Tut on Spyware/Adware/IE/General Inet removal
Results 1 to 5 of 5

Thread: Tut on Spyware/Adware/IE/General Inet removal

  1. #1
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    742

    Tut on Spyware/Adware/IE/General Inet removal

    Intro

    After months of scouring through AO and of Tech Support time and again I can't explain how horribly redundant it gets seeing people that can't seem to understand why their Internet Explorer won't work or why these pron popups keep showing up. Perhaps your problem is different IE won't display websites, or bookmarks keep adding themselves, maybe even your computer is running abnormally slow. Now I have seen plenty of documents throughout AO about how to remove spyware and different applications everyone uses, but I really do think that this is security related and being a document I wrote only seemed appropriate to be in the Security Forums section, if I am wrong then let Negative Smite me and move it . Let me introduce you to what I like to call an unclassified virus. For some reason someone decided that certain pieces of software that you never wanted and never agreed to downloading found its way onto your computer and is either collecting data on you or just eating your resources and constantly installing things onto your PC. Now I don't know who the genius is that decided this is but fear not, as with any problem you will need a plethora of tools to fix this but they are relatively easy to use update and keep your computer clean. Not only will this keep your computer speedy but itís a form of keeping your computer slightly more secure. Note that this document is not the end all solution to security in fact I am only touching on this infectious disease we call Spyware. I do recommend that every one of you install some form of antivirus and a firewall for basic computer security, you can find many documents about this throughout AO.

    Programs you will need:

    You will need a couple of different tools to get yourself moving along with this cleaning process. So prepare to start downloading.

    First and foremost is the number of people that forget to run Windows Update. This is kind of an important thing to do. You can do this by visiting http://windowsupdate.microsoft.com

    For Spybot S&D you should visit:
    http://www.safer-networking.org/ -go to download and get the latest version of Spybot.

    Ad-aware visit:
    http://www.lavasoftusa.com/ -go to Ad-Aware and download the newest version

    For Hijack this and CWShredder visit:
    http://www.spywareinfo.com/~merijn/downloads.html -scroll down and download both of the newest versions

    For Spyware Blaster visit:
    http://www.javacoolsoftware.com/spywareblaster.html -As with the rest the newest version will suffice

    Now also I recommend that you get a different browser than just Internet explorer. I recommend one of these 2 browsers.
    Mozilla which can be found at http://www.mozilla.org/ or
    Opera which can be found at http://www.opera.com/

    For further reading information on these applications you can check out mjk's post on different removal tools here

    Now the Cleaning Process:

    Ok to get down to the cleaning start by installing Spybot, Ad-aware, and Spyware Blaster, also install your choice of browser(s). Make sure you have already installed all the Critical Updates for Windows. Now that you have those applications installed run their updates. Now restart your computer and as itís rebooting continuously press f8 until a screen pops up prompting you to choose which way you want to start up Windows. Choose Safe Mode, and wait for you computer to get started up. Now all these scans run slightly faster if you delete all your temporary internet files. Now that this is done you can choose which application to run first, Spybot or Ad-aware, but make sure you run them separate as to avoid running into any complications. While it is running start up CWShredder and run its fix mode, it will auto-magically run through and remove anything dealing with the Cool Web Search Spyware. When it finishes (whatever scanner you chose to run first is probably still running) Now run Hijack this. There is a great article on which files to fix that can be found here: http://www.antionline.com/showthread...ht=hijack+this by Soda_Popinsky.

    Now whichever scanner you chose first should be close to done if not complete, once complete fix all problems. When this is complete, run the other one, and proceed to fix any problems that it comes up with.

    Protecting in the future:
    Now in Spybot there is an immunize option run that and then run spyware blaster. Spyware blaster is an application that will help you prevent the installation of future spyware. Now most of the newer antivirus applications will also try to prevent spyware. I recommend that you pick a day of the week and run the updates on all your Anti-spyware applications. On this same day you should run windows updates too. It is very rare that a home user will have to worry about 0-day exploits on windows. If you are running a corporate network or any type of server you may want to check more often.

    If I missed anything or anyone has anything to add please let me know and I can edit or people can just read what you wrote.

    -Spy
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  2. #2
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    742

    Tut on Spyware/Adware/IE/General Inet removal

    Intro

    After months of scouring through AO and of Tech Support time and again I can't explain how horribly redundant it gets seeing people that can't seem to understand why their Internet Explorer won't work or why these pron popups keep showing up. Perhaps your problem is different IE won't display websites, or bookmarks keep adding themselves, maybe even your computer is running abnormally slow. Now I have seen plenty of documents throughout AO about how to remove spyware and different applications everyone uses, but I really do think that this is security related and being a document I wrote only seemed appropriate to be in the Security Forums section, if I am wrong then let Negative Smite me and move it . Let me introduce you to what I like to call an unclassified virus. For some reason someone decided that certain pieces of software that you never wanted and never agreed to downloading found its way onto your computer and is either collecting data on you or just eating your resources and constantly installing things onto your PC. Now I don't know who the genius is that decided this is but fear not, as with any problem you will need a plethora of tools to fix this but they are relatively easy to use update and keep your computer clean. Not only will this keep your computer speedy but itís a form of keeping your computer slightly more secure. Note that this document is not the end all solution to security in fact I am only touching on this infectious disease we call Spyware. I do recommend that every one of you install some form of antivirus and a firewall for basic computer security, you can find many documents about this throughout AO.

    Programs you will need:

    You will need a couple of different tools to get yourself moving along with this cleaning process. So prepare to start downloading.

    First and foremost is the number of people that forget to run Windows Update. This is kind of an important thing to do. You can do this by visiting http://windowsupdate.microsoft.com

    For Spybot S&D you should visit:
    http://www.safer-networking.org/ -go to download and get the latest version of Spybot.

    Ad-aware visit:
    http://www.lavasoftusa.com/ -go to Ad-Aware and download the newest version

    For Hijack this and CWShredder visit:
    http://www.spywareinfo.com/~merijn/downloads.html -scroll down and download both of the newest versions

    For Spyware Blaster visit:
    http://www.javacoolsoftware.com/spywareblaster.html -As with the rest the newest version will suffice

    Now also I recommend that you get a different browser than just Internet explorer. I recommend one of these 2 browsers.
    Mozilla which can be found at http://www.mozilla.org/ or
    Opera which can be found at http://www.opera.com/

    For further reading information on these applications you can check out mjk's post on different removal tools here

    Now the Cleaning Process:

    Ok to get down to the cleaning start by installing Spybot, Ad-aware, and Spyware Blaster, also install your choice of browser(s). Make sure you have already installed all the Critical Updates for Windows. Now that you have those applications installed run their updates. Now restart your computer and as itís rebooting continuously press f8 until a screen pops up prompting you to choose which way you want to start up Windows. Choose Safe Mode, and wait for you computer to get started up. Now all these scans run slightly faster if you delete all your temporary internet files. Now that this is done you can choose which application to run first, Spybot or Ad-aware, but make sure you run them separate as to avoid running into any complications. While it is running start up CWShredder and run its fix mode, it will auto-magically run through and remove anything dealing with the Cool Web Search Spyware. When it finishes (whatever scanner you chose to run first is probably still running) Now run Hijack this. There is a great article on which files to fix that can be found here: http://www.antionline.com/showthread...ht=hijack+this by Soda_Popinsky.

    Now whichever scanner you chose first should be close to done if not complete, once complete fix all problems. When this is complete, run the other one, and proceed to fix any problems that it comes up with.

    Protecting in the future:
    Now in Spybot there is an immunize option run that and then run spyware blaster. Spyware blaster is an application that will help you prevent the installation of future spyware. Now most of the newer antivirus applications will also try to prevent spyware. I recommend that you pick a day of the week and run the updates on all your Anti-spyware applications. On this same day you should run windows updates too. It is very rare that a home user will have to worry about 0-day exploits on windows. If you are running a corporate network or any type of server you may want to check more often.

    If I missed anything or anyone has anything to add please let me know and I can edit or people can just read what you wrote.

    -Spy
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  3. #3
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    bump

    yeah you might want to add that for prevention you can use IESpyAD to add a list of known bad sites to IE's restricted zone.. registryprot for realtime registry protection.. then there's scriptsentry and scriptrap for blocking scripts..

    For info on malicious scripts and changing your browser settings you should visit these two links from cert.org
    http://www.cert.org/tech_tips/malicious_code_FAQ.html
    http://www.cert.org/advisories/CA-2000-02.html

  4. #4
    Senior Member
    Join Date
    Mar 2004
    Posts
    139

    Nice, but I would add a few disclaimers. Read the manual first (of each program) and be careful what you have these programs delete! Don't be to quick with that trigger finger.

    For more info, read this entire thread:

    http://www.tek-tips.com/viewthread.c...pid=581&page=1

    It mentions WinsockFix.exe, a handy utility.

  5. #5
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487
    Good work on the tut.

    Let me add that I use a method that has proved very good and that is using the operating systems HOSTS file. Simply place the list of adware/spyware domain names or in there and have them point to localhost (the PC itself) 127.0.0.1 and the ad/spyware sites are never contacted and nothing is downloaded.

    To do this...
    1. Simply add the contents of the file I attached (or you can get it from the website I mention below) into the following file:
    Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
    Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC\HOSTS
    Win 98\ME = C:\WINDOWS\HOSTS

    2. That's it!

    Link where got HOSTS file, which is updated monthly I might add: http://www.mvps.org/winhelp2002/hosts.htm

    Enjoy!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •