• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Getting Rid of Spyware/Adware/Trojans

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

Mr. Chambers

Member
Joined
Feb 25, 2001
Location
Iowa
Programs Needed:
Download AdAware SE
Download SpyBot Search & Destroy
Download X-Cleaner
Download SpySweeper
Download CWS Shredder
Download HiJackThis!
Download TDS-3

Microsoft has released a beta of it's new Spyware tool, called AntiSpyware. Here is a link to an overview of the beta, and you can download it here: Microsoft AntiSpyware (Beta). Please be aware it is in BETA form - it may have bugs, use at your own risk for now!

Quick Instructions:
Disable System Restore first. Then download and run the programs, get the latest update files for each of them, then restart into safemode. Do full scans with each of them, deleting any spyware/adware found. I find X-Cleaner (which also cleans some temp files out), then Ad-Aware, with Spybot next, and finishing with SpySweeper, and TDS-3 for good measure - cleans 95% of infections.

Finish up with CWShredder for good measure, and finally HijackThis if nessecary.

Please be aware, that if you are using shareware or other programs that are supported by ads/spyware, they may not function correctly, or possibly not at all, after removing spyware entries from your system with these programs.

Other Helpful PC Computing Tips:
If you're having trouble with long boot/load times/slow system response times, try some of the following:

Make sure that you dont have any unnecessary programs running in the background. WindowsXP is a resource hog anyway, you definately dont want/need more programs slowing you down, especially if you dont need them running all the time. type "msconfig" in the run box, and disable any programs you know you dont need in the "startup" tab.

Do a virus check, with the latest definitions if you havent already done so. Trojans and Virii run rampant on the 'net. Below are links to free, online virus scanners.

If you're running Windows 2000/XP, disable any unnesessary services. check out www.blkviper.com - for a great guide on which services you dont need, and how to keep them from running.

If you're running Windows XP, download and run the BootVis.exe tool from MS. you can find it by doing a search on their site, or on www.google.com. This program can improve your boot and restart times considerably.

Download RegCleaner from www.jv16.org and use it. It cleans up your registry and removes unnessecary file fragments.

Using HijackThis:
Here is a great guide for how to read HijackThis! log files (Thanks to Kendan for the link!):
http://hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm

Online Virus Scanners:
Trend Micro Housecall
Symantec Security Response
Panda ActiveScan
BitDefender Online Scan
Computer Associates eTrust Online Scan

There are also stand-alone virus removal tools - if you know which infection you have, available here. (Thanks Cowboy X)

Other Useful Programs:
KazaaBegone
LSP-Fix
 
Last edited:
OP
M

Mr. Chambers

Member
Joined
Feb 25, 2001
Location
Iowa
Deleting Temporary Files:
I highly suggest downloading and installing the freeware application Crap Cleaner to delete unnecessary temporary files from your system - allowing Windows to run faster, more efficiently and giving you more hard disk space. The benefit here is that alot of malware resides in these temp folders.

----------------------------------------------------
Cleaning Up Your System:
Go to Start -> Run, and type: "cleanmgr /sageset:1" (without the quotes) this lets you choose what is to be cleaned up. I recommend selecting everything except the last two. Then go to Start -> Run again, and type "cleanmgr /sagerun:1" (again, without the quotes), to run the Advanced Disk Cleanup.

----------------------------------------------------
Prevenative Maintance Against Spyware:
Download/Install/Update/Run the latest version of SpywareBlaster, a great little freeware program that prevents spyware/adware from ever installing! Be sure to keep it updated, and to "Enable All Protection".

You can also block adware/spyware by editing your HOSTS file, or by using a program which does all the work for you, such as NoAdHOSTS.exe - which is available for free. (Thanks to UnseenMenace for the link!)

----------------------------------------------------
Switching Browsers:
Lets face it, IE is full of security holes, and most hackers/malware writers code for IE, because such a majority of users still use it. I made the switch to Firefox three months ago, and haven't looked back. Great browser, very fast, and the best part - ALOT more secure than IE. Built in popup/adblockers, skinning, and plug-in support are a few other neat features. I suggest you take a look!

If you decide to switch to firefox, be sure to check out the Firefox Tweaks Thread for helpful tips and speed tweaks!

---------------------------------------------------
Also, there is another well-written guide about spyware/adaware removal found here:

Malware Warfare
 
Last edited:
OP
M

Mr. Chambers

Member
Joined
Feb 25, 2001
Location
Iowa
thanks guys, just have seen an increase in spyware-related posts, both here and in the Microsoft OS forum, hope this could help.
 

thalzaar24

Member
Joined
Jun 10, 2003
Location
Jax, Florida
nice post Mr Chambers. I was contemplating doing the very same thing a couple days ago, but school work is keepin me busy so i never got around to it.

sticky! :)
 
OP
M

Mr. Chambers

Member
Joined
Feb 25, 2001
Location
Iowa
thalzaar24 said:
nice post Mr Chambers. I was contemplating doing the very same thing a couple days ago, but school work is keepin me busy so i never got around to it.

sticky! :)

unfortunately i'm stuck on my homework, so instead of staring blankly at the screen, i whipped this up :p
 

nil_esh

Member
Joined
Nov 7, 2001
Location
Tampa, FL
Thanks a bunch... My sister's computer had some adware that Lavasoft Ad-Aware and Spybot could not get rid of. CWS Shredder did the trick.
 

dalek2.0

Member
Joined
May 25, 2004
Location
Mississippi USA
That is some nice info. Very good info for windoze users. There is some nasty stuff out there.

All that from a Linux only user. That was my answer to virus, trojans, adware etc, etc, etc, you get the idea. :D

I'd support a sticky myself. May need it for my brother. I had to work on his XP last night. Norton was having a hissy fit about something. :attn:

Later

:D :D :D
 
OP
M

Mr. Chambers

Member
Joined
Feb 25, 2001
Location
Iowa
while i agree to the many benefits of a linux system, windows is still the most used, and 99% of the users out there dont/cant run a linux system. they have enough trouble with windows ;)

however, if properly setup and maintained, even a windows system can stay relatively safe from harm. on my personal machine i have yet to get a virus, and i rarely get any spyware/adware, and when i do - its nothing that takes over and trashes the whole machine, usually just some harmless tracking cookies.
 

dalek2.0

Member
Joined
May 25, 2004
Location
Mississippi USA
Problem is, some windoze users don't know how to setup and run windoze either, my older brother being one of them, and several friends too. That is why all this stuff spreads so much. They would be just as well off to learn linux and stop the spread of all those viruses. There are some for Linux but nothing like windoze. That would make the net better for everybody.

<trying to imagine a almost virus free internet> Sounds cool.

Later

:D :D :D :D
 

drenader

Member
Joined
Nov 8, 2003
Location
Austin
If everyone switches to linux though then ad programs and hackers and virus makers will begin to target them. They target windows since it will have the greatest impact since it has the most users. SO linux users should be happy that its not as big as windows, yet. Because once it is then linux users will begin to be targeted.

Dre
 

dalek2.0

Member
Joined
May 25, 2004
Location
Mississippi USA
They may try but with good passwords, it would be very difficult to do. Usually you need physical access to the machine to really override the passwords. Basically boot into single user mode. If they find a hole, it will be fixed a lot faster than M$ fixes theirs.

It is doable if they can guess your root password. If someone uses the password, love, sex, or god, they deserve to get hacked. A good strong password would prevent almost all of that. Most Linux boxes are setup that only root can install programs. No root access, no install.

Later

:D :D :D :D
 

nil_esh

Member
Joined
Nov 7, 2001
Location
Tampa, FL
I spoke too soon.. The CWS.searchx trojan is really tricky to remove. It stays resident in memory and reinstalls itself when you try to remove it. None of the adware removal programs worked including CWS shredder. It would always come back. I had to do this to remove it:

The offending registry key is:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs

I had to first rename the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows folder to Windows2. Delete the AppInit_DLLs
key. Then rename the Windows2 folder back to Windows.

Then run Ad-Aware (and others) again. Reboot and run again. I think the PC is clean now.
 
OP
M

Mr. Chambers

Member
Joined
Feb 25, 2001
Location
Iowa
nil_esh said:
I spoke too soon.. The CWS.searchx trojan is really tricky to remove. It stays resident in memory and reinstalls itself when you try to remove it. None of the adware removal programs worked including CWS shredder. It would always come back. I had to do this to remove it:

The offending registry key is:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs

I had to first rename the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows folder to Windows2. Delete the AppInit_DLLs
key. Then rename the Windows2 folder back to Windows.

Then run Ad-Aware (and others) again. Reboot and run again. I think the PC is clean now.

how strange. as long as you had the latest version of CWS Shredder and were in Safemode, it should've removed it no problem.

either way, glad you got it taken care of, i agree CWS is one *nasty* piece of software...
 

nil_esh

Member
Joined
Nov 7, 2001
Location
Tampa, FL
Oh, I was not in safe mode.. Maybe that was the problem. My sister's machine still isn't clean, apparently some casino adware is popping up now. Will have to tell her to try it in safe mode.
 

teezer

Member
Joined
Jan 2, 2002
Location
ohio
i dicted with this for 3 days and "hijackthis" was the only one, after trying spybot, adware, & cwshredder, which would get to the roots of cws ~~~ been free for about 2 weeks now and no random pop-ups

still have an infected ppro with 98se ~~~ talk about slowing that sucker to a crawl ~~~ nasty, nasty, nasty
 
OP
M

Mr. Chambers

Member
Joined
Feb 25, 2001
Location
Iowa
teezer said:
i dicted with this for 3 days and "hijackthis" was the only one, after trying spybot, adware, & cwshredder, which would get to the roots of cws ~~~ been free for about 2 weeks now and no random pop-ups

still have an infected ppro with 98se ~~~ talk about slowing that sucker to a crawl ~~~ nasty, nasty, nasty

CWS is in an entirely different league than 99.9% of the other spyware/adware. It is by far the most destructive malware I have ever seen. It should be classified as a virus, and is considered by many to be a Trojan/Spyware Hybrid.
 

nil_esh

Member
Joined
Nov 7, 2001
Location
Tampa, FL
One machine I was cleaning had something that no util would detect. It causes the task manager to shut down a second after you bring it up. I found that removing the file C:\WINDOWS\system32\netstatt.exe (with two t's) got rid of it.