lozoot's Spyware Removal Guide.

**lozootmaniac** · 08-03-2006, 02:47 AM

INTRO

Most spyware/viruses start out small and end up growing. Yup that is right "growing" and it will spread to other computers over your network, slow down your computer by using valuable resources and memory, corrupt files by intergating malacious code, and eventually, some will crash your computer. That is why you will want to get rid of it as soon as possible.

In this guide i will cover How to get rid of spyware and viruses, How to protect yourself from getting it in the first place, and What to do if it is an emergency.

LINKS

Well if ya ever have a spyware problem go to Remove spyware, adware. Removal instructions.

2-spyware has some downloads and links to downloads that will help you find/kill spyware using programs like spybot sd and hijack this.

Also they have complete instructions on how to remove the software/ spyware/virus/adware/malware/worms/trojans manually. Just type what the spyware is called and it will give you some options like news and removal instructions.

If ya see any mysterious processes go to ProcessLibrary.com - The online resource for process information!

Type the process in and they will give you a threat level and source of the process.

*HiJack This is a highly advanced FREE choice to spyware/virus removal and is only recomended by advanced users. You could mess up your computer using this! Hijackthis shows stuff in windows only areas of disk space like in the registry key (HKEY_LOCAL_MACHINE/SOFTWARE/MICROSOFT/WINDOWS_NT/ ). Also this will show several things related to critical windows components that when deleted could crash your system. It will notify you when there is a suspicious item running in memory. Also anyone with REGEDITS that tweak your OS they will show up as bad. Before even trying to use it i would read up a little on it and find the log analyser and how it works. There is also a program called SpyOnThis by the same co. Supposedly spyonthis is a detector and auto process to deleting spyware. But i havent tried it but if you do post on it.

**Process library does not have every process on earth so it may come up empty. Such as ISP related or driver related processes.

***Spybot sd is also free but it is not updated as often as say norton av and the guy that is developing it gets money only from donators through paypal.

Anti Virus/Spyware Software List

Anti-Virus:

Anti Spyware:

Ad-aware - Ad-Aware @ Lavasoft - The Original Anti-Spyware Company
Bazooka - Bazooka™ Adware and Spyware Scanner - Free spyware scanner
Hijackthis - http://www.spywareinfo.com/~merijn/downloads.html
SpyBot Search & Destroy - The home of Spybot-S&D!
SpywareBlaster - SpywareBlaster
SpywareGuard - http://www.wilderssecurity.net/spywareguard.html
WinPatrol - BillP Studios: WinPatrol

Proccess Assasin (Download): Its a good tool to use and kill multiple proccesses started by spyware/viruses. Also has a built in google for proccesses that you are unsure of. Also has a Hit list where you can kill mulitiple proccesses from a list that you can save to a file. You can create a notepad with all of the running proccesses to show to people for help if the google tool doesn't help (recommended if posting at TOC Forums). Highly recommended. Thanks to CodeWeasel at EOC for this great software.

PM Me if anyone knows of some more

Almost every spyware removal software is resource consuming meaning you cant play c&c or age of empires while running the software. But spyware and viruses will be also just as resource consuming as the software used to get rid of it.

Also ISP related Anti anything usually sucks. The reason I put it in the poll was to see if anyone actually liked them.

DICTIONARY

Spybots are just like a trojan only with spyware and malware. It imbeds or downloads into a browser (mainly IE 6) and downloads or creates copies of itself into directories or merges with a file to stay in the shadows of your hard disk to keep itself on your computer.

Active X controls are a websites way of comunicating software to you over the internet. Such as an online virus scan or a company chat box. Active X spies are the worst thing ive ever come accross because they get worse while your on the internet. They emmbed into every browser window and download stuff all of the time. Which some of us are on the the internet all day. Then when you restart you relize something bad is happening cauze your pc took an hour to start up. Active X Spies are to be treated as spyware and most spyware killers will get rid of them.

Worms do destroy files and will eventually cause a unrepairable crash. Sometimes contaminating every file on an HDD. Every worm I myself have gotten has come from an email but i have heard of worms coming through downloads, attachments in a forum, file sharing, and active x controls as well. They are also very easily distibuted through any form of communication such as AIM bots and spam emails.

AdWare is basically the popups that youll get when spyware is about to download.

MalWare (also known as a hijacker) is the stuff that changes dial up connections and searchbars/toolbars. Bad this is the name for collwwwsearch which is a searchbar that is linked to porn. I have had my dial up number changed and a bill sent to my house because i hit agree and did not read the fine print. since have changed to broadband. Bad for dial up users.

Viruses live on the death and destruction of other computers. Usually will lead to some or all of the following: unrepairable crash, spyware, malware, worms, and Haywire Anti-spyware/virus program. Ussually the best thing to do in my case is hook my HDD to another computer and backup my uninfected files and xp my computer once again.

Keyloggers will steal passwords and track surfing habits. You wouldnt want someone stealing your EOC password and using your username to post spam would you. That is the kind of stuff it is used for.

Trojans are usually marked by spyware/adware but actually are something bigger usually a virus, worm, or malware. They leave tracks of spyware to hide there presence then unleash there package at a significant time either when your pc is very vulnerable or when switching drivers.

Some of the newer cpus will not allow some spyware, games, and viruses to run in certain areas of the ram and processor.

File sharing programs have to have ads if youre using there free version. LimeWire and BearShare are the least ad infested. KaZaa and FreeShare are the worst ad infested. Warez P2P is a virus. LimeWire PRO is $20.00 and is free of spyware. BearShare is the same after paying for it.

A Hijacker replaces search bars, home page (or in firefox & IE7 home pages tabs), or both. Usually sending you to places with more spyware/malware.

Spam is when a person registers on this site and starts a thread called crazy crazy crazy in the news section and posts purse sites to get you to buy them.

Cookies will save things like when you click on the Remember me checkbox when signing in at EOC to remember your password. Or if you dont check it it remembers it but expires after a short period of time. Adware will usually use these to know your surfing habits. Malware will us it to collect personal information.

How you can get Spyware/Viruses etc.

Spyware are usually installed with something like a freeware/shareware program or tempting/fake software so you don't know it is there. Usually doesn't spread to other computers such as a worm or virus.

Worms are mostly in email and diskettes. Very easily distibuted through any form of communication such as AOL bots and spam emails.

Some people get spyware when they get there computer because they go and get a burnt copy of windows and it is modified from the start with intergrated spyware.
Stay away from sites like cracks.ws and freeserials they will make you dowload an Active x control while just surfing their site.

Porn is also a great way to get spyware.

Trojans and Spybots are gotten the same way as Spyware by downloading stuff that looks tempting like a fake Anti-Spyware program or a free offer.

Adware is usually bundled with freeware/shareware software to advertise so the parent software's company makes money for their free/free trial software.

Viruses are usually budled with Trojans but can be gotten in crack sites with bundled spyware. I consider many Spyware working together a Virus in the sence that all of them are helping each other to not be erased/removed and are trying to destroy your pc and/or trying to collect personal information.

Hijacker is gotten through downloading cracks and software.

Browsers

Microsoft Internet Explorer: IE 6 is complete rubbish. Although it has all of the updates it is ever going to have, it still has many undiscovered loopholes where spyware can get in. IE 7 Beta 2 is okay though. While meeting the tabbed browsing of firefox it also works in sync with Windows Defender Beta 2 to mark phishing sites and block any spyware from installing. But there are still loopholes. With the most popular ActiveX Controls and VBS (Visual Basic scripting) being a key part in Microsoft IE, and spyware viruses etc. using these as windows of opportunity, IE is not a browser that i would call safe.

Mozzila FireFox: Well this is my personal favorite. Features an intergrated popup blocker and being a many plugin type browser, helps stop up any holes in the programing. While having a multiple range of plugins that can be a bad thing when dealing with viruses/spyware. Spyware will eventually if not already manifest as a plugin of some sort. The browser doesn't support ActiveX and VBS, which in turn make it safer than IE from the start. That is why you cant get security updates with it from the Microsoft Download Center.

Opera: While being the first to introduce many of the things we like in a browser, like tabbed browsing, it also does not use ActiveX or VBS, Therefore eliminating these types of problems. However, I have heard that opera is very restrictive on images and other media. Many mass-mailing worms exploit the ActiveX and VBScript vulnerabilities and infect the system through IE and Outlook Express. This will never occur in a Opera based browser. Making it extremely safe. Though Opera used to have Adware integrated to support funding, I doubt that this will be the case now.

The Windows Registry

Anybody using Windows XP or better should be able to edit the registry very easily by going to C:/Windows/regedit.exe or by clicking start, then RUN and then by typing "regedit". The Windows registry is not a place for inexperienced users. I am not responsable for your mistakes!

2-Spyware.com when giving manual removal instructions will tell you what registry entries to modify or erase. Anti Spyware/virus software will erase most of these automatically. The spyware/virus/worm/malware will embed itself in your computer using the registry to avoid being deleted/removed. Sometimes the software you use wont get all of the registry entries so you will have to go and change/delete the entries yourself.

I can tell you that it is EXTREMELY IMPORTANT that you back up your registry before modifying it (go to how to section). You can back up the registry by using a program such as the NT Backup included in windows. Before you make changes to the registry, create an Automated System Recovery (ASR) disk (go to how to section). For troubleshooting purposes, keep a list of the changes you make to the registry.

The reason your Spyware/Virus is not being removed

When you delete/remove spyware/viruses sometimes they will reside in memory. Meaning that once the whole of the program you deleted is gone and you figure your computer is "clean" it will reinstall/redownload itself.

It has some Registry keys that you or your Anti Virus/Anti Spyware software has not picked up find them and delete them.

It is bundled with a program that you want and keep and the program you want to keep reinstalls/redownloads it. Such as Bearshare (want to keep) and Ad watch (want to get rid of)

Your certain infection is writing itself to your files on your hard drive. Corrupting them and making them unuseable. You need to do a good search of the hard disk, on another PC, and in safe mode perferably.

The virus/spyware is starting with your computer. And it is denying your from moving or deleting it. Shutdown and restart in safemode or put your HDD in another computer and do a search and destroy from there or try and find it yourself. I would try a search first.

You need to update your anti-virus/anti-spyware software. This is ussually done automatically but most people shut off the auto update. Also some av/as can be updated by windows using the sceduler(ex. Windows Defender, C&C Antivirus).

Miscellaeneous How To's

To back up the registry before you edit it, export the keys in the registry that you plan to edit by clicking File in the regedit menu bar and then export

Quote:

(to file Attachment 3)

. To back up the whole registry (recomended), use the Backup utility to back up the system state. The system state includes the registry, the COM+ Class Registration Database, and your boot files

Quote:

Attachment 1.

To make a ASR disk, first make sure you have a clean 1.44Mb Floppy disk. Put it in and open RUN from the Start Menu. Type "ntbackup.exe" and go to Advanced mode. Then click ASR disk wizard. Click next and it will make the ASR disk and back up your entire computer to a file.

Quote:

Attachment 1

To boot into safe mode, you can...

Click Start and then Run. Type "msconfig" and go to the "BOOT.INI" tab. Click the "/SAFEBOOT" check box and then "MINIMAL" button. When you restart it should go into safe mode.

Quote:

Attachment 2
You can also get into safe mode by hitting the F8 key right after POST and right before the XP splash screen. (no picture)

Leon · 08-03-2006, 05:53 AM

yes this is really helpful useful information. sice i only took a semester of computer applications i only know half of the stuff you put down. But ill have to disagree with you one the IE not being safe you see i gives you an option before it runs the active X to either run it or keep blocking so its up to the user to be safe not IE. As for firefox its not as safe as they say it is cause i read a report somewhere that more hacks happen on firefox more than anything else. but hey everybody has a different perspective. this is just mine.

**lozootmaniac** · 08-03-2006, 11:16 AM

Bah! There are many reasons why IE sucks. For one it was made in C++. Who Does not know that language anymore. But firefox is written in a newer Java language. Which means it is harder to hack.

**paul** · 09-29-2006, 07:19 AM

lozoot you dik head i clicked on one of those links to the spyware list and i got a virus

**lozootmaniac** · 12-15-2006, 04:12 AM

Immposible! I demand that this post be edited to all caps for full effect and that paul withdrawls his false statement.

EDIT: Im scratching this until i get a withdrawl. Not to be a "dik" or anything Paul. Just protecting copyrighted work integrity.

**paul** · 12-15-2006, 07:50 AM

i'am not liying i clicked on one and i got a virus

**slyr114** · 01-21-2007, 01:32 PM

unless u downloaded sumthin you probaly couldnt get a virus, maybe spyware or adware but not a virus, or maybe u were multitasking and downloading sumthin that got u a virus

Grif · 01-21-2007, 02:49 PM

or mybe it was a false positive. i heard mcafee has lots of false positives but this may not be true

**slyr114** · 01-21-2007, 04:58 PM

ya my zone alarm picked up gamespy as spyware because of the word spy in it...

imzebest77 · 01-25-2007, 09:21 PM

lol C++ is so outdated now... ><
good for begginers now tho but its complicated :S
well just my 2 cents
and how the hell u get spyware from attachment??