Jump to content

Spyware Removal and Prevention Tutorial


oofki

How Do people rate this  

14 members have voted

  1. 1. How Do people rate this

    • 5 Very usefull
      7
    • 4
      4
    • 3
      1
    • 2
      0
    • 1 Not at all usefull
      0


Recommended Posts

To Clean Spyware:

--Before starting all of this i recommend downloading these using XP's safe mode with networking or if it is not xp, download all tools and run all in safemode.--

1) In windows Me or Xp turn off system restore and CLEAN IT OUT!

2) Clean temp files to make next steps quicker, I use cleanup! cleanup.stevengould.org

3) Download spysweeper www.webroot.com (update and scan)

4) Download adaware www.lavasoftusa.com (update and scan)

5) Download spybot www.safer-networking.org (update, IMMUNIZE and scan)

6) Download CWShredder www.intermute.com/spysubtract/cwshredder_download.html (run)

7) Download HijackThis www.merijn.org (scan and remove any bogus entrys)

8) Download about :Buster http://www.downloads.subratam.org/AboutBuster.zip

--If any LSP's cannot be removed try using LSP fix www.cexx.org/lspfix.htm --

Now REPEAT IN ALL USE ACCOUNTS!!! <----VERY IMPORTANT (It is for example I cleaned up 2 users totally and on the 3rd one I found over 12,000 items with Spysweeper)

These are my recommended steps to immunize spyware:

1) Spybots - already done above

2) Download Spywareblaster www.javacoolsoftware.com/spywareblaster.html (Update and immunize) --NOTE DOES NOT AUTOMATICALLY UPDATE you can donate $10 so it will though.

3) Download Blockfile www.spywareguide.com/blockfile.php and import to registry

4) Download Ie-Spyad https://netfiles.uiuc.edu/ehowes/ww...rce.htm#IESPYAD and import files to registry

5) Download new Hosts file http://www.mvps.org/winhelp2002/hosts.htm and copy to

Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC

Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC

Win 98\ME = C:\WINDOWS

--NOTE steps 3-5 will obviously not update themselves so they must be downloaded periodically-

6) If you have money pay for spysweeper so it will update its self and protect you.

And thats all she wrote! That will help you with you issues except for the really tough tough spyware that has to be manually removed by an experinced tech.

PLEASE DO NOT POST Hijackthis logs here -google is your friend in this case and www.help2go.com/modules.php?name=HJTDetective is a good site that will help a little.

I work for a computer repair store and I have made a check list i use at work similar to this tut, and It works on most computers. Some things are just not picked up by scanners and have to be manually removed.

GOOD LUCK ALL!

Link to comment
Share on other sites


I just want to be sure everyone is aware of THE ALTERNATIVE. I used to do what the poster above suggests EVERYDAY, but I don't anymore :)

To prevent ALL spyware from ever coming across your browser just use Firefox. If you use Firefox you will never need to remove spyware since there will be none.

If you surf the web with Firefox you will never get any spyware or other garbage on your computer this way. You will save soo much time!

Discalaimer Firefox is NOT going to prevent spyware from sponsorware apps such as messenger plus which install adverts to pay for the software or if you download viruses and such off of p2p.

Link to comment
Share on other sites

THis is correct to prevent spyware that uses exploits to inject its self when you goto a website it i recommneded to use a non IE-Based browser that does not have exploits that people who make spyware use to inject spyware into your computer; I also recommend firefox.

Link to comment
Share on other sites

To prevent ALL spyware from ever coming across your browser just use Firefox.  If you use Firefox you will never need to remove spyware since there will be none.

Just a note about FireFox... it's not perfect.

It is a really good way of preventing most spyware from getting onto your system, but there are still some holes in it. SpywareBlaster is still useful in this department as it helps close these. Compatibility with certain sites can be a pain to get working as well...

I will agree that using a non-IE (not necessarily non-IE-based) browser will defiantely help.

Possibilities are:

-Firefox

-Opera

-Maxthon

Cheers!

Link to comment
Share on other sites

proof ie is the problem: i use firefox, my user-clean. other users use IE. my computer was running for 4 hours.... and 1 of them had EVERY SINGLE PIECE OF SPYWARE installed. even some iv never heard of. im still cleaning this machine out :(

but now i blocked internet explorer, and should be good

Link to comment
Share on other sites

to prevent spyware from sponsorware apps such as messenger plus which install adverts to pay for the software

There is NO spywares in MsgPlus (except if you accept them during its installation) :P

Link to comment
Share on other sites

I use Firefox and can go to sites that used to infest my PC with spyware and tons of crap. Result?

Spyware Amount: 0

proof ie is the problem: i use firefox, my user-clean. other users use IE. my computer was running for 4 hours.... and 1 of them had EVERY SINGLE PIECE OF SPYWARE installed. even some iv never heard of. im still cleaning this machine out

but now i blocked internet explorer, and should be good

Yes, Firefox does prevent most (almost all) spyware from getting onto your comptuer, but that doesn't mean that it will forever. As Firefox becomes more and more popular, "they" will start to find ways to write spyware for FF as well.

If you've never had any spyware on your computer with FF, then great! I'm just saying that no piece of software is bullet-proof.

Most definately don't use a plain old IE browser with no protection. It's like giving the keys to your house to a total stranger.

Link to comment
Share on other sites

  • 1 month later...

Usefull YES... Convenient... well... not very...

Under cleanup i was aware of steps 1, 2, 4 & 5

To d/l with some spyware blocking sites, I have to do a google search for "spyware_remover_program_name site:download.com"

Under immunize I've used steps 1 & 2

So thank you for the extra info... (no really that said sincerely)

Oh joy... more steps per user ah the tedium...

Now for question time.... since I know the other user profiles can be accessed in the registry via some HKEY_USERS\S-variousnumbers why can't (are there) any of these immunizers take care of that? Instead of running per user.

Some of my clients have upwards of 5 user accounts.... although I charge/get paid by the hour :thumbup , when I leave I'd to make it easy on them to keep their profiles uptodate..

Link to comment
Share on other sites

@ "oofki"; You must work for Best Buy... :P

And yes this is very affective on most PC's. Other PC's require a Restore :o . lol, imho

(I use FireFox/Opera most of the time.)

btw: you forgot to add...

- AutoRuns

- Avast! Pro

- KazaaBeGone

- Stinger

Link to comment
Share on other sites

Few recommendations:

For immunization:

1.) Use BugOff first.

2.) Use blocklist.reg from SpywareGuide

3.) Use SpyIE-ad

4.) Disable scripting in WMP

5.) Download SpywareBlaster (U can use also SpywareGuard, but it is almost useless because of problems with laws)

6.) Download MSAS

7.) Run AutoUpdate frequently!

8.) If U want to be really safe, use DropRights from Microsoft and run email and browser under less priviledged account (U can switch to less powerfull account without needing to input password). Or use any other product that is using XP/W2k3 technology SAFER

9.) Use XP SP2, it is greatly increasing the security against spyware (MK, LockDown and few other technologies)

For cleaning:

1.) MSAS

2.) Spybot

3.) AdWare

4.) if it didnt help, use CWShredder (maybe U got CWS variant)

5.) if it didnt help, use HijackThis and post log somewhere, where people could help U, for example here :D

For manual cleaning:

1.) HijackThis

2.) ProcessExplorer from sysinternals - kill whole trees, so processes cant run each other!

3.) if it is still not working (e.g. even if U dont see anything is running, registry run settings R recovered), use RegMon from SysInternals, filter Write and registry hive where the value is added. If U see the value is added by system process (explorer.exe), use processexplorer and search for strange threads.

4.) For worst cases of CWS U can use utilities, that operates with PFR and change process to calc.exe for example. This is working quite well for every spyware I ever saw

If U R not able to connect to internet (but everything else network related is working quite well), your winsock is damaged (I remember nCase had this problem) - if U R using XP SP2, it is quite easy, just use command

netsh winsock reset

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...