Spyware Removal How To

redcircle · #1 (**permalink**) 08-02-2004, 01:31 PM

as requested

I have a job because of spyware. And I hate it so much. No I don't benefit from the advertising profits etc. I get paid to remove it from peoples computers and it is becoming harder and harder to get the slime off. Every week I'm adding a new method with dealing with the stuff. Here's my procedure.

1. Do backups of critical files.

2. Download a trial of f-prot for windows (if using winxp) Free dos version works best with win9X and ME. when using dos version boot from a write protected floppy.
available at www.f-prot.com

3. Run Ad-Aware first. Be sure to do the updates. This gets rid of lots. www.lavasoftusa.com

4. Run Spybot Search & Destory (gets the leftovers that ad-aware misses) www.safer-networking.org

5. If coolwwwsearch appears in any of the found Items download and run CWShreder www.spywareinfo.com (hasn't been up lately so try http://www.lurkhere.com/~nicefiles/ good mirror with others)

6. Use HijackThis to remove the stubborn stuff out of the startup. (this is more advanced than the average user can handle there are many spyware support pages that can help) also available from the maker of CWShreder www.spywareinfo.com (see mirror)

7. Many spyware install LSP's that none of the spyware removal tools detect. Use LSP Fix to remove them. This is again for more advanced users do some research on using this first. http://cexx.org/lspfix.htm

8. If you have VX2 that keeps coming back try VX2 finder. This one is a real pain and may need to be done several times. http://download.broadbandmedic.com/

9. install Spyware Blaster. This app does not remove spyware. It attempts to stop the machine from becoming infected in the first place. http://www.javacoolsoftware.com/spywareblaster.html

10. Stop using Internet Explorer and use Mozilla FireFox www.mozilla.org

edited Aug 2 1:15pm
As I said I am constantly changing my removal method. Today I find that the small spyware/adware list that norton anti-virus 2004 kept is growing real fast and finds things that ad-aware and spybot skip. So add that to the list. Everyone should have some anti-virus.. it's well worth the money.

I like to install all the apps then go into safe mode so there aren't as many programs running that might prevent the removal of the spyware.

Please make a sticky

wintev · #2 (**permalink**) 08-26-2004, 03:00 AM

great stuff there red lately alot of my call outs for computer repairs have been due to computers so ladend down with spy ware that they are flat running anything else there are some great little tools there that i didn't know about that will come in handy in the future

keep up the great work red.

arcaneblaze · #3 (**permalink**) 10-22-2004, 06:48 PM

I spent nearly an entire day and finally stumbled across your VX2 solution via broadbandmedic.com. VX2 is one particularly nasty SOB and behaves almost like a virus. I ran the VX2Finder from broadbandmedics website and it crushed it like the slimey vermin that it is.

Thanks!!

Arcane Blaze

SteveF · #4 (**permalink**) 01-27-2005, 11:03 AM

Yup nice post Red,

Started to use FireFox, really like it and will continue to use, however, dont know if its FireFox but my windows memory keeps getting eaten up, I need a reboot at least once a day now previous hardly ever rebooted, is this Firefox?

Anyone else notice this??

Link to broadbandmedic is down today (27th), any other URL for it??

RadarCat · #5 (**permalink**) 03-16-2005, 11:44 PM

Quote:

Originally Posted by redcircle

10. Stop using Internet Explorer and use Mozilla FireFox www.mozilla.org

Hi, RedCircle,

What do you think of the Opera browser as compared to
FireFox as far as security goes?

mikmik · #6 (**permalink**) 03-26-2005, 05:14 AM

I use IE again because of FireFox being slow.

There isn't any difference, I feel just as safe as with FF. If you keep windows updated, there shouldn't be a problem.

Quote:

Mozilla is currently reviewing the roughly 2 million lines of code that makes up the Firefox browser to find similar vulnerabilities to those patched Wednesday. Last August, the organization offered a bounty to anyone who finds significant flaws in the software. The developers are looking with particular intensity at the legacy code that remains in the browser.

"Most of the things that we are looking at and fixing are potential exploits that no one has figured out how to exploit yet," Hofmann said.

I am talking about a lot of people I know. To have tabbed browsing, I got the Maxthlon browser, and I like it better than FF - it is way faster. Way more accessable and easy to use security settings as well, you can disallow activeX or any script from a drop down on the status bar, on the fly.

If you are curious about entries in HiJackThis logs, or running processes(task manager),
this is the site for you:

http://sysinfo.org/

FireFox has had 7 critical flaws ([patched) since it has been out, and everywhere I read in my security and Computer mag subscriptions it says that there is no advantage security wise. It all depends on the user, and if you keep things updated.

Just don't enter cc info at sites saying they 'need you to update your account'.

:o)))

Almost forgot, here is a link to Secunia's Opera page

Hard to say if it is more secure overall. Not many people use it so that is going to make it less of a specific target.

RadarCat · #7 (**permalink**) 03-26-2005, 10:08 PM

Quote:

Originally Posted by mikmik

Almost forgot, here is a link to Secunia's Opera page

Hard to say if it is more secure overall. Not many people use it so that is going to make it less of a specific target.

Hi, mikmik,

Thanks for the Secunia/Opera link. Secunia is new to me.

Consistently, about 20+% of the people visiting my web site use the Opera browser.

**Ne0** · #8 (**permalink**) 06-25-2005, 04:07 PM

Hey all...
long time no see MikMik I take it you've been doing your homework on the security issues since last time we talked... I'm glad that you mentioned Hijack This Download Hijack This here! Hijack this is a powerful tool to remove virus / spyware etc... especially those BHO's (Browser Helper Objects) There is also a great 4 step program @ majorgeeks to walk you through the process prior to running Hijack this located HERE You will find countless downloads and answers to most of your problems... and Redcircle I don't envy your job I did this for almost 2 yrs and burnt out on it LOL!
L8 M8's
NeO~1

echo · #9 (**permalink**) 06-25-2005, 11:48 PM

"I have a job because of spyware."

Why do you recommend Ad-Aware? There are other...

Re: Your number 3.
Run Ad-Aware first. Be sure to do the updates. This gets rid of lots. www.lavasoftusa.com

kgun · #10 (**permalink**) 07-09-2005, 10:01 AM

Very interesting post:

This
http://cexx.org/lspfix.htm
page have the following message:

“LSP-Fix
Repairs Winsock 2 settings, caused by buggy or improperly-removed Internet software, that result in loss of Internet access
LSP-Fix is a free utility to repair a specific type of problem associated with certain Internet software. This type of software is known as a Layered Service Provider or LSP, a piece of software that can be inserted into the Windows TCP/IP handler like a link in a chain. However, due to bugs in the LSP software or deletion of the software, this chain can get broken, rendering the user unable to access the Internet.

Unfortunately, this type of software is sometimes quietly installed by unrelated software such as file-sharing programs, sneaking onto a system unannounced. In fact, in many cases, the user does not know of its existance until something goes wrong, and he/she can no longer access Web sites”.

When hitting this http://download.broadbandmedic.com/ link I get the following message:

“error 500: Interner Serverfehler

Das angegebene Skript konnte nicht fehlerfrei ausgeführt werden! ”.

Read my post

http://www.webproworld.com/viewtopic.php?t=48415

on DDos.

Perhaps you see the problem, solution before I dig deeper into it.

Best regards

Kjell Bleivik
http://www.multifinanceit.com/