# Prevent and Remove Spyware/Malware!



## Donovan (Dec 20, 2005)

*Updated yet again (7/8/07) with additional links and information*

I sent someone this info who PM me about an infection. I thought it might be useful to others as well! I (used to) do this for a living and these are the steps I recommend to remove most infections...

----------
The following freeware and instructions will help prevent and get rid of "most" malware infections. First download, install and fully update these programs if you don't have them already:

First, STOP using Internet Explorer 6 as your default web browser!!!! This is the single best thing you can do to prevent getting (re)infected with spyware/malware! Download FireFox web browser: http://www.mozilla.com/ or Opera http://www.opera.com/ (I use both FF and Opera). Install FireFox and/or Opera and set one of them to be the default browser (very important!) Then and use FireFox/Opera not IE to download the rest of the products. 

*If you have IE6 still on your system then please upgrade to IE7 even if you aren't going to use it as your default browser (or even at all). The popularity and adoption of Firefox finally forced Microsoft to update IE (which sat without major updates or development for more than 4 years!). Internet Explorer 7 has numerous security advantages over IE6. One of the most important is that it is no longer "integrated" into windows explorer shell. This means that web content trying to open in windows explorer will be redirected to the default web browser. 

SuperAntispyware: http://www.superantispyware.com/index.html
Cheesy name but a great product!

Spybot: http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10401314.html?tag=lst-0-1

Spyware Blaster: http://www.javacoolsoftware.com/spywareblaster.html
a very good preventative tool. A must have no matter what else you use!

AVG Anti-Spyware: http://www.ewido.net/en/download/
This is commercial software but also has a freeware mode. *AVG purchased Ewido a while back...

Install SuperAntispyware, Spybot, Spyware Blaster and AVG and update them all but do not run them yet (you may go ahead and update/run spywareblaster).

Close IE if open (you should be using FF/O!) and go into Internet options (right-click on the IE icon on desktop or go to control panel and choose internet options). While in the General tab of internet options, click on the "delete files" button in the middle of the window to delete all "cache" or temporary internet files (also check delete offline files). Click on the settings button next to delete files and this will open a new window (settings). In this new window click on the "view objects" button to open yet another window (downloaded program files). In this window select all objects and delete them. This will get rid of all the IE plugins (good and bad). Since you are going to be using FireFox you don't need any of them anyway! Even if you do need to use IE, any plugins you may need can be easily reinstalled later... 

Make sure all programs are fully updated!
Run the SuperAntispyware scanner first and let it remove anything it finds.
Reboot into safe mode by restarting your pc and hitting F8 when you pc is first starting to boot. Choose Safe Mode no networking.
Then run the SpyBot and any other software scanning tools you have and let them remove anything they find. Then run the same programs again when you boot back to regular mode under your normal profile(s). This is important because safe mode will be using a different profile than “normal” mode. 
Then run Trend Micro Housecall if you don't have a good up-to-date antivirus 
http://housecall.trendmicro.com/

These steps should eliminate "most" infections. 
If you are still having issues then a trick you can try is to first close all open programs and then run task manager (hit ctrl-alt-del) go to the processes tab and end explorer.exe. This will blank your screen but don't panic! Hit ctrl-alt-del again to get task manager back. Choose File, New Task (Run..) and browse to AVG (C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe) or SuperAntispyware (C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe) or Spybot (C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe) and run them. Explorer can sometimes get infected and this will let you run the scans without explorer in the way.

If you have XP: After cleaning your system up please disable then re-enable system restore to flush out infected backup copies: http://forums.majorgeeks.com/showthread.php?t=31668

And as always make sure your system is completely up to date with the latest service packs and patches. http://update.microsoft.com/ You will have to use IE for the Microsoft sites! (make sure IE doesn’t steal back default browser). If you have MS Office or other MS programs be sure and update them as well. http://office.microsoft.com/en-us/officeupdate/default.aspx 
Microsoft also has setup a site that will scan to see how healthy your pc is: http://safety.live.com 

*On that note I would check all of your software to see if there are security updates and/or patches for them. Here is a great site that has updates and patches for most of your common software all in one place! http://www.softwarepatch.com/ I use this site all the time and highly recommend it!


Additional programs:
Microsoft Defender (used to be Giant Antispyware) http://www.microsoft.com/athome/security/spyware/software/default.mspx

And these good commercial antispyware programs:
Spyware Doctor http://www.pctools.com/spyware-doctor/

Pest Patrol http://www.ca.com/products/pestpatrol/

Webroot Spy Sweeper http://www.webroot.com/consumer/products/spysweeper


Antivirus recommendations:
Trend Micro PC Cillin Antivirus http://www.trendmicro.com/en/home/us/personal.htm
The most popular antivirus does not make it the best (very far from it actually and yes I am talking about Norton and McAfee. Neither are recommended). Trend Micro is one of the antivirus programs I use on my own PC's. PC Cillin is a full suite (antivirus, firewall, antispyware etc.) so if your looking for just AV there are some even better options: 

NOD32 - very light on resources, one of the best!
http://www.eset.com/

F-Prot
http://www.f-prot.com/

BitDefender
http://www.bitdefender.com/

F-Secure
http://www.f-secure.com/


If you want a good freeware antivirus program try one of these. I have used both of these freeware programs and would recommend either one of these over Norton!

Avast
http://www.avast.com/eng/avast_4_home.html

or AVG
http://www.grisoft.com/doc/289/lng/us/tpl/tpl01


..........................

If you are still having problems then try these helpful forums where someone can really get down and dirty with your infection!
Help forums:
http://forums.spywareinfo.com/

http://spywarewarrior.com/index.php

http://castlecops.com/forums.html

http://forums.tomcoyote.org

http://forums.majorgeeks.com/

*HiJackThis program: http://www.majorgeeks.com/download3155.html
You will need this program for folks in these forums to help you! Don't remove anything with this program unless you know what your doing or someone is helping you!



--------
The recommended AntiSpyware programs list:
http://spywarewarrior.com/asw-features.htm#rec

"Bad" Antispyware list:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
--------

As always, you can also contact me. If I have the time I will gladly try to help!


----------



## CroMAGnet (Dec 20, 2005)

I've used the HiJackThis forum link you listed for a nasty spy/malware and they were very helpful.


----------



## Santelmo (Dec 20, 2005)

A great big THANK YOU and may the gods reward you man! We should have CHEERS for this guy!

I was actually having PC problems (the ALEXA worm?) and was wondering where to find freeware.


----------



## CroMAGnet (Dec 20, 2005)

Yes! Most excellent.





Here's a Forum I used. Tom Coyote

Here's another good one for software tips and tricks LINK


----------



## Santelmo (Dec 20, 2005)

BTW, can anyone tell me how to go about removing the ALEXA Key (I suppose its a worm)? I'm a non-techie so please be gentle. I've downloaded Ad-Aware 5.0 and Ad-watch v2.5 but it seems Ad-Aware can't remove it? My PC seems to hang/crash/slow a lot lately.


----------



## ibcj (Dec 20, 2005)

I had to remove spyware from my father's computer recently. Even after installing around 7 different programs to remove the stuff, I was still having issues. A great website / forum is Major Geeks 
With their help, I was able to clean it up.


----------



## Donovan (Dec 20, 2005)

Santelmo said:


> BTW, can anyone tell me how to go about removing the ALEXA Key (I suppose its a worm)? I'm a non-techie so please be gentle. I've downloaded Ad-Aware 5.0 and Ad-watch v2.5 but it seems Ad-Aware can't remove it? My PC seems to hang/crash/slow a lot lately.



those versions of Ad-Aware are pretty old, try the newer ones in the links above. Scanning in safe mode with up to date (the program as well as the definition updates) ad-aware, spybot, etc can remove most infections. No single program can remove all things which is why you should scan with different scanners...
If you have something really evil like Nail or VX2 then things get a little more complicated! These are can also be easy to remove if you have some knowledge of regedit, killing tasks etc...


----------



## Donovan (Dec 20, 2005)

Santelmo said:


> A great big THANK YOU and may the gods reward you man! We should have CHEERS for this guy!
> 
> I was actually having PC problems (the ALEXA worm?) and was wondering where to find freeware.



I know it can be hard to find the "good stuff" because there are SO MANY antispyspyware programs out there. MOST of the stuff I see ads on I would NEVER use! A lot of these programs are actually spyware themselves!

Look at this site for a list of all these "bad" spyware:
http://www.spywarewarrior.com/rogue_anti-spyware.htm


----------



## carrot (Dec 20, 2005)

This may be an extreme drastic measure, but if you have enough technical know-how to setup Deep Freeze ( http://www.faronics.com/ ), you can protect your computer from almost any spyware or malware installation (probably all, actually). It prevents any changes from being made to the hard drive of your choice (you can setup a partition or another drive as thawed, where changes can be made and saved) so a simple reboot can fix anything. You can also unthaw your "frozen" drive to make changes on the fly. We use it at my school for maintenance, and if you can't be bothered hunting down malware and spyware - and even viruses most of the time, Deep Freeze might work for you (assuming a clean installation with no malware or anything on it already).

Insofar as I can tell, Deep Freeze is unbreakable. It even protects its processes, so you can't try to kill it.


----------



## greenlight (Dec 20, 2005)

thanks, I'm using a new computer and needed to do this.


----------



## colubrid (Dec 20, 2005)

Will installing and running any of these cause a problem with *AVG* and *microsoft anti spyware* i have on my computer? Or do I have to remove these first before using these ?


----------



## 3rd_shift (Dec 20, 2005)

Now, this is a great looking thread to sticky imho. :bow:


----------



## Deanster (Dec 20, 2005)

I administer a small network at a travel agency (<20 WinXP machines), where we MUST use Internet Explorer to talk to the 'great travel computers in the sky', and I've had very good luck with SpySweeper. 

We had a couple machines infected badly enough that I was going to wipe them, after no luck running AdAware/Spybot/McAfee, etc., and SpySweeper came in and wiped the buggers out, including a very nasty rootkit that was running and re-installing itself while the machine was in fricken' SAFE MODE... 

Spysweeper offers a 30-day free trial, and it's great for using on infected computers for free, though I actually bought a subscription (which I don't usually do). 

It's not perfect, but it's been shielding and cleaning my machines for six months now, and I've had nearly no problems w/ spyware/malware since. 

Of course, my personal machine is a Mac, where I don't even bother to run a virus checker...


----------



## LEDagent (Dec 21, 2005)

I generally use the first few steps you've outlined.
1) Use Mozilla as my default browser and revert to Internet Explorer only when i need to.

2) I use AVG-free for my anti-virus needs.

2) Scan using Ad-Aware and Spybot every other day. Although, after switching to Mozilla Firefox, I've gotten maybe 10-15 hits in the last year and no viruses, in comparison to 1000+ spyware hits using IE.


My belief is, if AVG, Ad-Aware and Spybot can't clean my computer, then it just isn't worth the extra effort to go any further. I just backup my data and wipe out the hard drive.

I've gotten smarter over the years and have done this for data protection:
1) Partition my HD, one dedicated for system and program files, the other for documents, pictures, videos, etc...
2) I loaded my system partition with all the latest drivers and program updates and use Acronis TrueImage to take a snapshot of my healthy setup.

If this go bad, i just format my system partition, load the latest healthy image back on, and all my settings and programs are back to normal.


----------



## colubrid (Dec 21, 2005)

quote:
*"My belief is, if AVG, Ad-Aware and Spybot can't clean my computer, then it just isn't worth the extra effort to go any further. I just backup my data and wipe out the hard drive."*


How do you back up the data and wipe out the hard drive? Can you explain it to someone who is computer illiterate?


----------



## Santelmo (Dec 22, 2005)

3rd_shift said:


> Now, this is a great looking thread to sticky imho. :bow:



Amen to that suggestion!


----------



## Donovan (Dec 22, 2005)

colubrid said:


> How do you back up the data and wipe out the hard drive? Can you explain it to someone who is computer illiterate?


Acronis is a great backup/imaging software. You can find more info on it here: http://www.acronis.com/

I purposely tried to keep the initial directions simple. I wanted to stay with easily available freeware so that anyone could download and run. There are a multitude of advanced tools and methods for spyware/malware/backups etc.... For example one I use often is a heavily customized BartPE CD. This allows me to boot up any pc into a known clean windows environment where I can run various antispyware/malware, antivirus, registry editing, data recovery, backup/imaging programs. 
More info here: http://www.nu2.nu/pebuilder/ and here: http://www.911cd.net/forums/

If the instructions aren't helping, the support forums listed in my first post can help someone get rid of almost any infection. They are also a great place to learn about new immerging threats and how to combat them. This is all continually changing so what may work fine today might not work so well tomorrow! As always keeping your pc clean is the goal! Use an alternate web browser like FireFox or Opera, keep your antivirus and antispyware programs current and up-to-date, use both a hardware and software firewall and use common sense with email attachments, P2P programs, suspect websites and file downloading.


----------



## Empath (Dec 22, 2005)

This thread was initiated with good intentions of providing useful advice against malware. It's usefulness isn't going to be compromised by turning it into a Mac vs PC discussion. One posting has already been removed. Any others that attempt to initiate that tangent will also be removed.


----------



## db (Dec 23, 2005)

Here's an anti-spyware product I ran across recently.

http://www.arovaxshield.com/index.php

I've installed it on my daughter's computer and it seems to function as advertised.

M$ Antispyware's realtime-protection caused problems. ( slowing the system down. AthlonXP 1800, 256 Meg of Ram )

From the Arovax Website:

"Arovax Shield™ is a brand new type of personal security solution that is unlike to any firewall, anti-virus or spyware remover. 
Rather than looking for spyware traces or tracking applications that secretly send or receive data over the Internet, Arovax Shield blocks any attempt by malicious software to add entries to the auto-start menu, change the registry, hijack or install itself into a browser or find any other way to stealthy get itself onto a PC."


----------



## Luna (Dec 24, 2005)

I've been quite impressed with SpySweeper lately. I had a few machines that I knew had a bug ( I was tracking the files so I knew what they had) but AdAware and Spybot had no luck . SpySweeper took care of it and I was surprised to find I had a few other friends present (or traces left over)

The 14 day trial isn't as sweet as the freebies but hey it appears to work very well! Nice program


----------



## Donovan (Dec 28, 2005)

db said:


> Here's an anti-spyware product I ran across recently.
> 
> http://www.arovaxshield.com/index.php
> 
> I've installed it on my daughter's computer and it seems to function as advertised.


I started evaluating this one recently as well.... I am still in "testing" phase with it so I am not ready to recommend it or not but it is looking promising!

I normally use LavaSoft's Ad-Watch (which comes with Ad-Aware Plus/Pro) which does the same basic thing. After extensive use I highly recommend Ad-Watch but it isn't free like Arovaxshield.

Will post my recommendations on this product after more research and testing...


----------



## Rayne (Jan 8, 2006)

I've read that you're not supposed to run 2 antivirus programs at the same time on the same computer. Is that true or are there programs that can run and play nicely together?


----------



## Lit Up (Jan 8, 2006)

Rayne said:


> I've read that you're not supposed to run 2 antivirus programs at the same time on the same computer. Is that true or are there programs that can run and play nicely together?



It's not a good idea as they'll usually fight. 
I personally got tired of all the spyware/malware/virus problems and switched to Linux.

_* Tangential discussion risks deletion. Let's keep it a pure discussion of sytem protection, rather than a discussion of alternative systems - Empath*_


----------



## Empath (Jan 8, 2006)

Real time protection methods against threats of similar nature, such as multiple antivirus, multiple firewalls, and multiple antispyware applications usually conflict with one another. You can use multiple apps, if you use only the scanning features of one and insure that there's no additional services loaded on startup, or have the experience to redefine the behavior of the apps.


----------



## Rayne (Jan 18, 2006)

What do you all think about ZoneAlarm Security Suite? I have it and was wondering how it compares to other products. Oh, I am running all of the following on my PC at the same time: ZoneAlarm Security Suite, Microsoft Antispyware, Spywareblaster, AVG Antivirus and Avast! on a laptop and (minus Avast!) on a desktop. I haven't had any problems with that so far.


----------



## greg_in_canada (Jan 18, 2006)

I'd like to thank everyone who contributed to this thread. Our computer got a nasty infection (probably from the free games my kids and wife like to download).

Adaware couldn't find it and spybot said it couldn't remove it (the name was quicksearchbar or something like that). This adware kept opening up browser windows with adult content and putting shortcuts on the desktop.

So I looked at this thread again and tried the Ewido (http://www.ewido.net/en/download/) free trial and it fixed the problem.

My free trial of Spysweeper ran out last week so I couldn't try it again to fix this problem.

Cheers to you all.

Greg


----------



## colubrid (Mar 13, 2006)

*Close IE if open (you should be using FF!) and go into Internet options (right-click on the IE icon on desktop or go to control panel and choose internet options). While in the General tab of internet options, click on the "delete files" button in the middle of the window to delete all "cache" or temporary internet files. Click on the settings button next to delete files and this will open a new window (settings). In this new window click on the "view objects" button to open yet another window (downloaded program files). In this window select all objects and delete them. This will get rid of all the IE plugins (good and bad). Since you are going to be using FireFox you don't need any of them anyway! Even if you do need to use IE, any plugins you may need can be easily reinstalled... *

*Run the Ewido scanner first and let it remove anything it finds.*


HELP 

I cannot run Ewido because my computer keeps shutting down from the virus (?). It may run anywhere from 1 - 16minutes before it freezes or shuts down. Then I have to wait a half an hour before it will stay on again.

Donovan (or anyone),,,, how can I run ewido w/o this happening? Ewido showed 7 malware up until it shut down at 52% completion. But everytime I turn it back on and do the scan the same malware is there again. It does not erase the malware unless the scan rins to completion. ANy way around this ??


----------



## [email protected] (Mar 13, 2006)

Try running Ewido in "safe mode"? :shrug:


----------



## dim (Mar 13, 2006)

It's been a while since I've done a virus/spyware/malware cleansing of the machines that I maintain so I don't recall all of the specific tools that I've used before - but, certainly, the popular scan/removal software.

My technique, generally, was to use several products several times over in a given session - both in "regular" mode and in safe mode so to remove suspect files before they open. Also, during a session, I'll manually examine the process list, services and registry entries and manually delete files and directories (folders) and change/delete registry entries. It's easy enough to "Google" suspect processes and file names to find out more about them to see if they represent a hazard. For questionable files etc., simply rename or move them where possible in case they need to be renamed or moved back. Again, most manual processes should be done in safe mode or booted from removable media.

One time, it was so bad on a machine that after several prior semi-successful bouts, it got to the point where the machine would just bog down almost continuously from the weight of spyware. Instead of fighting a losing battle, it was easier and quicker to do a backup and reinstall. The machine was MUCH more responsive (and still is). If you feel like you are fighting a losing battle, a reinstallation should be a consideration.

Needless to say, Empath is right (isn't he always? - well..) and it is not my intention to slam one OS in favor of another. Use what you feel is best for you. That said, another consideration in fighting scumware is Linux. No, it may not be for everyone, but if you are savvy enough to deal with spyware on your machines with reasonable proficiency, then you'll likely be able handle and learn Linux. Any modest learning curve and time that it take to get "up and running" will be INFINITELY more rewarding than the same time that it takes to fight the frustrating, never-ending battle against spyware.

Despite using DOS/Windows, exclusively, since the early 90s, as of just several months ago, 90 percent of my personal computing is on various distributions of Linux. I've since had NO issues with malicious software. I also feel that it is a sweeter OS than XP. There are many other benefits to Linux but, of course, that's not the point of this thread.....

Of the HUNDREDS of different Linux "distros" available, for someone looking to, simply, replace the "desktop", the popular "Debian" distros such as MEPIS, PCLOS, KNOPPIX and others have good reputations for ease of use and as XP replacements. SUSE, another popular distro, while not Debian, is VERY robust and rich. Of the several distros that I've tried, I use what works best for me and the respective machines that they run on, MEPIS and SUSE, and, yes, XP too.

http://www.distrowatch.com is a good starting point for those interested in learning about the different Linux distros.

73
dim


----------



## BobbyRS (Mar 13, 2006)

2 great links:

*12 Step Removal Procedure*
http://motherboards.mbarron.net/download/spyware.htm

*Spyware and Adware Removal Help*
http://www.pchell.com/support/spyware.shtml


----------



## colubrid (Mar 15, 2006)

*So if AVG cannot remove it what should I try next?*

I diabled system restore and follwoed some of the 12 steps listed and was finally successful at completing the ewido scan. Then I did the AVG scan and it say 35 viruses cannot be removed due to them being embedded (infected, embeded object) it is a byte java verify.


So if AVG cannot remove it what should I try next?


----------



## Donovan (Mar 15, 2006)

*Re: So if AVG cannot remove it what should I try next?*



colubrid said:


> I diabled system restore and follwoed some of the 12 steps listed and was finally successful at completing the ewido scan. Then I did the AVG scan and it say 35 viruses cannot be removed due to them being embedded (infected, embeded object) it is a byte java verify.
> 
> 
> So if AVG cannot remove it what should I try next?


Have you tried scanning in safe mode? Look at the original post in this thread and follow the steps there. If that still doesn't work PM me and I will help...


----------



## ViReN (May 29, 2006)

*Re: Prevent and Remove Virus/Spyware/Malware!*

I use following to protect myself from Internet related 'attacks'

*Anti Virus:* *AVG Free*The Direct* Download *Link
*Anti Spy Ware:* *Windows Defender* may not be the best, but just gives me a bit more comfort
*TCPView:* This is a very good utility to show what is connected where and by who
*HiJackThis*: Very Good Utility to do simple 'who's running' and fix the 'bugs'
Keep Automatic Update of Windows ON, also do periodic visits to http://windowsupdate.microsoft.com/ just to confirm that i have not missed any updates.


----------



## Donovan (May 29, 2006)

*updated first post with additional links and information


----------



## flashfan (May 29, 2006)

Thanks for the info and links. This is really timely for me--Norton is expiring, and my computer is slow, slow, slow...and getting slower. 

Anyone have comments/experiences with Anti Cyber Crime? It was touted on the radio by a computer guy, but I wonder if he's being paid to promote it, rather than really believe in it. Really appreciate any feedback. Thanks!


----------



## Donovan (May 29, 2006)

flashfan said:


> Thanks for the info and links. This is really timely for me--Norton is expiring, and my computer is slow, slow, slow...and getting slower.
> 
> Anyone have comments/experiences with Anti Cyber Crime? It was touted on the radio by a computer guy, but I wonder if he's being paid to promote it, rather than really believe in it. Really appreciate any feedback. Thanks!


I wouldn't recommend it... Not that there is anything wrong with the software but there is just not much info on it one way or another. http://www.secureresolutions.com is the web home for this software. They boast that it is "award winning" but a quick search reveals almost no real information. 

I would recomend to stick with something you can find tangible feedback on. I would recommend any of the AV programs I provided the links for in my original post.

Not sure if you have just the norton AV or the whole internet suite but if you run into issues getting it completely off your system let me know. You will want to get it completely uninstalled and off your system before trying to install a different AV program...


----------



## 2000xlt (May 29, 2006)

THIS should be made a STICKY IMO of course. there is alot of info there. wothy of someday being read again!!

Thanks again


----------



## Luna (May 31, 2006)

2000xlt said:


> THIS should be made a STICKY IMO of course.



You sicko :devil:


----------



## picard (Jul 1, 2006)

*Arrrrghh.... I have been gettin spyware !!*

Arrrgh, I have been getting spyware ad on my pc. It comes from the antivirus site called winantivirus.com and the adultfriendfinder. 

If I set the security setting of browser to highest level, I can't surf many regular sites like my email, forums, news. when I change the setting to medium high, the dam popup will come up later. it integrate itself into the PC registery. I have to remove it every time. 

Do you guys know a way to get rid of this thing permanently? Do you have alternative solutions ? I am going nuts over this for 1 month.


----------



## dim (Jul 2, 2006)

*Re: Arrrrghh.... I have been gettin spyware !!*

Spyware removal and prevention has been discussed on CPF in 
(Moderator note: edited out link that "was here" as both threads merged into single thread).

73
dim


----------



## carrot (Jul 2, 2006)

*Re: Arrrrghh.... I have been gettin spyware !!*

My alternative solution is Linux... or OSX. Thankfully spyware and adware have yet to migrate to my platforms of choice. However, I realize switching may not be a viable option for you...


----------



## IlluminatingBikr (Jul 2, 2006)

*Re: Arrrrghh.... I have been gettin spyware !!*

If you are getting spyware from specific sites, I recommend blocking them by using your hosts file. Essentially though, you can add entries to your hosts file that points any domains you list to 127.0.0.1 (a universal self-referencing IP). That way, your computer will be unable to ask for those domains.

Here's the wikipedia entry on the hosts file that has a lot of valuable information on this topic: http://en.wikipedia.org/wiki/Hosts_file


----------



## eluminator (Jul 2, 2006)

*Re: Arrrrghh.... I have been gettin spyware !!*

Picard, I didn't know the Federation starships were plagued with this stuff. I suppose that's bound to happen when you boldly go where no one has gone before.

I always suspected the Startrek TV program wasn't telling us everything.

Must be you guys are still running Windows.


----------



## eluminator (Jul 2, 2006)

*Re: Arrrrghh.... I have been gettin spyware !!*

I notice that *.adult-friends-finder.net is in my I.E. restricted sites. I'm not sure what that means, but it's there.


----------



## dano (Jul 2, 2006)

*Re: Arrrrghh.... I have been gettin spyware !!*

Go here: http://www.ewido.net/en/

On the left hand side of the screen is a button to do a free scan/repair. I tried this and it worked well for a similar bug I had.

Also, Also, here's a good site for info: http://spywarewarrior.com/


--dan


----------



## picard (Jul 2, 2006)

*Re: Arrrrghh.... I have been gettin spyware !!*

thanks for the links guys. I am installing those software now.


----------



## cyberhobo (Jul 3, 2006)

*Re: Arrrrghh.... I have been gettin spyware !!*

Get SpywareBlaster, it's free and very effective. Uses no resources and is always updated with the latest threats.


----------



## eluminator (Jul 3, 2006)

*Re: Arrrrghh.... I have been gettin spyware !!*

I agree about SpywareBlaster. Three thumbs up. I guess it won't fix what is wrong now, but helps protect in the future. The best thing about it for dial-up users is it can download updates in a few seconds. I looked at it's restricted site list, but I couldn't find either of Picard's sites there.

Windows Defender seems like it might be good also, and it optionally does do a scan. Either manually initiated, or scheduled in the wee hours.

If the problem continues, it might be time for HijackThis.


----------



## TinderBox (UK) (Jul 3, 2006)

*Re: Arrrrghh.... I have been gettin spyware !!*

SpywareBlaster :goodjob:

regards.


----------



## winny (Jul 3, 2006)

*Re: Arrrrghh.... I have been gettin spyware !!*

Although a bit childish to suggest it - GET FIREFOX!


----------



## Casual Flashlight User (Jul 3, 2006)

*Re: Arrrrghh.... I have been gettin spyware !!*

Ad aware, spybot s&d & spywareblaster are useful tools - all easy to use for the more clueless of us (i.e. me).






Just update them and run them every few days and bobs yer uncle.







http://www.lavasoft.de/software/adaware/

http://www.download.com/3000-2144-10122137.html

http://www.javacoolsoftware.com/spywareblaster.html



Goodluck mate...these nosey parkers should be given a slap for their troubles IMO.



CFU


----------



## senecaripple (Jul 4, 2006)

*Re: Arrrrghh.... I have been gettin spyware !!*

thanks for the link casual flashlight user, i just downloaded all three. now these noisy parkers should be silence


----------



## Sigman (Jul 4, 2006)

*Re: Arrrrghh.... I have been gettin spyware !!*

I've noticed that several threads I've gone to in the CPF have caused my Zone Alarm Securtiy Suite to alert me to actions taken to prevent spyware...

Just happened today back in my wanderings somewhere in these halls. I look at the alert/action taken and say to myself, "Self, your software is working for you - THANK YOU!"...and then move on.

Duhhh, I'll start keeping track of them to see if there's something in someone's links, sigs, avatars, posts that would trigger the alerts/actions.


----------



## Josey (Jul 4, 2006)

*Re: Arrrrghh.... I have been gettin spyware !!*

I had the exact same thing -- same spyware and pop-ups from those two sites -- and could not get rid of them no matter what anti-spyware programs I ran. I finally called Microsoft's tech line and a software engineer helped me get rid of them for good. The usual solutions didn't work for her, but she finally got rid of these pests by running SMITRUN after doing a registry back up. Good luck --Josey


----------



## Donovan (Jul 5, 2006)

*Re: Arrrrghh.... I have been gettin spyware !!*



dim said:


> Spyware removal and prevention has been discussed on CPF in (Moderator note: merged both threads into the link that "was here").
> 
> 73
> dim


Good advise!
On that note... I do try and keep my post in that "Prevent and Remove Spyware/Malware!" thread as up to date as possible. I check it regularly to make sure all the information and links are all still relevant. There is no reason to put up with your PC being infected with all the information and helpful people that are available here!


----------



## will (Jul 5, 2006)

*Re: Arrrrghh.... I have been gettin spyware !!*

Have you ever noticed that when you try some of these blockers and don't buy them, all of a sudden you start getting a whole bunch of junk - 

what is the term - "Self Fullfilling Prophecy" 

I went nuts a few years back trying to block stuff, pop up ads and all that. The more blockers I tried, the worse it got. I believe when you try them - they automatically start sending stuff.

The long and the short - I wiped the laptop clean, re installed Windows XP and every thing was fine. Everytime you go to a site, there is the likelyhood that they will put somthing on the PC, sometimes you can correct it, sometimes not.

You REALLY have no idea what some companies do !!


----------



## Sigman (Jul 5, 2006)

*Re: Arrrrghh.... I have been gettin spyware !!*

Merged 2 like threads for your reading pleasure!


----------



## Donovan (Jul 5, 2006)

*Re: Arrrrghh.... I have been gettin spyware !!*



will said:


> Have you ever noticed that when you try some of these blockers and don't buy them, all of a sudden you start getting a whole bunch of junk -
> 
> what is the term - "Self Fullfilling Prophecy"
> 
> ...


Yep, a large number of the "blockers" and so called antispyware are close to useless and are sometimes as bad as the things they are supposed to remove. Some even come from the same companies that make spyware! That is why there is a Rogue/suspect anti-spyware list. And why most techs only recommend a few well known products. It always surprises me to see all these anti-spyware applications on folks computers that I have never even heard of!

The recommended AntiSpyware programs list:
http://spywarewarrior.com/asw-features.htm#rec

"Bad" Antispyware list:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

.


----------



## sunspot (Jan 3, 2009)

I seem to have picked up something named Virtumonde. I noticed when running SpyBot Search and Destroy, that was taking a very long time to scan because of the large number of files named Virtumonde.sdn

I did a Google and found that SpyBot can remove/fix this on Ver 1.6.
I have 1.5 on my system and I downloaded 1.6 on a thumb drive from work.

Should I remove 1.5 before running 1.6 and should I do this in safe mode (F7) or not?

I also use Firefox as my browser, Avast, Windows Defender, SuperAntiSpyware and Secunia PSI.


----------



## mechBgon (Jan 3, 2009)

sunspot said:


> I seem to have picked up something named Virtumonde. I noticed when running SpyBot Search and Destroy, that was taking a very long time to scan because of the large number of files named Virtumonde.sdn
> 
> I did a Google and found that SpyBot can remove/fix this on Ver 1.6.
> I have 1.5 on my system and I downloaded 1.6 on a thumb drive from work.
> ...


 
I think the 1.6 installer will remove 1.5 for you, go for it  Scanning in Safe Mode may help, although it'll typically be slower.



> I also use Firefox as my browser, Avast, Windows Defender, SuperAntiSpyware and Secunia PSI.


 
AntiVir's free version is better than Avast, particularly if you enable Expert Mode in the configuration panel, and max out the heuristics for both the on-access and on-demand sections. Also, in the General section, enable all the threat categories too. But if you can use a non-Administrator user account, that tops 'em all as a proactive defense against Virtumonde.

F-Secure made a nifty bootable Rescue CD you might want to try, too. If you have a system that can burn a .ISO to a CD, and a high-speed connection that you can download a 150MB file with, try it out. Boot the system from the CD, let it update its virus definitions, and have it scan. Since the system hasn't booted from the hard drive, malware is unable to hide or fight back. F-Secure is known for their good detection rates, so this is well worth it if you've been using Avast, which is not so good.


----------



## sunspot (Jan 3, 2009)

I do use a non-admin account. I've tried to use all your advice you have given in past posts. Thank you for that information.



mechBgon said:


> If you have a system that can burn a .ISO to a CD, and a high-speed connection that you can download a 150MB file with, try it out



I’m on a dial-up as DLS is not available in my area. Could I download F-Secure to a thumb drive? I have a high speed at work. I have no idea what an ISO is.

How does one boot from the normal way? I use my power button on the front of my tower.


----------



## Egsise (Jan 3, 2009)

Tips etc, also good instructions how remove viruses ans malware.
http://www.bleepingcomputer.com/forums/topic123660.html


----------



## mechBgon (Jan 4, 2009)

sunspot said:


> I do use a non-admin account.


 
_*Update:* I found some corroboration on my guess that this is a "false positive" on Spybot's part. I suggest installing the latest version of Spybot and getting all available updates, which should resolve the erroneous Virtumonde.sdn detections._

Unless someone deliberately ran a Trojan Horse program posing as an e-Card or video codec or whatnot, while logged on as an Admin, it seems pretty unlikely that you could get Virtumonde when using a non-Admin account, especially on a system that's checked with Secunia's utility and is up-to-date. So I wonder if it's a false positive on Spybot's part... have you had any indication of a Virtumonde infection from any other source (your antivirus, etc)? Because several of Virtumonde's key moves cannot be done without Admin powers (installing the rootkit, putting files in the Windows directory, etc).

Aside: I'll never forget the day McAfee VirusScan Enterprise 8.0i false-positived on Microsoft Excel, resulting in the deletion of Excel.exe from all my employer's workstations  Fortunately, they'd been installed from an Administrative Installation Point, and repaired themselves as fast as McAfee could nuke 'em.



> I’m on a dial-up as DLS is not available in my area. Could I download F-Secure to a thumb drive? I have a high speed at work. I have no idea what an ISO is.


 
You could download it at work. An .ISO is a CD "image" in ready-to-burn form. You'd want to extract the .ISO file out of the Zip file, then use a CD-recording software to burn it to a recordable CD. Nero and Roxio are a couple CD-burning softwares you might have; otherwise I think the trial version of Alcohol 120 will do the job. If you have an I.T. person, you could also ask him/her to kindly burn the .ISO for you, if they're cool like that 



> How does one boot from the normal way? I use my power button on the front of my tower.


 
With many computers, if there is a bootable CD in the drive when you power up, it will either boot from it, or at least put a prompt saying to press any key if you _want_ to boot from it. Otherwise, there may be a "hot key" you can press which will call up a list of all bootable devices in the system. On Dells and HPs, I think it's the *F2* and *F12* keys respectively (preceded by your F-lock key if your keyboard has one of those). The start screen should say what the hotkey is, if it's a pre-built system.

On custom-built systems, recent-model Asus motherboards use the *F8* key, and Gigabytes use the *F12* key.


Here are a couple more resources you might want to try, which are small enough to download using dial-up:

Avira AntiRootkit is a rootkit-detection utility from Avira, who makes AntiVir. Rootkits hide stuff so it's difficult to find & remove. Virtumonde is a big family but typically is rootkit-protected, so if you have Virtumonde, this utility should find a rootkit active on the system, unless it's already been deleted.

TrendMicro HijackThis is often used to get rid of malware. After checking for rootkits, if you run HijackThis and choose the "scan and save a logfile" option, then PM it to me (don't post it, *Empath* says not to post them publicly), and I can eyeball it for suspicious stuff (there will be lots of normal stuff in the logfile as well, so you have to be careful to only delete the bad stuff).


----------



## Empath (Jan 4, 2009)

HijackThis logs will need to be posted and interpreted privately. The logs will be deleted if they're posted here.


----------



## eluminator (Jan 4, 2009)

mechBgon said:


> _*Update:* Otherwise, there may be a "hot key" you can press which will call up a list of all bootable devices in the system. On Dells and HPs, I think it's the *F2* and *F12* keys respectively (preceded by your F-lock key if your keyboard has one of those). The start screen should say what the hotkey is, if it's a pre-built system.
> 
> On custom-built systems, recent-model Asus motherboards use the *F8* key, and Gigabytes use the *F12* key.
> 
> _


_ Ah yes, the secret magic key. Many gurus don't know it exists. I've never seen it mentioned on the start screen, or the mobo documentation.

Intel mobos use the F10 key.

I have Asus and Intel mobos and I forget what the magic keys are, so I put stickers on my keyboard._


----------



## sunspot (Jan 4, 2009)

Okay, I got rid of Virtumonde. Thanks for the advice.

Would you please help with some Secunia issues?
The program is telling me that I have a insecure version of Macromedia Flash Player 6.x and it does not appear on my add/remove programs list. Also it won’t go aweay when I try to run 

“According to the vendor, you should be able to use the following tool to delete/uninstall Adobe Flash Player from your computer:
1. http://download.macromedia.com/pub/flashplayer/current/uninstall_flash_player.exe “
what can I do to remove it?

I have 3 more Secunia issues that I’ll ask about later.


----------



## tiktok 22 (Jan 4, 2009)

Threatfire is a great proggy to have and is free also...


----------



## mechBgon (Jan 4, 2009)

sunspot said:


> Okay, I got rid of Virtumonde. Thanks for the advice.
> 
> Would you please help with some Secunia issues?
> The program is telling me that I have a insecure version of Macromedia Flash Player 6.x and it does not appear on my add/remove programs list. Also it won’t go aweay when I try to run
> ...


 
In the Secunia results, there should be a folder icon that'll take you to the offending file, so you can manually delete it.


----------



## BB (Jan 4, 2009)

For the later versions of Flash, they show up on my system as "Adobe Flash" in two places in the Add/Remove Programs panel under Control Panel (in XP anyways), as a "plug-in" and as an "ActiveX" program (IIRC, Adobe purchase Macromedia).

But, as far as I remember, just doing the upgrades cleaned out the old flash programs--in some case, you may need to re-run the scan to in PSI to pickup the changes.

-Bill


----------



## sunspot (Jan 5, 2009)

Thanks for all the tips and tricks. I now have a 100 % Secunia score. I also downloaded F-Secure to a thunb drive. I'll try to buen a copy to a CD later.:thanks:


----------



## csshih (Jan 5, 2009)

had Virtumonde before..


look up something called, "VundoFix"


----------

