Viruses, spyware, and worms. Oh, my!
We all know the dangers inherent in accessing the Internet, and we all take precautions.
Yet our PCs still occasionally get infected because we can’t know everything.
Here I’ll show you how to rid your PC of nefarious, spyware-infected programs, explain why you sometimes receive strange e-mail from your own address, and teach you how to stay safe on unsecured public wireless networks.
Got PC questions of your own? Send your questions–about security or any other tech topic–to [email protected]
How Do I Get Rid of a Spyware-Carrying Program That Won’t Uninstall?
–Zehraa, Answer Line Forum
The uninstaller that comes with a malicious program isn’t likely to do much good. Still, you might try running it with Revo Uninstaller, a freebie that runs an application’s own uninstall function, and then scans the hard drive and Registry for leftovers (there are usually some). I’m not sure how effective it will be against a malicious program, but it’s certainly worth a try.
If that doesn’t work, try to manually delete the program file or folder. And if Windows won’t let you do that, try Cedrick Collomb’s free Unlocker. Once installed, Unlocker comes up automatically when Windows refuses to delete, move, or rename a file or folder, or you can launch it from the file or folder’s context menu. Also, once it’s up, it shows you what processes are hanging onto the culprit and lets you kill them. (My thanks to Mphenterprises of the Answer Line Forum for recommending Unlocker.)
You can also try Windows’ System Restore:
In Windows XP, select Start, All Programs, Accessories, System Tools, System Restore; choose Restore my computer to an earlier time; and then click Next. Pick the earliest Restore Point available, and follow the prompts.
In Vista, click Start, type rstrui, and press Enter; select Choose a different restore point, click Next, and check Show restore points older than 5 days. Click Next. Pick the earliest Restore Point available, and follow the prompts.
If that doesn’t work, try running System Restore in Safe Mode: Reboot your PC and press F8 just before Windows loads (you may need to try a few times to get the timing right). At the resulting menu, select Safe Mode with Command Prompt and pick your operating system. At the command prompt, type C:\windows\system32estorestrui (just rstrui in Vista), press Enter, and try running System Restore from there.
Another option: Since you have a name for the program you can’t remove, you might be able to find removal instructions via your favorite search engine. Add the word remove to your search string, and avoid any link from the company that makes the program or any site that seems to have a positive opinion of it.
Still can’t get rid of the vicious thug? Try HiJackThis, a free utility now from TrendMicro. HiJackThis creates a very technical report on your system’s suspicious Windows behavior. You probably won’t be able to make heads or tails of it, but there are plenty of Internet forums where friendly people can help you decipher HiJackThis reports and recommend a course of action. Go to Trend Micro’s Analyzing your HijackThis Log page for links to many of these forums.
If nothing else works, reformatting your hard drive is the last desperate measure to take. But back up your data first. In fact, if you already have a full backup of your data (as you should), make an extra backup, anyway. The more, the safer.
I can’t tell you exactly how to reformat your hard drive and reinstall Windows, because that depends on whether you have a good backup of the operating system made before the infection, what kind of recovery capabilities came with your PC, and if you have a genuine Windows XP or Vista disc.
If you have a good system backup made with an imaging program like Ghost and True Image, restoring that is much easier than reinstalling everything.
The next best option is an actual Windows disc. Pick the option that erases everything on the drive before installing Windows. It’s safer.
Otherwise you’ll have to use what recovery features came with your computer. In most cases, this will return the hard drive to its factory condition. Then you’ll have to remove the programs you don’t want.
However you do it, once Windows is working, you’ll need to install your security software and your applications, update everything, and then restore your data from the backup.
You’ll find the original discussion in our forums.
Why Am I Sending Myself Spam?
Ann B, Answer Line Forum
You’re almost certainly doing no such thing. I once received the same spam message from a friend and from myself. I sent out a notice to people who knew both of us, and sure enough, a third party had the infection.
Most spam is sent from infected PCs, but the malware tries to hide the identity of the infected computer. To that end, it spoofs (forges) the Sender address.
A little more detail: The malware searches the infected PC’s hard drive for e-mail addresses and sends spam out to them. But it also uses some of these addresses for spoofing purposes. So if you get spam from yourself, that means someone with your e-mail address has an infected computer.
What can you do about it? Not much. But if only a few people have your e-mail address, you might try letting them know about the problem. One of them has an infected PC.
And if someone complains that you’re sending them spam, send them a link to this article.
Read the original discussion on the PCWorld.com Forums.
How Safe Is an Unsecured Network?
Dini S, Brooklyn, New York
Short answer: Not very. You should never, for instance, send a credit card number over the Internet via a café’s or library’s Wi-Fi connection.
Long answer: If a network is open to anyone, it’s open to criminals. In fact, it’s possible that you’re not even connected to the café’s server, but to an evil twin–someone else’s computer that’s acting like a server to gain access to your PC. Luckily, there are precautions you can take.
Don’t go online without knowing it. Shut off your Wi-Fi if you don’t need the Internet. That will save batter power, as well.
Make sure you’re using the right network. When you log onto a wireless network, Windows will show you the Service Set Identifiers (SSIDs) of all the networks within range. Make sure you’re getting onto the right one (you may have to ask an employee).
Turn off file and printer sharing. In XP:
1. Select Start and right-click My Network Places.
2. In the resulting Network Connections window, right-click the network in question and select Properties.
3. In the resulting dialog box’s General tab, uncheck Client for Microsoft Networks and File and Printer Sharing for Microsoft Networks. Click OK.
Vista does this automatically if it recognizes the network’s unsecured status–which it always has in my experience. To check and possibly change this setting, do the following:
1. Select Start, Network.
2. Click Network and Sharing Center.
3. If it says “(Public network)” next to the network name, and you’re actually connected to a public network, simply close this window because you’re done. If it doesn’t:
4. Click the Customize button across from the network name.
5. Select Public, click Next, then Close.
Be careful what you do. Never make a purchase, use online banking, or enter anything sensitive from a public Internet connection. Avoid using passwords as much as possible.
Go to this list of information you should be wary of sharing online.
Of course that list is meant for a private Internet connection. On a public network, the word isn’t wary, it’s never.
Comment: [email protected]