Jump to content

[Guide] Removing spyware and viruses


bledd

Recommended Posts

Ok, so your pc is running a bit slow, or you've got a load of popus or annoying software that you just CAN'T get rid of!

Always make a backup before you start fiddling with software that has (badly) infected the system you're working on - it's not funny when you get asked to rescue a PC and then it gets messed up even more!

First off, do add/remove programs, it works for the really badly made spyware (yes its out there!)

Next, download the following..

All these are freeware besides Nod32 (30 day trial)

CCleaner

SpywareBlaster

Nod32 Antivirus 30day Trial VERY good, i reccomend paying for -requires restart

CWShredder standalone exe

Lavasoft Adaware

Spybot S&D

Hijackthis standalone exe and Log analyser

Now turn OFF System Restore, it was usefull when it first was released, now it just stores spyware and viruses if your pc gets infected, and takes up hard drive space. Microsoft really should remove this and just keep the driver side of it, that works really well

Run the programs doing their updates (if they have them) in this order and follow my pictures

CCleaner

When installing it, you might want to untick "add Run and Open CCleaner to recycle bin context menu"

This is personal preference, i like to keep my context menu's clean.

ccleaner.png

If you click Options, Cookies you can choose which cookies to keep so you don't lose your passwords/preferences

It also has a registry cleaner in the 'Issues' part, easy to use, so do it

if you want to make this your default windows Disk Cleanup tool download and run this regfile -saveas

http://bleddyn.co.uk/guides/spyware/ccleaner.reg

-----

Spyware Blaster

don't have screenshots of this, its simple though, run update, then enable all protections!

-----

Nod32 Antivirus

You'll be asked to restart after installing this, just click Restart Now.

When Windows comes back, do the following..

nod32.png

Click update and follow the screen on the right when it changes, the rest is simple.

Terminate any warnings you get, set the options to 'Clean' then 'Delete' if can't be cleaned

-----

CWshredder

Simple!

cws.png

-----

Adaware

Straight forward really.. good to run once a week or so

After a scan, select all, Fix

adaware.png

-----

Spybot S&D

A bit more fiddly than adaware, but still like pie.. run just as often!

Open it, update it, close it, open it, Immunize, Scan, select all, Fix

spybot.png

-----

Hijackthis (never google it with spaces, only use the majorgeeks or merjin links)

Don't be clicker happy, this shows ALL startup dll's and programs

hjt.png

Copy the contents of the log file into this http://www.hijackthis.de/ its a VERY useful analyser that has a large ammount of blacklisted files

Remove the obviously bad ones, and maybe ask on this forum (or preferably google the remaining ones!). liutilities is good too, try googling "liutilities explorer.exe" and it gives you info about the process

-----

Reboot.

Still got problems?

Try Microsoft Antispyware, its free and works well, its throws a bit of a fit each time you change a system setting so i uninstall it after a scan..

If you've still got problems, then consider a format; nothing works better than that.

-----

Good ways of avoiding it in the first place?

Ditch Internet Explorer and use title.gif

ALWAYS use a firewall, the XPSP2 one does a fine job, it just doesn't monitor outgoing connections, I use it and have never had a problem, its also a good idea to use a router between you and the internet, they're quite cheap for basic ones -£25 -$40? ish.

Use windowsupdate, its your friend let it at least tell you when you've got new things to download

Have a password on ALL of your xp accounts, and if possible don't use an account with administrative rights to browse the internet (this way a lot of spyware cannot install unless you physically install it yourself!)

Over and out!

Edited by bledd
Link to comment
Share on other sites


That's not bad but a family member of mine had this seriously bad CWS malware that would not for the life of anyone, leave. I eventually needed to reinstall the OS from scratch. I used S&D, Ad-Aware, CWS Shredder, Hijack This!, Norton Antivirus, Avast!, and AVG. Near the end I did a system replace. That damned virus did not leave. The best way to clear your system is to do a clean re-install. If you are worried about having to reactivate your system, make a back up of the wpa.dbl, and wpa.bak(if it's there. Reboot the system in Safe Mode after installing the new OS and replace the two, or one, file(s). The files are found in system32 of your %systemroot% directory.

Link to comment
Share on other sites

hiya bledd :hello:

good tutorial!

edited by atomizer because he had his mouth open before his brain started working... again :wacko:

i used to use AVAST for the longest time, going back to its beta days when it was still fully free. i still think it's a very good AV, but even that has become to bloated for my taste. AVG is **** good from what i hear, though i've never used it much (both have a free version BTW). personally though, i like ClamWin. ClamWin is totally free and open source. it's still in beta, but it's been running absolutely fine on my box. updates are pumped out faster than many of the commercial packages as well (there's an option to check for updates hourly). it's also an on-demand scanner only, which is exactly what i want, but i wouldn't really recommended it for novices, especially if using IE, OE, WMP, etc., as it's not going to auto-scan all the crap that stuff downloads. i nLite all that stuff out, so i don't feel the need for having an AV scanning every file that is downloaded, modified, opened, etc..

Edited by atomizer
Link to comment
Share on other sites

oh jeeze!

excuse me while pull my head out of...

i edited the post. still, i wanted to make people aware of Clam, so i left that in. i never used NOD, but i know it's been around a LONG time and scores consistently well in the virus bulletin tests.

you know, your tutorial along with some more general security stuff would make a good sticky.

Edited by atomizer
Link to comment
Share on other sites

Nice guide, but a strange order.

Check this out.

Also, shouldn't this be in the Malware Prevention section? Only conflict that I would see is that there's already an Introduction To Anti-Malware And Cleaning topic.

You always want to run SpywareBlaster first, as it can stop even disable a majority of malware from working.

Next you'd run CCleaner, as it can remove malware from several locations where malicious files tend to hide. In TEMP and other locations.

After that, CWShredder to get any traces (if any). Then routine scans with Microsoft Anti-Spyware, Ad-Aware SE Personal, Spybot S&D, and ewido Anti-Malware.

A user should then finish up with running HijackThis and they can post on a number of forums. Those automatic log analyzers can return a ton of false positives.

Link to comment
Share on other sites

Spybot S&D also has immunize tool so use it alongside with Spyware Blaster.

There's nothing wrong with System Restore per se in a clean computer.

I've said it before, user vigilence is the most important factor among all of these measures.

Link to comment
Share on other sites

There's nothing wrong with System Restore per se in a clean computer.

agree, theres nothing wrong with it IF the computer is CLEAN.. if the computer has been infected with a virus/worm/spyware then the after getting clean the user does a restore of a previous date then it just undoes what we just fixed (my ex-gf did this after i cleaned her computer of the elite toolbar... meaning i spent another 4 hours or so fixin it.

Link to comment
Share on other sites

Ok, so your pc is running a bit slow, or you've got a load of popus or annoying software that you just CAN'T get rid of!

Great guide! I think I go through about the same when I get a call like this from a friend/relative, but I have 2 suggestions:

1. Always make a backup before you start fiddling with software that has (badly) infected the system you're working on - it's not funny when you get asked to rescue a PC and then f*ck it up even worse :)

2. manually go through (at least) the 2 software-sections of the registry and the run- and runonce-section of the current windows-entries in the registry to search for obvious threads, delete them and reboot in safe mode to delete left files and folders.

The second one will of course be of less importance after using all the software you mention, but the first is to important to be left out of a guide like yours. Sticky++

Zl.

Edited by ZenLord
Link to comment
Share on other sites

  • 2 weeks later...

Ok, so your pc is running a bit slow, or you've got a load of popus or annoying software that you just CAN'T get rid of!

Great guide! I think I go through about the same when I get a call like this from a friend/relative, but I have 2 suggestions:

1. Always make a backup before you start fiddling with software that has (badly) infected the system you're working on - it's not funny when you get asked to rescue a PC and then f*ck it up even worse :)

2. manually go through (at least) the 2 software-sections of the registry and the run- and runonce-section of the current windows-entries in the registry to search for obvious threads, delete them and reboot in safe mode to delete left files and folders.

The second one will of course be of less importance after using all the software you mention, but the first is to important to be left out of a guide like yours. Sticky++

Zl.

added :)

Link to comment
Share on other sites

  • 4 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...