The instructions contained in this post will help you to remove any unwanted parasites from your system.
Make sure you read this entire article BEFORE you do anything. Removing Spyware and other parasites is not as easy as you might think it would be and there is a whole lot more to it than many people realize.
An up to date page can usually be found at this website by clicking on "Spyware Help" in the menu on the left.Richard the Lion Hearted
Spyware, Adware, Malware and other parasites should not be taken lightly and you should always get professional help to remove any stubborn parasites that you may have on your system.
In this article you will find provisions for:
Help Resources
Specific Tools
Various Online Scanners
Instructions on what you should do
Forums in which to get help from trained personnel
Other Tools and Software can be found listed further down in this article.
Instructions on What You Should Do
Scan your system using Ad-Aware and SpyBot-S&D.
It makes no difference which order you run these two tools as they will each detect and remove what the other misses.
Always make sure the reference files are up to date.
SpyBot-S&D: Let it fix anything that is listed in red. Ad-Aware: Let it fix anything that it finds.
After you complete these scans, you will want to run a good Anti-Virus scan on your system. Panda Anti-Virus has a good online scanner which should detect and remove anything on your system.
If you are unable to go online or run any Anti-Virus you may currently have installed on your system, then don't worry about it as this can be taken care of later.
Another alternative if you have access to it would be to boot from a Knoppix CD and do an Anti-Virus scan From Knoppix. Knoppix is a Linux distribution which can be booted from a CD without the need to install it.
Once you complete the above steps, you will want to run HiJackThis, then post the contents of the resulting HJT log to one of the Forums listed below.
Once you post your HJT log, you need to be patient and check back periodically because the personnel who are there to help you can get quite busy working on HJT logs posted by other users.
It is also very important that any forum you decide to visit for help, that you read their FAQ before doing any posting if you want their help.
If you are a skilled computer user who is technically oriented and feel confident about your skills, then you could try using one of the HiJackThis tutorials which are listed below. I would suggest reading both of them as this tool can very easily mess up your system if you are not careful.
When running HiJackThis, it is very important that you follow any directions you may be given by Qualified personnel. You should not try fixing anything yourself unless you know what you are doing. This program can very easily make a mess of your system if you screw up.
MOST IMPORTANT
Always run HiJackThis from its own directory such as C:\\HJT
The reason for this is so HJT can create backups of anything removed in case you should need to restore something.
HiJackThis and SpyWare Removers
Anytime you run HiJackThis or any other tool for removing parasites, you should always close ALL Windows, especially any browsers and Windows Explorer.
The reason for this is if you leave any of these windows open, you may find the parasite to still be installed on your system.
If you are Unable to Run SpyBot-S&D, Ad-Aware, CWShredder or HiJackThis
There is a variant of the Coolwebsearch trojan spreading that closes several anti-spyware apps when you try to open them.
If this is happening to you, download PepiMK's CoolWWWSearch.SmartKiller removal tool (v1 and v2) first and run it. After it does its job, CWShredder and HijackThis will run properly (as well Spybot S&D, Ad-aware and several anti-spyware forums)
Fake Programs
One of the biggest things to watch out for is bogus programs which claim to be Ad-Aware or SpyBot when they're not. Or other programs which claim to remove parasites from your system. You can check this link to check to see if a program is legitimate or not. Rogue/Suspect Anti-Spyware Products & Web Sites
Sytem Restore
Any time your system is infected by a bad parasite such as a Virus, Trojan or Worm, you should disable "System Restore" before attempting to clean your system. Otherwise, the infection will remain to reinfect your system.
Internet Explorer Users
Go into "Internet Options > Advanced" tab
There will be 2 "Install on Demand" items and 1 "Enable third party extension"
Uncheck all three items as these present a security risk which makes it easier for parasites to install themselves on you system
BartPE BuilderBootable Windows CD/DVD Bart’s PE Builder is a free tool that allows you to create a bootable Windows CD or DVD from an existing install CD of Windows XP or Windows Server 2003. This Windows boot CD runs a cut down version of XP, with network, gui and FAT/NTFS/CDFS file system support. Since you can run Windows applications from this boot CD it’s a useful tool for fixing various problems on Windows 2000/2003/XP/9x system that can not easily be fixed while booted from the copy of Windows on the hard drive. Using Bart’s PE Builder to Make an Anti-Spyware and Rescue CD One great use for a PE Builder CD is to remove spyware from a computer and that is the task that site will help you with. Knoppix With Knoppix, you can boot from the CD and perform an Anti-Virus scan on your system without the need for loading MS Windows. UBCD for Windows UBCD4Win is a bootable CD which contains software that allows you to repair/restore/diagnostic almost any computer problem. All software included in UBCD4Win are freeware utilities for Windows.
I may be crazy but weren't there a lot of replies to this thread?
DragonsLore
127.0.0.1
posted: Sep. 17, 2004 @ 3:43a
This thread has recently been rewrote and updated to provide more information and better help to those who need it.
As such, the previous replies were all removed to leave room for any other problems which may need to be addressed in the above article instead of users having to wade through a bunch of replies which have since been addressed with the rewrite.
Also, periodically, I am updating the above article to reflect new spyware fighting tools or information which may be needed.
There are a lot of spyware scanners out there, some real and a lot of fake ones, so I'm not about to list all the scanners. Instead, I just llist the tools which best serve the purpose for fixing one's system. These are also the tools you will find are used every day at the different forums where people can go to get help with trying to erradicate these parasites.
DragonsLore said: Wilders SecuritySmall correction: As indicated in this post, the Wilders Security forum no longer allows posts of HijackThis logs.
DragonsLore
127.0.0.1
posted: Sep. 17, 2004 @ 4:06p
chuq said: Small correction: As indicated in this post, the Wilders Security forum no longer allows posts of HijackThis logs. Thank you for letting me know about this.
I'll remove them from the forum list soon as I finish this reply.
Would you consider adding the Webroot Spy Sweeper to your listing of spyware tools, please? It is NOT free, BUT it does have a 30 day trail available. PC magazine just named it editor's choice in spyware detection and removal and prevention.
I just tried it, seems pretty nice, but of course I don't have any spyware on my system to see how effective it is at removal
P.S. They also have 2 basic online free scans available on their homepage, near the top right.
DragonsLore
127.0.0.1
posted: Sep. 21, 2004 @ 8:39a
I've been thinking of adding Webroot Spy Sweeper, yes. Just forgot to do so.
There are a lot of different ones out there with many of them being fraudulent which you can find out by checking the Rougue programs lists above.
I mostly try to list the best ones for use with fixing your system along with tools that are routinely used for parasite removal and repair.
PestPatrol is one which I will not list because their program will detect legitimate items as parasites and there have been other problems with their software. So this one is not for the average user as you really need to scrutinize the results before you fix anything with PestPatrol. They also are very terrible with trying to contact if there is a problem which in itself is not good.
As to their SpySubtract software, I'm waiting to hear a little more about this company before I add it to the list of useful tools as I do not want to add anything that may unknowingly be a rogue program. Hopefully, by the end of the week I will know enough as to whether or not it can be added.
The link for the newest version of CWShredder has been added to the list of "tools you may be asked to use"
DragonsLore, I was wondering about installing Spyware Guard, as it is one of your recommended tools.
Wanted to know, though, what issues you might be aware of, considering their prominent warning SpywareGuard is a work-in-progress. We cannot guarantee that it will not conflict with other security software on your machine. However we do strive to fix any compatibility problems that may arise.
If you are worried about potential compatibility issues with SpywareGuard, we recommend you download SpywareBlaster instead.
If you need a copy of Hijack This!, which is useful for the removal of several Malware/Spyware programs, check out that link from DragonsLore or download it from MajorGeeks. Also, this post on the same site has an in depth removal tool. Any dummy (and I do mean dummy...we all all at risk to these hacker scumbags who want to flood our computers with junk advertisements) can follow the steps to remove the software.
One thing that really, really bothers me. I have an I.T. degree (OK it's only an Associates, but I know quite a bit) and I was hit with TVM.exe and randreco.dll/.exe malware. These hackers/programmers have made it almost impossible to remove such garbage!
PepiMK's CoolWWWSearch.SmartKiller removal tool~~ when i click on that link, i get a 'no page to display' message. i need that fix very badly. btw, all my pop-up windows are sticking on the lower 1/3 of my screen. why & how to fix.
DragonsLore
127.0.0.1
posted: Dec. 31, 2004 @ 6:51p
ohsexygirlfriend said: PepiMK's CoolWWWSearch.SmartKiller removal tool~~ when i click on that link, i get a 'no page to display' message. i need that fix very badly. btw, all my pop-up windows are sticking on the lower 1/3 of my screen. why & how to fix. Try the link for "CoolWWWSearch.SmartKiller (v1 and v2)" as this is the same thing, but a different link.
Very nice post DragonsLore. I would also highly recommend people to use Firefox browser or any other browsers out there instead of Internet Explorer whenever possible, since they don't have Active X in them which can let spyware in too.
i ran spyware S&D and adware and the new microsoft thing and my comp still runs abnormally slow
DragonsLore
127.0.0.1
posted: Jan. 9, 2005 @ 8:53p
redroomblackout said: i ran spyware S&D and adware and the new microsoft thing and my comp still runs abnormally slow
Those tools and many others are mostly for system maintenance and protection.
There are many things that can cause your system to run slow including parasites.
But if you are having a problem, the best thing you could do is to run HiJackThis, then post the resulting HJT log to one of the security forums and wait for a response. The trained personnel there will be able to help you.
If you do post your HJT log to the Spywareinfo fourms, it would need to be posted in the first forum which is the Malware Forum. Also be sure to read the first sticky which is by PGPhantom.
OD, you need to update the year on the title, we're at the new year of 2005 now.
DragonsLore
127.0.0.1
posted: Jan. 10, 2005 @ 5:02a
Thanks!
I must have been tired not to have noticed I put the wrong year!
rctay
Cranky Member
posted: Jan. 10, 2005 @ 4:49p
I spent 2 hours disinfecting a trojan from a system today. Every scanner with most recent updates missed it. It installs itself in c:\\\\system volume information\\\\upnpclient.exe. It appears to use port 25, the MS UPnP port as a back door. It runs two services, both UPnP clients. It's easy to remove if you disable simple file sharing to access that folder. It was blocked by my firewall, but was eating enough cycles that I noticed a typing lag. Heres the relevant hijackthis log line:
O23 - Service: Universal Plug and Play Device Client - Unknown - c:\\\\System Volume Information\\\\upnpclient.exe (file missing)
I've seen this type of exploit before, but this appears to be a new one the scanners are missing. I even run Pestpatrol in active mode and it blew past it. It apparently came packaged in a small file viewer installer I downloaded from a newsgroup post. The file passed the AV scan as clean. In this case I broke my own rules about knowing the source and got burned.
edit: If you have this thing it's a bigger security risk than I originally thought. One package is a password/CC# logger. There's a good discussion on Wilders Security on detection/removal: link This thing hasn't been added to any of the AV software updates as of this entry.
bonkers said: Very nice post DragonsLore. I would also highly recommend people to use Firefox browser or any other browsers out there instead of Internet Explorer whenever possible, since they don't have Active X in them which can let spyware in too.
NONE OF THE SUGGESTIONS HERE RECOGNIZE YAHOO'S "Web Beacons". HOW DO WE KNOW IF THIS IS SPYWARE IS ACTIVE?
From another post:
Yahoo is now using something called "Web Beacons" to track Yahoo Group users around the net and see what you're doing and where you are going, similar to cookies.
Yahoo is recording every website and every group you visit. Take a look at their updated privacy statement: Yahoo (http://privacy.yahoo.com/privacy) Here's how to opt out!!!
About half-way down the privacy statement page, in the section on cookies, you will see a link that says web beacons.
Click on the phrase web beacons. That will bring you to a paragraph entitled "Outside the Yahoo Network." In this section you'll see a little "click here to opt out" link that will let you opt-out of their new method of snooping.
Once you have clicked that link, you are exempted.
Notice the "Success" message on the top of the next page.
DO NOT hit the "Cancel Opt-out" button ... if clicked, it will *undo* the opt-out. Feel free to forward this to other groups or folks you know have Yahoo accounts Yahoo
DragonsLore
127.0.0.1
posted: Jan. 15, 2005 @ 9:06a
Web beacons are not spyware at all.
Instead, they are similiar to a cookie as it can be used to track your movements across the web.
This is also not a new technology as it has been in use for a while now, but Yahoo has decided to give them a new name.
A web beacon is basically a small image such as a 1 x 1 pixel clear image which is used in conjunction with a cookie.
Matter of fact, such tools as Hosts Files, SpyBot-S&D and SpyWareBlaster can block web beacons simply by blocking the Host address the web beacon originates from.
But if the image used for the web beacon uses the same address as the web site you're visiting, then you'll lock yourself out of the website if you try to block it.
Typically, many websites will use subdomains for such stuff as images, cookies and other items. So instead of blocking the website domain, you would block the subdomain that the image comes from.
Matter of fact, I think there is some tools out there which can specifically block web beacons themselves, but I do not remember the names of these particular pieces of software. They should be easy enough to find though.
Web beacons are not something that infects your system and as I have said, they are not spyware, so as such, there has been no need to cover web beacons in the above article.
samsen
Senior Member
posted: Jan. 16, 2005 @ 4:50a
Windows XP has done it again.
The beta version of windows antispyware is out. It rocks. Nothing like PK2. I am surprise by the number of hits it had despite the regular other programs already running (Spybot, adaware etc). I am convinced its a must for every xp user. Gives you a full description of the catches and even references to read more about the property of the malwares. Has a protection against the hijacking your home page, severity gauge etc. Best of all its free.
If you had read the article above, you would have seen that there is already a link to the MS AntiSpyware webpage.
This tool hold some real promise, but at the same time, do not rely on this tool alone as no single tool can handle all of the various parasites out there. Especially if yoiu happen to get infected by some of the really bad ones.
Also, knowing Microsoft, this tool will most likely only remain free until it is no longer a beta after which they will most likely chatge for it.
If they decide not to chare for this tool, then this would be something very unusual for them to do.
Note some of the links to the tools, like FindnFix now lead to a dead link.
azntwboy
Senior Member
posted: Jan. 22, 2005 @ 4:48p
hi, for some reason, the idle time set before my screensaver turns on changed to 180 minutes from 1 minute. why would something like this happen? i live in a dorm, and my door is usually unlocked. do you think someone came in and did something to my computer when i went out, but before the 1 minute idle time and changed the idle time from 1 min to 180? i set the password required for logging in back from the screensaver. i scanned my computer with mcafree virus scanner, adaware, and spybot and found nothing unusual. i hope no one took my files off my computer.
DragonsLore
127.0.0.1
posted: Jan. 22, 2005 @ 5:55p
RShea said: Note some of the links to the tools, like FindnFix now lead to a dead link. The link in this article is still good as it leads to another website.
If you look at the download link on that site, it's for downloads.subratam.org
Either that site is having a problem or they misplaced the file.
www.subratam.org needs to be alerted as to the problem.
It pro-actively prevents spyware, adware, worms, etc. from being installed on your PC in the first place.DragonsLore - what are your thoughts on this tool?
DragonsLore
127.0.0.1
posted: Jan. 22, 2005 @ 6:16p
From what I could find out about it, it is a good tool which is being used in the security forums.
BTW.....
I thought I had replied to this question in another thread which was posted asking about this tool?
As I stated earlier, when I get around to updating this thread, I will be adding this tool to the list along with some others.
The online scan does not clean infections, but it does inform you that you are infected. You have to download the trial version to remove them.
The online file submission allows you to submit a suspicious file and Kasperksy scans it on their server and tells you if it is infected and provides the name of the virus.
I scanned my neighbor's heavily infected PC with AVG (installed), Trend (online), A2 (trial, installed) and Kasperksy (trial, installed) in that order and each found infected files after the previous scan said the machine was clean. Surprisingly, Kasperky found 22 infected files in the Windows\\system folder after the machine had already been scanned by three other programs.
I know everyone here recommends and uses AVG, but I checked the cache on my neighbor's PC and his family was not doing any kind of risky surfing and they still got infected with viruses that AVG did not detect when I used it as a tool to clean up existing infections. Granted their PC did not have MS auto updates on and they did not have a firewall and they were not using any AV programs until it was too late, but I have much less confidence in AVG after this experience.
Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.
Members of our community may attach files to a post in accordance with the User Agreement. FatWallet is not responsible for the content, accuracy, completeness or validity of any information contained in any attached file. Files have *not* been scanned for viruses. Be especially wary of Excel files which may contain malicious content.
