Security Tango - Keep Your Computer Clean

Let's Dance! - The Windows Waltz

A step-by-step guide to dancing The Security Tango - for Windows

Step One: Kill the Lurkers

Before we can clean out your system completely, we have to make sure that any of those oh-so-innocent-looking files sitting on your hard drive (that may not show up on anybody's radar) are not secretly lurking in the background, breathlessly waiting for the chance to pounce out of the shadows and reinfect you.

There are several variations on each of these steps, depending on which version of Windows you're running, which version of Internet Explorer you're running, etc. I'll hit the highlights, but your mileage may vary. Pay attention to the prompts and menu choices and you should be okay.

Before you start, just a word about running your computer as the Administrator. When you start your computer, you have to log in (many Windows systems do this automatically for you - more on this later). This lets you have multiple users on the same computer (not simultaneously).

If you're not running as Adminstrator normally, then you should log out, and log in as the Administrator to dance the Security Tango. If you have no idea what I'm talking about, or if your computer just starts up without asking you to log in, then you probably do run as the Adminstrator. You shouldn't, on a day-to-day basis. Generally, it's best to not run as the Adminstrator. If you run as a regular user, viruses have a harder time infecting your computer. You should only run as the Administrator when you want to add or remove programs. But that's kind of beyond the scope of this page.

So... now that I've confused you thoroughly, let's go!

Delete your Temporary Internet Files

When a Web browser (e.g., Internet Explorer) goes to a Web site, it saves a copy of each page on your hard drive. This is designed to enhance your browsing experience - the next time you go to that page, your browser checks to see if anything's changed; if not, it uses the old copy on your hard drive. This makes browsing to a site much faster, and cuts down on Internet traffic considerably. This is a great idea, but it means that if you've gone to a Web site with malware, a copy of that malware may well reside in the cache (those temporary Internet files). So let's get rid of 'em.
In Internet Explorer, click the Tools menu, then click on "Internet Options...," then click the "Delete Files" button in the "Temporary Internet Files" section. If you're using a newer version of Internet Explorer, you'll see a new box with an option to check to delete all stored offline content. You should do that. Click OK. The cursor will turn into the hour glass for a while, then come back. That's really all the indication you have that you've done it.
In Firefox, click the Tools menu, then click on Options...," then click on Privacy. Click the Clear button next to Cookies.

Empty the Recycle Bin
Empty your Temp Files

In the same way that Internet Explorer saves temporary files on your hard drive, so does Windows itself. Often these are "scratchpad" files used by programs, and sloppy programmers have neglected to delete them. You should do so. Look for folders called TEMP or TMP (upper or lower case) on the C: drive at the root level (the base level of the drive) and empty them. Do the same with folders also named TEMP or TMP inside the Windows folders. Sorry I can't be more specific than that; many manufacturers tweak Windows a bit before they send it out, and one of those tweaks is sometimes to change where the temporary files are kept.
You may get an error message or two at this step. There may be a program running that has a file opened in the Temp files directory, and you won't be able to remove that one. Also, there may be some folders you can't remove. You see, when Windows installs some programs, it puts files it uses all the time in the temporary directory. Yep. In either case, don't worry about it. Just move on to the next file, or decide you're done.

Reboot

I don't know that this step is strictly necessary, but I bow to the wisdom of my friend Bill Bateman. At any rate, it can't hurt.

Turn off System Restore

System Restore is designed to return the system to a known good state, in case you mess things up a bit. The problem is that many viruses nowadays lurk in the System Restore files, and if you do a Restore, immediately reinfect you!
Note that dancing this step results in the loss of all previous Restore Points.
If you really want to, you can turn it back on again afterwards, but you'll just be turning it off again the next time you dance the Tango, so what's the point?
Windows Vista

You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed. If you do not know how to log in as Administrator, contact your system administrator (if you are on a network), the computer manufacturer, or installer.
Click on the "Start" button in the lower left corner
Right-click on Computer, and select Properties from the drop-down list
Select "System Protection" on the right under "Tasks," and click "Continue"
Uncheck all your drives - that will stop System Restore from working on those drives
Okay your way out

Windows XP

You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed. If you do not know how to log in as Administrator, contact your system administrator (if you are on a network), the computer manufacturer, or installer.
Right-click My Computer, and then click Properties from the drop-down list

(Depending on how your system was set up, you may have to click Start -> Programs -> Accessories -> Windows Explorer to get to My Computer)

Click the System Restore tab
Check the "Turn off System Restore" or "Turn off System Restore on all drives" check box
Click Apply. A warning message appears, reiterating what I said above. Click Yes.
Click OK

Reboot

Well! That was quite a first step, wasn't it? (Watch out for that first step - it's a doozy!) And that was just the prep work! Don't worry - the rest of the steps, while time consuming, are not nearly so complex.

Step Two: Download All Necessary Files

Shortly, we'll be rebooting into Safe Mode, which will cut off your Internet access. So first, we'll download all of the software we need to install. You'll find out more about the individual files below, but for now, let's just download them. Of course, if you are still on dial-up, you may prefer to get the Security Tango CD, courtesy of Dave Enright.

Download the free versions of SuperAntiSpyware, and Malwarebytes' Anti-Malware. Once you've seen how great they are, you'll want to buy the full versions, but for a first cleanup, you can use the free versions.
You'll want an antivirus program. If you already have one, great. Update it and scan your entire system right now. If you don't have one, download one of the ones on that menu there on the left (you'll almost definitely have to scroll up to see it). Many you have to pay for; AVG and avast! are free for personal use.
Next, you'll need a firewall. If you have Windows XP with Service Pack 2, you have one. If you'd rather, you can get a great firewall from the list on that infamous menu on the left. Most of The Security Tango is designed to weed out infections that are already on your computer. What's better is to block as many of them as possible before they even reach your computer! Firewalls help do that. They stop traffic from coming into your computer via most of the known malicious backdoors and rarely-open paths. If you have a small network at home, with a home router, it's possible that router includes a firewall, which will protect all of the computers in your network. If, however, you have only one computer, you should run a firewall on it. ZoneAlarm does have a free version, but, again, once you see how great it works, you'll want to get the full version.
And, just in case you've got the CoolWebSearch browser hijacker, you should download CWShredder. Also free, also very cool.
Last but not least, you should download Stinger. There are several versions on that page; you only need the first, general one. Stinger doesn't update very often; if the version you already have is the same as the one that you'd be downloading, you don't have to download it - just use the one you have.

Step Three: Reboot into Safe Mode

Now we want to reboot into Safe Mode, where very little stuff is running in the background, and you're off the Internet. (Again, some systems don't do Safe Mode for various reasons - if you can't get into Safe Mode, don't worry - just keep on keepin' on) Click Start, click "Turn Off Computer" and click Restart. As the system reboots, keep tapping the F8 key until you see a text menu. Select Safe Mode. When the system boots up, it may look VERY different from what you're used to. Don't panic! What's happened is this: Safe Mode loads an extremely minimal set of drivers. One of the drivers it does NOT load is your video driver - it sets the video card into the loweest common video mode: 640x480 and only 16 colors. Don't worry - when you reboot, it'll all be back to the way it was. Now, it's time to start running stuff!

Step Four: Clean Your Machine

First we run CWShredder.
This only handles the CoolWebSearch virus, but that one is an incredibly persistent and tenacious little bugger.
Now we run Stinger.
This program, from McAfee is updated only very irregularly, but when it is, it means that a brand new virus has been found that circumvents all the antivirus programs. You should run it every time, even though it's not really necessary every time. It takes very little time to run, and you'll be safer.
Now we move to your antivirus program. You must run a thorough scan on your system. Every antivirus program installs and runs a tad differently, so read the instructions that come with yours. The important thing to understand is that every antivirus program has two parts. There's the program itself (the "engine"), which searches your hard drive for infections, and there's the virus definitions, which the program uses to identify those viruses. Once we're done here, and reboot to regular Windows mode, you'll want to update your antivirus program again and run it again.
The engine rarely needs updating. But the definitions need to be updated regularly. Running with old definitions is like not running an antivirus program at all! Every antivirus program has a mechanism for updating the definitions. You should familiarize yourself with yours, and make certain that the definitions are updated regularly. Daily is not too often to update. Most days of the week, you won't get anything new, but those times you do will come in really handy!
SuperAntiSpyware is - you guessed it - yet another antispyware program. It handles some key loggers and hijackers better than some of the others. Yes, you have to update the virus definitions in the free version by hand; make sure you do that.
One more - MalWareBytes' Anti-Malware. As with the others, there are types of infections that it handles better. Again, make sure you update the virus definition database by hand each time.
I know - it all seems so redundant. And most of the time it is. But that one time when each of these catch something different from the others, you'll be glad you ran them all.
Now it's time to install that firewall. Install the one you downloaded in Step Two, or just use the one that came with Windows.

Step Five: Reboot and Do it Again

Once all of those have been installed and run, and you have gotten your machine as clean as possible, it's time to reboot and do it all over again! The reason for this is that, now that the system is pretty clean and protected, it's time to update all the programs (to make sure you're as protected as possible). Once you've updated them, of course, you'll want to run them again to make sure that you've cleaned out absolutely everything you can.

Reboot, and run the Tango in order:

CWShredder
Stinger
SuperAntiSpyware (update it first)
Malwarebytes' Anti-Malware (update it first)
your antivirus program (update it f... oh, you know)

Step Six: Windows Update

If you're running a newer operating system, Windows Update may well be running in the background, and every once in a while will annoy you by notifying you that updates are ready to be installed. This is a Good Thing™! You should be able to set up automatic updating via your Control Panel - it'll be called either Windows Updates or Automatic Updates.

If you don't have that (e.g. you're running a very old version of Windows), you can still update from Internet Explorer. Click the Tools menu, then select "Windows Update." Always install all Critical patches; others my not suit you - read them carefully.

Yes, it's true that Microsoft has put out one or two updates that killed Windows entirely. You have to weigh the risk of being vulnerable to a known exploit vs. the very slim possibility of having to reinstall your system. You do have backups, don't you?

Remember: Spybot's and your antivirus program's definitions must be updated every time you run them!
Additionally, you should regularly check the various pages of our dance partners to assure yourself that you're running the latest "engines" as well as the latest definitions!

Some of this stuff can be potentially damaging to your system - if you're not sure what you're doing, please bring your system to a qualified professional to clean it!

Special thanks must be given to my friend Bill Bateman, who suggested the entire first step, as well as improvements to many of the other steps. Not only is he a qualified computer professional, a great teacher, funny, interesting, handsome, and a heck of a musician, he's pretty smart, too!
Bill: Still waiting for my check...

There are a whole lot of other people who have suggested rewrites, changes, additions, deletions, and anatomically impossible things. Thanks to most of you; keep the constructive suggestions coming!

The Ask Nick!™ The Ask Nick!™ Security Security Tango™ Tango™ Sponsored by Sponsored by

Tango Links: Home Let's Dance! Good Passwords Nick's Blog Get the CD Definitions Security News Blame, Credits, etc. Windows Links: *Anti-Virus:* McAfee Security Symantec (Norton) CA's eTrust Grisoft's AVG avast! Panda Software *Anti-Malware:* SuperAntiSpyware Malwarebytes *Firewalls:* ZoneAlarm McAfee Firewall Norton Firewall	Let's Dance! - The Windows Waltz A step-by-step guide to dancing The Security Tango - for Windows Step One: Kill the Lurkers Before we can clean out your system completely, we have to make sure that any of those oh-so-innocent-looking files sitting on your hard drive (that may not show up on anybody's radar) are not secretly lurking in the background, breathlessly waiting for the chance to pounce out of the shadows and reinfect you. There are several variations on each of these steps, depending on which version of Windows you're running, which version of Internet Explorer you're running, etc. I'll hit the highlights, but your mileage may vary. Pay attention to the prompts and menu choices and you should be okay. Before you start, just a word about running your computer as the Administrator. When you start your computer, you have to log in (many Windows systems do this automatically for you - more on this later). This lets you have multiple users on the same computer (not simultaneously). If you're not running as Adminstrator normally, then you should log out, and log in as the Administrator to dance the Security Tango. If you have no idea what I'm talking about, or if your computer just starts up without asking you to log in, then you probably do run as the Adminstrator. You shouldn't, on a day-to-day basis. Generally, it's best to not run as the Adminstrator. If you run as a regular user, viruses have a harder time infecting your computer. You should only run as the Administrator when you want to add or remove programs. But that's kind of beyond the scope of this page. So... now that I've confused you thoroughly, let's go! Delete your Temporary Internet Files When a Web browser (e.g., Internet Explorer) goes to a Web site, it saves a copy of each page on your hard drive. This is designed to enhance your browsing experience - the next time you go to that page, your browser checks to see if anything's changed; if not, it uses the old copy on your hard drive. This makes browsing to a site much faster, and cuts down on Internet traffic considerably. This is a great idea, but it means that if you've gone to a Web site with malware, a copy of that malware may well reside in the cache (those temporary Internet files). So let's get rid of 'em. In Internet Explorer, click the Tools menu, then click on "Internet Options...," then click the "Delete Files" button in the "Temporary Internet Files" section. If you're using a newer version of Internet Explorer, you'll see a new box with an option to check to delete all stored offline content. You should do that. Click OK. The cursor will turn into the hour glass for a while, then come back. That's really all the indication you have that you've done it. In Firefox, click the Tools menu, then click on Options...," then click on Privacy. Click the Clear button next to Cookies. Empty the Recycle Bin Empty your Temp Files In the same way that Internet Explorer saves temporary files on your hard drive, so does Windows itself. Often these are "scratchpad" files used by programs, and sloppy programmers have neglected to delete them. You should do so. Look for folders called TEMP or TMP (upper or lower case) on the C: drive at the root level (the base level of the drive) and empty them. Do the same with folders also named TEMP or TMP inside the Windows folders. Sorry I can't be more specific than that; many manufacturers tweak Windows a bit before they send it out, and one of those tweaks is sometimes to change where the temporary files are kept. You may get an error message or two at this step. There may be a program running that has a file opened in the Temp files directory, and you won't be able to remove that one. Also, there may be some folders you can't remove. You see, when Windows installs some programs, it puts files it uses all the time in the temporary directory. Yep. In either case, don't worry about it. Just move on to the next file, or decide you're done. Reboot I don't know that this step is strictly necessary, but I bow to the wisdom of my friend Bill Bateman. At any rate, it can't hurt. Turn off System Restore System Restore is designed to return the system to a known good state, in case you mess things up a bit. The problem is that many viruses nowadays lurk in the System Restore files, and if you do a Restore, immediately reinfect you! Note that dancing this step results in the loss of all previous Restore Points. If you really want to, you can turn it back on again afterwards, but you'll just be turning it off again the next time you dance the Tango, so what's the point? Windows Vista You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed. If you do not know how to log in as Administrator, contact your system administrator (if you are on a network), the computer manufacturer, or installer. Click on the "Start" button in the lower left corner Right-click on Computer, and select Properties from the drop-down list Select "System Protection" on the right under "Tasks," and click "Continue" Uncheck all your drives - that will stop System Restore from working on those drives Okay your way out Windows XP You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed. If you do not know how to log in as Administrator, contact your system administrator (if you are on a network), the computer manufacturer, or installer. Right-click My Computer, and then click Properties from the drop-down list (Depending on how your system was set up, you may have to click Start -> Programs -> Accessories -> Windows Explorer to get to My Computer) Click the System Restore tab Check the "Turn off System Restore" or "Turn off System Restore on all drives" check box Click Apply. A warning message appears, reiterating what I said above. Click Yes. Click OK Reboot Well! That was quite a first step, wasn't it? (Watch out for that first step - it's a doozy!) And that was just the prep work! Don't worry - the rest of the steps, while time consuming, are not nearly so complex. Step Two: Download All Necessary Files Shortly, we'll be rebooting into Safe Mode, which will cut off your Internet access. So first, we'll download all of the software we need to install. You'll find out more about the individual files below, but for now, let's just download them. Of course, if you are still on dial-up, you may prefer to get the Security Tango CD, courtesy of Dave Enright. Download the free versions of SuperAntiSpyware, and Malwarebytes' Anti-Malware. Once you've seen how great they are, you'll want to buy the full versions, but for a first cleanup, you can use the free versions. You'll want an antivirus program. If you already have one, great. Update it and scan your entire system right now. If you don't have one, download one of the ones on that menu there on the left (you'll almost definitely have to scroll up to see it). Many you have to pay for; AVG and avast! are free for personal use. Next, you'll need a firewall. If you have Windows XP with Service Pack 2, you have one. If you'd rather, you can get a great firewall from the list on that infamous menu on the left. Most of The Security Tango is designed to weed out infections that are already on your computer. What's better is to block as many of them as possible before they even reach your computer! Firewalls help do that. They stop traffic from coming into your computer via most of the known malicious backdoors and rarely-open paths. If you have a small network at home, with a home router, it's possible that router includes a firewall, which will protect all of the computers in your network. If, however, you have only one computer, you should run a firewall on it. ZoneAlarm does have a free version, but, again, once you see how great it works, you'll want to get the full version. And, just in case you've got the CoolWebSearch browser hijacker, you should download CWShredder. Also free, also very cool. Last but not least, you should download Stinger. There are several versions on that page; you only need the first, general one. *Stinger doesn't update very often; if the version you already have is the same as the one that you'd be downloading, you don't have to download it - just use the one you have. Step Three:* Reboot into Safe Mode Now we want to reboot into Safe Mode, where very little stuff is running in the background, and you're off the Internet. (*Again, some systems don't do Safe Mode for various reasons - if you can't get into Safe Mode, don't worry - just keep on keepin' on) Click Start, click "Turn Off Computer" and click Restart. As the system reboots, keep tapping the F8 key until you see a text menu. Select Safe Mode. When the system boots up, it may look VERY different from what you're used to. Don't panic! What's happened is this: Safe Mode loads an extremely minimal set of drivers. One of the drivers it does NOT load is your video driver - it sets the video card into the loweest common video mode: 640x480 and only 16 colors. Don't worry - when you reboot, it'll all be back to the way it was. Now, it's time to start running stuff! Step Four:* Clean Your Machine First we run CWShredder. This only handles the CoolWebSearch virus, but that one is an incredibly persistent and tenacious little bugger. Now we run Stinger. This program, from McAfee is updated *only very irregularly, but when it is, it means that a brand new virus has been found that circumvents all the antivirus programs. You should run it every time, even though it's not really necessary every time. It takes very little time to run, and you'll be safer. Now we move to your antivirus* program. You must run a thorough scan on your system. Every antivirus program installs and runs a tad differently, so read the instructions that come with yours. The important thing to understand is that every antivirus program has two parts. There's the program itself (the "engine"), which searches your hard drive for infections, and there's the virus definitions, which the program uses to identify those viruses. Once we're done here, and reboot to regular Windows mode, you'll want to update your antivirus program again and run it again. The engine rarely needs updating. But the definitions need to be updated regularly. Running with old definitions is like not running an antivirus program at all! Every antivirus program has a mechanism for updating the definitions. You should familiarize yourself with yours, and make certain that the definitions are updated regularly. Daily is not too often to update. Most days of the week, you won't get anything new, but those times you do will come in really handy! SuperAntiSpyware is - you guessed it - yet another antispyware program. It handles some key loggers and hijackers better than some of the others. Yes, you have to update the virus definitions in the free version by hand; make sure you do that. One more - MalWareBytes' Anti-Malware. As with the others, there are types of infections that it handles better. Again, make sure you update the virus definition database by hand each time. I know - it all seems so redundant. And most of the time it is. But that one time when each of these catch something different from the others, you'll be glad you ran them all. Now it's time to install that firewall. Install the one you downloaded in Step Two, or just use the one that came with Windows. Step Five: Reboot and Do it Again Once all of those have been installed and run, and you have gotten your machine as clean as possible, it's time to reboot and do it all over again! The reason for this is that, now that the system is pretty clean and protected, it's time to update all the programs (to make sure you're as protected as possible). Once you've updated them, of course, you'll want to run them again to make sure that you've cleaned out absolutely everything you can. Reboot, and run the Tango in order: CWShredder Stinger SuperAntiSpyware (update it first) Malwarebytes' Anti-Malware (update it first) your antivirus program (update it f... oh, you know) Step Six: Windows Update If you're running a newer operating system, Windows Update may well be running in the background, and every once in a while will annoy you by notifying you that updates are ready to be installed. This is a Good Thing™! You should be able to set up automatic updating via your Control Panel - it'll be called either Windows Updates or Automatic Updates. If you don't have that (e.g. you're running a very old version of Windows), you can still update from Internet Explorer. Click the Tools menu, then select "Windows Update." Always install all Critical patches; others my not suit you - read them carefully. Yes, it's true that Microsoft has put out one or two updates that killed Windows entirely. You have to weigh the risk of being vulnerable to a known exploit vs. the very slim possibility of having to reinstall your system. You do have backups, don't you? Remember: Spybot's and your antivirus program's definitions must be updated every time you run them! Additionally, you should regularly check the various pages of our dance partners to assure yourself that you're running the latest "engines" as well as the latest definitions! Some of this stuff can be potentially damaging to your system - if you're not sure what you're doing, please bring your system to a qualified professional to clean it! Special thanks must be given to my friend Bill Bateman, who suggested the entire first step, as well as improvements to many of the other steps. Not only is he a qualified computer professional, a great teacher, funny, interesting, handsome, and a heck of a musician, he's pretty smart, too! Bill: Still waiting for my check... There are a whole lot of other people who have suggested rewrites, changes, additions, deletions, and anatomically impossible things. Thanks to most of you; keep the constructive suggestions coming!
Text, "Security Tango," and logo Copyright © 2010 Nick Francesco Hosting provided by CLSS Enterprises, the greatest host on Earth This page has been accessed 316,043* times.*