Remove Spyware - DOS knowledge required

  • Thread starter Thread starter Hans Gruber
  • Start date Start date
H

Hans Gruber

My sympathy to all in dealing with all these insidious
spyware products and I have found only one way to remove
them for good and almost no way, or product, for
preventing them from coming back (other than surf where
you know it to be safe).

- Run SPYBOT (still the best identifying tool out there) -
as we all know Microsoft products suck so stay clear of as
many as possible, they "buy" a good thing and make it bad
(wonder if this post will make it onto the newsgroup once
the mind police at Microsoft see it). Regardless, read on
as there is hope but it will take some effort on your part.

- Let SPYBOT clean what it can and those it cannot it will
provide a listing and say to "retry" at start up - select
yes but do not restart.

- Go into Explorer and look for directories under Program
Files you have not seen before, write them down (you might
see Toolbar, ezulu, SEP, eSyndicate, Toptext, and any
number of others, etc.) Check the listing Spybot has
detected and look at the registry settings in its listing
as it provides great clues on what directories you need to
delete.

- Make an XP boot diskette and leave it in the disk drive.

- Ever heard of XTREE for DOS? If you have it, load it.
Remember the directory it is in.
(http://www.xtreefanpage.org/lowres/x63clone.htm#fm30 -
here is a similar product that is XTree like that lets you
see your file structure in a XTree format in DOS).
Load it onto your hard drive as this will allow you to see
the system and hidden files these pricks have placed in
all the directories you need to delete.

-Now the scary part -pull the power plug on your computer
so these apps don't have a chance to reinstall at shutdown
(not sure if they do but I take no chances anymore). XP
recovers from this so no real worry other than it is a
Microsoft product that allows all these damn products to
run in the first place so it can't get any worse (let's
all support Linux shall we).

-Plug it back in and when your computer comes up you will
see the ever so familiar (at least to the oldies reading
this) C:\>

-Change into the XTREE (CD XTREE) or Filemaster directory
and load the application. Go through and delete all the
directories and application (remember the Hidden and
System files need to have the archive bit changed before
they can be removed). And don't let the "PROG~" thing
scare you, DOS doesn't like long files names but you
should have enough listed to know what is what. Only
delete that which you are certain of as this process is
not for the rookies out there.

Restart your computer after deleting the files and Spybot
will run on startup and this will allow the registry to be
cleaned since we cannot do this through DOS.

The reality of this is that in order to get rid of these
effectively you have to be outside of Windows which is
their launch environment.

I didn't say it would be easy but it does work. Remember
to check Taskmanager when your machine is running as well
and look for unfamiliar processes running and do a lookup
on them on Google. You may have to do this a few times to
get rid of all of them but good luck.

Legal Disclaimer: If you don't know DOS and delete the
wrong thing, blame Microsoft becasue if they wrote proper
code we would not have these problems
 
Spybot is NOT a good tool anymore. I mean no disrespect to the people that
develop it and try to keep up on it, but it simply does not get the job done
anymore. It's been that way about a year now. Ad-aware beats it hands down
at the moment. That said, MSAS, CounterSpy, and Webroot Spysweeper have all
tested above Ad-aware. Since you are obviously a Microsoft basher, (not
sure why you even bother to look in this newsgroup), I'll let you do your
own research if you want to prove me wrong, because I can certainly backup
everything I have to say on this subject. You obviously only clean an
occasional system and you certainly take the long way around. I've cleaned
literally thousands of PC's and do not need to jump through all the hoops
you are presently advocating. Like it or not, when you take in everything
that MSAS offers including Advanced Tools and safe mode scans it is hands
down the best spyware removal product available today. Yes, you still need
a second one on occasion, and there will always be morphed and new versions
of spyware that it will have to catch up with. No, I do not work for
Microsoft. I simply keep up with research and read a lot of objective and
knowledgeable reviews by professionals in the field.

--

Spider

http://spiderathome.blogspot.com/
http://spider1.blogspot.com/
http://groups.yahoo.com/group/24hrsupporthelpdesk
 
These newsgroups are an excellent place for research to
see how a product is doing and in hope that one day
Microsoft does get it right. I am not out to prove anyone
wrong. Not sure why some are so defensive in these
newsgroups and feel that it always needs to be a one-
upmanship contest. If someone knows more about spy-ware
than me, excellent, I hope to learn from that. I only
advocate a way that does in fact work when all other means
have failed, and I have cleaned my share of systems, and
only resort to DOS when all other tools have failed. I
have not seen anyone list a guaranteed removal method as
of yet, in this newsgroup or others, and I have read a lot
of unbiased reviews on this subject by many more
knowledgable than I. I have avoided installing the
Microsoft product and based on a lot of posts here for
perhaps valid reason. Nice to see some are having success
and I hope Microsoft gets it right. Until they do, I will
enjoy the bashing.
 
Hans Gruber said:
These newsgroups are an excellent place for research to
see how a product is doing and in hope that one day
Microsoft does get it right. I am not out to prove anyone
wrong. Not sure why some are so defensive in these
newsgroups and feel that it always needs to be a one-
upmanship contest. If someone knows more about spy-ware
than me, excellent, I hope to learn from that. I only
advocate a way that does in fact work when all other means
have failed, and I have cleaned my share of systems, and
only resort to DOS when all other tools have failed. I
have not seen anyone list a guaranteed removal method as
of yet, in this newsgroup or others, and I have read a lot
of unbiased reviews on this subject by many more
knowledgable than I. I have avoided installing the
Microsoft product and based on a lot of posts here for
perhaps valid reason. Nice to see some are having success
and I hope Microsoft gets it right. Until they do, I will
enjoy the bashing.
Click to expand...

I suppose there are alot more than "some" having succes.
I'm one of those, thanks to this MS program and the help and hints from MVPs
in this NG.
Bashing enjoyable? A little childish maybe......

Gr. Jan
 
With your level of experience, I'm sure that you realize that newsgroups are
primarily visited by the folks having problems.

Take a look at the total number of posts in these groups, and consider that
against the number of downloads of Microsoft Antispyware--more than 6
million.

I have this product on about 3 dozen desktops in corporate offices. I did
tell people I had installed it several days after doing so, and the only
mention of it I've had--and this is from the first day of the beta--is
comments on the message you get when updates are received.

In fact, I've never had an inquiry about a popup message--I think I have the
users too well trained. There must be a few folks who are installing
software and getting popups, but they would know what they are about. These
machines are not locked down in any way, although in one office the users
are all limited users.

Live dangerously--try it out. There's little or no risk in simply
installing and scanning and observing what happens. There's a somewhat
elevated risk in actually removing or cleaning--but you've got the
experience to look closely at what is found. Broken winsock LSP's are one
kind of damage--not something new with this product. Loss of P2P files
which are stored under the Program Files entry is another--watch out for
that one.
 
Back
Top