):
In the modern day, absolutely nobody should be without at least anti-virus protection and a software firewall. The importance of a software firewall is valid both for those "directly connected" to the internet, and also to those that are behind a router or other advanced network setups, as a software firewall can both protect against incoming "bad stuff" but also control your computers outgoing "bad stuff" (something a router won't do). First disable "Windows Firewall" if you have it enabled (often enabled by default on Windows XP Pro), and uninstall any other software firewalls you may have (many out there aren't capable of doing a secure enough job, or can be unstable and cumbersome, such as ZoneAlarm has become of late). Then you need to get yourself a free copy of Sygate Personal Firewall from here;
http://smb.sygate.com/products/spf_standard.htm
Install and reboot if directed. Now when any software tries to access the internet for the first time from your PC, Sygate will pop up a message asking you if you wish to "Give It Permission" - you can tick a box "Remember my Answer" (or similar), and either choose "Yes" or "No".
When do you choose Yes or No? Firstly read the message Sygate pops-up and try to identify the application - sometimes searching Google can reveal answers on what an application is - and make your decision on that... plus if you've just opened up a program that you know should be going online, eg you've just opened up MSN Messenger for the first time, then most likely you click yes. If you've just downloaded a piece of software that you're fairly sure should have no need to go online, run it for the first time and Sygate instantly pops up, then consider clicking no. If things don't work as they are supposed to, you can always later change these "permissions" by double-clicking the Sygate icon in your task-bar and clicking on "Applications", and modifying each programs "permissions" from here. Also note: "Notifications" such as apparent "incoming attacks" or similar - 99% of all of these will be totally "Safe" - ie not really a big mean hacker coming to attack you, and will only get you needlessly paranoid that everybody is out to get you. Therefore you should always disable any "alerts" in Sygate and just let it do it's job silently in the background, never disturbing you or making you paranoid as you browse the web. You can disable alerts by loading up the Sygate main screen, going to Tools->Options, and in the "General" tab, tick "Hide Notification Messages".
Step 10 (and finally...):
Finally, you want to de-fragment your hard-drive, after doing so much to it. Close down all running programs. Head to My Computer, right click on your "C:" drive and choose "Properties". Click on the "Tools" tab and then "Defragment Now". Click "Defragment" and let it run overnight...
Disclaimer:
Please make this a sticky, as it could disappear into nothingness.
A short Introduction:
Many people have various issues with their computer - it's running too slowly, games aren't working, pop-ups appearing out of nowhere, internet connection going to the dogs, general problems (eg annoying pop-ups appearing while playing, lots of text in-game is turning in to links to other websites, pages aren't loading, cookies aren't saving despite enabling them in IE or privacy programs like Norton/ZoneAlarm). But where many people go wrong is having too much trust in themselves and their PC - people think "Oh nothing bad will ever happen to me" and also largely think "A PC can take care of itself". It will happen, and your PC can't.
The following steps are things that may seriously help your PC out, and anyone who has never done these things before should do it - be aware that a lot of this is largely directed at Windows XP Professional & Windows 2000 Professional, but anyone with a Windows machine can use most of the advice in here (just some menu options etc. may be slightly different).
Do note that some of these steps involve you closing down all running programs, including your web browser, so either ensure you have a good memory, or print this out if possible (or try to do some fiddly browser loading/closing with this page bookmarked between each task). By "All running programs", this includes things such as: MSN, Internet Explorer, Mozilla, Opera, IRC, Winamp, Media Player, Outlook Express, AIM, Yahoo Pager, Skype, Kazaa etc. If you don't close these things down, then it will prevent the "spring clean" being fully effective, and you may as well just not bother.
Step 1 (cleaning old temporary files, cookies, history):
The first step in doing a "Spring Clean" is to remove all temporary files. To start with, go in to "My Computer", right click on your "C:" drive, choose "Properties", and from there, click on "Disk Cleanup". Now for some people this can take a long time, even up to half an hour - so be patient.
Eventually you'll have a list of tick-boxes, tick everything in here, click "OK", and again wait for it to finish. After this, come back to/load up an instance of Internet Explorer, click on "Tools" -> "Internet Options" and then the "Clear History" button at the bottom. Now click "Delete Files", tick on "Delete All Offline Content" and click "OK". Next click "Delete Cookies" and "OK" again (be aware this will mean you need to log in to any sites that previously had you "Remembered" - but is worth doing as many computers gain "corrupt cookies" which can cause all kinds of problems when browsing).
Note Windows XP users: Did the "Disk Cleanup" freeze up completely on "Compress Old Files"? Taken longer than half an hour and still not doing anything? You may need to reboot your PC, then afterwards, follow these instructions, before trying again:
(You may want to back your registry up before doing this)
Start -> Run -> "regedit" (without the quotes) and hit the Return key.
In registry Editor, locate through the "registry tree" to this location:
HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows -> CurrentVersion -> Explorer -> VolumeCaches
Right click on the "Compress old files" registry key, and delete it. Try the Disk Cleanup again now.
Step 2 (removing all your old games & programs):
Now you need to uninstall everything that you don't want any more, or don't need any more.
Be ruthless here - do you really play that game so often? Do you really need that application which simply saves you pressing 2 keys?
Go to your Start menu -> Run -> "control panel" (without quotes), and choose "Add Remove Programs".
Uninstall everything you no longer use, want or need - if there's anything that you aren't sure what it is, try searching for it's name on Google and find out. Next go through your entire "Programs" list in the Start Menu and check for any uninstalls here (because not everything shows up in Add/Remove Programs) and delete any "Empty Directories" from your start menu (some uninstalls leave directories in your start menu, or if you have uninstalled games incorrectly in the past - eg simply deleted them without uninstalling - there may be traces of the game/program here - delete everything that is no longer installed but still shows in the menu).
Step 3 (get rid of all that spyware and adware!):
This step requires you to download a few pieces of (free) software that will aid in automatically removing a lot of "spyware", "adware" and other general nasties from your computer (not the same as viruses). It is advised you download and install all these programs first, then put your computer in to safe mode before actually running them. Instructions for booting in to safe mode can be found in the link at the bottom of this step.
First, head on over to;
http://www.safer-networking.org/en/download/index.html
Download & install "Spybot Search & Destroy v1.3" (if you have any older versions, uninstall the older versions first). Close down all running programs. Now run Spybot Search & Destroy, "update" it (from the main window of SS&D, choose "Search For Updates" - get the updates one at a time, not all at once, to avoid problems)... now click the "File" menu, and choose "Search for Problems" and wait for it to scan your PC (be patient).
Once it has finished, click on "Fix Selected Problems" at the top and hit "Yes". Close the program once finished.
Now go on over to;
http://www.lavasoftusa.com/support/download/#free
download and install "Ad-Aware SE Personal v1.05" (2.48Mb) from the link near the bottom. Once installed, close down all running programs, start up Ad-Aware SE Personal and "update" it's definitions files by clicking the "Check for updates now" link or the "World" icon in the top-right corner.
Wait for this to finish and then click "Start". Select the "Perform full system scan" setting and hit the "Next" option.
It is generally advisable to fix every entry found in Ad-Aware SE but if you are in anyway concerned about any of the entries, don't hesitate to post a log of the scan in a new thread here. (click the "Show Logfile" button, "CTRL+A")
You can also run the automated CWShredder to get rid of yet more spyware:
http://www.computercops.biz/downloads-file-349.html
Running all of the above programs in safe mode will net you the best results - but you will have to download them in normal mode first. Instructions on booting in to safe mode for various Windows versions can be found on the Symantec site here:
http://service1.symantec.com/SUPPORT/...OpenDocument&src=sec_doc_nam
Step 4 (HiJackThis):
Step 4 is where things might start to get "complicated", but help is at hand. You need to rid yourself of the worst of the spyware/adware on your computer, and also while you're at it dispose of all "pointless tasks"
(for example programs like "QuickTime", "WinZip", "WinAmp Agent" are great on your PC - but you do not need them always running with an icon in your bottom right task bar - they'll run fine without these).
Now really, for Step 4, the "safest" and most reliable way for you to do this, is to seek outside help, so here's what I recommend... Head to:
http://www.spywareinfo.com/~merijn/downloads.html
Scroll down the page to find "HijackThis" select any mirror and "unzip" it somewhere sensible (Such as "C:\HiJackThis\") so that HJT can create backups.
Close all running programs and locate & run HiJackThis, click on "Scan Now", and then click on the "Save Log" button (formally "Scan Now"), save it somewhere (such as on the desktop), open the log, and then paste the entire log in to this forum.
and wait patiently - somebody who has experience in all processes/tasks/spyware etc./me/ somebody very good at researching such things online, will reply to your post (in time, it's not always a quick job) and instruct you further. It's not recommended you go any further until this step has been taken, but after you do take this step (after somebody replies to your post), it's recommended you perform every step beyond this in "one fell swoop" to aid in preventing "nasties coming back" (which they often do when you reboot if they haven't been removed fully & correctly).
Step 5 (Windows XP users - get rid of possible popups!):
Many people new to Windows XP and not protected/hidden behind a router will experience "pop-up adverts" that aren't in a browser window, but are actually in a "normal looking" alert box (but advertising things like "buy your diplomas" etc. Even if you don't, but you use Windows XP, you should still check that "Windows Messenger Service" is disabled - note that this is not the same as "MSN Messenger".
To check/disable, click on your Start Menu, Click on Run, and type in "services.msc" (without quotes). You should now have a large list of "services" within your PC. Scroll down to "Messenger", and double-click on it. Near the bottom, if the "Services Status" says "Started", then click "Stop" (row of 4 buttons along the bottom - "start stop pause resume"). Now under "Startup Type", select "Disabled". Click "Apply", then "OK", then close the services window.
Step 6 (get a decent virus scanner!):
Now, there's many different virus scanners out there. But... unless you currently run either "AVG" or "Norton AntiVirus 2004 Professional", then I say this to you: Uninstall your current virus scanner. Go on, remove it, kill it, say bye bye. "Bye bye old virus scanner!". That's it. And in with the new... totally free, and nicely powerful, with frequently updated "Auto Virus Library Update" abilities. Head on over to:
http://free.grisoft.com/freeweb.php
Click "Get AVG FREE", scroll right down, hit "Next", hit "Yes, I agree" and fill in your name & email address (nothing else is required). You will then be emailed a link to download the software, and after doing so, you will receive a follow-up email with your free "serial key". Everything about this is free - it's not a trial, or a demo, it's pure and simple free anti-virus software. Once downloaded, install it, go through the options so they suit you (make sure anything involving "Auto Update" is on), choose to "Update" it on the spot, and then let it run a complete "Scan" of your entire system. Make sure no other programs are running while this happens. Once finished, let it try to fix, and if not quarantine/remove all the infected files.
Step 7 (update your Windows!):
Possibly the simplest step of all, with the only complication being this before you start: Disable any proxy server you are using in Internet Explorer. Broadband users open Internet Explorer, head to "Tools" -> "Internet Options" -> "Connections" -> "Lan Settings" and un-tick "Use a proxy server". Hit "OK", then hit "OK" again, and close down your web-browser.
Re-open it again and head over to;
http://www.windowsupdate.com/
Click "Scan for Updates" - if a security warning pops up, hit "Yes" (one of rare, rare few sites that you should ever hit yes to a security warning while web browsing - anything else is probably evil spyware, adware or viruses). Get all Critical Updates found, and reboot your computer. Head back to http://www.windowsupdate.com and repeat the process (get all critical updates and reboot). Continue to do this until there are no longer any critical updates to obtain.
Step 8 (driver updates...):
Updating drivers is a huge topic, and one best suited to Google - however, some quick advice I can give is:
Drivers you should update relatively often, or when doing a "spring clean" are: Motherboard drivers (NVidia NForce, Via Hyperion drivers), Soundcard Drivers (usually Soundblaster), Graphics cards (usually NVidia or ATI). If you don't know what make/manufacturer/model any of your hardware is, then a great free utility for finding out just about everything you need to know about your computer is "Everest" by "Lavalys", available here:
http://www.lavalys.com/...ad.php?pid=1&lang=hu
Step 9 (secure yourself further with a software firewall...):
In the modern day, absolutely nobody should be without at least anti-virus protection and a software firewall. The importance of a software firewall is valid both for those "directly connected" to the internet, and also to those that are behind a router or other advanced network setups, as a software firewall can both protect against incoming "bad stuff" but also control your computers outgoing "bad stuff" (something a router won't do). First disable "Windows Firewall" if you have it enabled (often enabled by default on Windows XP Pro), and uninstall any other software firewalls you may have (many out there aren't capable of doing a secure enough job, or can be unstable and cumbersome, such as ZoneAlarm has become of late). Then you need to get yourself a free copy of Sygate Personal Firewall from here;
http://smb.sygate.com/products/spf_standard.htm
Install and reboot if directed. Now when any software tries to access the internet for the first time from your PC, Sygate will pop up a message asking you if you wish to "Give It Permission" - you can tick a box "Remember my Answer" (or similar), and either choose "Yes" or "No".
When do you choose Yes or No? Firstly read the message Sygate pops-up and try to identify the application - sometimes searching Google can reveal answers on what an application is - and make your decision on that... plus if you've just opened up a program that you know should be going online, eg you've just opened up MSN Messenger for the first time, then most likely you click yes. If you've just downloaded a piece of software that you're fairly sure should have no need to go online, run it for the first time and Sygate instantly pops up, then consider clicking no. If things don't work as they are supposed to, you can always later change these "permissions" by double-clicking the Sygate icon in your task-bar and clicking on "Applications", and modifying each programs "permissions" from here. Also note: "Notifications" such as apparent "incoming attacks" or similar - 99% of all of these will be totally "Safe" - ie not really a big mean hacker coming to attack you, and will only get you needlessly paranoid that everybody is out to get you. Therefore you should always disable any "alerts" in Sygate and just let it do it's job silently in the background, never disturbing you or making you paranoid as you browse the web. You can disable alerts by loading up the Sygate main screen, going to Tools->Options, and in the "General" tab, tick "Hide Notification Messages".
Step 10 (and finally...):
Finally, you want to de-fragment your hard-drive, after doing so much to it. Close down all running programs. Head to My Computer, right click on your "C:" drive and choose "Properties". Click on the "Tools" tab and then "Defragment Now". Click "Defragment" and let it run overnight...
Disclaimer:
Please make this a sticky, as it could disappear into nothingness.