posted: Apr. 5, 2004 @ 7:35a
The instructions contained in this post will help you to remove any unwanted
parasites from your system.
Make sure you read this entire article BEFORE you do anything. Removing
Spyware and other parasites is not as easy as you might think it would be and
there is a whole lot more to it than many people realize.
An up to date page can usually be found at this website by clicking on "Spyware Help"
in the menu on the left. Richard the Lion Hearted
Spyware, Adware, Malware and other parasites should not be taken lightly and you
should always get professional help to remove any stubborn parasites that you
may have on your system.
In this article you will find provisions for:
Tools Which You Will Need
SpyBot - Search & Destroy
Other Tools and Software can be found listed further down in this article.
Instructions on What You Should Do
Scan your system using Ad-Aware and SpyBot-S&D.
It makes no difference which order you run these two tools as they will each
detect and remove what the other misses.
Always make sure the reference files are up to date.
SpyBot-S&D: Let it fix anything that is listed in red.
Ad-Aware: Let it fix anything that it finds.
After you complete these scans, you will want to run a good Anti-Virus scan on
your system. Panda Anti-Virus has a good online scanner which should detect and
remove anything on your system.
If you are unable to go online or run any Anti-Virus you may currently have
installed on your system, then don't worry about it as this can be taken care
Another alternative if you have access to it would be to boot from a Knoppix
CD and do an Anti-Virus scan From Knoppix. Knoppix is a Linux distribution
which can be booted from a CD without the need to install it.
Once you complete the above steps, you will want to run HiJackThis, then post
the contents of the resulting HJT log to one of the Forums listed below.
Once you post your HJT log, you need to be patient and check back periodically
because the personnel who are there to help you can get quite busy working on HJT
logs posted by other users.
It is also very important that any forum you decide to visit for help, that you
read their FAQ before doing any posting if you want their help.
If you are a skilled computer user who is technically oriented and feel
confident about your skills, then you could try using one of the HiJackThis
tutorials which are listed below. I would suggest reading both of them as this
tool can very easily mess up your system if you are not careful.
Forums Where You Can Post Your HJT Log
Anti Spyware Offensief
Bluetack Internet Security Solutions
Calendar of Updates
Common Sense Security
Geeks to Go
JSKYs XP Support
SpywareInfo My Personal Favorite
Tech Support Forum
Tech Support Guy
TeMerc Internet Countermeasures
That Computer Guy
When running HiJackThis, it is very important that you follow any directions
you may be given by Qualified personnel. You should not try fixing anything
yourself unless you know what you are doing. This program can very easily make
a mess of your system if you screw up.
Always run HiJackThis from its own directory such as C:\\HJT
The reason for this is so HJT can create backups of anything removed in case
you should need to restore something.
HiJackThis and SpyWare Removers
Anytime you run HiJackThis or any other tool for removing parasites, you should
always close ALL Windows, especially any browsers and Windows Explorer.
The reason for this is if you leave any of these windows open, you may find the
parasite to still be installed on your system.
If you are Unable to Run SpyBot-S&D, Ad-Aware, CWShredder or HiJackThis
There is a variant of the Coolwebsearch trojan spreading that closes several
anti-spyware apps when you try to open them.
If this is happening to you, download PepiMK's CoolWWWSearch.SmartKiller removal tool (v1 and v2)
first and run it. After it does its job, CWShredder and HijackThis will run
properly (as well Spybot S&D, Ad-aware and several anti-spyware forums)
One of the biggest things to watch out for is bogus programs which claim to be
Ad-Aware or SpyBot when they're not. Or other programs which claim to remove
parasites from your system. You can check this link to check to see if a
program is legitimate or not. Rogue/Suspect Anti-Spyware Products & Web Sites
Any time your system is infected by a bad parasite such as a Virus, Trojan
or Worm, you should disable "System Restore" before attempting to clean your
system. Otherwise, the infection will remain to reinfect your system.
Internet Explorer Users
Go into "Internet Options > Advanced" tab
There will be 2 "Install on Demand" items and 1 "Enable third party extension"
Uncheck all three items as these present a security risk which makes it easier
for parasites to install themselves on you system
Tools You May Be Asked To Use
ADS Spy For 2K and XP Only
CWShredder Version 2.1 or newer by InterMute
CoolWWWSearch.SmartKiller (v1 and v2)
FINDnFIX For 2K and XP Only
GetService For 2K and XP Only
LSP-Fix Fixes broken WinSocks
PeperFix Removes the Peper Trojan
RootKit Revealer[Q]DO NOT USE These RootKit tools unless you are directed to use them
or you know what you are doing.
Aranea Spyware Wizard
ewido Security Suite
IE-SPYAD & AGNIS
Itty Bitty Process Manager
Microsoft Windows AntiSpyware
Prevx - Intrusion Protection software
Privacy Keyboard Anti-keylogger which will prevent any type of keystroke recording
Richard the Lion Hearted's Hosts files
System Safety Monitor
[Q]System Safety Monitor is a system monitoring tool with additional application
firewalling. You can keep a list of trusted applications and be alerted each
time a program, that is not on your trusted list, is executed. The optional
black-list allows you to specify programs that will be prevented from running.
You can also have System Safety Monitor alert you whenever a new start-up key
is added to the registry. This allows you to prevent software from installing
itself as an auto-start item in the registry without your knowledge. The
included logging feature enables you to view a log of all changes that have
been made to the registry.
SpyBot - Search & Destroy
TDS-3 Trojan Defence Suite
Webroot Spy Sweeper
Bootable Disks for Diagnostics and Repair
BartPE Builder Bootable Windows CD/DVD
[Q]Bartís PE Builder is a free tool that allows you to create a bootable
Windows CD or DVD from an existing install CD of Windows XP or Windows
Server 2003. This Windows boot CD runs a cut down version of XP, with
network, gui and FAT/NTFS/CDFS file system support. Since you can run
Windows applications from this boot CD itís a useful tool for fixing
various problems on Windows 2000/2003/XP/9x system that can not easily
be fixed while booted from the copy of Windows on the hard drive.
Using Bartís PE Builder to Make an Anti-Spyware and Rescue CD
[Q]One great use for a PE Builder CD is to remove spyware from a computer
and that is the task that site will help you with.
[Q]With Knoppix, you can boot from the CD and perform an Anti-Virus scan on your
system without the need for loading MS Windows.
UBCD for Windows
[Q]UBCD4Win is a bootable CD which contains software that allows you to
repair/restore/diagnostic almost any computer problem. All software included
in UBCD4Win are freeware utilities for Windows.
Self Help Resources
169 IP Address
BlackViper.net Service Configurations and more
CLSID BHOList ToolbarList
[Q]LEGEND for Both of the Above Links
The listed Parasites are tagged
[ X ] for certified spyware / foistware, or other malware
[ C ] Cookies, remove/rename.
[ D ] Dialer, remove/rename.
[ K ] Keyloggers, remove/rename if any problems.
[ T ] Tracker, remove/rename if any problems.
[ L ] for legitimate items
[ O ] for 'open to debate'
[ ? ] for BHOs of unknown status.
HiJackThis Quick Start
Merijn's HijackThis Tutorial
Inside Spyware: A Guide to Finding, Removing and Preventing Online Pests
Rogue/Suspect Anti-Spyware Products & Web Sites
Startup Programs and Executables Listing
Alternative Browsers that are Not Based on Internet Explorer
Various Online Scanners
Command on Demand
Panda Active Scan
Symantec Security Check
Interesting Articles to Read
Introduction to Spyware Keyloggers Includes Links to other Interesting Articles
Macromedia Flash Player Settings Manager Use to Disable United Virtualities's PIE Tracking
Malware: what it is and how to prevent it
Webhelper4u Transponder News