oofki Posted January 8, 2005 Share Posted January 8, 2005 To Clean Spyware:--Before starting all of this i recommend downloading these using XP's safe mode with networking or if it is not xp, download all tools and run all in safemode.--1) In windows Me or Xp turn off system restore and CLEAN IT OUT!2) Clean temp files to make next steps quicker, I use cleanup! cleanup.stevengould.org3) Download spysweeper www.webroot.com (update and scan)4) Download adaware www.lavasoftusa.com (update and scan)5) Download spybot www.safer-networking.org (update, IMMUNIZE and scan)6) Download CWShredder www.intermute.com/spysubtract/cwshredder_download.html (run)7) Download HijackThis www.merijn.org (scan and remove any bogus entrys)8) Download about :Buster http://www.downloads.subratam.org/AboutBuster.zip--If any LSP's cannot be removed try using LSP fix www.cexx.org/lspfix.htm --Now REPEAT IN ALL USE ACCOUNTS!!! <----VERY IMPORTANT (It is for example I cleaned up 2 users totally and on the 3rd one I found over 12,000 items with Spysweeper)These are my recommended steps to immunize spyware:1) Spybots - already done above2) Download Spywareblaster www.javacoolsoftware.com/spywareblaster.html (Update and immunize) --NOTE DOES NOT AUTOMATICALLY UPDATE you can donate $10 so it will though.3) Download Blockfile www.spywareguide.com/blockfile.php and import to registry4) Download Ie-Spyad https://netfiles.uiuc.edu/ehowes/ww...rce.htm#IESPYAD and import files to registry5) Download new Hosts file http://www.mvps.org/winhelp2002/hosts.htm and copy toWindows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETCWindows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETCWin 98\ME = C:\WINDOWS--NOTE steps 3-5 will obviously not update themselves so they must be downloaded periodically-6) If you have money pay for spysweeper so it will update its self and protect you.And thats all she wrote! That will help you with you issues except for the really tough tough spyware that has to be manually removed by an experinced tech.PLEASE DO NOT POST Hijackthis logs here -google is your friend in this case and www.help2go.com/modules.php?name=HJTDetective is a good site that will help a little. I work for a computer repair store and I have made a check list i use at work similar to this tut, and It works on most computers. Some things are just not picked up by scanners and have to be manually removed.GOOD LUCK ALL! Link to comment Share on other sites More sharing options...
DigeratiPrime Posted January 8, 2005 Share Posted January 8, 2005 I just want to be sure everyone is aware of THE ALTERNATIVE. I used to do what the poster above suggests EVERYDAY, but I don't anymore To prevent ALL spyware from ever coming across your browser just use Firefox. If you use Firefox you will never need to remove spyware since there will be none. If you surf the web with Firefox you will never get any spyware or other garbage on your computer this way. You will save soo much time!Discalaimer Firefox is NOT going to prevent spyware from sponsorware apps such as messenger plus which install adverts to pay for the software or if you download viruses and such off of p2p. Link to comment Share on other sites More sharing options...
oofki Posted January 8, 2005 Author Share Posted January 8, 2005 THis is correct to prevent spyware that uses exploits to inject its self when you goto a website it i recommneded to use a non IE-Based browser that does not have exploits that people who make spyware use to inject spyware into your computer; I also recommend firefox. Link to comment Share on other sites More sharing options...
Zxian Posted January 9, 2005 Share Posted January 9, 2005 To prevent ALL spyware from ever coming across your browser just use Firefox. If you use Firefox you will never need to remove spyware since there will be none.Just a note about FireFox... it's not perfect. It is a really good way of preventing most spyware from getting onto your system, but there are still some holes in it. SpywareBlaster is still useful in this department as it helps close these. Compatibility with certain sites can be a pain to get working as well...I will agree that using a non-IE (not necessarily non-IE-based) browser will defiantely help.Possibilities are:-Firefox-Opera-MaxthonCheers! Link to comment Share on other sites More sharing options...
Jeremy Posted January 9, 2005 Share Posted January 9, 2005 I use Firefox and can go to sites that used to infest my PC with spyware and tons of crap. Result?Spyware Amount: 0 Link to comment Share on other sites More sharing options...
sven Posted January 9, 2005 Share Posted January 9, 2005 proof ie is the problem: i use firefox, my user-clean. other users use IE. my computer was running for 4 hours.... and 1 of them had EVERY SINGLE PIECE OF SPYWARE installed. even some iv never heard of. im still cleaning this machine out but now i blocked internet explorer, and should be good Link to comment Share on other sites More sharing options...
mdes Posted January 9, 2005 Share Posted January 9, 2005 To analyze the log, there is also http://www.hijackthis.de/ (multi-language) Link to comment Share on other sites More sharing options...
mdes Posted January 9, 2005 Share Posted January 9, 2005 to prevent spyware from sponsorware apps such as messenger plus which install adverts to pay for the softwareThere is NO spywares in MsgPlus (except if you accept them during its installation) Link to comment Share on other sites More sharing options...
Sunil Posted January 9, 2005 Share Posted January 9, 2005 very informative, thank you. Link to comment Share on other sites More sharing options...
Zxian Posted January 12, 2005 Share Posted January 12, 2005 I use Firefox and can go to sites that used to infest my PC with spyware and tons of crap. Result?Spyware Amount: 0proof ie is the problem: i use firefox, my user-clean. other users use IE. my computer was running for 4 hours.... and 1 of them had EVERY SINGLE PIECE OF SPYWARE installed. even some iv never heard of. im still cleaning this machine out but now i blocked internet explorer, and should be goodYes, Firefox does prevent most (almost all) spyware from getting onto your comptuer, but that doesn't mean that it will forever. As Firefox becomes more and more popular, "they" will start to find ways to write spyware for FF as well.If you've never had any spyware on your computer with FF, then great! I'm just saying that no piece of software is bullet-proof. Most definately don't use a plain old IE browser with no protection. It's like giving the keys to your house to a total stranger. Link to comment Share on other sites More sharing options...
JoeMSFN Posted February 18, 2005 Share Posted February 18, 2005 Usefull YES... Convenient... well... not very...Under cleanup i was aware of steps 1, 2, 4 & 5To d/l with some spyware blocking sites, I have to do a google search for "spyware_remover_program_name site:download.com"Under immunize I've used steps 1 & 2So thank you for the extra info... (no really that said sincerely)Oh joy... more steps per user ah the tedium... Now for question time.... since I know the other user profiles can be accessed in the registry via some HKEY_USERS\S-variousnumbers why can't (are there) any of these immunizers take care of that? Instead of running per user.Some of my clients have upwards of 5 user accounts.... although I charge/get paid by the hour , when I leave I'd to make it easy on them to keep their profiles uptodate.. Link to comment Share on other sites More sharing options...
Blam-O! Posted February 18, 2005 Share Posted February 18, 2005 @ "oofki"; You must work for Best Buy... And yes this is very affective on most PC's. Other PC's require a Restore . lol, imho(I use FireFox/Opera most of the time.)btw: you forgot to add...- AutoRuns- Avast! Pro- KazaaBeGone- Stinger Link to comment Share on other sites More sharing options...
Martin Zugec Posted February 18, 2005 Share Posted February 18, 2005 Few recommendations:For immunization:1.) Use BugOff first.2.) Use blocklist.reg from SpywareGuide3.) Use SpyIE-ad4.) Disable scripting in WMP5.) Download SpywareBlaster (U can use also SpywareGuard, but it is almost useless because of problems with laws)6.) Download MSAS7.) Run AutoUpdate frequently!8.) If U want to be really safe, use DropRights from Microsoft and run email and browser under less priviledged account (U can switch to less powerfull account without needing to input password). Or use any other product that is using XP/W2k3 technology SAFER9.) Use XP SP2, it is greatly increasing the security against spyware (MK, LockDown and few other technologies)For cleaning:1.) MSAS2.) Spybot3.) AdWare4.) if it didnt help, use CWShredder (maybe U got CWS variant)5.) if it didnt help, use HijackThis and post log somewhere, where people could help U, for example here For manual cleaning: 1.) HijackThis2.) ProcessExplorer from sysinternals - kill whole trees, so processes cant run each other!3.) if it is still not working (e.g. even if U dont see anything is running, registry run settings R recovered), use RegMon from SysInternals, filter Write and registry hive where the value is added. If U see the value is added by system process (explorer.exe), use processexplorer and search for strange threads.4.) For worst cases of CWS U can use utilities, that operates with PFR and change process to calc.exe for example. This is working quite well for every spyware I ever sawIf U R not able to connect to internet (but everything else network related is working quite well), your winsock is damaged (I remember nCase had this problem) - if U R using XP SP2, it is quite easy, just use commandnetsh winsock reset Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now