Protect and Remove Spyware/Adware/Malware Threats

[Slimy]

Almost every day, I see numerous threads regarding problems with spyware/adware/malware (i'll use spyware from now on, but I am referring to all three). I have put this thread together as a reference. It is NOT the only way to clean and protect your computer. Rating this thread is appreciated and helps users check out the good guides.

1. If You Are Already Infected

The best option is to format. But, most of the time, it isn't the most welcomed solution.

Download the following:

Spybot Search & Destroy

Ad-Aware SE Personal

Windows Defender Beta 2

There are many other programs that you can use to clean your computer. These three free ones that complement each other very well. Make sure that all three programs have fully updated definitions. If you don't know how to update definitions, check the program's site for more information. After everything is up-to date, proceed to restart your computer and enter safe mode. (If you don't know how click here) It is also possible to clean your computer without going into safe mode, but it is a recommended step if your computer is very infected.

Make sure each program is set on a full scan and then run each program multiple times. If you know which spyware you have on your computer and it wasn't cleaned succesfully, search google with the specific name for removal instructions. After you have cleaned out your computer sucessfully (if all goes well) and have gotten back into Windows, download HijackThis. Clean out anything that looks suspicious. If you need help, post the hijackthis log on neowin or another forum for someone else to check it. Alternatively, you can copy and paste the log here: http://www.hijackthis.de/

You may also want to verify that nothing annoying isn't starting up on your computer. This is included with hijackthis but in case you skipped that part here is an alternative for startup. Many methods are available to do this, here are two:

start>run>type "msconfig">startup tab

or

ms antispyware>advanced tools>system explorers>startup programs

Hopefully your computer is now clean from spyware. Instead of doing the above whenever you are infected, which may happen a lot, I suggest you do what's below.

2. Protect your computer

This method works with any browser. No browser is perfect and will not protect you fully, despite whatever you are told.

Download the following:

Winpatrol

Spywareblaster

The first program will detect any changes that are made to your computer and ask you if they are wanted. It needs to be on all the time, but it doesn't use much memory. The second program will protect your computer from unwanted threats without running in the background. You can also use other progams but the two above are free and don't consume much memory. For more applications visit this thread under the Anti- Spyware/Adware/Malware section.

You do not need all the program's mentioned under #1 to remove threats after you use the two programs in #2. Ms antispyware and hijackthis are good enough and can be run monthly as you have solid protection now.

Please remember that this is not the only way of protecting your computer from and removing spyware threats. It is simply what has worked for me for the last couple of months. I am spyware free and very happy :) and I hope after my suggestions you will be too. Please note that there is some important things to consider that are not mentioned in this post but are covered in the rest of the thread.

Edited March 5, 2006 by slimy

[digen]

Nice piece of info slimy,would be a help for many I believe (Y)

[ZonoBurk]

Very nice work, thanks for that. :)

[viciv]

nice post. thanx

[oddcrap]

Nice piece of info slimy,would be a help for many I believe (Y)

585920001[/snapback]

And they wonder why they have all this spyware on their machine? Only, if they care to read on how to protect themselves.

[Pete Zaria]

Very good article, however, I'd stress the Safe Mode thing a lot more. A lot of spyware I've seen cannot be deleted except from Safe Mode, so I don't even bother to scan except in Safe Mode anymore. Also, there have been a few bugs that can't even be deleted from Safe Mode, so I downloaded a program called Pocket Killbox that deletes them on the next reboot.

Don't forget that Spybot S&D has a real-time protection tool (oddly named "teatimer") that works pretty well.

Keeping Windows, your anti-virus program, your anti-spyware aresnel (mine includes Adaware, Spybot, Msft's Anti Spyware, and Panda Titanium) UP TO DATE is critical. Without the latest patches and deffinitions, you're vulnerable.

Although they apply more to viruses than spyware/malware/adware, wouldn't hurt to mention Panda Software's Active Scan and Trend Micro's House Call which are both good, free, online virus scanners.

Very nice post.

Peace,

Pete Zaria.

[PseudoRandomDragon]

An ounce of prevention is worth a pound of cure.

Because let's face it: antispyware and antivirus programs can't eliminate everything that infects your computer. Heck, MS antispyware is one of the best out there and it can only detect about 65% of known spyware. A lot of people deal with three or four antispyware programs just to keep their computer clean. Fortunately that isnt so much of a problem with viruses, provided you pick the one with the best detection and removal. Sadly, all you need is a virus that isn't on the database and that's it.

So the way I recommend is prevention. Here are the methods:

Backup your data. It's just a good idea.

HOSTS blocking method can be effective. The main weakness is it can only block known spyware sites and cannot protect you if you install something that has spyware in it. It's large database is also known to cause slowdowns. However, the large list is effective at blocking drive-by downloads. Programs like SuperTrickXG and Spybot S&D use this.

Update your software. It doesn't matter if you use windows, or linux, or a mac. If you don't patch your system for vulnerabilites, you will be vulnerable to the very methods malware use to get in. Even media players and office programs must be updated. After all, documents can infect you if you are vulnerable to it.

Since browsers are targeted the most, take care to make sure they are up to date and that they have secure settings. IE users should turn off ActiveX and other content except for sites that are trusted. Dont fall for that "trust sites with certificates" crap, that doesn't ensure that the site doesn't have spyware. All it does is tell you that the connection is definately coming from that site. Autoinstall options for any browser should be turned off. Take care to update the often unupdated Flash, Java and other plugins, those can be exploited as well. While there are particular targets, there is no preference to what browser you use as long as you secure it.

Passwords are good, they keep your family members or friends from installing garbage.

Take every piece of software you install with reservation. Spyware and adware comes with software such as the widly used AIM. Some provide opt-out abilites, some do not. Be sure to check out something before you install it.

Firewalls work as a great first defense, but only if you configure it properly. Take advantage of anything that can safeguard email or filter web content for things like javascript, activex, java, ads, etc. Read tutorials to make sure you set everything up properly. I recommend ZoneAlarm, Kerio or Outpost.

[Martyn]

Thats exactly the way I protect my computer. I think this guide will help out many people, so nice one slimy (Y)

[MikeKingston]

I dont know if this belongs here, but to block spyware popups (which I had an issue with just a few days ago) I was recommended winguard popup remover and I would recommend it aswell.

Mike. Thanks for all those who helped me solve my spyware problems.

[El_Cu_Guy]

A few tidbits:

Paid for programs are good too.

Webroot SpySweeper

Sunbelt Software CounterSpy <--#1 PCWorld comparison

MS AntiSpyware is only available for W2K, XP, 2003.

SpywareBlaster should not be confused with Spyware Blaster.

Read before you Click

Read EULAs

One company wanted to find out if people actually read them and offered CASH to anyone who found the contact info in the EULA.

Neuter IE and disable/enable options in other browsers.

Personal Note: Screw numerous background programs. Secure it at the source and forget the "secure it for me 'cause I'm too friggin' lazy/retarded to Google for a guide" type prgrams.

[Fighter-X]

Omg! Missing a VERY important part of security. A Firewall! I use sygate and has slowed down viruses. Viruses mostly come from certain sites and those damn hackers using annoying trojans and malware.

http://smb.sygate.com/products/spf_standard.htm

[ShaneSparky_YYZ]

Yes, a firewall should be included in this guide.

This can stop some programs on accessing the net to deliver info.

Aside from that, great guide ;) I gave this thread 5/5! (Y)

[mobo49]

Java exploits must be considered one of the most common causesd for infections now whether by driveby or not. I have a short writeup here on my site here. which may help as well.

[El_Cu_Guy]

IU wouldn't say Java is one of the most common.

javascript

activeX

ride-alongs

moron users (click OK at EVERY prompt)

vague/misinformation/obscurity -> EULAs

All are more common than Java-exploits

[mobo49]

Your first two would be included in java

[El_Cu_Guy]

Your first two would be included in java

:wacko: :wacko:

???

Please elaborate

[srb]

very good this topic bud need more information for a safety thorough

[El_Cu_Guy]

a safety what?

[llbbl]

Here are some links to add. It is good to give people MULTIPLE LINKS TO DOWNLOAD because some spyware will edit your HOSTS file and people are too stupid to realize this so they can't download programs to remove the spyware.

HijackThis

http://www.spywareinfo.com/~merijn/downloads.html

Download.com

http://www.download.com/HijackThis/3000-80...tml?tag=lst-0-1

HijackThis Log Analyzer

http://hjt.iamnotageek.com/

Database of Harmful BHO objects

(Which are the things that cause spyware, malware and adware)

http://www.spywaredata.com/spyware/bho.php

http://castlecops.com/CLSID.html

http://www.sysinfo.org/bholist.php

Browser Security Toolbox

Even if you run a firewall, keep your virus definitions updated, and don't run attachments that are e-mailed to you, you may still be at risk. Browser vulnerabilities can allow intruders into your system or allow your private data to be read just by viewing a webpage. What follows are a series of browser security tests to see whether you are vulnerable. You can either start at the beginning and run through them all, or jump to a test by using the table of contents.

http://www.jasons-toolbox.com/BrowserSecurity/

Layered Service Provider(LSP)

A Layered Service Provider, or LSP, is a piece of software that is tightly woven into the networking services of a computer. In particular, when using the protocol of the internet, TCP/IP, the LSP integrates itself with the TCP/IP layer of your network. As such, the LSP has access to all TCP/IP traffic coming into and leaving a computer. If the LSP is from a "good" author, then the communication can be enhanced and protected in many helpful ways. However, when spyware authors use an LSP, it can be used to spy on the habits and data of the user. Also, because the computer will not see any of the data until the LSP lets it through, it is possible to change information so that the spyware vendor benefits. Recent examples of this include replacing the top Google search results with links to paid advertisers. These links are indistinguishable from real search results.

http://www.adwarereport.com/mt/archives/000044.html

List of LSP(s)

http://castlecops.com/LSPs.html

FINIALLY ONE OF THE BEST SITES FOR ALL SORTS OF GOOD INFO ON PARASITES DOXDESK.com. Lots of good links and better info than what the guy who posted started this thread.

Unsolicited commercial software

...is DOXdesk?s name for the annoying breed of software that gets on your computer without you asking for it, there to make money for someone else. We call them ?parasites? for short.

This encompasses many kinds of spyware, adware, browser hijackers, diallers and other assorted unwelcome guests. (Definitions of these terms...)

Parasites have been around since around 1999 and have gone from an obscure issue of interest to computer security professionals to the single most common threat affecting internet users.

If your computer has recently started showing constant adverts or changing your home page and search engines; if new toolbars, bookmarks and icons have been unexpectedly appearing; or if the desktop has become unusuably slow or error-prone, it is possible you could have unsolicited commercial software installed. (How it could have happened, and how to prevent it happening again...)

DOXdesk provides a JavaScript program that can run from a web page and detect some kinds of parasite; you can see its results at the top of this page. (Putting the script on your own web pages...)

If the script found anything, it?ll give you links to more information, including manual removal instructions. (Database of all parasite information...)

There are also programs available that can (in many cases) remove the parasites automatically; they can also detect many more types of threat that the script here cannot (for tedious technical reasons). (Recommended anti-parasite software...)

Unfortunately, with the recent explosion of publicity and awareness of spyware, there are also a great many companies trying to cash in with incompetent, misleading or even deliberately harmful ?spyware removal? software. (Questionable anti-parasite software and how to spot it...)

Whilst there are many sites trying to mislead people into buying questionable anti-parasite software, there are also many good resources for information and discussion of parasites, spyware and related issues. (Other useful sites...)

Finally, miscellaneous information about this site: (Disclaimers, corrections, contact details, copyright, licensing...)

http://doxdesk.com/parasite/

[Sriubol]

ขอบคุณครับ Thank you...now I'm already used Winpatrol...coolest

[Slimy]

ขอบคุณครับ Thank you...now I'm already used Winpatrol...coolest

586091059[/snapback]

no problem, happy you like it :D

[nicedreams]

Don't use MSCONFIG to disable startup items for good. MSCONFIG is only for diagnosing a problem. Microsoft even says not to use it for daily use. Use something like Startup Control Panel or go to the RUN keys in the registry and remove the startup entries you don't want.

Using MSCONFIG puts your computer in a weird mode and you should always have it in normal mode once you figure out what is wrong with your system. I've even had people in MS training classes I had to attend for my job say the same thing about not using MSCONFIG except for diagnose a problem and then put it back to normal.

[nicedreams]

And to further update this doc I would say install and use these and you will not have problems and to remove current problems.

!!!Always update all of the software and definitions and if your infected, run all of these in SAFE MODE!!!

Safe mode most of the time won't even let viruses load into memory so you can get rid of them easily and ad-aware usually won't make you reboot to remove really bad issues. SAFE MODE IS THE KEY TO FIXING A SCREWED SYSTEM!!!

Ad-aware

Spybot

MS Anti-Spyware

Spyware Blaster

Firefox

CCleaner

NOD32 Anti-Virus

CWShredder (Just in case you get a CWS Hijacker)

blocklist.reg

[srb]

spywareblaster rox...

to remove,get Ad-aware SE...good one :yes:

[CrisCr0ss]

yea thats what i use, also add in Microsoft Antispyware as its free atm and does a fairly good job.