THE PARASITE FIGHT
QUICK FIX PROTOCOL
Last Updated July 30, 2007
No “quick fix” is as good as a thorough fix. However, sometimes you need it quick! If you came to this page to get rid of parasites as quickly as possible, use the following six-step protocol.
IMPORTANT NOTE: So far as possible, do these steps in the order listed. Nonetheless, if you have a problem with any one step, skip it and go to the next — then come back. Some parasites block one mode of attack but are vulnerable to another removal approach.
- SHOW IT ALL! Be sure that Windows is set to show hidden and system files and folders. In My Computer, at Tools | Folder Options | View, set Hidden files and folder to “Show,” and uncheck Hide protected operating system files. (In Windows Vista, find these in Computer at Organize | Folder & Search Options | View.)
- HOUSECLEANING. Especially if your computer’s performance is heavily compromised, clean out the Temporary Internet Files and Temp folders first. Detailed instructions are given under Step 4 of my Computer Health page here.
NOTE: The easy, efficient way I recommend is to use KillBox to do this: click Tools | Delete Temp Files. Mark the boxes for the categories of items you want to delete (or accept the default), then click the “Delete Files” button at the bottom. Repeat for all profiles using hte pulldown list. (Clean at least the Temp and TIF folders and Cookies.)
- REMOVE PROGRAMS. Some parasites can be easily and effectively removed from the Add/Remove Programs applet in the Windows Control Panel. (Others will be present here, but will not effectively uninstall. Many others simply won’t show here. A few are booby-trapped so that removing them in Add/Remove Programs actually makes matters worse.) A few troublesome programs — such as the common trio of Wild Tangent, Weatherbug, and Viewpoint — should be removed here first (so as not to break the uninstall capability by using other cleaning tools). A very serious invader (especially on Dell Computers) that other cleaning tools may not touch may show in Add/Remove Programs variously as MySearch, MyWay, MyWeb, MyWebSearch, etc. Get rid of them!
- DOWNLOAD YOUR TOOLS. Download Ad-Aware SE (one direct link is here). Save it to your desktop. When you have it downloaded, installed, and updated it, go to the next step. For Windows XP (SP2 or later), you may also want to download, install, and update Windows Defender.
- RUN AD-AWARE and (for Windows Vista and optionally Windows XP) RUN WINDOWS DEFENDER. Update each before running it. See Notes For Using Ad-Aware. In each case, let the program remove everything it finds. (For more details on Ad-Aware, see Ad-Aware – recommended for all users.)
NOTE: For parasites that are currently running, Ad-Aware may not be able to remove them on the first pass. It may only be able to disable the auto-launch which activates them at computer start-up. Usually it will ask you if you want it to try again after a reboot. Say yes, then reboot. Even if it doesn’t ask, rebooting and running it again is a good idea.
- IF THERE IS STILL A PROBLEM... If you still believe you have a parasite infestation, download and run HijackThis (ver. 2.0.4). Most users should use this only to scan, not to fix. Save the log and post it to a new thread on the AumHa HijackThis Logs forum or on another forum or newsgroup where you trust the regular participants. (For more details on this step, see Notes For Using HijackThis.)
IF THE QUICK FIX DOESN’T WORK
Parasite assaults have started coming in the waves. At present, many kinds of exploitative malware have learned to disable most standard cleaning tools, hide themselves more effectively, and generally becoming more stubborn and resistant. As with biological infections, it is likely that sometimes the germs will have the advantage and sometimes the antibiotics. If the Quick Fix steps above (including examination of a HijackThis log) don’t solve your problem, there are tougher steps to take. Here are my present recommendations. (These will be evolving to meet the changing nature of threats.)
- SAFE MODE Reboot to Safe Mode. Then rerun the “screening and cleaning” steps above.
- PATCHES. Be sure you have your Windows and IE patches up to date. Go to Windows Update (also usually available on your Start Menu or on the Tools menu of Internet Explorer) and install all critical updates. (Other updates are not necessarily recommended. Install them for specific issues; but install all the critical ones as soon as they come out.)
- VIRUSES. Your problem may not be parasites — it may be viruses instead. This usually requires a different set of steps for protection and cleaning (though virus and parasite creators sometimes deploy them in tandem). Run a thorough virus scan with a quality antivirus program with definition files updated just before you run it. Since some viruses are able to disable or impede an antivirus program on your hard drive, in addition to your installed (local) antivirus program you may want to run one or two of the excellent free online virus scanners. These can be slow, but they work! Click on “Free Online Virus Scanners” on my Parasites, Viruses & Other Security Issues page.
- SCREEN FOR COOLWEBSEARCH Run CWShredder to screen for CoolWebSearch malware. Read more about it here. (This tool was once one of our front-line defenders, but no longer catches many variations of CWS in circulation. Nonetheless, it’s worth a check in tough cases.
- CHECK YOUR HOSTS FILE. In HijackThis, click Config | Misc Tools | Open HOSTS File Manager. Read more about this issue here.
- SCREEN FOR A.D.S. Run ADSSpy to screen a channel of exploitation that most screening/cleaning tools don’t identify. Use this cautiously. Read more about it here.
- SCREEN FOR ROOTKITS Run RootkitRevealer to screen for Rootkits.
- OTHER TOOLS. See the More Special Tools section for possibly relevant tools that I may not have mentioned in this section.
Now, relax! Take a break. At your early leisure, surf over to my longer page, The Parasite Fight!, and go through it thoroughly for more information and recommendations about identifying, removal, and protecting yourself against parasites.