G
Guest
It took 2 weeks to type this letter.
Spyware, also known as adware or malware, are programs that can cause
problems. These include: pop up advertisements on your computer, browser
hijacks, search engine hijacks, website redirections, website restrictions,
computer problems (like slowdowns, lockdowns, etc.), personal information
being logged in without your permission, preventing you access to certain
sites or the whole internet, etc. Some spyware are worst than viruses, in my
opinion. This section was created to help you detect and remove any
suspicious activity that may be going on your computer. Also included is a
section on how to prevent future spyware installations. Please read and
follow the steps below to help make this process much faster and easier.
Before running any spyware programs, please run an online antivirus scan at
one of the below sites to make sure that you don't have a virus. It is
recommended to run a scan online because there are some viruses that can
disable or make themselves invisible to the antivirus programs you have on
your computer. If any viruses are found, write them down and remove them.
Before running any of them, first disable System Restore if you have Windows
ME/XP. You may use more than one:
BitDefender Virus Scan
Online Trojan Scan
Panda ActiveScan
RAV Virus Scanner
Symantec Security Check
TrendMicro Online Scan
1. To get rid of spyware programs, you will most likely need to install a
third party program to remove them effectively. The first program that I
recommend installing is CWShredder. Unzip the program to your Desktop.
Double click on it to open up the program. Click on Fix and let it remove
any traces found. When you click Fix, it will ask you to close all browser
windows, so make sure you don't have Internet Explorer, Netscape or any
other browser running. Click OK. It will scan and remove any files found. If
a window pops up asking you if you want to delete a certain file, write down
the whole path to post at the forums (ex: C:\Windows\some_program.exe) and
choose NO. After that's finished, click Next and Exit. Continue to the next
step.
2. Download Ad-aware SE and install the program. Reboot into Safe Mode.
Double click on Ad-aware SE to run it.
Look in the bottom right corner and click on Check for updates now link and
download the latest reference files.
Next, we need to configure Ad-aware SE for a full scan. Some of them should
be enabled by default, while others you will need to set yourself (see
below).
Click on the Gear icon (second from the left) to access the
preferences/settings window
1. In the General window make sure the following are selected:
--> Automatically save logfile
--> Automatically quarantine objects prior to removal
--> Safe Mode (always request confirmation)
2. Click on the Scanning button on the left and select :
--> Scan within archives
--> Scan active processes
--> Scan registry
--> Deep-scan registry
--> Scan my IE Favorites for banned URLs
--> Scan my Hosts file
· Under Select drives & folders to scan, choose:
--> Select all of your hard drives that are not selected already
Click on the Advanced button on the left and select:
--> Include additional object information
--> Include negligible objects information
--> Include environment information
Click the Tweak button and select:
· Under the Scanning Engine:
--> Unload recognized processes & modules during scan
· Under the Cleaning Engine:
--> Let Windows remove files in use at next reboot
Click on Proceed to save the settings.
Click Start and on the next screen choose:
--> Use custom scanning options
Click Next and Ad-aware will scan your hard drive(s) with the options you
have selected.
Save the log file when it asks and then click Finish. Do NOT post this log
file unless the experts has requested it. These files are usually very big
and we won't need it in most cases.
When finished, mark everything for removal and get rid of it. (Right-click
on any of the entries and choose Select All from the drop down menu and
click Next).
Reboot your computer.
3. Download and install Spybot S&D. Run Spybot and choose Spybot S&D - easy
mode.
a. Close ALL windows except Spybot S&D
b. Click the button to Search for Updates and download and install the
updates.
c. Next click the button Check for Problems.
d. When Spybot is complete, it will be showing RED entries, BLACK entries,
and GREEN entries in the window.
e. Put a check mark beside the RED entries ONLY.
f. Choose Fix Selected Problems and allow Spybot to fix the RED entries.
g. After removing those files, close Spybot and go to the next step.
4. You had to perform the first three steps to narrow down the list a little
so that it could be easier to sort out the problem. By using CWShredder,
Ad-aware SE, and Spybot, most of the usual spyware/adware programs/entries
will be caught, which leaves less work for HijackThis. Before running HJT,
go to msconfig (Start->Run and type in msconfig and hit OK - then go to
Startup tab -- Note: some version of Windows don't have msconfig so you can
just skip this part) and make sure EVERYTHING is checked.
a. Close any applications you have running currently. Go to
Start->(Settings)->Control Panel->Folder Options->View and select Show
hidden files and folders. Also make sure to uncheck Hide file extensions for
known file types. Now download and install HijackThis (make sure that you
have the latest version if you downloaded this a while ago by going to
Config->Misc. Tools->Check for update online). Do NOT put HijackThis in the
Temp folder. Create a folder called, HJT, on your C: drive and move
HijackThis.exe to that folder (ex: C:\HJT\HijackThis.exe). Now run HJT and
click on Scan. This should take a few seconds. Now click on Save Log and
give it a filename. Once saved, open up the file and post the WHOLE log file
in one of the two forums: KRC Forum or Tech Support Forum. DO NOT remove/fix
anything in there since more damage may be done if you removed it
improperly. Most of those entries listed are not harmful.
b. When posting at the HJT Forums, make sure to indicate what problem you
are having. Also post any viruses if you have one detected and any CWS
entries removed or detected. If you don't have any problems but just want to
see if your log file is clean, then just give the call the subject HJT.
Please do NOT post your log file in another person's thread. Create your own
new thread to avoid any confusion. Checking these log files take time, so be
patient if you don't get a response immediately.
c. If you use Windows ME/XP, then you MUST disable System Restore. This is
to make sure that the system restore feature won't reinstall the spyware
back. To disable System Restore, follow the steps below for your Operating
System:
i. XP - Turn off system restore by right clicking on My Computer and go to
Properties->System Restore and check the box for Turn off System Restore.
Click Apply and then OK. Restart your computer. After we are finished with
your log file and verified that it's clean, you may turn it back on and
create a new restore point.
ii. ME - Go to Start->Settings->Control Panel and double-click on the System
icon. On the Performance tab click File System. Click the Troubleshooting
tab, and then check Disable System Restore. Click OK. Click Yes, when you
are prompted to restart Windows. When we have confirmed that your log file
is clean, you may enable System Restore again by following the same steps as
above except you should uncheck Disable System Restore.
d. Wait for a response on what to remove in HijackThis. After your log is
clean, you may turn System Restore back on by following the same steps but
uncheck the box on top. Make sure to recreate a new restore point by going
to Start->All Programs->Accessories->System Tools->Create a new restore
point. This is for Windows XP, but I'm sure WinME has a similar process.
e. For those using Windows 98, after you clean you log file, go to
Start->Run and type in scanregw and hit OK. Choose to scan the registry and
then make a backup. Repeat this procedure for four more times (total of five
times) so that you have a clean registry (prevents accessing an older
spyware registry).
----------------------------------------------------------------------------
----
Spyware Prevention
There are many ways to prevent spyware from installing in the first place.
The most obvious is to make sure to read the fine print on some "free"
programs that are available online. While some say that they will collect
information in the End User License Agreement (EULA), there are others that
will install it without you knowing it. These are considered spyware
programs themselves. There are also other ways you may have spyware
installed. This includes something as simple as visiting a site that has a
piece of code that will download the spyware on your computer (behind the
scene). To prevent this, there are different methods that are currently used
to do this. Before doing this though, it's recommended that you check to
make sure you don't have spyware installed currently by following the
instructions in the top section. After that, you may follow the steps in
this section. Remember, these methods only prevent the spyware from being
installed and not remove them.
1. Get SpywareBlaster and SpywareGuard at JavaCoolSoftware. Running these
two programs should prevent most of the common and current spyware programs
from being installed in the first place. These two programs should most of
the work already. Just make sure to get the updates if they are available.
2. Download IE-Spyad. IE-SPYAD is a Registry file (IE-ADS.REG) that adds a
long list of sites and domains associated with known advertisers, marketers,
and crapware pushers to the Restricted sites zone of Internet Explorer. Once
this list of sites and domains is "merged" into your Registry, most
marketers, advertisers, and crapware pushers on the Net will not be able to
use cookies, ActiveX controls, Java applets, or scripting to compromise your
privacy or your PC while you surf the Net. Nor will they be able to use your
browser to push unwanted pop-ups, cookies, or auto-installing programs on
you. This only works for Internet Explorer.
3. Download the HOSTS file to block ads, banners, cookies and most web
hijackers. This only works for Internet Explorer.
4. The best protection now is to steer clear of using Internet Explorer as
your internet browser. You shouldn't use any variations of it also (ex:
MyIE2). Use some other browsers like Mozilla or Firefox instead. They have
less security issues than Internet Explorer. If you get one of these
browsers, you should only use SpywareBlaster since it's the only one that
will work with them. The others are meant for Internet Explorer only.
None of these methods are full proof, but by using them together it will
help prevent most spyware programs (not to mention stopping constant popups)
from being installed. Get the updates if they are available because it will
prevent newer spyware programs that are discovered.
That's it for now. Everytime you have some problems, especially after you
install some new programs, you should follow the steps outlined above. By
doing them in that order, you will get this done faster. Just make sure to
update the software if they have updates available for the program. You
should also upgrade (to a newer version) if any of the above programs have
one available.
Spyware, also known as adware or malware, are programs that can cause
problems. These include: pop up advertisements on your computer, browser
hijacks, search engine hijacks, website redirections, website restrictions,
computer problems (like slowdowns, lockdowns, etc.), personal information
being logged in without your permission, preventing you access to certain
sites or the whole internet, etc. Some spyware are worst than viruses, in my
opinion. This section was created to help you detect and remove any
suspicious activity that may be going on your computer. Also included is a
section on how to prevent future spyware installations. Please read and
follow the steps below to help make this process much faster and easier.
Before running any spyware programs, please run an online antivirus scan at
one of the below sites to make sure that you don't have a virus. It is
recommended to run a scan online because there are some viruses that can
disable or make themselves invisible to the antivirus programs you have on
your computer. If any viruses are found, write them down and remove them.
Before running any of them, first disable System Restore if you have Windows
ME/XP. You may use more than one:
BitDefender Virus Scan
Online Trojan Scan
Panda ActiveScan
RAV Virus Scanner
Symantec Security Check
TrendMicro Online Scan
1. To get rid of spyware programs, you will most likely need to install a
third party program to remove them effectively. The first program that I
recommend installing is CWShredder. Unzip the program to your Desktop.
Double click on it to open up the program. Click on Fix and let it remove
any traces found. When you click Fix, it will ask you to close all browser
windows, so make sure you don't have Internet Explorer, Netscape or any
other browser running. Click OK. It will scan and remove any files found. If
a window pops up asking you if you want to delete a certain file, write down
the whole path to post at the forums (ex: C:\Windows\some_program.exe) and
choose NO. After that's finished, click Next and Exit. Continue to the next
step.
2. Download Ad-aware SE and install the program. Reboot into Safe Mode.
Double click on Ad-aware SE to run it.
Look in the bottom right corner and click on Check for updates now link and
download the latest reference files.
Next, we need to configure Ad-aware SE for a full scan. Some of them should
be enabled by default, while others you will need to set yourself (see
below).
Click on the Gear icon (second from the left) to access the
preferences/settings window
1. In the General window make sure the following are selected:
--> Automatically save logfile
--> Automatically quarantine objects prior to removal
--> Safe Mode (always request confirmation)
2. Click on the Scanning button on the left and select :
--> Scan within archives
--> Scan active processes
--> Scan registry
--> Deep-scan registry
--> Scan my IE Favorites for banned URLs
--> Scan my Hosts file
· Under Select drives & folders to scan, choose:
--> Select all of your hard drives that are not selected already
Click on the Advanced button on the left and select:
--> Include additional object information
--> Include negligible objects information
--> Include environment information
Click the Tweak button and select:
· Under the Scanning Engine:
--> Unload recognized processes & modules during scan
· Under the Cleaning Engine:
--> Let Windows remove files in use at next reboot
Click on Proceed to save the settings.
Click Start and on the next screen choose:
--> Use custom scanning options
Click Next and Ad-aware will scan your hard drive(s) with the options you
have selected.
Save the log file when it asks and then click Finish. Do NOT post this log
file unless the experts has requested it. These files are usually very big
and we won't need it in most cases.
When finished, mark everything for removal and get rid of it. (Right-click
on any of the entries and choose Select All from the drop down menu and
click Next).
Reboot your computer.
3. Download and install Spybot S&D. Run Spybot and choose Spybot S&D - easy
mode.
a. Close ALL windows except Spybot S&D
b. Click the button to Search for Updates and download and install the
updates.
c. Next click the button Check for Problems.
d. When Spybot is complete, it will be showing RED entries, BLACK entries,
and GREEN entries in the window.
e. Put a check mark beside the RED entries ONLY.
f. Choose Fix Selected Problems and allow Spybot to fix the RED entries.
g. After removing those files, close Spybot and go to the next step.
4. You had to perform the first three steps to narrow down the list a little
so that it could be easier to sort out the problem. By using CWShredder,
Ad-aware SE, and Spybot, most of the usual spyware/adware programs/entries
will be caught, which leaves less work for HijackThis. Before running HJT,
go to msconfig (Start->Run and type in msconfig and hit OK - then go to
Startup tab -- Note: some version of Windows don't have msconfig so you can
just skip this part) and make sure EVERYTHING is checked.
a. Close any applications you have running currently. Go to
Start->(Settings)->Control Panel->Folder Options->View and select Show
hidden files and folders. Also make sure to uncheck Hide file extensions for
known file types. Now download and install HijackThis (make sure that you
have the latest version if you downloaded this a while ago by going to
Config->Misc. Tools->Check for update online). Do NOT put HijackThis in the
Temp folder. Create a folder called, HJT, on your C: drive and move
HijackThis.exe to that folder (ex: C:\HJT\HijackThis.exe). Now run HJT and
click on Scan. This should take a few seconds. Now click on Save Log and
give it a filename. Once saved, open up the file and post the WHOLE log file
in one of the two forums: KRC Forum or Tech Support Forum. DO NOT remove/fix
anything in there since more damage may be done if you removed it
improperly. Most of those entries listed are not harmful.
b. When posting at the HJT Forums, make sure to indicate what problem you
are having. Also post any viruses if you have one detected and any CWS
entries removed or detected. If you don't have any problems but just want to
see if your log file is clean, then just give the call the subject HJT.
Please do NOT post your log file in another person's thread. Create your own
new thread to avoid any confusion. Checking these log files take time, so be
patient if you don't get a response immediately.
c. If you use Windows ME/XP, then you MUST disable System Restore. This is
to make sure that the system restore feature won't reinstall the spyware
back. To disable System Restore, follow the steps below for your Operating
System:
i. XP - Turn off system restore by right clicking on My Computer and go to
Properties->System Restore and check the box for Turn off System Restore.
Click Apply and then OK. Restart your computer. After we are finished with
your log file and verified that it's clean, you may turn it back on and
create a new restore point.
ii. ME - Go to Start->Settings->Control Panel and double-click on the System
icon. On the Performance tab click File System. Click the Troubleshooting
tab, and then check Disable System Restore. Click OK. Click Yes, when you
are prompted to restart Windows. When we have confirmed that your log file
is clean, you may enable System Restore again by following the same steps as
above except you should uncheck Disable System Restore.
d. Wait for a response on what to remove in HijackThis. After your log is
clean, you may turn System Restore back on by following the same steps but
uncheck the box on top. Make sure to recreate a new restore point by going
to Start->All Programs->Accessories->System Tools->Create a new restore
point. This is for Windows XP, but I'm sure WinME has a similar process.
e. For those using Windows 98, after you clean you log file, go to
Start->Run and type in scanregw and hit OK. Choose to scan the registry and
then make a backup. Repeat this procedure for four more times (total of five
times) so that you have a clean registry (prevents accessing an older
spyware registry).
----------------------------------------------------------------------------
----
Spyware Prevention
There are many ways to prevent spyware from installing in the first place.
The most obvious is to make sure to read the fine print on some "free"
programs that are available online. While some say that they will collect
information in the End User License Agreement (EULA), there are others that
will install it without you knowing it. These are considered spyware
programs themselves. There are also other ways you may have spyware
installed. This includes something as simple as visiting a site that has a
piece of code that will download the spyware on your computer (behind the
scene). To prevent this, there are different methods that are currently used
to do this. Before doing this though, it's recommended that you check to
make sure you don't have spyware installed currently by following the
instructions in the top section. After that, you may follow the steps in
this section. Remember, these methods only prevent the spyware from being
installed and not remove them.
1. Get SpywareBlaster and SpywareGuard at JavaCoolSoftware. Running these
two programs should prevent most of the common and current spyware programs
from being installed in the first place. These two programs should most of
the work already. Just make sure to get the updates if they are available.
2. Download IE-Spyad. IE-SPYAD is a Registry file (IE-ADS.REG) that adds a
long list of sites and domains associated with known advertisers, marketers,
and crapware pushers to the Restricted sites zone of Internet Explorer. Once
this list of sites and domains is "merged" into your Registry, most
marketers, advertisers, and crapware pushers on the Net will not be able to
use cookies, ActiveX controls, Java applets, or scripting to compromise your
privacy or your PC while you surf the Net. Nor will they be able to use your
browser to push unwanted pop-ups, cookies, or auto-installing programs on
you. This only works for Internet Explorer.
3. Download the HOSTS file to block ads, banners, cookies and most web
hijackers. This only works for Internet Explorer.
4. The best protection now is to steer clear of using Internet Explorer as
your internet browser. You shouldn't use any variations of it also (ex:
MyIE2). Use some other browsers like Mozilla or Firefox instead. They have
less security issues than Internet Explorer. If you get one of these
browsers, you should only use SpywareBlaster since it's the only one that
will work with them. The others are meant for Internet Explorer only.
None of these methods are full proof, but by using them together it will
help prevent most spyware programs (not to mention stopping constant popups)
from being installed. Get the updates if they are available because it will
prevent newer spyware programs that are discovered.
That's it for now. Everytime you have some problems, especially after you
install some new programs, you should follow the steps outlined above. By
doing them in that order, you will get this done faster. Just make sure to
update the software if they have updates available for the program. You
should also upgrade (to a newer version) if any of the above programs have
one available.
