Results 1 to 2 of 2

Thread: Egghead's Spyware removal thread

  1. #1
    Precision Processor Super Moderator egghead's Avatar
    Join Date
    May 2002
    Location
    In Your Monitor
    Posts
    3,212

    Egghead's Spyware removal thread

    Hello!

    I have seen a lot of problems with spyware. I would like to focus on adware and spyware that can find its way onto your computer and change the way your computer behaves. This stuff can do annoying things like replace your favorite websites' advertisements with ones generated by the adware company. Some of these advertisements can install even more spyware onto your computer causing your computer to crash or create additional popups every time you surf the web. The threat to your computer privacy and safety from unknown sources on the Internet is increasing at an alarming rate. Not only are you subject to attacks from viruses and worms that try to harm your computer, you are being scanned by advertising companies every second that seek to know your surfing habits.

    Before I forget, I put a "Glossary of Bad Things" at the end of this post so that when we techie-types start babbling on about mystifying things like "Drive By Downloads" you'll be the one person at the party who will actually know what we're talking about!

    So: How can we protect ourselves so we can enjoy reading about the wonderful cures people post at Techzonez?

    1 - Update your computer

    The first step is to update your computer with the latest fixes from Microsoft. Many of these programs use vulnerabilities in the Windows operating system that allow them to slip through the backdoor of your operating system. Close this door as best as you can.

    You can find Windows update here,
    www.microsoft.com/windowsupdate/

    Follow the easy online instructions and you will be well on your way to completing step one!

    2 - Scan your computer for trojans and viruses using the free updated online security tools.

    Step 2: Scan your computer for viruses and trojans that can prevent the spy removal tools from working. It is best to use the online virus scanners in this thread regardless of what antivirus programs are installed on your computer. If I could count the number of times I have heard someone say " My computer has antivirus protection built-in so i don't need the online scanner" only to try it and find multiple trojans and infections on their computer. Truth is not all virus scanners are 100% preventive of infections.

    The online scanners to use are,

    Panda ActiveScan,
    http://www.pandasoftware.com/actives..._principal.htm

    Trend Micro "Housecall",
    http://housecall.trendmicro.com/hous...start_corp.asp

    Both are great and you should use both if you continue to have problems. These scanners are free and will disinfect your computer.

    Scan your computer for spyware.

    Step 3: The next step is to scan your computer to see if you have been infected with some sort of spyware program or programs.

    Some great free programs we use that will scan your computer for spyware are,

    Ad-aware:
    http://www.lavasoftusa.com/software/adaware/

    Spybot - Search & Destroy:
    http://security.kolla.de/index.php?l...&page=download

    Bazooka Adware and Spyware Scanner:
    http://www.kephyr.com/spywarescanner/

    All these programs should be used to help you find most if not all spyware on your computer. Each one finds different things that others miss.

    All programs are free and essential to finding and removing most traces of Spyware.

    3 - Disinfect your machine using Ad-aware.


    Most people are familiar with freeware, shareware, cookies, media players, interactive content, and file sharing. What they may not realize is that some of them actually collect and disseminate information about those using them. They can track your surfing habits, abuse your Internet connection by sending this data to a third party, profile your shopping preferences, hijack your browser start page or pages, alter important system files, Add additional popups to WebPages and they can do this without your knowledge or permission. The security and privacy implications of these exploits should be quite obvious and undesirable on any system or network!

    You should check for spyware that may have hijacked your browser and could be using valuable bandwidth and has attached itself to the windows operating system. These things can send you email Spam and also send you additional popups at every web page you visit.

    You can download a program called "ad-aware". This is a free program that will detect 1000's of web tracking spy software that may have found a way on to your computer by using strange tricks. You may get it from here,
    http://www.lavasoftusa.com/software/adaware/

    Direct download,
    http://fileforum.betanews.com/detail.php3?fid=965718306

    * Install the program but before scanning you must update the spyware definitions to ensure you have the latest spyware caught in your scan. Anything more than 10 bugs is considered very bad and you should be alarmed.


    Quarantine everything it detects.

    Please read here for more interesting information,
    http://quicken.com.com/2009-1023_3-8...html?tag=st_rn

    4 - Disinfect your computer using Spy-bot.

    Next, download a program called "Spy-bot Seek and Destroy" and scan your computer for additional spies that ad-aware may have missed.

    You can get the free program from here,
    http://security.kolla.de/index.php?l...&page=download

    Remember to update this program as well before scanning to net the latest spies on your computer.

    5 - Scan your computer with Cwshredder.

    Some of the ads generated by spyware can change your default homepage to anything they choose. If your homepage has been hijacked you should scan your computer with Cwshredder. Cwshredder is a small utility for removing CoolWebSearch (aka CoolWwwSearch, YouFindAll, White-Pages.ws and a dozen other names). These websites create ads that change your browser homepage. You can use this tool to completely remove the hijack. This program is updated to remove the new variants once they come out.

    Visit their homepage at:
    http://www.spywareinfo.com/~merijn/

    UPDATE - CWShredder has been sold to InterMute. This means that from now on, InterMute will manage CWShredder, add detection and removal for new variants, everything. They offer CWShredder 2.0 as a free download, and plan to integrate it into their existing product SpySubstract PRO.

    Download "cwshredder.exe" and run it. This important free program is the only tool designed to remove the CWS exploits that change your homepage.
    get it here,
    http://www.intermute.com/spysubtract..._download.html

    6 - Scan with Bazooka Spyware scanner to find the spyware that cannot be removed automatically.

    Now you can download and run Bazooka Spyware scanner. Some programs can detect spyware but will not tell you you are infected because the program cannot remove them. So until an update comes along these spyware programs have full control of you computer and log all things you do on it. You can download Bazooka Spyware scanner and see if you have some nasty programs that may have been missed by the above programs. The only difference with this program is the fact that it cannot remove the spyware for you but It will provide a link with the steps of hoe to remove the spyware yourself.


    Very cool so check it out here,


    Bazooka Adware and Spyware Scanner:
    http://www.kephyr.com/spywarescanner/


    Whew!!!

    You just saved yourself a minimum of $60 by cleaning your computer yourself

    ****************************Break**************************
    Last edited by egghead; October 21st, 2004 at 19:59 PM.

  2. #2
    Precision Processor Super Moderator egghead's Avatar
    Join Date
    May 2002
    Location
    In Your Monitor
    Posts
    3,212

    :Continued:

    Now once we are relatively safe from Spyware we want to ensure and prevent them from finding a way back onto your computer.

    7 - Stop using Internet Explorer to surf the net.

    Read the news,
    http://www.google.ca/search?hl=en&q=...le+Search&meta=
    here,
    http://news.google.ca/news?q=interne...r=&sa=N&tab=wn
    and here,
    http://groups.google.ca/groups?q=int...&ie=UTF-8&sa=N

    These are just a few of the many headlines about Internet Explorer.

    I recommend using an alternative internet browser such as firefox or Netscape Navigator.

    Firefox:
    http://www.mozilla.org/products/firefox/

    Netscape Navigator:
    http://channels.netscape.com/ns/browsers/download.jsp

    Install your new bowser and surf the net as you normally do.

    8 - If you must use Internet Explorer.

    If you must use Internet Explorer then we recommend downloading a new tool to combat spy ads called IE-SPYAD. IE-SPYAD is a Windows Registry file (IE-ADS.REG) that adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. Once this list of sites and domains is "merged" into your Registry, most marketers, advertisers, and crapware pushers on the Net will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on you. Please note that IE-SPYAD is not an ad blocker. It will not block standard banner ads in Internet Explorer. What this restricted sites list of known advertisers and crapware pushers will do, however, is:

    Stop unwanted software from being installed behind your back via "drive-by-downloads"
    • Prevent the hijacking of your home page and other key Internet Explorer settings;
    • Shut down ActiveX, Java, and scripting, all of which can be employed to push obnoxious advertising on you and compromise your privacy and security;
    • Block cookies, which can be used to monitor and track your travels around the Internet;
    • Combat obnoxious script-based popups that clutter your screen and force unwanted advertising on you.
    You can check out the details here:
    https://netfiles.uiuc.edu/ehowes/www/resource.htm

    Or go ahead and download here:
    https://netfiles.uiuc.edu/ehowes/www/res/ie-spyad.exe

    When prompted, choose to "Open" the file and extract it to your computer. (Make a note of the directory where you extracted it to) Navigate to this directory and locate the Install/Uninstall Utility (INSTALL.BAT). Simply click install and follow the instructions and that's it!

    Whew!

    The Glossary of Bad Things!

    Adware: "Software that brings targeted ads to your computer, after you provide initial consent for this task. Some Adware may hijack the ads of other companies, replacing them with its own. Adware typically will track your browsing habits and report this info to a central ad server."

    Browser Helper Object (BHO): "A component that Internet Explorer will load whenever it starts, shares IE's memory context, can perform any action on the available windows and modules. A BHO can detect events, create windows to display additional information on a viewed page, monitor messages and actions. Microsoft calls it "a spy we send to infiltrate the browser's land." There are many exploits of this technology which search all pages you view in IE and replace banner advertisements with other ads, monitor and report on your actions, change your home page, etc."

    Hijacker: "A Trojan that may reset your browser's home page and/or search settings to point to other sites. Such sites are sometimes porn sites, often loaded with advertising. Homepage Hijackers may prevent you from changing your browser's homepage or from visiting a particular site."

    Spyware: "Any product that employs a user's Internet connection in the background without their knowledge, and gathers/transmits info on the user or their behavior. Many spyware products will collect referrer info (information from your web browser which reveals what URL you linked from), your IP address (a number that is used by computers on the network to identify your computer), system information (such as time of visit, type of browser used, the operating system and platform, and CPU speed.) Spyware products sometimes wrap other commercial products, and are introduced to machines when those commercial products are installed."

    Trojan: "Unwanted software which runs in a user's machine, as an agent of the attacker, without user awareness. Unlike viruses and worms, Trojans do not replicate (make copies of themselves.)"

    Drive-by Download: "We think there should be no software in your machine that you did not choose to put there. But some products install themselves simply because you visited a web site. AdultLinks will not ask if you want to install it. Hotbar will install even if you indicate you do not want to install it, and some OnlineDialer installer pages open a JavaScript error and try again if you click 'No' to the install box, to try to force you to install the software. PerMedia was installed from e-mail; upon agreement to install, further invitations would be sent to all entries in a user's address book. StripPlayer and IEAccess can install automatically on versions of Internet Explorer older than IE6 Service Pack 1."

    Glossary Source
    Pestpatrol.

    Happy computing from Egghead and Techzonez!

    Cheers

    Last edited by egghead; October 21st, 2004 at 20:22 PM.
    ------------------------------------------------------------



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •