Spyware/Virus Removal
From Extreme Overclocking
Contents |
Lozoot's Spyware Removal Guide.
INTRO
Most spyware/viruse infections start out small and end up growing. Yes that is right, "growing", and it will spread to other computers, corrupt files and eventually some will crash your computer. That is why you will want to get rid of it as soon as possible. All of your scans and removal attempts should be in safe mode. The reason for this is spyware and viruses don't run in safemode. Safemode is actually a way to start Windows using only the most basic and necessary services and programs. So it won't start up any spyware that may try to interfere with your removal attempts.
PLACES TO GO
Well if you ever have a spyware problem go to 2-spyware
2-spyware has some Anti spyware/virus downloads and links to downloads that will help you find/kill spyware using programs like spybot sd and hijack this. Also they have complete instructions on how to remove the software/spyware/virus/adware/malware/worms/trojans manually. Just type what the spyware is called and it will give you some options like news and removal instructions.
If you see any mysterious processes go to the Process Library
Type the process in and they will give you a threat level and source of the process.
Merijn AS is a place dedicated to hating spyware. Again some downloads of Anti spyware and Anti virus Software.
HiJack This is a highly advanced FREE choice to spyware/virus removal and is only recomended by advanced users. You could mess up your computer using this! Hijackthis shows stuff in windows only areas of disk space like in the registry key (HKEY_LOCAL_MACHINE/SOFTWARE/MICROSOFT/WINDOWS_NT/). Also this will show several things related to critical windows components that when deleted could crash your system. It will notify you when there is a suspicious item running in memory. Also anyone with REGEDITS that tweak your OS they will show up as bad. Before even trying to use it i would read up a little on it and find the log analyser and how it works.
Process library does not have every process on earth so it may come up empty. Such as ISP related or driver related processes.
Spybot SD is also free but it is not updated as often as say Norton Anti Virus.
ANTI SPYWARE AND VIRUS SOFTWARE
Free Software (Or non limiting trials)
- HiJackThis
- Hitman PRO
- LavaSoft AdAware
- Spybot Search and Destroy
- SpywareBlaster
- Spyware Doctor
- Webroot Spysweeper
- Windows Defender
- Zone Alarm
Retail Software (Some limited trials maybe available)
Almost every spyware removal software is resource consuming meaning you cant play c&c or age of empires while running the software. But spyware and viruses will be also just as resource consuming as the software used to get rid of it.
Also ISP related Anti anything is usually bad.
DICTIONARY
Spybots are just like a trojan only with spyware and malware. It imbeds or downloads into a browser (mainly IE 6 because of the loopholes) and downloads or creates copies of itself into directories or merges with a file to stay in the shadows of your hard disk to keep itself on your computer.
Active X controls are a websites way of comunicating software to you over the internet. Such as an online virus scan or a company chat box. Active X spies are the worst thing ive ever come accross because they get worse while your on the internet. They emmbed into every browser window and download stuff all of the time. Which some of us are on the the internet all day. Then when you restart you relize something bad is happening cauze your pc took an hour to start up. Active X Spies are to be treated as spyware and most spyware killers will get rid of them.
Worms do destroy files and will eventually cause a unrepairable crash. Sometimes contaminating every file on an HDD.Every worm I myself have gotten has come from an email but i have heard of worms coming through downloads, attachments in a forum, file sharing, and active x controls as well.
AdWare is basically the popups that youll get when spyware is about to download.
MalWare (also known as a hijacker) is the stuff that changes dial up connections and searchbars/toolbars. Bad this is the name for collwwwsearch which is a searchbar that is linked to porn. I have had my dial up number changed and a bill sent to my house because i hit agree and did not read the fine print. since have changed to broadband. Bad for dial up users.
Viruses live on the death and destruction of other computers. Usually will lead to some or all of the following: unrepairable crash, spyware, malware, worms, and Haywire Anti-spyware/virus program. Ussually the best thing to do in my case is hook my HDD to another computer and backup my uninfected files and xp my computer once again.
Keyloggers will steal passwords and track surfing habits. You wouldnt want someone stealing your EOC password and using your username to post spam would you. That is the kind of stuff it is used for.
Trojans are usually marked by spyware/adware but actually are something bigger usually a virus, worm, or malware. They leave tracks of spyware to hide there presence then unleash there package at a significant time either when your pc is very vulnerable or when switching drivers.
Some of the newer cpus will not allow some spyware, games, and viruses to run in certain areas of the ram and processor.
File sharing programs have to have ads if youre using there free version. LimeWire and BearShare are the least ad infested. KaZaa and FreeShare are the worst ad infested. Warez P2P is a virus. LimeWire PRO is $20.00 and is free of spyware. BearShare is the same after paying for it.
A Hijacker replaces search bars, home page (or in firefox & IE7 home pages tabs), or both. Usually sending you to places with more spyware/malware.
Spam is when a person registers on this site and starts a thread called crazy crazy crazy in the news section and posts purse sites to get you to buy them.
Cookies will save things like when you click on the Remember me checkbox when signing in at EOC to remember your password. Or if you dont check it it remembers it but expires after a short period of time. Adware will usually use these to know your surfing habits. Malware will us it to collect personal information.
HOW YOU GET SPYWARE
Spyware are usually installed with something like a freeware/shareware program or tempting/fake software so you don't know it is there.
Worms are mostly in email and diskettes.
Some people get spyware when they get their computer because they go and get a burnt copy of windows and it is modified from the start with intergrated spyware.
Stay away from sites like cracks.ws and freeserials they will make you dowload an Active x control while just surfing their site.
Porn is also a great way to get spyware.
Trojans and Spybots are gotten the same way as Spyware by downloading stuff that looks tempting like a fake Anti-Spyware program or a free offer.
Adware is usually bundled with freeware/shareware software to advertise so the parent software's company makes money for their free/free trial software.
Viruses are usually budled with Trojans but can be gotten in crack sites with bundled spyware. I consider many Spyware working together a Virus in the sence that all of them are helping each other to not be erased/removed and are trying to destroy your pc and/or trying to collect personal information.
Hijacker is gotten through downloading cracks and software.
The Windows Registry
Anybody using Windows XP or better should be able to edit the registry very easily. 2-Spyware.com when giving manual removal instructions will tell you what registry entries to modify or erase. Anti Spyware/virus software will erase these automatically. The spyware/virus/worm/malware will embed itself in your computer using the registry to avoid being deleted/removed.
(HKEY_LOCAL_MACHINE/SOFTWARE/MICROSOFT/WINDOWS_NT/ note that this is a hotspot for spyware and viruses)
The reason your Spyware/Virus is not being removed
When you delete/remove spyware/viruses sometimes they will reside in memory. Meaning that once the whole of the program you deleted is gone and you figure your computer is "clean" it will reinstall/redownload itself.
There is a file that is hiding or cant be deleted in normal mode. Start in safe mode and find and delete it.
It has some Registry keys that you or your Anti Virus/Anti Spyware software has not picked up find them and delete them.
It is bundled with a program that you want and keep and the program you want to keep reinstalls/redownloads it. Such as Bearshare (want to keep) and Ad watch (want to get rid)
