Friday, April 01, 2005

Important Removal Tool Note

One of Virtual Grub Street's several missions is to provide a clearinghouse for information regarding freeware removal tools available on the Internet. For this reason, it attempts to provide a wide range of information to help you identify which malware your computer is infected with. This may include files names, common infection names, associated url's, and explanatory notes, etc.

But this does not mean that following the VGS instructions will free your computer of all malware and associated files. Your computer may have acquired more than one infection in its various travels. More and more malware (and adware) is bundled. More and more often, the bundling is clearly designed such that removing one malware item merely unleashes another installed "behind" it. For example, removing EliteBar, such that your computer is no longer hijacked to the SearchMiracle and YupSearch advertising search engines, may result in your computer being hijacked to the Mirar search engine instead (Mirar having been bundled with together with EliteBar at the point of origin).

The approach generally used by HijackThis experts available on the Internet is to "bomb" an infected computer with 6-8 generally trusted anti-adware/spyware utilities (including the most recent version of HijackThis) and to instruct the user to consult two or more free online scanners and to post the results. They then use HijackThis to remove the remaining files associated with the infection(s).

As long as the infection is addressed by at least one of the software packages, the approach is likely to be successful. There is no harm in having downloaded the 6-8 freeware (or trialware) items onto your computer, although keeping them up to date can be a bit of a chore and your computer's execution time can be effected. The online scanners, of course, will generally download registry values, ActiveX files and tracking cookies, and may even create data files for future consultation: the stuff, that is to say, that you were trying to prevent the malware from depositing and periodically transmitting. As for the fix, itself, it will necessarily take some number of hours to accomplish the downloads and further hours to run the software. This will be followed by a trip to the HijackThis expert where the various scan reports will be posted, analyzed and further directions given.

If the HijackThis forums offer what you are seeking, the VGS clearinghouse offers you information that may help you to understand what the resident expert is doing. Choose your forum carefully. The best attended forums tend to have the more capable experts. Always be aware that the expert will provide a disclaimer that you must agree that she or he will be held harmless should the process fail, or, worse, damage your computer. Directions to delete a suspect file can easily leave your computer seriously hobbled.

Should you prefer, the VGS clearinghouse is designed to bring you together with targetted information and one or more targetted freeware removal tools. The removal tools may or may not perform precisely as advertised by the persons who created them. Moreover, you may be infected with a variant that the suggested tool can not remove. VGS has, however, gone to considerable effort to verify that the various tools that appear in its pages have been positively reviewed by those who have used them. The information is yours to use entirely as you choose and entirely at your own risk. It is always advisable to follow-up a removal with a scan by your preferred anti-virus/malware software in order to verify the condition of the computer. The choice is yours whether or not to let dormant files, that may be leftover after removal, remain on your computer.

VGS encourages you to post comments about the service it offers, and, in particular, about your experiences with the removal tools suggested in its pages. Removal tool comments will be most effective in helping those who come after you if you post them to the individual detail page for the malware item you used the tool to remove. Please be as clear and as detailed as possible. The most effective comments might include such information as: 1) What browser and operating system you are are running on your computer (i.e. Windows 98, NT, XP, Linux, Internet Explorer 6.0, Firefox); 2) What updates are installed (i.e. SP1, SP2); 3) What anti-virus/malware package(s) are resident in your computer; and 4) the actions you took in the order you took them.