Thursday, January 02, 2014

Recovering a Lost Minecraft World

I've run into the problem of needing to recover a lost Minecraft world from file backups manually a few times now and I always seem to forget the process. There are a few YouTube videos and other miscellaneous (and often conflicting) forum posts suggesting approaches to accomplish this, so I thought I'd document the process I've found successful for future reference.

First off, it's worth noting that this process is designed to recover a world that is no longer showing up in Minecraft's available world list. This is not a tutorial for recovering lost files (there are plenty of other places to look for such information). If you do not have a backup of your world files, you should seek help elsewhere.

Minecraft world data is saved in the following path on a Windows system:

%AppData%\.minecraft\saves

Which will ultimately resolve to a path like the following:

C:\Users\<username>\AppData\Roaming\.minecraft\saves

Inside this folder you will find directories containing each of your worlds. Whether or not these are actually showing up in Minecraft appears to relate to the metadata stored in the level.dat file within each sub-directory.

In order to recover your world, what you will want to do first is run Minecraft and create a brand new world as a placeholder. This world should be created with the same game type (Survival/Creative) as the one you are looking to restore. Once you have created a new world, simply save and exit back to the Minecraft menu.

At this point you should see the folder for your newly created world. Note that while it appears that Minecraft will append characters to the end of the world name to avoid directory collisions in the saves folder, you might want to err on the safe side and give your new placeholder world an entirely different name from the one you are restoring.

The next step is to go into the newly created placeholder world's directory and delete or rename the following directories: region, DIM1, and DIM-1 (the main world, nether, and end world, respectively). Once that has been done, copy the same folders from the directory containing the data for the world you are trying to recover and paste them into the placeholder world's save directory.

Once this is done, start the placeholder world from within Minecraft and you should find yourself in the restored world. One thing to note: Any player data you may have had will be lost (you can possibly recover this by overwriting the players directory as well, but I have not tested this). Also note that you will start at whatever initial spawn point the newly created placeholder world set and thus you may spawn underground, high in the air, or in some other strange location relative to where you actually want to be. If you're having trouble finding where to go to find your restored data (due to it not being near the default spawn) you can utilize programs such as Cartograph G to map out the world for reference.

There are probably programs that you can find that will perform this entire backup/restore process for you, but if you happen to find yourself with a missing world and nothing but some backed up files to show for it, hopefully this guide helps.

More information about all of the files and folders contained within the Minecraft saves folder can be found here.

Tuesday, November 08, 2011

Slow SSH and sudo Login (Ubuntu)

I have been annoyed by extremely slow SSH logins to an Ubuntu VM of mine for a while now. Both the login and password prompt displayed quickly enough and there was no delay in keyboard input, however after submitting my password I'd be faced with a delay of somewhere between 10 and 30 seconds. I had begun noticing similar delays when using sudo to switch to root (though these delays weren't quite as long).

My threshold of annoyance was finally crossed this evening and I decided I'd better figure out why this was occurring. Most resources I found online seemed to point in the direction of ensuring "UseDNS no" has been set in /etc/ssh/sshd_config, unfortunately this was not the problem in my case.

After digging around a bit longer, I bumped into a helpful thread on the Ubuntu forums that pointed out the actual problem was likely with PAM.

Making the recommended change by commenting out the following PAM connector in /etc/pam.d/common-session did the trick.

# session       optional                        pam_ck_connector.so nox11

Saturday, June 11, 2011

Perl Errors Installing Net::SSLeay or Crypt::SSLeay from CPAN

I've run into this same problem enough times now that I figure it's worth posting: Attempting to install Net::SSLeay or Crypt::SSLeay via CPAN on a clean system results in a number of unexpected errors despite having openssl already installed. Typicall errors include the following (plus a few thousand more of equal or lesser value):

SSLeay.xs:98:25: error: openssl/err.h: No such file or directory
SSLeay.xs:99:27: error: openssl/lhash.h: No such file or directory
SSLeay.xs:100:26: error: openssl/rand.h: No such file or directory
SSLeay.xs:101:28: error: openssl/buffer.h: No such file or directory
SSLeay.xs:102:25: error: openssl/ssl.h: No such file or directory
SSLeay.xs:103:74: error: openssl/comp.h: No such file or directory
SSLeay.xs:105:25: error: openssl/md2.h: No such file or directory
SSLeay.xs:107:25: error: openssl/md4.h: No such file or directory
SSLeay.xs:108:93: error: openssl/md5.h: No such file or directory
SSLeay.xs:112:26: error: openssl/x509.h: No such file or directory
SSLeay.xs:113:28: error: openssl/x509v3.h: No such file or directory
SSLeay.xs:114:28: error: openssl/engine.h: No such file or directory
SSLeay.xs:134: error: expected â;â, â,â or â)â before â*â token
SSLeay.xs:135: error: expected â=â, â,â, â;â, âasmâ or â__attribute__â before â*â token
SSLeay.xs:136: error: expected â=â, â,â, â;â, âasmâ or â__attribute__â before â*â token

The fix for this is always the same. These modules don't merely require an install of openssl, but instead need a full openssl-devel installation as well.

[root@whatever]# yum install openssl-devel

That is all... Breckenridge!

Thursday, June 09, 2011

Data Recovery From A Single RAID 1 Disk Image

Ran into a situation where there was an important need to recover some data from a long since defunct server. It just so happened that I had an archived bit-level image of one of the two physical drives in the server's RAID 1 array that had been taken sometime before the drives had been reprovisioned.

Not having a very good idea about how to proceed, I did a little Googling and started messing around. I found a lot of partial examples but very little in the way of a concrete guide on how to proceed. As such, I ran into a few hurdles. Hopefully my trials and tribulations in this area will prove useful to someone else who faces a similar task in the future.

[root@whatever]# mdadm --examine hd1.img
mdadm: No md superblock detected on hd1.img.

Clearly I wasn't using mdadm correctly. A glance at the man page and a few examples online got me started in the right direction... I needed to setup a loop device using losetup:

[root@whatever]# losetup /dev/loop0 hd1.img

[root@whatever]# fdisk -l /dev/loop0

Disk /dev/loop0: 80.0 GB, 80000000000 bytes
255 heads, 63 sectors/track, 9726 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0xdd99b711

Device Boot Start End Blocks Id System
/dev/loop0p1 * 1 13 104391 fd Linux raid autodetect
/dev/loop0p2 14 144 1052257+ fd Linux raid autodetect
/dev/loop0p3 145 9726 76967415 fd Linux raid autodetect

Progress! Now that fdisk is able to see the partitions, I assumed I was pretty much finished. Back to mdadm to examine and ultimately assemble the RAID array... except mdadm couldn't find the partitions!

[root@whatever]# mdadm --examine /dev/loop0p3
mdadm: cannot open /dev/loop0p3: No such file or directory

This was unexpected. A quick file listing of /dev showed that indeed the /dev/loop0p* devices don't actually exist. A bit more Googling teaches me that I need to use kpartx to create device maps from the partition table for the loop device.

[root@whatever]# kpartx -a -v /dev/loop0
add map loop0p1 (253:2): 0 208782 linear /dev/loop0 63
add map loop0p2 (253:3): 0 2104515 linear /dev/loop0 208845
add map loop0p3 (253:4): 0 153934830 linear /dev/loop0 2313360

This step creates the loop0p* devices in /dev/mapper/. It is now a relatively simple task to use mdadm to assemble and run the array with a single disk:

[root@whatever]# mdadm -A --run /dev/md0 /dev/mapper/loop0p3 
mdadm: /dev/md0 has been started with 1 drive (out of 2).

[root@whatever]# mkdir /mnt/disk && mount /dev/md0 /mnt/disk

That's pretty much it. Unfortunately at the end of it all it turns out the files I wanted to recover had been purged from the disk before this image of the drive had been taken, so my efforts were largely for naught... But that's another story. ;)

Update 2011-06-10: It turns out I had another image of the same single RAID disk prior to the needed files being purged stored in another location and was able to apply the same technique to recover the files from this image. Success!

Thursday, March 03, 2011

Apache 2, mod_perl, HTML::Mason, "use lib" and "Can't Locate" issues with @INC

Long title, but accurate. This is a short tidbit for anyone who is experiencing errors with mod_perl relating to being unable to locate modules from a directory in @INC specified via a "use lib" statement.

My personal setup involved an Apache 2 directive within a VirtualHost utilizing HTML::Mason that referenced a "PerlRequire" module that in turn added a specific "use lib" path (/var/www/html/lib) to @INC for use of personal libraries within a new site I had been setting up.

Every single syshandler, autohandler, or page referencing any module within the specified path was crashing with an error that Perl "can't locate" the module in question within the known set of @INC paths (which visibly contained the correct path to the modules in question).

Many hours of Googling found numerous answers suggesting file/directory permission errors, however even setting 777 on every directory and file in question resulted in the same failed outcome.

Almost by accident I checked /var/log/messages and saw something similar to the following:

Mar  3 19:09:21 test_server1 kernel: type=1400 audit(1299197361.362:4):
avc: denied { getattr } for pid=1812 comm="httpd"
path="/var/www/html/lib"
dev=dm-0 ino=3342348 scontext=user_u:system_r:httpd_t:s0
tcontext=user_u:object_r:user_home_t:s0 tclass=dir

As soon as I saw this, the light bulb illuminated... This was a new CentOS 5 server and I had forgotten to disable SELinux.

For anyone else experiencing this issue, merely edit /etc/sysconfig/selinux and set "SELINUX=disabled" then reboot, you should be good to go.

The bigger question here is why SELinux would be enabled by default on most servers, but I'll leave that for the philosophers of the world, I've got better things to do.

Wednesday, February 28, 2007

Quick Guide to Router Configuration for Xbox Live

The following table outlines why a NAT setting of "Open" is necessary to properly host games over Xbox Live. This demonstrates which users may connect to and from each other based on their own personal NAT settings.



In order to achieve a NAT setting of open it is necessary to ensure that the following ports are properly forwarded for whatever IP address you have your Xbox 360 configured to use:

  • UDP 88
  • UDP/TCP 3074
  • UDP/TCP 2074

In addition to properly forwarding the preceding ports it is also strongly recommended that your router have UPnP enabled. UPnP allows applications to notify the router of ports that need forwarding on an as-needed basis.

Thursday, July 06, 2006

Malware/Spyware Detection and Removal

"Why is my computer running so slow?" This is probably the single most common question asked of me and one that is typically very easy to diagnose, however the procedure for fixing the problem cleanly is not nearly as simple as those asking for help will typically understand. Admittedly a computer can find itself running slow for a number of reasons, but most typically this is brought to my attention when a user's system has slowed to such a crawl that a simple task such as opening Microsoft Word or their favorite web browser (sadly this is often Internet Explorer) takes several minutes to complete. By this point the most likely problem - throwing all hardware issues aside - is that there are one or (typically) more processes running in the background sucking up precious memory and CPU clock cycles.

Assuming a software issue, which such computer slowdown most often is, the procedure for finding the offending programs (which may or may not include a variety of viruses or malware) is typically the same. Although the directions for setting out on this quest to clean a computer may begin in a straightforward manner, it is a task which will ultimately prove to be extremely time consuming, frustrating, and very often not completely effective.

A great many people erroneously make the assumption that because I spend such a large portion of my life in front of a computer that cleaning up the multitude of viruses and malicious spyware they have contracted and now house within their typically under-powered PC's is something that I, for some reason, enjoy. The truth is that it is by no means more fun for me to do than it would be for them to do it. In fact this is probably one of the more boring tasks I can think of to torture myself with.

Through this throught process and the obvious frustration this guide was born, and if you have been referred here personally please don't take offense, but please do follow the instructions within and learn to solve these problems for yourself as myself, and all those you might ask for such help, have already done and have little or no interest in doing for you (particularly more than once).

Without further ranting and raving I will proceed with my "essential guide" to spyware removal. Please keep in mind that this is only a guide and will not specifically outline every possible keystroke or even every possible approach to solving the many problems you may encounter. This guide will instead provide you with the basic approach to diagnosing and repairing a variety of issues caused by viruses and malware.

Contents
1. Overview
2. Safe Browsing Techniques
3. Essential Software
4. Process Identification
5. Browser Hijacking
6. Spyware Identification and Removal
7. Virus Identification and Removal
8. The Final Touches
9. Continued System Maintenance
10. Conclusion

1. Overview
Please note that this guide is intended for those using a Windows based operating system, in particular this guide focuses specifically on Windows 95, 98, ME, and XP systems.

It is important to recognize up front that the procedure for diagnosing and repairing any software problem on your computer relating to a virus or other malware will most likely not be brief. Please be prepared and allow enough time to follow through with the cleanup process completely or you will find your computer back in equally bad shape (or worse) in just a short time. How much time, you ask? "Enough" time. This could take many, many hours or even days depending on how far you have let the problem slip, so don't bother even getting started unless you plan on finishing or you will just have to start from square one again later.

2. Safe Browsing Techniques
Before delving into the procedure for correcting any problems you may have, I feel it is important to first discuss how to prevent such problems from ever happening in the first place. With proper browsing techniques and e-mail management you should be able to avoid almost every possibility of infection in the first place and be able to quickly and easily deal with any minor problems that might come up.

The selection of a decent web browser should be your first concern. I strongly recommend Mozilla Firefox (see Essential Software below). Firefox is an outstanding web browser with all the bells and whistles you'll find with Internet Explorer (IE) but without any real risk of browser hijacking or the other countless security issues with IE. Whether you have any problems or not you should switch to Firefox (and this is even more true if you already have problems).

Obviously another obvious risk to your computer comes from the many e-mails you receive every day. These e-mails (even those from people you know and trust!) present a risk of causing great harm to your computer if they are allowed to run scripts or execute programs sent as attachments. You should always configure your e-mail client to disable images, javascript, activex, or any other possible automatic code execution and it is also highly recommended that you disable the extra viewing pane in the lower half of most e-mail clients (the pane that lets you view a preview of the e-mail before opening it). You should configure your client so you can delete or filter unwanted messages without ever having to view them in the preview pane.

Finally, all the correct browser and mail client software in the world will be helpless to protect you if you insist on ridiculously poor browsing habits. You should NEVER download or execute an e-mail attachment from an unknown source. Also, you should almost NEVER download one from a known source unless you know exactly what you are receiving and were expecting it. All too often people open e-mail attachments from known friends and quickly find themselves infected with a virus. Even e-mail attachments that look harmless should be avoided at all costs. It simply is not worth the risk to your computer to open some stupid little attachment a friend may or may not have intended to send you (remember, many viruses spread themselves by automatically generating e-mails from an infected host to everyone in their contact list!).

The same rules of common sense apply to browsing the web. If something looks unsafe or too good to be true, it probably is. Don't click on stupid advertisements within web pages or pop-ups! There is simply NO REASON to do so! Don't browse within websites that contain questionable or blatantly illegal content. Doing so will almost guarantee an encounter with some form of malware and no one is going to feel sorry for you or be interested in helping you with your problem when it was your own obvious lack of concern that caused the problem in the first place.

Just remember that you were warned... Use common sense or don't, but don't come crying to me or anyone else when you find yourself up shit creek without a paddle.

3. Essential Software
This section will identify what I consider the essential software for diagnosing and repairing problems with your system in relation to any sort of malware infection. This list is by no means comprehensive, but it is expected throughout the following sections that every piece of software listed here has been properly installed and updated before proceeding. I won't go into great detail about the function of each program here as this information will be presented as needed throughout the following sections.

* AVG Anti-Virus (FREE EDITION)
This is a totally free virus scanning program. It is excellent (you'll find it is superior to Norton or McAfee).
http://free.grisoft.com/freeweb.php/doc/2/

* Mozilla Firefox
A better solution than Internet Explorer for web browsing (in most situations).
http://www.mozilla.org/products/firefox/

* HijackThis
Used to detect/remove browser hijackers.
http://www.merijn.org/files/hijackthis.zip

* CWShredder
A utility for removing CoolWebSearch (a nasty bit of spyware/adware)
http://www.intermute.com/spysubtract/cwshredder_download.html

* Lavasoft Ad-Aware
Use this (free version) of Ad-Aware to detect/remove a LARGE number of spyware apps.
http://download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button
That link is for downloading directly, if you have trouble the home page is:
http://www.lavasoftusa.com/

* Spybot Search & Destroy
Use this to detect/remove another large amount of spyware apps, and keep in mind that this and Lavasoft Ad-Aware target DIFFERENT things, so BOTH are needed to stay as clean and safe as possible. Also note that Spybot has other features like "Immunization" that should be used to detect and prevent future infections of various malware.
http://www.safer-networking.org/en/mirrors/index.html

* Merijn.org
Although every app on this page is not required, this website has MANY utilities for cleaning up your computer (removing spyware, etc.). I won't go into tons of detail about it because the page itself is detailed enough, but the most important applications to get have already been listed above.

4. Process Identification
The first step in identifying your problem is to identify all processes currently running on your machine and determine which of those are required, optional, and outright malicious. To see what processes are currently running you need to bring up the Windows Task Manager. This can be done either by pressing CTRL-ALT-DEL (and, in some cases then selecting "Task Manager" from the pop up) or by clicking "Start >> Run" and entering "taskmgr" (without the quotes, of course).

From the "Processes" tab within the task manager you will see a list of every visible process running on your system. Your first task will be to take each and every "Image name" (process name) and perform a Google search on it. Keep a text file or piece of notebook paper handy to write down every single process (EXACTLY as it appears in the process list), it's function, and whether or not it is essential for proper operation of your computer. You will be much happier in the long run if you do not skip this step as any future examination of your process list will only require research on those processes which are new to the list.

I realize the instruction here is vague, so I will give an example of a process that everyone should find in their list: "svchost.exe". A quick Google search of this brings up a very long list of results, one of which being "svchost.exe Windows process - What is it?". I would strongly suggest if the search for a given process returns many results that you check a few pages for information on the process to get a good understanding of what it really does and whether or not you need it. Don't be tricked into paying money to these sites to download software to remove any problems, we'll get into fixing these problems later, for now the goal is to merely identify them.

Anyway, back to svchost.exe... you'll see from many of the Google results that svchost.exe is a "Generic Host Process for Win32 Services" and is integral to the functionality of your computer. This is a safe process and most likely is not malicious unless, as you will see from some of your results, the file "svchost.exe" is found anywhere on your computer OTHER than your windows system32 folder (typically "C:\Windows\System32\"). Found elsewhere in your directory structure this file is very likely a virus. Typically this file will be the legitimate copy (from your System32 directory), but if ever you're not sure about a process take the time and look into it, but don't be in too much of a hurry to start deleting anything or killing processes until you understand their function within your system.

As you're probably beginning to see, identifying true problems may take a few steps and involve a bit of research. You will probably spend a fair amount of time researching every single active process running on your system and this is exactly why I suggested taking notes. Research, research, and then research some more and when you think you have found a process that is a problem do even more research on that particular process using Google searches and I can guarantee a solution will be found. You may get the feeling that this is a lot of work and want to call someone more knowledgeable to come help with your problem but keep in mind it is going to take them just as long to research it and they are going to care far less than you do if a solution is ever reached (or they will be charging you for the time, either way you should really try to solve it yourself).

Once you have identified all malicious processes you should continue your searching to find methods for killing and deleting these specific processes (many will restart automatically when you kill them!). Some of these processes may be best dealt with at this point, however if some are common enough viruses they will be removed by the steps below. Simply keep in mind which processes you took care of here and which still remain and return to this step following step 8 below and continue researching and hunting for removal methods at that point. Please also note that if you do ultimately finish removing some of these processes and their root causes after returning here from step 8 then it is best to again run through all the other steps to ensure a true cleaning is performed (don't worry, it will be much faster the second time around).

5. Browser Hijacking
Browser Hijacking refers to any malicious attempt to disable, take control of, or to otherwise cause your web browser to function in an unintended way, usually in a very destructive fashion. Symptoms of browser hijacking are additional icons on your toolbar that you do not recognize, automatic opening of a web page or pages that you do not recognize or have never intentionally set as your home page, popping up of additional browser windows without prompting from you, or any other strange or unusual browser behavior that seems unexpected and happens repeatedly.

The first solution to solving most browser hijacking problems is to stop using Internet Explorer (IE). IE has so many security flaws it really isn't worth my time to get into any specifics here, so simply do yourself a favor and use Mozilla Firefox.

Once your browser (IE) has been hijacked this may begin to cause other system problems due to the way IE is integrated with the OS. Read up on and use the tool entitled "HijackThis" (above) to perform a scan of everything associated with your browser. This tool can be used to remove entries that are found to be malicious and, if they return, can at least be used to identify them for further study.

Using HijackThis you should go about researching everything hooked into your browser in the same manner as you researched processes with the task manager above. As you build up your knowledge base and understanding of these things this will take less time and you will become more confident in your ability to understand your computer and how to keep these things from taking hold in the first place.

6. Spyware Identification and Removal
Spyware comes in many forms and it is difficult to provide a complete comprehensive guide to the removal of every possible variant. I can, however, point you towards the tools and applications that will have the most effect at removing such unwanted software.

Before you even begin to attack the spyware situation on your computer it is extremely important that you first disconnect yourself from the internet. Of course, you should be sure you have downloaded all the recommended software above. If you're not exactly sure how to disconnect (i.e. you're using cable internet or DSL through a router which keeps the connection alive always) then you should just reach down and disconnect the network cable from the back of your computer. It's the cable that resembles a phone coord except the connector is slightly wider. If you're really not sure which one to pull, read this for a description of what an RJ-45 cable looks like. Once you are safely disconnected from the Internet you may proceed.

The first application to run is Lavasoft Ad-Aware. This is a program that does an excellent job of removing a large variety of spyware from your computer. The first time you run this it may find and attempt to clean a fairly large list of problems, however subsequent runs of the program should find far less. This should be run at least once before moving on. It should also be mentioned (and will be discussed in more detail later in this document) that this application should be kept up to date and run weekly or, at the very least, monthly following the complete cleanup of your system to ensure that future problems are kept under control.

After you have finished with Ad-Aware you should run Spybot Search and Destroy. This program can be used to detect and remove a different subset of spyware tools that may be installed on your system. This may seem like a redundant step but I assure you it is not. Many of the spyware applications out there will be detected only by Spybot and not Ad-Aware and vice versa.

Having run both of those applications a few times each (twice will do) you may notice a few lingering problems that simply will not go away. You have two options, the first of which is to reboot your computer in safe mode (Google this if you aren't sure how to do it, it isn't very hard) and run both programs again. If you still can't seem to get the problems resolved in safe mode then you need to take the second option which is to make a very detailed note about the spyware that was irremovable to research again later when you have reconnected to the internet. It is very likely (almost guaranteed) that others have had the same problem you had and a quick Google search will bring up the desired answer.

I strongly suggest you continue on with the following sections before opting to reconnect to the internet as there are other important things to be done before you expose your computer (and whatever Trojans might be installed) to the Internet again.

7. Virus Identification and Removal
Like spyware, it is always best to attempt to remove all viruses on your computer while still disconnected from the Internet. After you have confirmed you are no longer connected you should fire up your copy of AVG Anti Virus. Given that this program comes in a version that is completely free to use and the fact that it provides better virus scanning than Norton or McAfee I can say without hesitation that it is truly outstanding and you'd be a fool not to use it. If you have other virus software that you prefer, feel free to use it, however I simply don't see much use for other virus software (especially if you have to pay for it).

I won't go into the details of how to use AVG since there is enough information out there (and with the program) that it should be fairly self-explanatory or at least easily accessible. Your main goal at this step of the cleanup process is to perform a complete system scan. This will take a long time and, depending on your system specifications, could take so long that it's probably best to go read a book, have dinner, watch some TV, sleep for 8 hours (slower systems only), and come back to see the results. Ultimately this will scour your computer for any known viruses and attempt to clean them or quarantine them. All joking aside, this step will take anywhere from 20 minutes to several hours depending on the size of your hard drive(s) and your CPU clock speed.

As with spyware removal, I strongly suggest running this twice before proceeding. If stubborn viruses cannot be removed this should also be run from safe mode. Following your final run of the program you should again make very detailed notes about viruses that simply could not be removed for whatever reason. This information will be what you need to find out how to perform manual removal of these viruses after you reconnect to the Internet again.

8. The Final Touches
Okay, you've examined and cleaned up your process list, removed any browser hijackers, found and removed as much spyware as possible, and also removed most or all of the viruses present on your machine. You are now ready to once again reconnect to the Internet. Keep in mind when you get back onto the Internet any problems that you had before starting this expedition. Probably the worst thing you can do at this point is fire up IE. Since IE was probably the start of your problems anyway, do yourself a favor and do any further research that needs to be done using Mozilla Firefox.

Before going back to your lifetime of web browsing and checking e-mail you should first take your lists of both remaining spyware and remaining viruses and begin (using Firefox!) to search Google for information on manual removal. Unfortunately this is another area where you will be on your own since there are so many possibilities I couldn't possibly cover them all here, but rest assured that all your questions will be answered in some form somewhere out there. It is highly unlikely that you will happen to stumble upon a virus that has never been seen before. Someone out there has been or is still in the same boat you are and the incredible knowledge base that is the Internet will have the information you need.

9. Continued System Maintenance
By the time you reach this point you should have your system pretty well cleaned up. I can safely say that the single most frustrating aspect of helping friends and family clean their computers of all the problems mentioned within this document is that they have nearly no appreciation for what a gigantic pain in the ass it was to get the job done. Within weeks (sometimes even days!) of completing this cleanup process I'll come to find out that the system is back in the same state of disrepair as it was before I wasted hours fixing it.

Since you have now struggled on your own through all the trials and tribulations of doing this all yourself I probably don't need to tell you why a little continued maintenance is worthwhile. If you're like me you will have arrived at this point and now find yourself hoping you will never have to go through anything so horrible again. Rest easy, with the correct maintenance routine you never will.

The same software you used to get yourself here is the same software that will keep you from having to do this again. Ensure that you keep both your spyware removal tools up to date and run them weekly (or monthly, depending on need). The same goes for your virus scan. This should be performed at least weekly and can even be scheduled to run when you are sleeping.

Keep all of the safe browsing and other common sense Internet usage information mentioned above in mind when you are using the Internet. Sure, it may be funny to open that stupid attachment from your friend, but after having gone through the hell of cleaning your system hopefully you now realize that the attachment certainly wasn't worth the hassle.

Finally, you really should take a look at the Tweaking Companion at tweakguides.com. This document provides the most comprehensive information on the cleaning, tweaking, and overall understanding of your system than any other source I have ever encountered. I could write an entire article on how excellent that guide is (but why don't you just go read it for yourself?). While I guarantee that few that glance at it actually take the time and effort to put it to use, those that do will learn quite a bit and have the added benefit of being able to get the most out of their computer.

10. Conclusion
If you have read this in whole then there is little else I can do to help you. In truth, you don't even need this guide to find the answers you seek and to get everything that doesn't belong in your computer out of it. You only really need a safe browser (hopefully on a clean computer) and a connection to the Internet. Everything that is presented here can be found in even greater detail elsewhere. Use this as sort of roadmap to begin your journey towards scouring the garbage from your computer, it is only intended as such.

Good luck!