Windows Security Checklist - Part 10: PC Pesticides

by Larry Stevenson, aka Prince_Serendip, CastleCops Staff Writer
January 30, 2005

No one application nor technique can protect you at 100%, but you can still get pretty close to that. When these guidelines are followed by Windows users, it can bring their chances of being infected by malwares almost to zero. Now we begin our next installment of the Windows Security Checklist - Part 10: PC Pesticides

It is not as complicated as it may first appear, although there is a lot of information to absorb. The Security Experts, 1st Responders, Special Response Team members and Host consultants at CastleCops can help you, if you have questions about any of these techniques or featured applications.

Today, we will be featuring several applications which will help you to remove and prevent pestwares from accumulating on your computer. What are "pestwares?" Beyond viruses, worms and trojans there exists a whole field of invasive programs used for spying, advertising, and hijacking. You can get these pests on your computer due to your own ignorance, lack of caution when surfing and downloading items from websites. We hope you will consider these applications as we do -- must-have utilities for increased peace of mind online.

At least once a week, more often depending on how much time you spend online, do full scans of your PC with your antivirus, anti-trojan and anti-spyware applications either before or after following the instructions in Part 9: Batting Clean Up. This will ensure that your system is clean and running smoothly. It is important to keep all of these applications updated for the same reasons.

Spybot Search & Destroy

Authored by Patrick M. Kolla, Spybot Search & Destroy is completely freeware. Registration is not required to download and use this excellent application. It continues to earn international reknown for removing spywares, adwares and dialers on all Windows operating systems. Highly compatible and easily configurable for all Windows users, whether newbie or advanced.

If you see new toolbars in your Internet Explorer or browser that you did not put there, if you have browser crashes, or if your start page has changed without your knowing, you most likely have spyware. Even if you do not see anything, you may still be infected, because more spywares are emerging that silently track your surfing behaviour to create marketing profiles of you that will be sold to advertisement companies. Adware softwares associated with these spywares will then begin spamming you with ads, in your browser and your email.

Direct Download Link >>> Spybot Search & Destroy v.1.3 <<< from CastleCops Downloads.

Complete installation and startup instructions are provided in the Spybot Search & Destroy Tutorial. Further assistance can be found in the Help file included with the program and you can ask the CastleCops Staff and Spyware Hosts at our Spybot S&D Forum.

Lavasoft Ad-Aware SE

Lavasoft's Ad-Aware SE Personal Edition is similar in general purpose to the application above. We consider that these two anti-pestware applications complement each other, thus strengthening the users. Ad-Aware SE Personal Edition is free for non-commercial, non-educational institution, and non-governmental use. For all other uses, purchase is necessary. For details please refer to the Lavasoft: Protect Your Privacy Homepage.

Ad-Aware SE is a privacy tool, that scans your memory, registry, hard, removable and optical drives for known data-mining, aggressive advertising, and tracking components. It then lists the results and offers to remove or quarantine the detected components. The program detects a wide range of adware and spyware related issues including a new heuristic-like tool for attempting to predict and identify spyware behavior that is not stored in its database. The software was designed with encrypted files to prevent third-party applications from uninstalling it, and it actively works to prevent DLL injection, a means of hacking a PC that does not require information to be written to disk, only to the system memory. Ad-Aware SE blocks popup ads by removing their sources. It can be updated with the latest signatures via the built-in update utility. Add-on applications such as VX2 Cleaner can be obtained at their website. Ad-Aware SE is compatible with Microsoft Windows 98/Me/NT/2000/XP/2003.

For downloads go to Lavasoft: Protect Your Privacy. Click on Ad-Aware Personal in the left column. On the Ad-Aware page, click on Download Ad-Aware here in the top right column. To purchase, click the radio button at the bottom of this page.

Configuring Ad-Aware SE

These instructions are provided to all users at CastleCops using Ad-Aware to clean their computers.

If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.

After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.

Manually run "Ad-Aware SE Personal" and from the main screen. Click on "Check for Updates Now".

Look at the icons on the top right of the page and click on the 'world' and let Ad-Aware update the spyware reference list (Note: Always update Ad-Aware before you scan.)

Once the update is finished click on the 'Gear' icon (second from the left) to access the preferences/settings window.

1. In the 'General' window make sure the following are selected with a checkmark and are green:

· Automatically save log-file
· Automatically quarantine objects prior to removal
· Safe Mode (always request confirmation)

2. Click on the 'Scanning' button on the left and select :

· Scan Within Archives
· Scan Active Processes
· Scan Registry
· Deep Scan Registry
· Scan my IE favorites for banned URL's
· Scan my Hosts file
· Under 'Click here to select drives + folders, choose: All of your hard drives.

3. Click on the 'Advanced' button on the left and select:

· Include additional file information
· Include additional object details
· Include environment information

4. Click the 'Tweak' button and select:

Under the 'Scanning Engine' be sure a checkmark is beside:

· Unload recognized processes & modules during scanning
· Scan registry for all users instead of current user only
· Obtain command line of scanned processes

Under the 'Cleaning Engine' be sure a checkmark is beside:

· Automatically try to unregister objects prior to deletion
· Let Windows remove files in use at next reboot
· Always try to unload modules before deletion
· During removal, unload explorer and IE if necessary
· Delete quarantined objects after restoring

5. Click on 'Safety Settings' and select "Write-protect system files after repair (Hosts file, etc)"

6. Click on 'Proceed' to save the settings.

7. Click 'Start' and on the next screen choose 'Activate in-depth Scan' at the bottom of the page and then choose:

· Perform full system scan

8. Close all programs except Ad-Aware.

Click on "Next" in the bottom right corner to start the scan.

Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted.

After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.

You can find more help with Ad-Aware at our Lavasoft Ad-Aware Forum.

The following applications are specifically for users of Internet Explorer/Mozilla/Firefox browsers.

SpywareBlaster v.3.2

Stops spywares from installing in the first place. Each and every software has a unique identifier called a Class ID. SpywareBlaster disables the spyware CLSIDs in your computer's memory so they cannot be downloaded, installed nor run on your machine. SpywareBlaster does not run in the background, once this is done. A brilliant application written by Javacool. It is free - but please donate - ware.

You can download SpywareBlaster from this site: http://www.javacoolsoftware.com/sbdownload.html

SpywareGuard v.2.2

Also written by Javacool, SpywareGuard does for spyware what antivirus realtime monitors do for viruses. It protects from spyware in realtime. It is free - but please donate - ware. Your contributions help continue the availability of these softwares.

For more information and downloads go to: http://www.javacoolsoftware.com/spywareguard.html

You can find more help with these at our Spyware Tools Forum.


Best regards and always take care of your security.