How to Remove Spyware

[TheMajor]

basically...nothing....my aunt uses both ad-aware and spysweeper and spysweeper is the one wich finds and deletes stuff....ad-aware is more like unneccesarly memory and CPU usage (mostly) LOL

[Doug R]

It's been a while ago since using Spybot. I think that it was Spybot? I tried it out for day but couldn't exactly figure out what I was supposed to do with it. I finally deleted it from my system rather than continuing to be baffled.

[aparis99]

I would say i cant live without Ad-Aware SE and Spyware Doctor. The pro versions of both programs scan in realtime and dont allow activex and hijacks. I love Adaware cuz i've used it for along time, but after using spyware doctor, i love it too

[Kaniver]

Ther is a link at Gibson research that takes you to a research report evaluating different spyware removers and blockers. The real scary thing this report concludes is that the best spyware products only catch 60% or so of the malware infecting users computers. The other interesting thing is that the freeware products are rated as some of the best surpassing pay to play products.
Also ArsTechnica has a great two part report on malware spyware up right now. The first part available expalins what malware/spyware is and how it's deployed. The next repot will be on how to get rid of the stuff.
Endusers have to be proactive, and agressive to protect ourselves from the benign efforts of those who would like to gather information on our surfing and shopping habits, and to the more insidious criminal element that wish to steal our passwords, banking info, and personal identity.
Also as a side note those in the know about the proper security settings for IE, realize that is configured properly and safely it esentially cripples the browser to make it almost unusable. Switch to firefox now, it does not use active x controls a serious security flaw in IE. When enough folks realize that and make the switch to firefox sites that are optomized for IE will get the message and adopt a more open archetecture approach to building there websites. I repeat to properly configure IE for security you will essentially cripple the browser. Until MS gets off there duff and does somthing about it you use there browser at your peril. If security is really MS's top priority they will do somthing besides neverending patches.

[kartook]

nice one

thanks

[southernlady]

This is a re-post on using CWShredder, I first posted it here:
Kinda off topic....

Quote:

CWShredder is ONLY for certain items not for just anything. So it should not be used unnecessarily. Here is the explaination provided by SWI: http://www.spywareinfo.com/articles/cws/

By: Mike Healan
July 9, 2003

Updated August 6, 2003

CWS is a trojan that hijacks Internet Explorer start and search settings to one of several different web sites (see below). Most of these web sites appear to have an affiliate relationship with coolwebsearch.com in which coolwebsearch pays them for every visitor they refer. There could be other domains involved in the future.

This hijack is similar to the datanotary.com hijack discovered last month. As with datanotary, the CWS hijack sets Internet Explorer to use a custom style sheet containing javascript that opens a pop up window. In fact, we believe the trojan involved with CWS is an updated version of the same malware involved with datanotary.

In the original variant, the start and search settings were changed to an address in which the letters are converted into an unreadable mess of numbers and % symbols to hide the domain name from the user. It also made it difficult to blacklist the domain. Internet Explorer is able to translate the symbols and load the hijacker's web site.

An executable file named bootconf.exe is copied to the \windows\system32\ folder and set to load at startup. Even if you fix the hijack, this file will reinstall it the next time it is loaded.

More current variants also install a small web server, contained in a file named svchost32.exe. It adds several google addresses (google.de, google.ch, google.ca, etc) search.yahoo.com, and search.msn.com to the HOSTS file, telling windows that the IP addresses for those sites is 127.0.0.1, and that's where it's webserver is listening.

Yet another variant hijacks Internet Explorer's SearchHook setting with a file named dnsrelay.dll. This redirects all search and start page settings to allhyperlinks.com.

Finally, the trojan lists the hijacker's web site in Internet Explorer's trusted security zone. Domains listed in the trusted security zone have no restrictions on what they can do. This allows that web site to have virtually unlimited access to the infected computer's file system.

We believe the source of the infections might be activex drive by installers located on pornographic web sites, or possibly trojan programs pretending to be illegal serial number generators. Unfortunately, this is just speculation for now.

This trojan is detected by Computer Associates antivirus products under the following names (More info):
Win32.Startpage.C
JS.CSSPopup.B,
JScript/IEstart.Trojan,
Win32/IEstart.Trojan

Removal Instructions

Merijn, author of HijackThis and StartupList, has created CWShredder specifically to remove this parasite. Please make certain that all browser and folder windows are closed before using CWShredder. If any symptom of the problem remains afterward, then follow these directions below. If you have any problem with CWShredder, please ask for help in our support forums.

This article is located at http://www.spywareinfo.com/articles/cws/
Hijacker Web Sites

The following web sites have been found in log files of people infected with this trojan. To our best knowledge, they are all affiliated with coolwebsearch.com

193.125.201.50, 1stpagehere.com, 66.250.130.194, adulthyperlinks.com, allhyperlinks.com, approvedlinks.com, bannedhost.net, bestcrawler.com, cantfind.com, carsands.com, cool-web-search.com, coolfreepage.com, coolwebsearch., coolwwwsearch., couldnotfind.com, defaultsearch.net, dev.ntcor.com, drvvv.com, ewebsearch.net, findloss.com, findwhat.com, firstbookmark.net, freebookmark.net, freebookmarks.net, global-finder.com, globesearch.com, gratis-porn-movie.com, hardloved.com, itseasy.us, jethomepage.com, jetseeker.com, kazaa-lite.ws, martfinder.com, mature50.com, mommykiss.com, mywebsearch.net, noblindlinks.com, nocensor.com, ok-search.com, pedo.ws, runsearch.com, search-2003.com, search.xrenoder.com, searchdesire.com, searchnow.ws, searchv.com, searchxp.com, sharempeg.com, sixroads.com, slawsearch.com, slotch.com, stopxxxpics.com, super-spider.com, super-websearch.com, the-exit.com, the-huns-yellow-pages.com, topsearcher.com, unipages.cc, web-search.tk, white-pages.ws, youfindall.com, youfindall.net, yourbookmarks.info, and yourbookmarks.ws
Links:

http://security.kolla.de/ :: Spybot
http://www.lavasoft.de/ :: Ad-aware
http://www.spywareinfo.com/articles/datanotary/ :: Datanotary article at SWI
http://www.spywareinfo.com/~merijn/files/hijackthis.zip :: HijackThis
http://www.spywareinfo.com/~merijn/files/cwshredder.zip :: CWShredder
http://www3.ca.com/virusinfo/virus.aspx?ID=35839 :: Computer Associates virus info page

[imDAtek]

how's microsoft's new malware remover?

[rico ege]

Try Hijack This to see the wrong entries in the registery. Then open up registery to see all the entries which were wrong from hijack logs and delete them. U alsa should check out your task manager and search in the internet for suspicous .exe files.

[LukaBuka]

Quote:

Originally posted by aparis99
I would say i cant live without Ad-Aware SE and Spyware Doctor. The pro versions of both programs scan in realtime and dont allow activex and hijacks. I love Adaware cuz i've used it for along time, but after using spyware doctor, i love it too

My experience is that AdAware and SpyBot are getting worse - they let more and more spyware slip buy. Spyware Doctor, on the other hand is improving, at least 4.0 version (which I bought recently) is absolutely awesome. It sucks that you have to pay for Spyware Doctor (only scan is free), but luckily Froogle found me a discounted store that sold it much cheaper than developers or even eBay
http://www.deprice.com/spywaredoctor.htm
So my suggestions is use free scanner and see if it picks up something AdAware and SpyBot do not. If it does, go ahead and buy it after doing price comparison with Froogle or PriceGrabber

[Tyler1989]

I disagree with this tutorial entirely. Both programs are known to miss many spy ware and ad ware. Spysweeper made by Webroot is by far the best automatic removal software. The trail version gives you full definitions and is defiantly worth the buy. Spysweeper comes with some of the best real time protection I have seen and offers news regarding spy ware. This combined with hijackthis you cannot go wrong.

Quote:

Originally posted by imDAtek
how's microsoft's new malware remover?

Terrible you should try their anti spyware developed by Gaint, it's free and better than adaware and spybot. I still don't think anything touches Spysweeper though. Microsofts antispyware will apear in their OneCare product when it is finished along with anti virus features.