How to Protect Yourself From PC Security Pitfalls
A PCWorld.com columnist shows you how to get rid of spyware, shrug off spam, and stay safe on unsecured public networks.
Tue, April 29, 2008
PC World — Viruses, spyware, and worms. Oh, my!
We all know the dangers inherent in accessing the Internet, and we all take precautions. Yet our PCs still occasionally get infected because we can't know everything.
Here I'll show you how to rid your PC of nefarious, spyware-infected programs, explain why you sometimes receive strange e-mail from your own address, and teach you how to stay safe on unsecured public wireless networks.
Got PC questions of your own? Send your questions--about security or any other tech topic--to answer@pcworld.com.
How Do I Get Rid of a Spyware-Carrying Program That Won't Uninstall?
--Zehraa, Answer Line Forum
The uninstaller that comes with a malicious program isn't likely to do much good. Still, you might try running it with Revo Uninstaller, a freebie that runs an application's own uninstall function, and then scans the hard drive and Registry for leftovers (there are usually some). I'm not sure how effective it will be against a malicious program, but it's certainly worth a try.
If that doesn't work, try to manually delete the program file or folder. And if Windows won't let you do that, try Cedrick Collomb's free Unlocker. Once installed, Unlocker comes up automatically when Windows refuses to delete, move, or rename a file or folder, or you can launch it from the file or folder's context menu. Also, once it's up, it shows you what processes are hanging onto the culprit and lets you kill them. (My thanks to Mphenterprises of the Answer Line Forum for recommending Unlocker.)
You can also try Windows' System Restore:
In Windows XP, select Start, All Programs, Accessories, System Tools, System Restore; choose Restore my computer to an earlier time; and then click Next. Pick the earliest Restore Point available, and follow the prompts.
In Vista, click Start, type rstrui, and press Enter; select Choose a different restore point, click Next, and check Show restore points older than 5 days. Click Next. Pick the earliest Restore Point available, and follow the prompts.
If that doesn't work, try running System Restore in Safe Mode: Reboot your PC and press F8 just before Windows loads (you may need to try a few times to get the timing right). At the resulting menu, select Safe Mode with Command Prompt and pick your operating system. At the command prompt, type C:windowssystem32 estore strui (just rstrui in Vista), press Enter, and try running System Restore from there.
Another option: Since you have a name for the program you can't remove, you might be able to find removal instructions via your favorite search engine. Add the word remove to your search string, and avoid any link from the company that makes the program or any site that seems to have a positive opinion of it.
Still can't get rid of the vicious thug? Try HiJackThis, a free utility now from TrendMicro. HiJackThis creates a very technical report on your system's suspicious Windows behavior. You probably won't be able to make heads or tails of it, but there are plenty of Internet forums where friendly people can help you decipher HiJackThis reports and recommend a course of action. Go to Trend Micro's Analyzing your HijackThis Log page for links to many of these forums.
If nothing else works, reformatting your hard drive is the last desperate measure to take. But back up your data first. In fact, if you already have a full backup of your data (as you should), make an extra backup, anyway. The more, the safer.
I can't tell you exactly how to reformat your hard drive and reinstall Windows, because that depends on whether you have a good backup of the operating system made before the infection, what kind of recovery capabilities came with your PC, and if you have a genuine Windows XP or Vista disc.
If you have a good system backup made with an imaging program like Ghost and True Image, restoring that is much easier than reinstalling everything.
The next best option is an actual Windows disc. Pick the option that erases everything on the drive before installing Windows. It's safer.
Otherwise you'll have to use what recovery features came with your computer. In most cases, this will return the hard drive to its factory condition. Then you'll have to remove the programs you don't want.
However you do it, once Windows is working, you'll need to install your security software and your applications, update everything, and then restore your data from the backup.
You'll find the original discussion in the PCWorld.com forums.
