The instructions contained in this post will help you to remove any unwanted
parasites from your system.
Make sure you read this entire article BEFORE you do anything. Removing
Spyware and other parasites is not as easy as you might think it would be and
there is a whole lot more to it than many people realize.
An up to date page can usually be found at this website by clicking on "Spyware Help"
in the menu on the left. Richard the Lion Hearted
Spyware, Adware, Malware and other parasites should not be taken lightly and you
should always get professional help to remove any stubborn parasites that you
may have on your system.
In this article you will find provisions for:
Tools Which You Will Need
Ad-Aware SE
SpyBot - Search & Destroy
McAffee Stinger
HiJackThis
Other Tools and Software can be found listed further down in this article.
Instructions on What You Should Do
Scan your system using Ad-Aware and SpyBot-S&D.
It makes no difference which order you run these two tools as they will each
detect and remove what the other misses.
Always make sure the reference files are up to date.
SpyBot-S&D: Let it fix anything that is listed in red.
Ad-Aware: Let it fix anything that it finds.
After you complete these scans, you will want to run a good Anti-Virus scan on
your system. Panda Anti-Virus has a good online scanner which should detect and
remove anything on your system.
If you are unable to go online or run any Anti-Virus you may currently have
installed on your system, then don't worry about it as this can be taken care
of later.
Another alternative if you have access to it would be to boot from a Knoppix
CD and do an Anti-Virus scan From Knoppix. Knoppix is a Linux distribution
which can be booted from a CD without the need to install it.
Once you complete the above steps, you will want to run HiJackThis, then post
the contents of the resulting HJT log to one of the Forums listed below.
Once you post your HJT log, you need to be patient and check back periodically
because the personnel who are there to help you can get quite busy working on HJT
logs posted by other users.
It is also very important that any forum you decide to visit for help, that you
read their FAQ before doing any posting if you want their help.
If you are a skilled computer user who is technically oriented and feel
confident about your skills, then you could try using one of the HiJackThis
tutorials which are listed below. I would suggest reading both of them as this
tool can very easily mess up your system if you are not careful.
Forums Where You Can Post Your HJT Log
AmazingTechs
Anti Spyware Offensief
Assiste.com
Atribune.org
BestTechie
BleepingComputer
Bluetack Internet Security Solutions
Calendar of Updates
CARMA
CastleCops
Common Sense Security
CPASecurity
Freedomlist
Geeks to Go
Gladiator Security
hpHosts
InfoSpyware
Infotex
JSKYs XP Support
Linha Defensiva
Lockergnome
MalWare Removal
ManageYourPC
MickeyTheMan
NeoPlanet
NetworkTechSupport
PC Pitstop
PCtorium
Pipex Support
RescueME
Short-Media.com
Spyware 911
SpywareAid
SpyWare BeWare!
Spywarefri
SpywareInfo My Personal Favorite
Spyware Warrior
Subratam.org
Tankweb
Tech Support Forum
Tech Support Guy
TeMerc Internet Countermeasures
That Computer Guy
The Spykiller
TomCoyote
UBCD4Win
Vital Security.org
Wilders Security
Important Information
When running HiJackThis, it is very important that you follow any directions
you may be given by Qualified personnel. You should not try fixing anything
yourself unless you know what you are doing. This program can very easily make
a mess of your system if you screw up.
MOST IMPORTANT
Always run HiJackThis from its own directory such as C:\\HJT
The reason for this is so HJT can create backups of anything removed in case
you should need to restore something.
HiJackThis and SpyWare Removers
Anytime you run HiJackThis or any other tool for removing parasites, you should
always close ALL Windows, especially any browsers and Windows Explorer.
The reason for this is if you leave any of these windows open, you may find the
parasite to still be installed on your system.
If you are Unable to Run SpyBot-S&D, Ad-Aware, CWShredder or HiJackThis
There is a variant of the Coolwebsearch trojan spreading that closes several
anti-spyware apps when you try to open them.
If this is happening to you, download PepiMK's CoolWWWSearch.SmartKiller removal tool (v1 and v2)
first and run it. After it does its job, CWShredder and HijackThis will run
properly (as well Spybot S&D, Ad-aware and several anti-spyware forums)
Fake Programs
One of the biggest things to watch out for is bogus programs which claim to be
Ad-Aware or SpyBot when they're not. Or other programs which claim to remove
parasites from your system. You can check this link to check to see if a
program is legitimate or not. Rogue/Suspect Anti-Spyware Products & Web Sites
Sytem Restore
Any time your system is infected by a bad parasite such as a Virus, Trojan
or Worm, you should disable "System Restore" before attempting to clean your
system. Otherwise, the infection will remain to reinfect your system.
Internet Explorer Users
Go into "Internet Options > Advanced" tab
There will be 2 "Install on Demand" items and 1 "Enable third party extension"
Uncheck all three items as these present a security risk which makes it easier
for parasites to install themselves on you system
Tools You May Be Asked To Use
AboutBuster
ADS Spy For 2K and XP Only
CWS HiddenDLLFinder
CWShredder Version 2.1 or newer by InterMute
CoolWWWSearch.SmartKiller (v1 and v2)
DllCompare
FINDnFIX For 2K and XP Only
FindQoologic-Narrator
GetService For 2K and XP Only
HsFix
LSP-Fix Fixes broken WinSocks
PeperFix Removes the Peper Trojan
Pocket KillBox
RKFiles
SpHjfix
Vx2cleaner
Vx2Finder
Winsock Fix
RootKit Tools
F-Secure Blacklight
RootKit RevealerDO NOT USE These RootKit tools unless you are directed to use them
or you know what you are doing.
Useful Tools
a-squared HiJackFree
Aranea Spyware Wizard
BHOdemon
BHOList
BOClean
BugOff
CCleaner
ewido Security Suite
Gibson Research
IE-SPYAD & AGNIS
Itty Bitty Process Manager
Microsoft Windows AntiSpyware
Prevx - Intrusion Protection software
Privacy Keyboard Anti-keylogger which will prevent any type of keystroke recording
Richard the Lion Hearted's Hosts files
SpyCop
System Safety Monitor
System Safety Monitor is a system monitoring tool with additional application
firewalling. You can keep a list of trusted applications and be alerted each
time a program, that is not on your trusted list, is executed. The optional
black-list allows you to specify programs that will be prevented from running.
You can also have System Safety Monitor alert you whenever a new start-up key
is added to the registry. This allows you to prevent software from installing
itself as an auto-start item in the registry without your knowledge. The
included logging feature enables you to view a log of all changes that have
been made to the registry.
Spider
SpyBlocker
SpyBot - Search & Destroy
SpyCop
SpyWareBlaster
SpywareGuard
StartupList
Tauscan
TDS-3 Trojan Defence Suite
The Cleaner
Trojan Remover
TrojanHunter
Webroot Spy Sweeper
WinPatrol
X-Cleaner
Bootable Disks for Diagnostics and Repair
BartPE Builder Bootable Windows CD/DVD
Bart’s PE Builder is a free tool that allows you to create a bootable
Windows CD or DVD from an existing install CD of Windows XP or Windows
Server 2003. This Windows boot CD runs a cut down version of XP, with
network, gui and FAT/NTFS/CDFS file system support. Since you can run
Windows applications from this boot CD it’s a useful tool for fixing
various problems on Windows 2000/2003/XP/9x system that can not easily
be fixed while booted from the copy of Windows on the hard drive.
Using Bart’s PE Builder to Make an Anti-Spyware and Rescue CD
One great use for a PE Builder CD is to remove spyware from a computer
and that is the task that site will help you with.
Knoppix
With Knoppix, you can boot from the CD and perform an Anti-Virus scan on your
system without the need for loading MS Windows.
UBCD for Windows
UBCD4Win is a bootable CD which contains software that allows you to
repair/restore/diagnostic almost any computer problem. All software included
in UBCD4Win are freeware utilities for Windows.
Self Help Resources
169 IP Address
BHOindex
BlackViper.net Service Configurations and more
CLSID BHOList ToolbarList
LEGEND for Both of the Above Links
The listed Parasites are tagged
[ X ] for certified spyware / foistware, or other malware
[ C ] Cookies, remove/rename.
[ D ] Dialer, remove/rename.
[ K ] Keyloggers, remove/rename if any problems.
[ T ] Tracker, remove/rename if any problems.
[ L ] for legitimate items
[ O ] for 'open to debate'
[ ? ] for BHOs of unknown status.
CounterExploitation (cexx.org)
DoxDesk
HiJackThis Quick Start
HijackThis Tutorial
Merijn's HijackThis Tutorial
Inside Spyware: A Guide to Finding, Removing and Preventing Online Pests
PC Hell
Rogue/Suspect Anti-Spyware Products & Web Sites
SpywareData
Startup Programs and Executables Listing
Alternative Browsers that are Not Based on Internet Explorer
Mozilla
Mozilla FireFox
Opera Browser
Various Online Scanners
F-Secure
HouseCall AntiVirus
BitDefender
Command on Demand
Freedom
McAfee FreeScan
Panda Active Scan
PcPitstop
RAV AntiVirus
Symantec Security Check
TrojanScan
Interesting Articles to Read
Introduction to Spyware Keyloggers Includes Links to other Interesting Articles
LearnIT: Malware
Macromedia Flash Player Settings Manager Use to Disable United Virtualities's PIE Tracking
Malware: what it is and how to prevent it
Webhelper4u Transponder News
