spyware removal and prevention tutorial
Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: spyware removal and prevention tutorial

  1. #1
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052

    Post spyware removal and prevention tutorial

    These are my recommended steps to stop spyware:

    --Before starting all of this i recommend downloading these using XP's safe mode with networking or if it is not xp, download all tools and run all in safemode.--

    1) In windows Me or Xp turn off system restore and CLEAN IT OUT!
    2) Clean temp files to make next steps quicker, I use cleanup! cleanup.stevengould.org

    3) Download spysweeper www.webroot.com (update and scan)
    4) Download adaware www.lavasoftusa.com (update and scan)
    5) Download spybot www.safer-networking.org (update, IMMUNIZE and scan)
    6) Download CWShredder http://www.intermute.com/spysubtract..._download.html (run)
    7) Download HijackThis www.merijn.org (scan and remove any bogus entrys)
    8) Download About:Buster His site has been down use google for this one and run it
    --If any LSP's cannot be removed try using LSP fix www.cexx.org/lspfix.htm --

    Now REPEAT IN ALL USE ACCOUNTS!!! <----VERY IMPORTANT

    These are my recommended steps to immunize spyware:

    1) Spybots - already done above
    2) Download Spywareblaster www.javacoolsoftware.com/spywareblaster.html (Update and immunize) --NOTE DOES NOT AUTOMATICALLY UPDATE you can donate $10 so it will though.
    3) Download Blockfile www.spywareguide.com/blockfile.php and import to registry
    4) Download Ie-Spyad https://netfiles.uiuc.edu/ehowes/www...ce.htm#IESPYAD and import files to registry
    5) Download new Hosts file http://www.mvps.org/winhelp2002/hosts.htm and copy to
    Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
    Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
    Win 98\ME = C:\WINDOWS
    --NOTE steps 3-5 will obviously not update themselves so they must be downloaded periodically-
    6) If you have money pay for spysweeper so it will update its self and protect you.

    And thats all she wrote! That will help you with you issues except for the really tough tough spyware that has to be manually removed by an experinced tech.

    PLEASE DO NOT POST Hijackthis logs here -google is your friend in this case and www.help2go.com/modules.php?name=HJTDetective is a good site that will help a little.

    GOOD LUCK ALL!

  2. #2
    Junior Member
    Join Date
    Oct 2004
    Posts
    6
    thanx .. nice tut
    next step .. total evolution

  3. #3
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052
    Why thank you

  4. #4
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    About:Buster site has been working fine

    http://www.malwarebytes.biz/forums/index.php?act=idx

    About:Buster can be downloaded from Subratam's:
    http://www.subratam.org/?page=removal

  5. #5
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    Before starting all of this i recommend downloading these using XP's safe mode with networking or if it is not xp, download all tools and run all in safemode.--
    You don't need to download 6 different software applications. All you need is Adaware from www.lavasoft.de and CWSShredder as stated by you.

    I would like to add a couple useful tips to help get rid of spyware if your running Internet Explorer 6.0

    Open Internet Explorer click on tools, go down to Internet Options, Click on the Advanced Tab, under Browsing look for "Enable third party browser extensions" and uncheck it. Next Hit apply then OK. Next close IE and all other applications and reboot the PC. This also helps with spyware. Also, if your running XP Pro you can use the System restore feature, and back your OS into a previous state before you got infected with that crap. On a personal note I hate spyware I work for a ISP and it seems ALL customers are getting infected with this crap. I wish there was a way to get rid of this crap for ever its a nightmare for technical support. Anyways thanks for the info, Computernerd22

  6. #6
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052
    That is not true at all i work on computers every day and i mostly do "tune-ups" which usually is removing spyware thses days. Adaware does not pick up everything, neither does spybot, we used to jsut use spybot or adawre depending on what was better that day but now we need all of them. I can do a scan with both adaware and spybot then find hundreds and hundreds of spyware with spysweeper.

    And doing a system restore isnt always the best idea, i tell people to turn it off 1st because it will empty it because spyware and viruses can and do hide there.

    And groovicus, thank you for that

  7. #7
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    I am amazed by the "System Restore" comments on a number of sites.. Some ppl just recommend useing it as the firstline of defence, others dont bother advising turning it off..even arguing when it is mentioned to be turned off.
    Not Clearing the System restore is just a game of Russian Roulette..

    And yes.. many tools is the go for today.. Adaware, Spybot SnD, HJT, The Cleaner, Stinger, etc etc.. one on its own is not assurance enough for me when cleaning.. what is normaly a mixed infection (that is Virus, advertising trojans, Trojans, misc adware, spyware).
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  8. #8
    Gotta use multiple scanners... Sigs have not been nearly powerful enough lately.
    Now REPEAT IN ALL USE ACCOUNTS!!! <----VERY IMPORTANT
    How about just the admin?

    Download HijackThis www.merijn.org (scan and remove any bogus entrys)
    I never recommend this step, 'tis very dangerous.

    As usual with these tutorials (how many of these do we have now?), the author forgot the most important part of all.
    UPDATE WINDOWS

  9. #9
    Senior Member PacketThirst's Avatar
    Join Date
    Aug 2004
    Posts
    258
    I'd also recommend not using older versions of Internet Explorer ( the ones with the DSO exploit ).
    The DSO exploit enables a remote site to execute code without the user's permisssion.



    PacKet Thirst

  10. #10
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    Where to start.... other than to say I'm rather unimpressed by this... it has a few good points but several bad points that completely counter the good aspect...

    Before anything else I'm going to mention that www.merijn.org is basically impossible to get to (or so I've found)... so I'd suggest visiting http://www.spywareinfo.com/~merijn/downloads.html for Hijack This.

    Now on to the rest of this

    --Before starting all of this i recommend downloading these using XP's safe mode with networking or if it is not xp, download all tools and run all in safemode.--

    1) In windows Me or Xp turn off system restore and CLEAN IT OUT!
    2) Clean temp files to make next steps quicker, I use cleanup! cleanup.stevengould.org
    We start with something good... We'll see if this pace maintains itself.
    3) Download spysweeper www.webroot.com (update and scan)
    4) Download adaware www.lavasoftusa.com (update and scan)
    5) Download spybot www.safer-networking.org (update, IMMUNIZE and scan)
    6) Download CWShredder http://www.intermute.com/spysubtract..._download.html (run)
    7) Download HijackThis www.merijn.org (scan and remove any bogus entrys)
    8) Download about :Buster His site has been down use google for this one and run it
    --If any LSP's cannot be removed try using LSP fix www.cexx.org/lspfix.htm --
    This portion isn't too bad.... but it's a bit of overkill... You should be careful while using HJT... and I don't think Spysweeper is necessary... It's decent software.. but it's not that special... The only benefit to Webroot is if you want a corporate spyware solution. I can't comment on solution 8 because I've never used it but after that the rest is fairly decent.... The LSP one however.... most people who need something this basic are going to have no clue what you mean at this point.... You might want to explain it a little better.
    Now REPEAT IN ALL USE ACCOUNTS!!! <----VERY IMPORTANT
    As soda mentioned... why? Just use the admin account.
    These are my recommended steps to immunize spyware:

    1) Spybots - already done above
    2) Download Spywareblaster www.javacoolsoftware.com/spywareblaster.html (Update and immunize) --NOTE DOES NOT AUTOMATICALLY UPDATE you can donate $10 so it will though.
    3) Download Blockfile www.spywareguide.com/blockfile.php and import to registry
    4) Download Ie-Spyad https://netfiles.uiuc.edu/ehowes/ww...rce.htm#IESPYAD and import files to registry
    These won't help immunize you against spyware... they may defend against specific variants... the only protection aginst spyware is safe computing habits.

    5) Download new Hosts file http://www.mvps.org/winhelp2002/hosts.htm and copy to
    Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
    Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
    Win 98\ME = C:\WINDOWS
    What if the malware has modified the registry so that the host files points elsewhere?

    6) If you have money pay for spysweeper so it will update its self and protect you.
    With the number of freeware/shareware solutions out there... there's no need to ever spend money on this sort of product
    PLEASE DO NOT POST Hijackthis logs here -google is your friend in this case and www.help2go.com/modules.php?name=HJTDetective is a good site that will help a little.
    Who are you to tell people not to post their HJT logs here.... They're more than welcome to post them and ask for our help.

    Now there are a few problems here.... Microsoft Anti-spyware (and I'm normally Anti-MS) is quite good and combines several of these programs into one utility. It should be listed...

    There's also no mention of running a virus scan.... You're desktop AV should be run (AVG, Norton, McAfee, PC-Cillan, etc)... and you should also make use of the TrendMicro System cleaner - http://www.trendmicro.com/download/zh-tw/tsc.asp

    It was mentioned that Windows updates should be installed and this is true.. however after cleaning before going back online you should make sure that there is a firewall enabled.. Windows or third-party.. even a hardware firewall (home router) is fine if you know there's no infections behind it..... This makes a huge difference though... especially with the recent increase in network aware malware.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •