Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: Adware and Spyware removal :Introduction:

  1. #1
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,534

    Post Adware and Spyware removal :Introduction:

    An Attempt to put into one place a small tutorial, that will [hopefully]
    be used as a link for all of those threads that ask the same question:

    How do I get rid of pop-ups / adware / spyware?

    There is a plethora of software tools out there, waiting for you to take them home, I will just stay with the ones that I have used myself, as I believe that if I can use it, then it really IS idiot proof. I have included tools that are freeware as well as those that require you to buy them to get the full options.

    I have concentrated on the adware, spyware problem, and as such I haven’t mentioned Anti-Virus, or Firewalls, as I think that each PC SHOULD have those as a MINIMUM defence, I’m just adding my little bit to the extra defences required in today’s PC environment.

    Where an OS is mentioned, I am basing it on Windows, as I run W2K Pro. XP will be very similar.

    To combat this problem you should have the following in your armoury at least:

    Google tool bar: http://toolbar.google.com/ The reason for this selection is that I think that this item should be on everyone’s PC, and it has a pop-up blocker built in. Google themselves keep information from you for their own use, but you do have the option to disable this as you install. Also there are a few extra items that the toolbar runs that are not strictly required, they can all be disabled in the options tab on the toolbar itself.

    AdAware SE: http://www.lavasoft.de This one is the one that everyone SHOULD know about.

    SpyBot S+D: http://www.safer-networking.org/en/download/index.html
    Get its immunization mode running in the background, stopping the bad stuff from even getting in.

    Swatit: http://swatit.org/ Bots and Trojan cleaner. It is said to be slow, but it is effective.

    CWShredder: http://www.intermute.com/spysubtract..._download.html
    This is a very quick worker, and very easy to use.

    Crap Cleaner http://www.ccleaner.com/
    I'm adding this, as there are a lot of supposedly temp files that can be cleared away safely, that are scattered all over the drive, and this one tool will remove damn nigh all of them in one hit.
    Just leave the default settings, and run it.

    Spyware Blaster http://www.javacoolsoftware.com/spywareblaster.html
    This is software that will stop the bad guys from even getting onto your PC in the first place. Again, it's a free download, and it's a load and forget device, even has auto-update enabled for us really forgetful types.

    Prevx http://www.prevx.com/
    Another piece of software that detects when the registry is being changed, and will alert you to it, to let you decide whether to allow / disallow.
    One tip. suspend Prevx protection when you are loading software, as it will question EVERYTHING that you are doing
    15 day free trial. But it works so well I PAID for it ......

    HiJackThis: http://www.merijn.org/downloads.html
    This will give you a list of everything that has loaded up, and is running on your system. It will allow you to delete them, but be warned, this is a very dangerous tool if used without care. Check in AO tutorial index for instructions on use.

    Itty Bitty Process Manager: It is also found at Merijn.org, to see why this has been included:

    Small update: I've been seeing more and more cases of infections by trojans that kill any antivirus or antispyware programs you try to use and remove them. For such cases, I created a standalone version of the 'Itty Bitty Process Manager' inside HiJackThis. It should be a bit harder for trojans to detect, since it has no window caption. If they do start targeting it by filename, rename the executable before running it and you should be good to go.
    Registry Cleaners:
    I use Registry Mechanic, and I’ve recently discovered Macecraft, and their RegSupreme. Both work well, but I find that RegSupreme to be the easiest of these to use.

    Registry Mechanic: http://www.winguides.com/

    Macecraft: http://www.macecraft.com/

    And finally, I would advise everyone to keep their system updated with the latest patches, as and when they are available.
    For Windows: http://v4.windowsupdate.microsoft.com/en/default.asp
    This is for Win2K and is V4, if you are running XP, then it will be V6 as the latest, and it will download the latest software to allow you to use this version before you can get any updates.

    To help keep these neat and tidy, I open a new file in Program Files, called 'Security'.
    Download each tool there.

    On your desktop, in the tool bar at the bottom [default position] of the screen,
    right click, and click on toolbars, then on 'quick launch'.

    Right click inside the quick launch area, [if none seen, right click toolbar, click on 'unlock toolbar'.] select open folder, inside there, right click and select 'new folder', label it 'Security'.
    Close it down, you will now have a Security folder icon in the quick launch section.

    Go to the Security file, open each application, and right click on the .exe that would open it.
    Select 'send to desktop'. You now have all the shortcuts on your desktop.

    Click on the Security folder in quick launch, reduce the size of the window so that you can see the short cuts, drag and drop each one into the folder. Close folder. You now have your security tools ready to use at a moments notice ....................

    Now to run our new toys:

    First rule: Only run one application at a time……… Conflicts will happen if two applications are trying to clean the same fault.

    You need to update each tool, prior to using it, to ensure that you are using the latest version. Remember to open, update then CLOSE each application, before you update the next one.

    If you are running XP, then shut off the system restore [Right-click My Computer, select properties, then System Restore tab, then tick/check the Turn off System Restore.]

    This is an application that keeps a back up of settings of your system, and if you are infected, it is possible that the restore option would 'restore' the baddies. That is the reason I say switch it off first.

    However, if you are a complete novice at this, then it is in your own interest to keep the restore option working, then if you do the worst................ you CAN get out of jail free.

    System Restore :
    start > all programmes > accessories > system tools > system restore.
    If you are going to use the restore option, you might as well set yourself a known good restore point, at least it will be back to where you began.

    Check the 'create a restore point' click next ........then enter the description for the point ....... start point would do, then click create. You now have a point to return to IF it goes wrong.

    Ideally you should be in Safe Mode to run these tools, as this is a mode that only starts the bare minimum of applications to get you running, and [hopefully] none of the problem programmes will start.

    Safe Mode is accessed on start up, by tapping on the F8 button [some systems use F2 / F10] repeatedly, until a screen opens with a menu of safe options.

    AdAware, SpyBot, Swatit and CWShredder can be run, and whatever they find is fairly safe to remove straight away.

    HiJackThis and the stand alone Itty Bitty Program Manager are a little different, in that they will generate a comprehensive list of running processes on your system, then it is up to you to decide what should be there, and what should not. BE WARNED, once deleted, it’s GONE. And you can do a lot of damage to your system if you do it wrong.

    You can always save the file as a .txt in notepad, and post it on AO for help in deciphering what, if anything, is wrong.

    The registry cleaners are another special case, these will generate a list of [to them] registry keys that can be removed. BE WARNED, do not mess with the registry at all, if you are not sure, then DON’T DO IT. Run the cleaner, then examine each entry on the list carefully.

    As a quick and dirty method, I delete all those identified as obsolete, or non-existent, and I tend to take my time with the others. REMEMBER : if in doubt : DON'T. It is better to leave a suspect setting in the system, rather than remove it and find that nothing works anymore.

    To finish, I like to do the windows update now. Get all the critical ones first, then do any stand alone ones [these are the ones that have do be done singularly] Finally get any optional ones for the system, drivers etc.
    I like to follow this with Defrag [Right click My Computer, select Explore, Right click on C drive, click on tools] I also do scandisk as well, [now called error checking] same place as defrag, set it to do its work automatically, click OK, the PC will then say it cannot do it now, would you like to start scandisk the next time you start windows. Click yes.

    You should now be the proud owner of a cleaner, leaner, faster PC.

    PS [If you are running XP, and you DID disable the system restore. Now would be a good time to start it again.]

    You should also be aware that there are nowadays, programmes that can and will defeat your tools.
    Either by hiding from them, or by switching them off. This tutorial is not addressed at those, it is merely an introduction into keeping your PC as YOUR PC.

    Also CuseMMA has a thread that covers this subject from a different perspective.
    Worth a read to give a more rounded view of this problem.

    And another way here, by brokencrow
    if you wish to go about it manually.

    [edit] sorting out links
    [edit 2] adding points from the posts. restore option / Google tool bar.
    [edit 3] Crap Cleaner, Spyware Blaster and Prevx added.
    [edit 4] link to CuseMMA's clean up thread.
    [edit 5] Windows update now at V6 for XP : system restore details : update apps
    [edit 6] Link to brokencrow's manual removal thread added
    I'll add tools as and when I've used them, ONLY if they pass the criteria of me being able to use them EASILY AND they do what they say they will do.

    One final word :
    If the software is FREE, but you could afford to pay something, then DO SO.
    The more people that do pay towards the cost of these tools, then the more these people will develop their tools.
    so now I'm in my SIXTIES FFS
    WTAF, how did that happen, so no more alterations to the sig, it will remain as is now

    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  2. #2
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,066
    Nice tut dude, hopefully we will be getting less of those annoying "help, spyware on my PC" threads.

    I would give you AP's but:

    You must spread your AntiPoints around before giving it to foxyloxley again.
    Not like I can give much anyway lol...

    I personally think this should be made a sticky... ?
    I am the uber duck!!1
    Proxy Tools

  3. #3
    Senior Member
    Join Date
    Feb 2004
    Posts
    201
    Very nice. The only thing I would bicker about it turning off system restore before running the tools. Especially as you have the theoretical "idiot" running several different tools including HijackThis & regcleaners. It's easy to make a mistake with those tools if you don't know what you're doing. If someone was to follow your instructions and then do something ignorant and hose their system then they have no system restore left to fall back on.

    As I understand it, nothing within system restore can infect the users computer. And everything in system restore is gone when you flush your restore points. There is no need to turn off restore and then run your cleaning apps. Simply disabling and re-enabling system restore after a thorough cleaning is enough to accomplish this.

    Other than that, I think it's a nice tutorial that explains the basics on a simple level. Good job!


  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Nice one Foxy~

    I know it is still in Beta, but the Microsoft anti-spyware tool is worth a look..............only for Win2k/XP.

    Also EWIDO.............a new scanner/interactive defence. You have to buy the interactive one, but the on demand scanner is free for private use. It has an enormous pattern/signature file of around 90,000 items. You can update the on demand scanner as well

    http://www.ewido.net/en/

    Yes, there are several tools that seem to do the same thing, but each one is liable to find stuff that the others do not, so you cannot rely on a single solution as you might with an AV or firewall.

    Cheers

  5. #5
    Senior Member phernandez's Avatar
    Join Date
    Aug 2003
    Location
    NYC
    Posts
    246
    A good post indeed Foxy.

    A little nit about the Google Toolbar, which I like but no longer use (thanks to Firefox). For completely secure browsing, be sure to keep the enhanced options off (pagerank and page info widgets). Sure, the information it sends may be totally benign and you may trust Google with it, but there are privacy implications nonetheless, especially for those that are concerned about programs that transmit info about your Web behavior.

    Luckily, Google is very upfront about this when you install the toolbar or choose to activate these options at a later time.

    And I agree with nihil, MS AntiSpyware is actually rather good. At least in my experience.

  6. #6
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,534
    Thanks to everyone for the comments.

    Just to point out that in the tut, I did say that I would stick to what I had used myself.

    Hence no mention of MS's own anti-spyware, or of a 'more' secure browser [Firefox] to combat pop-ups.

    I have recently gone to dual boot with XP Pro on my W2K Pro box. I'll get a copy of the MS Anti-spyware, and try it out on that, as I haven't migrated all my files and settings across yet.

    Might even go wild and get me some of that there FireFox I've heard so much about
    so now I'm in my SIXTIES FFS
    WTAF, how did that happen, so no more alterations to the sig, it will remain as is now

    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  7. #7
    Senior Member
    Join Date
    Jan 2005
    Posts
    100
    A most excellent post! We have been combatting spyware for some time and started compiling a selection of software, many including what you posted and I will be suggesting the one you listed that we don't have.

    Quick note: for us the google-tool bar works great, like other people already stated, we recommend not using the enhanced features. Also - if your company or organization uses NetMeeting or Lotus Samtime, the Google-Pop-Up blocker tends to not allow those applications to work properly.

    Quick note2: the Microsquish AntiSpyware Beta is also working quite well - it seemed to take less time than AdAware on my boxes, but that could have been my feeling of overjoyness because MS has a security tool that works well.

    Again - great work foxy!

    KuiXing-2005.
    \"An ant may well destroy a whole dam.\" - Chinese Proverb
    \"Not only can water float a craft, it can sink it also.\" - Chinese Proverb

    http://www.AntiOnline.com/sig.php?imageid=764

  8. #8
    Senior Member
    Join Date
    Dec 2004
    Posts
    3,171
    Originally posted here by foxyloxley
    Thanks to everyone for the comments.

    Just to point out that in the tut, I did say that I would stick to what I had used myself.

    Hence no mention of MS's own anti-spyware, or of a 'more' secure browser [Firefox] to combat pop-ups.

    I have recently gone to dual boot with XP Pro on my W2K Pro box. I'll get a copy of the MS Anti-spyware, and try it out on that, as I haven't migrated all my files and settings across yet.

    Might even go wild and get me some of that there FireFox I've heard so much about
    hi,foxyloxley...

    just in case you didn't know...firefox has a google toolbar you can download on it...if you already knew...errr...ignore this post.


  9. #9
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    Very useful information foxyloxely. This will surely help with the spyware issue. Here are some other useful URLs that have tons of useful information.

    http://www.spywareguide.com/
    www.spywareinfo.com
    www.castlecops.com

    I am surprised no one mention modifying the LMHOST file yet.

  10. #10
    Senior Member Falcon21's Avatar
    Join Date
    Dec 2002
    Location
    Singapore
    Posts
    252
    I just saw this guide "AntiSpyware Removal Pro" (ebook) today in download.com that briefly talks about spyware and adware. Although it has a ad that link to a program "noadware", it does not mention or promote this program in the guide. Quite a good read.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •