Curse

TEB Elite · Aug 29, 2007, 05:25 AM // 05:25

The Emergency Spyware Guide.
By TEB/Techsomething.net
Operating System: Windows XP Home/Pro
Difficulty: 3/5

So your computer slowing down? Getting ads? Being redirected to unknown sites? Then please, continue to read on. Because I'm going to show you in this guide how to remove it. And how to stop it from happening again.

First off, lets get a basic definition of spyware/adware/malware. Those things can simply be defined as this, any software that covertly gathers information about a user while he/she navigates the Internet and transmits the information to an individual or company that uses it for marketing or other purposes. There's many different variations, some are hijackers witch basically mean they take over your computer. Some are stealthy, meaning they secretly operate and slow down your computer gathering information and the likes. However the most popular are the ad banners, this is the kind of spyware/adware that's most annoying. It just displays completely random and useless ads when your Internet browser isn't even open. Very Very Annoying. If you have any of these symptoms, unknown re directions. Slowing of your computer. Random banner ads, then you have spyware/adware.

Now that you have a basic understanding of what it is, lets get on to removing.

Commonly, when you get spyware the first thing it does is add itself to the registry and to the start up database. The start up database is a list of items that are to load when you start up your computer, this is so the software will start up every time you load your computer so it doesn't miss anything. So the first thing were going to do is clear the start up database of any unknown items. To find the start up database, do the following.

Click start -> click run -> in the dialog box that pops up, type MSCONFIG -> A small box will pop up with a few different tabs.
Since these are used mostly for advanced users leave these alone. The one we need in start up, on the far right, click this tab. You will then be presented with a list of start up items. Usually it looks like this:

The start up item(Example) The Command (C:WindowsExample.exe) Location In registry (Software..

Now there will be a few checks next to the items that are to start up every boot. Now lets go through the list. Since every user has a different computer and preference, I cant list every item in the list. But if you know what it is, or installed it yourself and like it. Keep it. If you don't know what it is, look through a start up database. They can tell you whether the item should stay, or should go. Here's a few example ones.

http://www.bleepingcomputer.com/startups/ Just type the name of the item in the list and BC will attempt to find it.
http://castlecops.com/StartupList.html Again type the name of the object and this will search for your object and verify it.

If it shows up as bad, uncheck it. Once you have unchecked all bad/unknown items. Click apply then ok, it will prompt you to reboot, but dont. Some spyware adds itself to start up every time. So don't reboot.

Now were going to go through some steps that will help you show a trained professional a log of what is running on your system. So they can help you remove certain bad things. This is accomplished with the aid of a tool called Hijack this, HJT is a great tool used to give an up to date log of everything that is happening on your system, It is very simple and easy to use to help you get results. Go here, http://www.merijn.org/files/hijackthis.zip and download a free copy. Its in zip file form so you ll need winzip or winrar to extract it. Once the download is completed, extract Hijack this to its own working directory. Ex. C:HJT Just make sure its alone in a folder by itself.

Run Hijack this, youll be presented with this menu.

Were looking for do a system scan and save log file, click it. Hijack this will now scan your system. Once it is completed, (takes a few seconds) A notepad will popup with the details of the hijack this scan. Copy the ENTIRE contents of the notepad to a post in the ARP forums, the thread this was written in, or e-mail it to me at [email protected] or [email protected] for analyzing. Since Hijack this is a very powerful tool, it should only be analyzed by a trained professional. Usually getting your log analyzed by a trained person, will remove the greater of the security threat. Leaving only a few more steps for removal. Please read on...

Now that your a little cleaner (hopefully) Were going to do some last minute removal and quarantine procedures. This requires the function of a few programs.

First off, before we get to the actual programs, were going to run some online scans from well known antivirus venders. These venders have online scans, that will detect and remove any threats on your computer online and completely free. See below for list.

Panda Active Scan online - http://www.pandasoftware.com/activescan/
Internet Explorer only. Requires email address. Requires Active-X components to be installed. Approx 12MB download.

BitDefender online scan - http://www.bitdefender.com/scan/licence.php
Internet Explorer only. Must agree to a EULA. Need to allow installation of an Active X component.Some of the options are not clearly explained.

Trend Micro Housecall - http://housecall60.trendmicro.com/en/start...orp.asp?id=scan
(European version, supports Netscape, Mozilla, Firefox and Opera)

Kaspersky - http://www.kaspersky.com/scanforvirus

Now to the programs, you should be well on your way home to being spyware free.
Please go to the following sites and download and install the following programs.

(if you don't have a virus scanner, ex norton/zonelabs or other, then download and install this program.) AVG Anti virus home. A Free widely used virus scanner. get it here
http://www.grisoft.com/doc/1

(if you currently do not have a firewall. Ex zone labs, Norton Internet security, or other. lets get a free one from zone labs.
http://www.zonelabs.com/store/content/cata...d=dbtopnav_zass

Ad-aware : A spyware/adware/malware scanner. Very popular, and very good.
http://www.download.com/3000-2144-10045910...&tag=button

Spyware Blaster : A tool used to immunize yourself against bad active x controls and cookies, that can cause easy access to your system by bad software.
http://www.javacoolsoftware.com/sbdownload.html

CCleaner : A tool used to clean out the very pit of your computer of all that crap piling up, not exactly anti spyware, but it will save you a few steps of the cleanup process.
Ccleaner.com

Once the above tools are downloaded and installed, Run spyware blaster first.

You will be presented with the main program menu, or sometimes the tutorial for getting started. Since it comes with a tutorial already, just follow it. Its very useful. If you dont see the tutorial or dont know what to do, Ill explain. First, click updates on the left hand side navigation menu.

Then click check for updates. Spyware blaster will connect to the Internet and download the latest immunizations. Once it is completed, click the protection button. You will be presented with a list. On the bottom of which will say, Internet explorer, mozilla, restricted sites. Then spyware blaster database. Next to the database it should say, 4xxx items are unprotected. Right under that there's a section called quick tasks. Under that, click enable all protection. This will add all the active x controls, and all the bad cookies to the denied list or un-trusted sections of your web browser. This will make sure that those bad sites wont be able to download anything to your computer, even if you do go there. After everything is immunized, exit spyware blaster.

Now run Ccleaner. In the left hand side, check everything that you want ccleaner to clean when it runs on your computer. I recommend checking everything. Then click the applications tab right above that. Again check everything you want to, I recommend it all. Now, click run cleaner in the bottom right hand corner once everything is checked. Ccleaner will now clean up your system, it can take anywhere from 1 minute to 10 minutes depending on how junked up your pc is. Once it is finished cleaning, a list will be presented of all the crap cleaned off. Go ahead, take a gander. Amazing isn't it? Close ccleaner once it is finished cleaning.

Now don't run ad-aware yet, we have a few more steps.

If your still using Internet explorer, stop. Its one of Microsoft's worst products, so many security holes and glitches un-patched. We need to get you running a much more secure web browser.

Go to mozilla.org and download a copy of the Mozilla web browser. I believe the latest version is 4.07. Now Mozilla is an open source, web browser with far less vulnerabilities and potential than Internet explorer. Its also much more user friendly and can accomplish much more. The best part is, you can import all your settings and bookmarks in from Internet explorer if you wish. Meaning you don't lose any data or work. Install it, run it. It will prompt you to set as your default browser, click yes and dont show this message again. Mozilla will start up, usually it will be set to Mozilla.org as your homepage. If you'd like to change this, click tools -> options. It should be the first tab. Now after you change your homepage, go through the other configuration options as well and configure it to your liking. It takes a few minutes to orient yourself.

Now, start up ad-aware. When started you ll see the main program menu with a navigational menu to the left.

The first step you should do is update Ad-Aware SE so it is using the latest Spyware/Hijacker definitions. This will enable the software to recognize as much of these types of programs that it can. You should click on the Web Update button found in the bottom left corner of the scan menu. Once clicked youll be presented with this menu

Connect and let it download and install the latest updates.

Once completed updating, were going to perform a full system scan. This clean up your registry and anything we missed in the previous removal steps. Hopefully this should be the final step of the cleanup. So, click the start button. You should be presented with this menu

Make sure you select perform a full system scan, and make sure search for negligible risk entries and search for low risk threats is checked. Now click next, this will lead you to the actual scan which will begin scanning your system. Is can take a while, so now's the time to take a break check back occasionally.

Once completed you ll be presented with a screen similar to this.

Click on the next button in the right hand corner, You will then be presented with a screen that shows all the objects found that are flagged as Spyware or Hijackers.

At this point you should either right click on the screen and and choose the Select All Objects option or individually put a check mark in each objects check box, designated by the area surrounded by the red box in Figure 10, that you would like quarantined. When all the objects that you would like quarantined are checked, you should click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. If you would like to do so, press the OK button. You ll will then be taken back to the original scan screen. Now were going to clear the quarantined items. So click open quarantine list and then select the quarantines and delete them off your hard drive forever. You may close the program.

Now earlier, I asked if you did not have already to install an anti virus program, and a firewall. To stop hackers/viruses in their tracks. Zonelabs firewall, And AVG home free anti virus. Since these are 2 varying programs, there are to separate guides written for configuration and use here.

AVG: http://www.grisoft.com/doc/42/lng/us/tpl/tpl01

Zonelabs:
http://www.zonelabs.com/store/content/supp...mp;lid=zasupp_g

By now your computer should be pretty clean. Immunized and ready for use again. If you still have a few problems, Reboot your computer and please submit another fresh HJT log and that should do it.

However, if your computer is still horribly riddled with spyware, here's the truth, sometimes spyware is just to difficult to recover from, or just cant be removed. Right now though, if its only a little problem another HJT log can save you. But if you've tried and tried and its still there...In those cases which is semi-rare, you need to reinstall windows xp and start brand new again. A guide if you really need to, is found here on my site.

http://techsomething.net/SupportMiscellane...ourComputer.htm

Now after your reinstall, make sure and follow the steps above for immunization and safeguarding to prevent this from happening again.

Conclusion/tips

That's it people, hope you've learned a few things about keeping your computer clean. And were eventually able to remove what was causing you so many problems.

Send all questions or comments to [email protected]

Tips:
-Always have an antivirus/firewall these are a must to keep your computer clean. Always have them updated and ready for use.

-Always have a few antispyware programs, Ad-aware and spyware blaster being a couple.

-Try to be safe, don't go to unknown sites and randomly download games and software. Programs cant protect you forever, it takes your cooperation to.