Techware Labs Header

Forums have moved

See this announcement for more details, or just go directly there.

  #1  
Old 06-18-2004, 02:15 AM
Keefe Keefe is offline
Administrator
 
Join Date: May 2002
Location: Wisconsin
Posts: 2,337
Send a message via ICQ to Keefe Send a message via AIM to Keefe Send a message via MSN to Keefe Send a message via Yahoo to Keefe
Default Spyware Removal Guide

What is Spyware?
-Well, in the words of Patrick Kolla, "In easy terms, spyware is software that transmits personally identifiable information from your computer to some place in the internet without your special knowledge."

What is Adware?
-Again, in the words of Mr. Kolla, "Adware is also often a side-effect of spyware, as both monitor you for a sole purpose – delivering you advertisement that is especially tailored to your habits."

What is Hijacking?
-In the words of Mike Healan, hijacking is where the browser settings of web surfers are being forcibly hijacked by malicious web sites and software which modifies your default start and search pages.

Spyware/Adware and Hijacking can harm you computer in various ways, such as annoying popups (that appear even after you disable windows messenger service), browser hijacking, strange slowdowns, etc.

How can I check my system and remove spyware/adware from my computer?
-Please perform the following steps to clean your computer of spyware, adware and other hijacks. All programs listed are freeware, save adaware and spywareblaster which is free only for personal use and spywareblaster is also free for educational use.

Note: This guide assumes you are running Internet Explorer 6 SP1 with all updates and you have performed windows update and applied all critical updates. You need the Visual Basic 6 runtime libraries to run some of these programs. Most systems already have this, but should you get an error about MSVBVM60.DLL missing, get the libraries from Microsoft here.

Make sure to delete your temporary internet files from IE and empty your recycle bin before you make these scans. Not doing so can increase the time needed to scan greatly.

The most popular files are available in their original form (i.e. you can use 'Run program from this location'), as well as a zipped form. You can open zipped files with a program like WinZip.



1. - Download LSP-Fix and Winsock Fix in case you cannot access the internet after removing certain pieces of spyware/adware.



2. - Run CWS smartkiller removal tool.


Optional: I would recommend downloading, installing, and running the update utilities in the programs of steps 3 - 7, then restart your system into safe mode and unplug your NIC to run the scanners and fixes. I would then restart into normal mode and run them again before proceeding to step 7.

3. - Run CWShredder



4. - Run Spybot Search & Destroy.



5. - Run Ad Aware


Note: Steps 6 - 13 are meant to prevent reinfection, not remove current infections!

6. - Run Spyware blaster



7. - Install IE-SPYAD which is similar to spyware blaster, except its a registry patch, and serves to block many attempts at hijacking, unauthorized installation of spyware, script based popups and bad cookies. IE-SPYAD is updated about once a month, so check with them often. You should run both spywareblaster and SPYAD.



8. - Make sure your AntiVirus is up to date and do a full system scan. If you have no antivirus or your subscription has expired, you need to get AVG which is a freeware antivirus that some people say rivals NAV. If you don't wish to install an antivirus program, try using Trend Micro's free online scan.



9. - Make sure your firewall is up to date (to test your firewall, visit http://www.grc.com and run shields up!) and if you have no firewall, you need to get something like Zone Alarm.



10. - Check your IE explorer settings (Tools>internet options>privacy) to make sure privacy is set on at least medium and security setting (Tools>internet options>security) is likewise and reset your homepage manually.



11. - A good deal of spyware and other malicious programs including the coolwebsearch use exploits in the Microsoft Virtual Machine. MS, due to judicial reasons, has stopped updating the MSVM. You can avoid allot of spyware by moving to the the Java Virtual Machine by Sun from the MSVM. download Java Virtual Machine , make sure you set it as your default virtual machine.



If you are still having problems, download HijackThis and Please highlight all that is posted in this program after running it, and then copy and paste the contents into your Reply in the same post where you originally asked your question. After you run hijackthis, run startuplist, and post it also. As a result, false positives are imminent and unless you are sure what you're doing, you should always consult with knowledgable folks (e.g. the forums) before deleting anything.

Note: Rember to keep all of these programs updated and run Spybot, Adaware, and CWShredder scans/fixes at least once a month. In the meantime try Firefox which is a great alternative to internet explorer that usually has less problems with spyware and hijacking.

We all need to thank Patrick Kolla (whose spybot database was stolen and turned into nonfreeware software by people who sought to make money off of his work), Merijn (especially this guy, since he gets blamed all the time for creating coolwebsearch), and others for creating and maintaining these excellent freeware tools.

Note to mozilla users
No need for life long mozilla/firefox users to perform steps 2, 3, 9.

If everything above fails,
_____________________________________________________________

MANUAL SPYWARE REMOVAL, the following steps were created by Ness.

First off, close any programs you have open. Copy this post to a text file and save it so you don't have to open IE while you are doing this. That could re-launch the spyware. Get a piece of paper (or in the same text file) and write down any names of programs, companies, urls... etc that are pissing you off.


Step One: Start >> Run >> MSConfig. Goto the "startup" tab, and uncheck anything you don't recognize or that you recognize as the offending progarms. It's okay if you accidently turn something off that you want, you can turn it on again later.

Step Two: CTRL + ALT + DEL. Select the processes tab, then click to sort by username. Kill any process you don't recognize running by your username. You should only have open explorer.exe, since I told you to close everything else. You might get two processes with the same name... if you close one, the other will open it back up. If you get this, restart and try it again.*

Step Three: Start >> Control Panel >> Internet Options. (DO NOT OPEN THIS FROM IE. YOU SHOULDN'T EVEN HAVE IE OPEN!!) Click "Delete Files" Then click "Settings" and then "View Objects". Delete any objects you don't recognize. If you delete something that is okay, it's alright, it will just download again next time you need it. While you are in here, type in the address you want for your homepage, but do not surf there to get it. If the URL is too long to type, just put it yahoo or something for the time being.

Step Four: Restart. At this point, you should have stopped the spyware from running all by itself. You should be able to restart without it starting up. If this is not true, start over. You missed something. When everything is good, move on.*

Step Five: My Computer >> (System Drive) >> Program Files. Delete the folders and files of anything you don't recognize, or anything you recognize as the offending program. At this point, you should be able to safely run IE, so if you don't recognize something, you can google the name and see if anything turns up about it.

Step Six: Start >> Run >> Regedit. Remember the list I told you to make? Search the registry for all of those terms and URLs. Delete any offending keys, or if they seem to have modified data (such as modifying the http:// prefix setting to be their URL) change it back to what it should be.*

Step Seven: Once again, restart. Again, you shouldn't have any spyware running and things should be fine now. There may be a few pieces of junk left over, but they won't do anything to you without the rest of their programs. *



For every step that ends with a "*", You MIGHT want to run spybot/Adaware/etc AFTER you complete the step, to save you a little work.

This is how you manually remove spyware (and many other programs, for that matter.)

If you have no idea what I mean at any point, you probably don't know what you are doing and you should learn about that before you try this.

This SHOULD work for all versions of windows 98 and above.

Source: Schadenfroh
__________________
It's crazy I'm thinking, just knowing that the world is round.
-http://www.techwarepc.com/ - The Technology Experts
Reply With Quote
  #2  
Old 06-18-2004, 02:26 AM
Jason425 Jason425 is offline
Lab Master Techie
 
Join Date: Sep 2002
Location: The Matrix
Posts: 7,353
Send a message via AIM to Jason425 Send a message via Yahoo to Jason425
Default

good stuff.. it's always sad to see "search bar" and "weather bug" at work.....
__________________
Dell Inspiron 1420 in Midnight Blue - Intel Core2Duo T7300 2.0GHZ/4MB - 2GB Ram - Nvidia 8400 GS 128mb - DVD/RW - 160GB 7200RPM - 14.1" Antiglare - Intel 4965AGN - Bluetooth 2.0 - 2MP Webcam - Vista Home Premium
2005 Mazda3i in Strato Blue
http://www.jasondsmith.net

Reply With Quote
  #3  
Old 06-19-2004, 04:31 PM
Cannon
 
Posts: n/a
Default

yea... it is really sad i can't stand it
Reply With Quote
  #4  
Old 06-19-2004, 06:40 PM
Prometheus Prometheus is offline
Chronique Technique
Lab Master Techie
 
Join Date: Sep 2002
Location: Bellingham,WA
Posts: 3,058
Send a message via AIM to Prometheus
Default

Damn Keefe beat me to it.
Reply With Quote
  #5  
Old 05-21-2006, 07:09 PM
ninikins ninikins is offline
Techie
 
Join Date: May 2006
Posts: 137
Default

The whole search bar spy CR*P is too sad for words really, I wish that they would at leats come up with something a bit more creative. or maybe not rather.
Reply With Quote
  #6  
Old 05-21-2006, 07:50 PM
Jason425 Jason425 is offline
Lab Master Techie
 
Join Date: Sep 2002
Location: The Matrix
Posts: 7,353
Send a message via AIM to Jason425 Send a message via Yahoo to Jason425
Default

All they care about is making it just attractive enough to make someone click the link - then it's all over
__________________
Dell Inspiron 1420 in Midnight Blue - Intel Core2Duo T7300 2.0GHZ/4MB - 2GB Ram - Nvidia 8400 GS 128mb - DVD/RW - 160GB 7200RPM - 14.1" Antiglare - Intel 4965AGN - Bluetooth 2.0 - 2MP Webcam - Vista Home Premium
2005 Mazda3i in Strato Blue
http://www.jasondsmith.net

Reply With Quote
  #7  
Old 07-17-2006, 06:21 PM
ninikins ninikins is offline
Techie
 
Join Date: May 2006
Posts: 137
Default

good guide, this. just taken a look. thanks for posting it.
Reply With Quote
  #8  
Old 07-17-2006, 11:35 PM
Tyler Tyler is offline
Platinium Techie
 
Join Date: Jan 2005
Location: Edmonton, Alberta, Canada
Posts: 1,078
Send a message via AIM to Tyler Send a message via MSN to Tyler
Default

It's really sad that internet users have to result to to doing all that these days.
__________________
Microsoft believes in making computing easier! What could be easier for consumers than having only ONE choice of software?!?
Reply With Quote
  #9  
Old 10-19-2006, 04:43 PM
SirMango SirMango is offline
Junior Techie
 
Join Date: Oct 2006
Posts: 4
Default

Nice guide there, Keefe!
Other spyware software, in addition to on the list, you can use to scan could be:
1. AVG Anti-Spyware 7.5
2. a-squared Free
3. Spyware Terminator
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 06:11 PM. Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Forum style by ForumMonkeys.