Durden this is an awesome thread... mate alot of work went into that and i thank you
Just i spose maybe to further some knowledge on the spyware removal thing... this is a guide a wrote up almost a year ago.. but i find it generally still very valid today... broad but might help someone somewhere... thought i may as well drop it in here... Hope you dont mind Durden
--------------------------------------------------------------------
SPY/MAL/AD-WARE
Man i hate this stuff...
In my job, spyware is the enemy... you kill it, remove it, nuke it, argue with it and then give up on it... It seriously has a personal vendetta against me.. just like the ants in my kitchen.. and my bathroom.. and my hallway.. and my bedroom... I fight and fight but you little buggers always come back...
So how can you win a losing battle? Well there are 2 ways...
- Become a nun (obviously im assuming nuns dont use computers... which is probably wrong... meaning this way probably wont work...)
- Follow my guide
3 steps in spyware removal.
1. EDUCATION - God i hate this word.... laugh all you want though education is the key. I keep telling clients that just because the pop up offers a new type of 100% legit Viagra, it doesnt mean it will actually give you the rise promised... (although most the time you get a rise... its a rise in the as$ as you get bummed from all the crap spyware popups and tool bars infecting your machine).
Make no mistake people. Spy/Mal/Adware ARE viruses... but most of the time we let them onto our machine. Guys simple stuff ok. You need pr0n, mp3's, warez or whatever... dont google it. you hear me? DONT GOOGLE IT... the internet is the devil.
Get that stuff (legally of course) through newsgroups or IRc etc.. and even then be smart about it.. dont download the file:
"SoHotAndYoungMySisterAndDadGoingAtItWithTheFamilyDog.JPG"
Its not going to be everything it says it is... (No its not personal experience... plainers told me)
If you get a popup asking you to say "yes" to installing an activeX controller... dont guys... dont trust anything.
AND NEVER USE KAZZA / LIMEWIRE / WinMX or any p2p network app... if the internet is the devil then these things are ... ... ... well there whatever is WORSE than the devil!! *obviously if you know what your doing... then some P2P tools are ok.. but this is directed towards the general mass'*
Remember.. knowledge is the key: You dont trust it? dont click on it...
2. REMOVAL
At work i use 5 basic programs. All of the programs are good.. but none do a 100% job. However combine them and you get a mega spyware removal tool... Just like Voltron, remember that?, the 5 lions combining into Voltron.. or later even, the power rangers.. but man that was a cheap knock off... "The MEGAZORD" What a Wank!! i mean "OH NO! Here comes the MEGAZORD... Im so scared" ... ... ... ... ok im drifiting of topic..
I use these programs (in this order too). They are safe and tested so hopefully they work for you
- HiJack This ~ Latest Version 1.99.1
http://www.merijn.org/files/hijackthis.zip
This program goes through your process's and identifiy's everything currently running including all registry entries the process's use. I would only recommend this tool to ADVANCED users and even then i rarely use this tool to clean.. just identify.
- SpyBot Seek and Destroy ~ Latest Version 1.4
http://www.safer-networking.org/en/mirrors/index.html
Grab it off one of the mirrors listed above and also get the executable file for the latest updates. Sometimes i find auto updates dont work properly
Updates -
http://www.safer-networking.org/en/download/index.html
I always run this program first. Why? because spybot will not remove any spyware. Thats right. Spybot actually moves all spyware detected to a quarantine section (single compressed file) within the spybot directory. It is safe there, however i like to remove it which brings me to my next program
- Adaware SE ~ Latest Version build 1.06
http://www.lavasoftusa.com/
Like Spybot i always download the definition updates manually and extract them to the program files\lavasoft\Adaware SE directory as the auto updater is a bit iffy also (especially if your behind a corporate firewall)
updates -
http://download.lavasoft.de.edgesuit...ublic/defs.zip
Adaware is neat, easy to use, and does actually remove most of the spyware on any system AND it removes the spybot seek & destroy quarantine file... you see what we've done here ppl ? oh yea
There is one thing all of the above wont remove though... the dreaded CWS (cool web search). Coming in many varieties and probably one of the most annoying forms of spyware... So for that, i use this little puppy:
- CWS SHREDDER ~ Current Version 2.15
http://www.intermute.com/spysubtract..._download.html
A very quick tool that scans for one thing only (CWS) and removes it
I LOVE YOU CWS SHREDDER!!
*UPDATE: i do believe Adaware does a good job of removing CWS now*
Then when all else fails... we go to MS
- MICROSOFT ANTI SPYWARE BETA *now called Defender*
http://www.microsoft.com/downloads/d...displaylang=en
Only go for this if you have a legit version of windows... but i know we all do so thats ok
It will remove most things and want to run active protection on your computer. This can be a good thing.. but it can also get in the way alot... you decide on that one guys but the one thing it does do is report to Microsoft what you have found and removed etc (and possibly more... ooooohhhh ). There is an option to turn off the reporting.. but i have monitored net traffic with and without reporting.. and i actually dont think turning it off works. MS aint the biggest global company for no reason folks. They smart! or is it 'their smart'? hmm
and lucky last.. when all else fails... the step i hate....
3. THE MANUAL REMOVAL STEP
Your tool for this?
MSCONFIG.EXE
Honestly the single greatest little app MS ever made with there operating systems. Yes, they did remove it from windows 2000.. but it found its merry way back in XP. If you have a 2000 machine grab this single file from the net (trusted site of course) or from machine with a non 2000 OS and copy it to your c:\winnt\system32 directory. Now you can run this sucker just by pulling up a run command window and typing "msconfig".
Be careful with this app. It is for advanced users, however the last 2 tabs - services and processors are great for identifying whats on your machine and if you have some annoying spyware that keeps booting up with your machine so you cant delete it (it loads itself into memory as a processor so you keep getting told to restart your machine to kill it but then it loads back in etc etc) then you can stop it here from booting up at all
very handy.
Yep folks. Manual spyware removal. Where you identify processors, programs and registry keys yourself and remove them. I do this.. but rarely. If it gets to this stage then i would suggest just blowing away your system and starting a-fresh. I only ever perform this when it is totally not a good idea to format (the client does not have a program backup.. or original system discs in which to use... or the sucker will pay for my time to manually remove it even after i advise against it because they have there desktop just the way they like it and dont wanna have to add their background again lol
IF YOU GET TO STEP 3 AND SPYWARE IS STILL THERE STOP LOOKING AT PORN. 99.5% OF SPYWARE TRAVELS THROUGH PORN OR SOME SORT OF NUDE OR SEXUAL INCENTIVE. VIAGRA. NAKED CELEBRITIES. PLAINERS. STAY AWAY FROM THESE THINGS!!!!!
Well my hands hurt (from typing, derr) and i cant be bothered proof reading what i have written so if you have any questions or thoughts post away... otherwise im off to go find a useful tool to get rid of my other problem... my arch nemesis....... THE ANTS!
Also got AVG.
