don't reformat your HDD.
Those TROJANS HIJACK programs repopulate your system with little backdoor re-installer programs. There is NO gaurantee that reformatting with remove them.
First of all, I am assuming you are using Windows XP. Sign on as the administrator. When you are done doing all this stuff, password your computer, create user accounts for each of your kids, and set the preferences so they cannot do ANY downloads. It will eliminate most of your headaches. Never leave your (admin) user account signed on the computer.
There are several spyware/ trojan/hijack removal programs out there.
Spend nothing to ~$40 on one of these below programs and it will help you clean the mess on your computer. (You are going to need them anyway)
PEST PATROL is excellent. $29.95
http://store.ca.com/v2.0-img/operations ... atrol.html
So is SPYWARE BLASTER. (
freeware- update subcription is $10--- worth it)
http://www.javacoolsoftware.com/spywareblaster.html
SPYZOOKA kicks *** too. $29.95
http://www.spyzooka.com/
You will find that certain spyware removal tools remove certain spyware better than others. It is unfortunant, but nessassary to have more than 1 brand of spyware/hijack/trojan remover.
Adaware (
freeware)
http://www.lavasoftusa.com/software/adaware/ & Spybot (also f
reeware but they accept donations)
http://www.safer-networking.org/en/download/index.html are only part of the package you need to keep your computer clean and safe.
Removal is important but PREVENTION is more important.
REMOVAL COMES FIRST.
Even AOL has become a browser hijacker by placing their web site free.aol.com in Internet Explorer's trusted sites security zone, thereby bypassing the most frequently used security settings. This occurs after installing their AOL software, AOL Instant Messenger, Netscape 6.x and ICQ2001b has reportedly done this. AOL then exploits this by downloading ActiveX components to your computer without your consent. The CWS trojan also does this. Other trojans use this backdoor to exploit your computer.
Trojans and hijacks take over your computer because you allow them to. Your kids probably have downloaded "free games" (they always have a price) , Grogster, Kazaa, Bonzo Buddy, Free CLOCKS that are always correct (and have tons of spyware attached). If it is FREE and FUN on the internet-- watch out for what comes with it.
Preventions: (after removal of bugs)
Download MOzilla Firefox internet browser
http://www.mozilla.org/products/firefox/ and STOP USING MICROSOFT INTERNET EXPLORER! That will eliminate most attacks.
If you have to use MSIE:
Switching browsers is the easy answer. For some people, that is not an option for various reasons. Internet Explorer can be made reasonably safe without locking down every useful function, but it requires some third-party software.
The most important thing is to update your browser and operating system. Go to WindowsUpdates and install the latest version of Internet Explorer, then go back and install any security patches that are available. Also install any service packs and patches for Windows itself. This one action will save you from the overwhelming majority of browser hijackers. If you have Windows XP, the most current version of Internet Explorer available to you is version 6 with XP Service Pack 2. I encourage you to install SP2 if you do not have it yet.
Although Microsoft makes plenty of noise about being concerned about security, clearly it is nothing but a marketing ploy. In typical, monopolistic disregard for people who have not bought their latest software, Microsoft refuses to provide the security updates available in the XP SP2 version of Internet Explorer to users of older versions of Windows. This is contemptible behavior. If you use a version of Windows other than XP, the most updated version of Internet Explorer you can install is version 6 with MSIE Service Pack 1.
After you've done that, replace Microsoft Java VM with Sun Java. You can download that from
http://www.java.com/. There are several hijackers that exploit flaws in Microsoft Java VM. Sun's Java is more secure and more up to date. Make certain, in Java's Control Panel options, that Sun Java JRE is set to work with Internet Explorer.
Open Internet Options from the Windows control panel and click the "Security" tab. Highlight the "Internet" icon and then click "Custom Level". Choose "Medium" from the drop-down box at the bottom, then click the "Reset" button. Click "ok", then click "Custom Level" again.
Set your options just as I have listed below:
.NET Framework-reliant components
Run components not signed with Authenticode (Disable)
Run components signed with Authenticode (Prompt)
ActiveX controls and plug-ins
Download signed ActiveX controls (Prompt)
Download unsigned ActiveX controls (Disable)
Initialize and script ActiveX controls not marked as safe (Disable)
Run ActiveX controls and plug-ins (Enabled) (This actually refers to Java and Flash, not ActiveX)
Script ActiveX controls marked safe for scripting (Prompt)
Miscellaneous
Access data sources across domains (Disable)
Drag and drop or copy and paste files (Prompt)
Installation of desktop items (Prompt)
Launching programs and files in an IFRAME (Prompt)
Navigate sub-frames across different domains (Prompt)
Software channel permissions (High safety)
Userdata persistance (Disable)
Scripting
Allow paste operations via script (Prompt)
Scripting of Java applets (Prompt)
Then click "apply" and "ok".
Next, you need to run a registry script called IE-SPYADS
https://netfiles.uiuc.edu/ehowes/www/resource.htm . This script will place an enormous number of web sites known to be abusive into Internet Explorer's "Restricted Zone". Any site in that list will be unable to run javascripts, java applets, set or read cookies or use ActiveX scripting. You still will be able to visit those sites but they will be very limited in what they can do.
Be aware that MSIE has many security flaws that will allow a clever site designer to bypass security settings, even if their site is in the restricted zone. More must still be done.
Now you need to install SpywareBlaster. ActiveX programs need to use a CLSID (identifier number) before Windows will execute them. SpywareBlaster stops certain ActiveX CLSIDs from working by setting a "kill bit" in the Windows registry. This will stop ActiveX drive-by installations from programs that use those numbers, as well as preventing software already installed from running if they use that CLSID.
As a final safeguard, install a program called Browser Hijack Blaster. This program will watch for alterations to the home page, default page and search page as well as watching for Browser Helper Objects being installed. If it detects a change, it immediately will pop up a warning and ask if you wish to allow the change.
Be very careful about installing programs. By far the most common source of malware infection comes from third party bundles. Grokster, for instance, will install a dozen or more unwanted programs. I also refuse to install any form of online instant messaging (AOL, YAHOO, MSN) becuase there are too many hacks created for them.
Finally, you also should disable the preview pane if you use Outlook or Outlook Express. Simply by highlighting an email while the preview pane is active, even to delete it, you could activate any scripting in that email.
If you can't handle this stuff, any COMPUSA or reputable computer store can clean your HDD of spyware, it will cost about $100 plus anyprograms you buy (most places INSTALL software you purchase there for FREE).
If they recommend reformatting your HDD, ask for a supervisor.
