Page 1 of 3 1 2 3 LastLast
Results 1 to 10 of 21

Thread: Guide to removing spyware/adware/malware

  1. #1
    Join Date
    Apr 2004
    Location
    Nottinghamshire, England
    Age
    36
    Posts
    262

    Guide to removing spyware/adware/malware

    Due to the recurring nature of threads on removing such things I thought it may help to provide a list of possible courses of action to take, starting with "quick and easy" and moving onto "more complicated and last resort". Also, hopefully I can cover some prevention as well as cure.


    Cure

    1] If you do find yourself the victim of spyware/adware your first port of call will probably be a program like Ad-Aware (available from http://www.lavasoftusa.com/software/adaware/) or Spybot (available from http://www.safer-networking.org/en/index.html). These are simple to use programs that can scan your hard disc to remove malicious cookies and registry keys. While one or the other may sometimes miss the odd thing, between the two they will pick up on most. Spybot can also be used to "immunize" your system to help protect against future infection.

    There are also other programs available that work in a similar vein, including:

    Zero Spyware

    Spyware Blaster

    HiJack This

    CWShredder - A specialist program for removing "Cool Web Search".


    2] If all the above fails, you may find yourself in a position where you need to try doing something manually. First check the "Add/Remove Programs" in the Control Panel. You may find some things that have downloaded themselves into there and be able to remove them. Alternatively there may be some new directories appeared in your "Program Files" directory.

    3] Last Resort, don't do this unless you know what you're doing or can follow these instructions without making up your own variation of them. Failing any of the above working you may get down to having to take a trip into your Windows directory. Obviously we're now wanting to be very careful.

    Adware/Spyware tends to download itself into the System directory. If you look in there you'll notice it's packed full with files, so how do we find the ones that shouldn't be there? Basically we rely on the fact that the spyware ought to be the most recent addition:

    a] Select the "detail" view if you haven't already (it's default on mine), and order by date last modified. Any file from 2004, search for the filename in google. If you can't find it on reputable, and most likely microsoft/windows based sites, it's most likely spyware.

    b] Don't forget the names of these files. It's not over yet. You will have to write them down/print them out. Then reboot into safe mode with command prompt/console, and delete them. Windows will not load them into memory, so you'll actually be allowed to this time.

    c] Now, reboot. The references to the file may still be in your registry, but the data from the actual files is gone. Next, run regedit. Search the registry for those filenames, and delete any keys that come up with that value. And I do mean just delete 'em. You will find from one up to four keys (possibly 8 but that's just stupid) with it.

    d] Reboot again, Go get a beer you're done.


    If you still have spyware after all that then something is seriously amiss.


    Prevention

    Of course, prevention is better than cure and in the case of malware there really is nothing better than sensible usage. You can be fine using Internet Explorer with no virus checkers, firewalls or spyware blockers.

    If windows pop up asking you things, READ what they say before clicking "Yes" and don't download software that you don't know can be trusted (including things like Kazaa) - those two simple guidelines will stop most of your problems. Also if you only visit one or two sites for the main part, consider adding these to a "safe list", then upping your privacy level. This will tend to block more things, both malicious and innocent, so can be annoying if it happens all the time, hence adding the most used (and hopefully trusted) sites to a safe list.

    Don't open email attachments unless you know both the sender and what the attachment is. Remember to check for double file extensions, as although you may know not to download .exe, .pif, .bat etc sometimes you may miss if the files are named things like .gif.exe or .txt.pif. Also be aware that html files as attachments are potential security risks. With a html attachment you can easily embed an inline frame within it that will execute some malicious code on being opened.

    Secondly, consider using a different browser to IE. The problem with IE is that it has something called ActiveX, which basically gives the internet a DOS prompt window on your computer (not a good idea). You can make IE considerably more secure by going to the internet options and then unselecting the option to "Allow third party browser extensions". This will stop things like flash working, but it all depends whether you value prettyness or security more.

    On the other hand, browsers like Mozilla will still let flash run, but don't give out the same ActiveX box to the whole world. Running such browsers as Netscape, Mozilla or Opera you will find yourself much more secure.




    Thirdly, and back on the topic of browser extensions, realise that anything you add to your browser may open up a security loophole. The google toolbar was a classic example of this - while it may have stopped some annoying pop-ups it also opened up some really serious security risks at the same time. Try to work along these guidelines with browser extensions:

    - only install what you REALLY need.

    - keep an eye open for reports on the internet about problems with them becoming known (like when reports about google toolbar problems came out). A good place for these is http://www.greymagic.com/security/advisories/

    - keep them updated so that any security problems found can be fixed asap.

    - remember that this also includes things like Winamp plugins or other extensions that connect to the internet... not just browser add ons.

    Finally, get a firewall. There are a number of free software firewalls that will provide quite a lot of protection against traffic you havn't allowed passing to and from your computer and the internet:

    Zonealarm is available from http://www.zonelabs.com/store/content/home.jsp

    Kerio Personal Firewall can be got from http://www.kerio.com/kpf_home.html

    Sygate can be obtained from http://soho.sygate.com/default.htm.

    Panda information, and download links
    http://www.pandasoftware.com/products/platinum_is2005/


    Software firewalls are not as good as hardware ones, but those are free and should provide enough protection for day to day use.




    Hope that has been of some help, and good luck with staying free of malware.
    Last edited by Tau; August 16th, 2005 at 09:13 PM.


    Any Science Teachers out there looking for electronic resources / tutorials try::
    ScienceMedia

  2. #2
    Join Date
    Dec 2003
    Location
    Massachusetts, USA
    Age
    40
    Posts
    2,448
    just wanted to add that another program that I have found extremely helpful is SSI (System Spyware Interrogator) . It's an on-line program that does require to "read" your computer to find spyware, but it's free and gives detailed instructions on how to remove each one of the offenders.
    Valerie


    thanks Faeawyn for the banner
    astrology forum guide

    ... don't say I didn't warn you.
    ------This is my adopted smilie, I found him passed out on the floor.

    How can you say that a oak is more beautiful than an elm, or the mountians more beautiful than the ocean? Everything from the Goddess is beautiful in its own way, but not everyone is going to see the beauty. Don't spend your lives being the mountian that longs to be the ocean.


    owner of Random Quote 1419

  3. #3
    Join Date
    Jun 2004
    Age
    50
    Posts
    325
    Here are just a few links I have collected that should provide some added benefit to this thread even with a few being dupes to links already posted.

    Spyware Software

    AdAware

    SpyBot Search & Destroy

    SpywareBlaster

    HijackThis and CWShredder

    CA's eTrust PestPatrol - Online Scanner IE4.0 or higher required




    Anti Virus Software

    AVG Anti-Virus

    Trend Micro HouseCall - Online Scanner

    Computer Associates eTrust EZ Antivirus - Online Scanner IE4.0 or higher required

    Secunia Online Antivirus - Online Scanner ActiveScan requires the browser Microsoft Internet Explorer 4.0 or later version




    Firewalls

    Kerio Personal Firewall

    Zone Alarm

    Sygate

    GRC's ShieldsUp - Online Firewall Test

    McAfee Internet Security Suite

  4. #4
    Join Date
    Sep 2004
    Location
    WI
    Age
    46
    Posts
    123
    Nuh uh. I do not recommend installing Spybot. I had it once, used it and it rearranged my registry! Not a good thing if you want to really keep your pc clean. I do however agree with ZoneLabs. I trust them and have used their products for years. They also carry a program called PestPatrol. I bought it yesterday and I just love it! It cleans up spyware cookies and removes them. I had cookies from April on mine! As for malware and adware, I stay away from adware as much as possible. I use Avast for my anti virus and it runs in the background on my pc. If there is a virus, it will tell you exactly what to do. I also highly recommend CCleaner, which literally cleans the crap off your hard drive. MMHCleaner gives you control over your start up programs. PestPatrol was purchased by ZoneLabs and can be downloaded for 29.95 at www.zonelabs.com The other two are freeware, with NO ads.
    Here are links to access these.

    http://www.ccleaner.com/
    http://mmhsoft.click-now.net/programs/mc/index.html

    SinniesPSPGoodies-
    Celeb tubes, Incredimail stats and sig tags.

  5. #5
    Join Date
    Apr 2003
    Location
    Midwest USA
    Age
    35
    Posts
    951
    I just wanted to add that the best Spyware prevention/scanner/remover program I have ever found is Webroot Spysweeper. You can download a trial version at http://www.webroot.com/ but it costs $30 to register. I had a very bad and very hard to remove spyware program called Backweb. I tried EVERYTHING to remove this program and then I found Webroot Spysweeper. I downloaded the trial, updated, and scanned. It immediately found Backweb and completely removed! :D Needless to say, I was hooked and went out and bought it as soon as I had the money!

    Also, if you download any kind of anti-spyware program, make sure you update it as soon as you are done downloading it. Also, update these programs at least once a week. Without updating them, you won't be fully protected.

  6. #6
    Join Date
    Apr 2001
    Location
    Upstate NY
    Age
    40
    Posts
    5,523
    Here's a web site that walks even the most novice of users through a security procedure known as:

    http://www.securitytango.com/

    The Security Tango. It's a good, informative page for people wanting to learn from an expert-type guy.

  7. #7
    Join Date
    Nov 2004
    Posts
    417
    Here's how I've kept my computer spyware-free for about 2 months, now.

    First, backup whatever programs you want to keep, including the files you like, as long as no spyware is included.

    Next, format like hell.

    Reinstall windows.

    The FIRST THING you do, is open IE and download Firefox. Firefox is a beautiful, beautiful thing. All you have to do is go into the options of Firefox and tell it not to let pages download things onto your computer. And it works! The only thing is that certain flash games won't work. Simple solution - open IE and cut 'n' paste the URL into it for that one site. That's all.

    Then you can put your things back into your computer or keep them on disk, your choice. Firefox works so well for me. No spyware at all, really, I tell you what.

    Honestly, this has worked for me. As long as you don't use IE, you're fine.

  8. #8
    Join Date
    Dec 2004
    Location
    the World
    Posts
    2,557
    I have Internet explorer and now whenever I open it up..there's a blue tabbed bar on the bottom and under favorites there are listings of folders that weren't there before...help

    "One should examine oneself for a very long time before thinking of condemning others. " - Moliere

    "Never be bullied into silence. Never allow yourself to be made a victim. Accept no one's definition of your life; define yourself. " - Harvey Fierstein

    We must be willing to get rid of the life we've planned, so as to have the life that is waiting for us." - Joseph Campbell (1904-1987)

  9. #9
    Join Date
    Apr 2004
    Location
    Greencastle IN
    Age
    27
    Posts
    3,220
    ughhhh I hate explorer, Long Live FireFox

    also if there the adaware/spyware has caused damage to your registry you can use a certain program that if im not mistaken, is called RegiAid
    Tsalagi Nvwoti Didahnvwesgi Ale Didahnesesgi
    (Cherokee medicine practitioner of left and right hand paths)
    anikutani.stfu-kthx.net - The Anikutani Tradition

  10. #10
    Join Date
    Apr 2004
    Location
    Nottinghamshire, England
    Age
    36
    Posts
    262
    Quote Originally Posted by bladeraven
    I have Internet explorer and now whenever I open it up..there's a blue tabbed bar on the bottom and under favorites there are listings of folders that weren't there before...help
    Sorry it's taken a long time for anyone to respond to this. Firstly, this thread is more a 'tutorial / help guide' than a help thread for specific problems. A separate thread may have been more applicable for that.

    Secondly, onto the problem:

    a) Have you tried running SpyBot? That's the thing most likely to help you successfully and easily.

    b) Have you read the first post in this thread? It runs you through step-by-step a number of ways of getting rid of spyware, from automatic programs to having to do it manually.


    As far as getting rid of the links goes, that's just a case of managing your bookmarks and deleting them like you would a file.


    This problem has most likely occured because of a wonderful thing called activeX that IE likes to let run without checking whether it's malicious or not. Using activeX I can make a webpage open up your CD drive, download and install spyware without you knowing it, or even have a good go at formatting your hard disk.

    For that reason alone, if nothing else, please consider STOPPING using Internet Explorer, and switching to another browser like Netscape, Firefox or Opera. These will stop the malicious activeX code from running and the only 'spyware' of any kind you'll encounter after that will be tracking cookies.


    Any Science Teachers out there looking for electronic resources / tutorials try::
    ScienceMedia

Page 1 of 3 1 2 3 LastLast

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •