Do you know what to do immediately after a workstation is infected with spyware? Read what the experts have to say, or click here to go back to the scenario.
Kevin Beaver: In this case, you should run another antispyware scanner or two to see if the mess can't be cleaned up. Unfortunately, spyware and adware protection will require a multi-layered defense to be effective going forward.
Tony Bradley: To prevent any Windows Messenger Service spam from sending pop-up messages to the system, you can disable the Windows Messenger Service (not to be confused with the MSN Messenger instant messaging utility) or block traffic coming in on UDP ports 135, 137 and 138 and TCP ports 135, 139 and 445.
The user has already verified that the antivirus software is up to date and has run Spybot - Search & Destroy, one of the best antispyware utilities available. The fact, however, is that none of the antispyware applications are 100% effective. Rather than relying simply on the S&D results, the user could also try other antispyware software, such as Lavasoft's Ad-Aware, the beta version of Microsoft Windows AntiSpyware or Webroot Software Inc.'s Spy Sweeper.
Lawrence Abrams: Though hijackers do not spread to other machines, in many cases they do severely lower the security settings of Internet Explorer. It is, therefore, important to prevent users from using their computers until these infections have been removed in order to avoid further infections.
Stage three: Cleanup and recovery
About the experts: More information about our experts is available on the scenario page.
