<div align='center'><!--sizeo:5--><span style="font-size:18pt;line-height:100%"><!--/sizeo--><u>Infection Prevention Guide</u><!--sizec--></span><!--/sizec-->
This guide will show you how to prevent infections in the first place.
If you are currently infected, please visit the <a href="http://gbatemp.net/t298763-infection-removal-guide" target="_blank">Infection Removal Guide</a>.</div>
<ol type='1'><li>Intro/T.O.C.</li><li>Program List</li><li>Future Prevention</li><li>F.A.Q.</li></ol>
This guide will show you how to prevent infections in the first place.
If you are currently infected, please visit the <a href="http://gbatemp.net/t298763-infection-removal-guide" target="_blank">Infection Removal Guide</a>.</div>
<ol type='1'><li>Intro/T.O.C.</li><li>Program List</li><li>Future Prevention</li><li>F.A.Q.</li></ol>
<div align='center'><!--sizeo:5--><span style="font-size:18pt;line-height:100%"><!--/sizeo-->Program List<!--sizec--></span><!--/sizec--></div>
There's multiple classifications of infection in the computer world, just like there's multiple classifications of infections in the real world (for example viruses versus bacteria versus fungal infections). These infections work in different ways, and are often removed in different ways as well.
There's two main common categories for computer infections because of this. The first is "viruses", this generally includes viruses, worms, trojans, and malicious modifications to core system files. The second is "malware", which generally includes spware, adware, rogue software, and malicious system settings changes.
Often a scanner for one category won't aim for the other category due to the major differences, so it's recommended to have two programs. One antivirus and one antimalware, unless you have an antivirus that specifically includes antimalware instead (such as one of the paid anti-virus programs.)
It's important to only keep one anti-virus program installed at a time. Antivirus programs aren't normal programs, they hook into core parts of the system (such as filesystem I/O) and expect to be the only things doing so. Having multi antivirus programs can actually cause them to perform worse, or actually damage your system under rare circumstances.
<ul><li>Anti-virus
<ul><li>Free
<a href="http://www.avast.com" target="_blank">Avast!</a> - Has a boot-time scanner which can be really helpful to remove infections.
<a href="http://www.microsoft.com/Security_essentials" target="_blank">Microsoft Security essentials</a> - Good at staying out of your way unless there's an issue. Updates definitions along with Windows Update, is light on requirements.
<a href="http://antivirus.comodo.com" target="_blank">Comodo</a> - Includes a software firewall and other such additional protections, but may be too restrictive for power users.
<a href="http://www.avira.com/free" target="_blank">Avira</a> - Standard antivirus, but the free version displays an ad when it updates.
<a href="http://free.avg.com/" target="_blank">AVG</a> - Light on requirements, but can be seen as a little behind the times.
</li><li>Paid
<a href="http://www.kaspersky.com" target="_blank">Kaspersky</a> - Big focus on Heuristics, so it can often catch infections before other AV programs can.
<a href="http://www.eset.com" target="_blank">NOD32</a> - Low amount of false positives.
<a href="http://www.bitdefender.com" target="_blank">Bitdefender</a> - Big focus on phishing protection, includes various other things such as parental controls (but the controls are easily bypassed).
<a href="http://www.f-secure.com" target="_blank">F-Secure</a> - Very fast and lightweight, but weak anti-malware protection.
<a href="http://www.trendmicro.com" target="_blank">Trend Micro</a> - Website blocker, modern firewall, and a spam filter. Not the best malware protection.</li></ul>
</li><li>Anti-Malware
<ul><li>Free
<a href="http://www.malwarebytes.org" target="_blank">MalwareBytes</a> - Excellent, takes steps that other programs don't in order to remove stubborn infections.
<a href="http://www.superantispyware.com" target="_blank">SUPERAntiSpyware</a> - Light on resources when scanning.
<a href="http://www.safer-networking.org" target="_blank">Spybot S&D</a> - And old standby, but can be considered deprecated. The TeaTimer component should not be installed or used.</li></ul></li></ul>
There's multiple classifications of infection in the computer world, just like there's multiple classifications of infections in the real world (for example viruses versus bacteria versus fungal infections). These infections work in different ways, and are often removed in different ways as well.
There's two main common categories for computer infections because of this. The first is "viruses", this generally includes viruses, worms, trojans, and malicious modifications to core system files. The second is "malware", which generally includes spware, adware, rogue software, and malicious system settings changes.
Often a scanner for one category won't aim for the other category due to the major differences, so it's recommended to have two programs. One antivirus and one antimalware, unless you have an antivirus that specifically includes antimalware instead (such as one of the paid anti-virus programs.)
It's important to only keep one anti-virus program installed at a time. Antivirus programs aren't normal programs, they hook into core parts of the system (such as filesystem I/O) and expect to be the only things doing so. Having multi antivirus programs can actually cause them to perform worse, or actually damage your system under rare circumstances.
<ul><li>Anti-virus
<ul><li>Free
<a href="http://www.avast.com" target="_blank">Avast!</a> - Has a boot-time scanner which can be really helpful to remove infections.
<a href="http://www.microsoft.com/Security_essentials" target="_blank">Microsoft Security essentials</a> - Good at staying out of your way unless there's an issue. Updates definitions along with Windows Update, is light on requirements.
<a href="http://antivirus.comodo.com" target="_blank">Comodo</a> - Includes a software firewall and other such additional protections, but may be too restrictive for power users.
<a href="http://www.avira.com/free" target="_blank">Avira</a> - Standard antivirus, but the free version displays an ad when it updates.
<a href="http://free.avg.com/" target="_blank">AVG</a> - Light on requirements, but can be seen as a little behind the times.
</li><li>Paid
<a href="http://www.kaspersky.com" target="_blank">Kaspersky</a> - Big focus on Heuristics, so it can often catch infections before other AV programs can.
<a href="http://www.eset.com" target="_blank">NOD32</a> - Low amount of false positives.
<a href="http://www.bitdefender.com" target="_blank">Bitdefender</a> - Big focus on phishing protection, includes various other things such as parental controls (but the controls are easily bypassed).
<a href="http://www.f-secure.com" target="_blank">F-Secure</a> - Very fast and lightweight, but weak anti-malware protection.
<a href="http://www.trendmicro.com" target="_blank">Trend Micro</a> - Website blocker, modern firewall, and a spam filter. Not the best malware protection.</li></ul>
</li><li>Anti-Malware
<ul><li>Free
<a href="http://www.malwarebytes.org" target="_blank">MalwareBytes</a> - Excellent, takes steps that other programs don't in order to remove stubborn infections.
<a href="http://www.superantispyware.com" target="_blank">SUPERAntiSpyware</a> - Light on resources when scanning.
<a href="http://www.safer-networking.org" target="_blank">Spybot S&D</a> - And old standby, but can be considered deprecated. The TeaTimer component should not be installed or used.</li></ul></li></ul>
<div align='center'><!--sizeo:5--><span style="font-size:18pt;line-height:100%"><!--/sizeo-->Future Prevention<!--sizec--></span><!--/sizec-->
How did I get that infection in the first place?
What can I do to prevent it?
Where do infections come from?
How can I spot bad programs?
An ounce of prevention is worth a pound of cure.</div>
<ul><li><b>Q - How do I avoid getting viruses and spyware and all that other bad stuff?</b>
A - Here's a list of preventative measures you can take.
<ul><li>Turn windows update on and leave it on! It's very important that your version of windows is kept up to date!</li><li>If you are in windows Vista/7, <a href="http://windows.microsoft.com/en-US/windows-vista/Turn-User-Account-Control-on-or-off" target="_blank">make sure UAC is on</a>.</li><li>Make sure to allow your antivirus to update automatically.</li><li>make sure your web browser is always updating, It doesn't matter if you like the look if Firefox 0.9 better, if it's way out of date you shouldn't be using it as the security holes in it will not be fixed. There's often methods and options to make new programs look or function like old ones, so just update and get used to it. Running an older browser is just asking for infections.</li><li>Make sure that your antivirus is set to automatically scan every file that's created/modified. Any good antivirus software will have what's known as an "active guard" or "resident shield". What that does is scan every file before it enters your computer, like a robot security guard at the door of a nightclub. If it detects an infection, it can stop it from doing anything, and alert you.</li></ul>
</li><li><b>Q - Why did my current program not protect me?</b>
A - Here's some possible reasons.
<ul><li>It was not fully updated.</li><li>It was a pay program, and you stopped paying for it, so it stopped protecting you.</li><li>It was a scanner for a different type of infection then you got. Virus scanners usually will not scan for spyware/adware, and the same goes the other way way around.</li><li>The virus managed to break your protection program.</li><li>What you thought was your protection program could have been a rogue program that actually doesn't protect you and was just scamming you for money by giving you false error reports.</li><li>What you think is an infection is actually on your computer legally. Increasingly now programs that are normally good may also install other software that displays ads. <i>If it's in the EULA and you click the "agree" button, then it's on your computer legally, so virus scanners often won't pick it up!</i> You need to be very careful because installers will use all sorts of tricks to get you to agree to install additional software! They'll swap what buttons do what, hide the "do not install" option unless you click certain areas, and more.</li></ul>
</li><li><b>Q - Where do infections come from?</b>
A - Many, many places.
<ul><li>Advertisements
Yes, random advertisements on websites can attempt to infect your computer. <a href="http://news.cnet.com/8301-27080_3-20000898-245.html" target="_blank">You can even get infected by good sites like The New York Times</a>. Almost any site that displays advertisements could possibly give an infection, this is partially why it's so important to keep some protection that's always on.
</li><li>Rogue Software
Sometimes you might see a random popup or a page claiming it's scanning your computer, and showing you hundreds of problems it's finding that claims it can fix. THESE ARE FALSE. It is not scanning your computer, it is not detecting issues, all it's trying to do is scare you into buying it.
</li><li>Crack/Serial/Warez Sites
These are absolutely packed with infections and should be avoided. Their advertisements are rarely monitored and often contain infections, and the cracks and warez on the site itself often hide keyloggers and other such infections.
</li><li>P2P/Filesharing Programs
<i>When you use programs like Frostwire, you are downloading files directly from other people's computers, and other people are downloading files from your computer</i>. That's why it's called "file sharing"! If anybody has an infection on their computer, you could catch it since your computer connects to theirs in order to get the file. Every single one of these programs has a very high risk of infection, you should try to avoid these. The Done To Death sticky has lists of where to get free music safely and legally.</li></ul>
These are just a few of the places to pick up infections. The people who make them are always looking into new ways to infect a large amount of machines, so if you're not sure on something look it up before you use it!</li></ul>
How did I get that infection in the first place?
What can I do to prevent it?
Where do infections come from?
How can I spot bad programs?
An ounce of prevention is worth a pound of cure.</div>
<ul><li><b>Q - How do I avoid getting viruses and spyware and all that other bad stuff?</b>
A - Here's a list of preventative measures you can take.
<ul><li>Turn windows update on and leave it on! It's very important that your version of windows is kept up to date!</li><li>If you are in windows Vista/7, <a href="http://windows.microsoft.com/en-US/windows-vista/Turn-User-Account-Control-on-or-off" target="_blank">make sure UAC is on</a>.</li><li>Make sure to allow your antivirus to update automatically.</li><li>make sure your web browser is always updating, It doesn't matter if you like the look if Firefox 0.9 better, if it's way out of date you shouldn't be using it as the security holes in it will not be fixed. There's often methods and options to make new programs look or function like old ones, so just update and get used to it. Running an older browser is just asking for infections.</li><li>Make sure that your antivirus is set to automatically scan every file that's created/modified. Any good antivirus software will have what's known as an "active guard" or "resident shield". What that does is scan every file before it enters your computer, like a robot security guard at the door of a nightclub. If it detects an infection, it can stop it from doing anything, and alert you.</li></ul>
</li><li><b>Q - Why did my current program not protect me?</b>
A - Here's some possible reasons.
<ul><li>It was not fully updated.</li><li>It was a pay program, and you stopped paying for it, so it stopped protecting you.</li><li>It was a scanner for a different type of infection then you got. Virus scanners usually will not scan for spyware/adware, and the same goes the other way way around.</li><li>The virus managed to break your protection program.</li><li>What you thought was your protection program could have been a rogue program that actually doesn't protect you and was just scamming you for money by giving you false error reports.</li><li>What you think is an infection is actually on your computer legally. Increasingly now programs that are normally good may also install other software that displays ads. <i>If it's in the EULA and you click the "agree" button, then it's on your computer legally, so virus scanners often won't pick it up!</i> You need to be very careful because installers will use all sorts of tricks to get you to agree to install additional software! They'll swap what buttons do what, hide the "do not install" option unless you click certain areas, and more.</li></ul>
</li><li><b>Q - Where do infections come from?</b>
A - Many, many places.
<ul><li>Advertisements
Yes, random advertisements on websites can attempt to infect your computer. <a href="http://news.cnet.com/8301-27080_3-20000898-245.html" target="_blank">You can even get infected by good sites like The New York Times</a>. Almost any site that displays advertisements could possibly give an infection, this is partially why it's so important to keep some protection that's always on.
</li><li>Rogue Software
Sometimes you might see a random popup or a page claiming it's scanning your computer, and showing you hundreds of problems it's finding that claims it can fix. THESE ARE FALSE. It is not scanning your computer, it is not detecting issues, all it's trying to do is scare you into buying it.
</li><li>Crack/Serial/Warez Sites
These are absolutely packed with infections and should be avoided. Their advertisements are rarely monitored and often contain infections, and the cracks and warez on the site itself often hide keyloggers and other such infections.
</li><li>P2P/Filesharing Programs
<i>When you use programs like Frostwire, you are downloading files directly from other people's computers, and other people are downloading files from your computer</i>. That's why it's called "file sharing"! If anybody has an infection on their computer, you could catch it since your computer connects to theirs in order to get the file. Every single one of these programs has a very high risk of infection, you should try to avoid these. The Done To Death sticky has lists of where to get free music safely and legally.</li></ul>
These are just a few of the places to pick up infections. The people who make them are always looking into new ways to infect a large amount of machines, so if you're not sure on something look it up before you use it!</li></ul>
<div align='center'><!--sizeo:5--><span style="font-size:18pt;line-height:100%"><!--/sizeo-->F.A.Q.<!--sizec--></span><!--/sizec--></div>
<ul><li><b>Q - A lot of the steps in the Removal Guide seem useless, do I still need to do it all?</b>
A - Every step has a purpose. Far too often people will skip steps, only to find they are still infected later. By the very nature of many infections, it's best that they remain hidden. After all, if you KNOW there's an infection you're going to try to remove it, right? Most actual viruses and bad infections will do all they can to prevent you from finding them, because they don't want you to try to remove them. Some steps you're told to follow may seem excessive, but they will catch stuff a simple virus scan won't.
</li><li><b>Q - Why not just format when you get infected?</b>
A - At least once a month, windows receives automatic security updates. These fix security holes that viruses and other types of infections can use to get into your computer and mess it up. When you format and reinstall windows, you are taking it back to a time before all the updates, meaning <i>you are just opening the door for even more infections to get in</i>! Most of the time it's better to remove the current infection and then take steps (listed in the "future prevention" post) to prevent reinfection. Formatting is a last resort, some people may have 50 gigabytes of personal files on their computer, and some people have their computers set up a very specific way that would take hours or days to restore to working order after a format. Just because formatting is your choice does not mean it should be the first suggestion to somebody else.
</li><li><b>Q - Why doesn't the Removal Guide specifically list (name of infection here)?</b>
A - There's thousands and thousands of computer infections, but most infections can be categorized into groups based on how they work, so a few tools and instructions can remove most of the computer infections people get. Furthermore the same infection can often call itself multiple names in order to try to disguise itself. This is most often true of infections that pretend to be virus scanners and try to scare you into "buying" them.
</li><li><b>Q - I found this (verified legit) program that I installed and it scanned my computer and says it found the problem and is only asking me $30 to remove it, isn't that a good deal?</b>
A - No, these programs are often just out for your money. If the program has scanned and found issues, that's the hard part. The actual fix should be easy, so the fact that it's waiting until then to make you pay shows that it's just after your money. This is especially true if the program doesn't actually tell you what and where the problems are, this shows that <i>the makers of the program don't want you going and fixing it yourself. They're not interested in actually fixing your problem, they just want to scare you out of your money</i>.
</li><li><b>Q - A scanner is telling me that something I know is clean (for example, a game like Maple Story) is an infection, why?</b>
A - Either it really DOES have an infection (remember that viruses infect other programs in order to reproduce!), or the scanner you're using is doing "heuristics" scanning. That's where it takes the program, and basically puts it in a virtual environment and tests how it reacts to certain actions, and if it does anything the scanner finds suspicious (that the scanner thinks it has no right doing, like a fast food employee carrying a gun), the scanner will mark it with a generic alert based on what type of infection the scanner thinks it is.
<a href="http://www.virustotal.com/" target="_blank">http://www.virustotal.com/</a> - Go there, upload the file it says is infected, and it will scan it with many virus scanners. There you can see what the results are. If only a small percentage of the scanners mark it as bad, and they use generic terms, like just "spyware" or "trojan" or "keylogger", then you can assume that the file is really clean. Real viruses are given codenames, like "Fojack" or "Hidrag.a".
</li><li><b>Q - What is all this stuff about DNS and HOSTS?</b>
A - DNS means "Domain Name Server". A DNS server keeps information which web address relates to which IP address on the internet (like how google.com is 74.125.45.100). It's sort of like how "Jack's house" means "123 Oak Tree Lane" in the real world. Unfortunately, sometimes an infection will misdirect your computer, sending it to the wrong websites. The HOSTS file is a file on windows that holds information about DNS entries on your own computer, it's usually used to bypass a normal DNS server for whatever reason. Unfortunately infections will add entries that make real sites redirect to fake sites.
</li><li><b>Q - What's a tracking cookie?</b>
A - <i>A tracking cookie is not a virus</i>, it will not hurt your computer. They are used by ads on websites for marketing purposes. They record what "genre" of sites you generally visit (such as anime sites, military sites, car sites) so that the advertisements on a site know which types of ads to show you. They do not record any personal information about you, they do not know who you are.
A cookie is a text file created by a website on your computer to store information about what you've done there. A text file is several kilobytes, which is one thousandth of a megabyte, which in turn, is one thousandth of a gigabyte. It would take millions of cookies to amount to anything that might slow down your computer.</li></ul>
<ul><li><b>Q - A lot of the steps in the Removal Guide seem useless, do I still need to do it all?</b>
A - Every step has a purpose. Far too often people will skip steps, only to find they are still infected later. By the very nature of many infections, it's best that they remain hidden. After all, if you KNOW there's an infection you're going to try to remove it, right? Most actual viruses and bad infections will do all they can to prevent you from finding them, because they don't want you to try to remove them. Some steps you're told to follow may seem excessive, but they will catch stuff a simple virus scan won't.
</li><li><b>Q - Why not just format when you get infected?</b>
A - At least once a month, windows receives automatic security updates. These fix security holes that viruses and other types of infections can use to get into your computer and mess it up. When you format and reinstall windows, you are taking it back to a time before all the updates, meaning <i>you are just opening the door for even more infections to get in</i>! Most of the time it's better to remove the current infection and then take steps (listed in the "future prevention" post) to prevent reinfection. Formatting is a last resort, some people may have 50 gigabytes of personal files on their computer, and some people have their computers set up a very specific way that would take hours or days to restore to working order after a format. Just because formatting is your choice does not mean it should be the first suggestion to somebody else.
</li><li><b>Q - Why doesn't the Removal Guide specifically list (name of infection here)?</b>
A - There's thousands and thousands of computer infections, but most infections can be categorized into groups based on how they work, so a few tools and instructions can remove most of the computer infections people get. Furthermore the same infection can often call itself multiple names in order to try to disguise itself. This is most often true of infections that pretend to be virus scanners and try to scare you into "buying" them.
</li><li><b>Q - I found this (verified legit) program that I installed and it scanned my computer and says it found the problem and is only asking me $30 to remove it, isn't that a good deal?</b>
A - No, these programs are often just out for your money. If the program has scanned and found issues, that's the hard part. The actual fix should be easy, so the fact that it's waiting until then to make you pay shows that it's just after your money. This is especially true if the program doesn't actually tell you what and where the problems are, this shows that <i>the makers of the program don't want you going and fixing it yourself. They're not interested in actually fixing your problem, they just want to scare you out of your money</i>.
</li><li><b>Q - A scanner is telling me that something I know is clean (for example, a game like Maple Story) is an infection, why?</b>
A - Either it really DOES have an infection (remember that viruses infect other programs in order to reproduce!), or the scanner you're using is doing "heuristics" scanning. That's where it takes the program, and basically puts it in a virtual environment and tests how it reacts to certain actions, and if it does anything the scanner finds suspicious (that the scanner thinks it has no right doing, like a fast food employee carrying a gun), the scanner will mark it with a generic alert based on what type of infection the scanner thinks it is.
<a href="http://www.virustotal.com/" target="_blank">http://www.virustotal.com/</a> - Go there, upload the file it says is infected, and it will scan it with many virus scanners. There you can see what the results are. If only a small percentage of the scanners mark it as bad, and they use generic terms, like just "spyware" or "trojan" or "keylogger", then you can assume that the file is really clean. Real viruses are given codenames, like "Fojack" or "Hidrag.a".
</li><li><b>Q - What is all this stuff about DNS and HOSTS?</b>
A - DNS means "Domain Name Server". A DNS server keeps information which web address relates to which IP address on the internet (like how google.com is 74.125.45.100). It's sort of like how "Jack's house" means "123 Oak Tree Lane" in the real world. Unfortunately, sometimes an infection will misdirect your computer, sending it to the wrong websites. The HOSTS file is a file on windows that holds information about DNS entries on your own computer, it's usually used to bypass a normal DNS server for whatever reason. Unfortunately infections will add entries that make real sites redirect to fake sites.
</li><li><b>Q - What's a tracking cookie?</b>
A - <i>A tracking cookie is not a virus</i>, it will not hurt your computer. They are used by ads on websites for marketing purposes. They record what "genre" of sites you generally visit (such as anime sites, military sites, car sites) so that the advertisements on a site know which types of ads to show you. They do not record any personal information about you, they do not know who you are.
A cookie is a text file created by a website on your computer to store information about what you've done there. A text file is several kilobytes, which is one thousandth of a megabyte, which in turn, is one thousandth of a gigabyte. It would take millions of cookies to amount to anything that might slow down your computer.</li></ul>
