itsthepham
12-01-2004, 02:25 AM
Since I've been seeing spyware related topic's here and there, I've decided to post this it hopes that it would help you all out.
Disclaimer: I'm not responsible for what you do to your computer. If you follow these instructions carefully, no harm should come out of reading this how-to. Just pay attention.
1. Identify the problem
OK, first, identify what type of spyware it is. Is it random popups within your internet browser? Is it random popups when everything is closed? Does your homepage keep changing? Also, look in your task manager (ctrl+alt+delete) for any processes running that look bad. Once you identify what type of spyware you have, determine what it's advertising. If your homepage keeps resetting to something like "freeinkcartridges.com", look on google. There's often a fix for specific spyware programs, depending n what they're advertising. For the abovementioned spyware (which I made up....) try searching for something like "freeinkcartridges homepage resetting spyware fix" or variants. If you can find a specific fix from a trusted source, use it. Most times, that will take care of your problems.
2. If google doesn't help
Bust out the big guns. Download both Spybot search and Destroy (http://www.safer-networking.org/en/download/index.html), Ad-Aware (http://www.lavasoftusa.com) or even Spysweeper (I will provide these in professional versions if needed). One usually finds what the other leaves behind. Install the programs, and follow the instructions that they come with. I highly advise against just clicking through the program. If you don't pay attention, you could seriously damage your computer. Read what spywares you find on your computer, and fix them.
3. If spyware removal tools don't work
Download HijackThis (http://mjc1.com/mirror/hjt/) and install it. Now be wary. This is a registry / hard drive editing tool. It's similar to sbybot s&d, except it's a little more...hardcore. Be careful what you fix. Back in the first section, where you discovered the name of the problem, look for that name in the list HT displays. If you see it, get rid of it. Lots of times, if you see something you don't recognize, copy/paste the whole line in HT into google, and search. If you've had this type of spyware, chances are, someone else has. If you see stuff on there you're not sure about, by all means post on here. Just make sure you know what you're deleting before you delete it.
4. After running these programs...
Search your PC. If you're positive of the name of the spyware program, use windows search feature to search all hidden and system folders for the main name of the program (i.e., if the thing is called MySpyware program rocks, search for "MySpyware"). If you're absolutely sure you can get rid of this file, delete it (if any found). If you get errors saying "cannot delete this file because it is in use" or "access denied" time to bust out the old school techniques. Open up a command prompt (start > run > enter "cmd" sans quotes). At the prompt, use the cd commands to change to the directory (use google if you don't know how). Once you've identified the program, maybe it's called MySpyware.exe, use the command del /f myspyware.exe. Delete the parent directory using the rmdir command. After doing this, search your registry for the program. Go into regedit (start > run > regedit). First, save your registry! Go to file > export, and save it. Next, search (ctrl + f) for your program. If you find it, and you're absolutely positive that you've found a spyware program, delete the entry. (this is why I had you save the registry.)
5. After eliminating the threat
Reboot. Be positive the problem is gone. If it comes back, you missed a registry setting, you didn't delete it properly, or you didn't fix it.
If after these steps you still have a spyware problem, post in the forums, and we'll help. Spyware is a changing art; they're getting smarter and smarter. Updating your spyware definitions and scanning regularly are ways to keep you clean.
Oh, and never click 'yes' in those windows installer things in IE.
Hope this helps somewhat...
MOD's sticky this if you would like to.
Disclaimer: I'm not responsible for what you do to your computer. If you follow these instructions carefully, no harm should come out of reading this how-to. Just pay attention.
1. Identify the problem
OK, first, identify what type of spyware it is. Is it random popups within your internet browser? Is it random popups when everything is closed? Does your homepage keep changing? Also, look in your task manager (ctrl+alt+delete) for any processes running that look bad. Once you identify what type of spyware you have, determine what it's advertising. If your homepage keeps resetting to something like "freeinkcartridges.com", look on google. There's often a fix for specific spyware programs, depending n what they're advertising. For the abovementioned spyware (which I made up....) try searching for something like "freeinkcartridges homepage resetting spyware fix" or variants. If you can find a specific fix from a trusted source, use it. Most times, that will take care of your problems.
2. If google doesn't help
Bust out the big guns. Download both Spybot search and Destroy (http://www.safer-networking.org/en/download/index.html), Ad-Aware (http://www.lavasoftusa.com) or even Spysweeper (I will provide these in professional versions if needed). One usually finds what the other leaves behind. Install the programs, and follow the instructions that they come with. I highly advise against just clicking through the program. If you don't pay attention, you could seriously damage your computer. Read what spywares you find on your computer, and fix them.
3. If spyware removal tools don't work
Download HijackThis (http://mjc1.com/mirror/hjt/) and install it. Now be wary. This is a registry / hard drive editing tool. It's similar to sbybot s&d, except it's a little more...hardcore. Be careful what you fix. Back in the first section, where you discovered the name of the problem, look for that name in the list HT displays. If you see it, get rid of it. Lots of times, if you see something you don't recognize, copy/paste the whole line in HT into google, and search. If you've had this type of spyware, chances are, someone else has. If you see stuff on there you're not sure about, by all means post on here. Just make sure you know what you're deleting before you delete it.
4. After running these programs...
Search your PC. If you're positive of the name of the spyware program, use windows search feature to search all hidden and system folders for the main name of the program (i.e., if the thing is called MySpyware program rocks, search for "MySpyware"). If you're absolutely sure you can get rid of this file, delete it (if any found). If you get errors saying "cannot delete this file because it is in use" or "access denied" time to bust out the old school techniques. Open up a command prompt (start > run > enter "cmd" sans quotes). At the prompt, use the cd commands to change to the directory (use google if you don't know how). Once you've identified the program, maybe it's called MySpyware.exe, use the command del /f myspyware.exe. Delete the parent directory using the rmdir command. After doing this, search your registry for the program. Go into regedit (start > run > regedit). First, save your registry! Go to file > export, and save it. Next, search (ctrl + f) for your program. If you find it, and you're absolutely positive that you've found a spyware program, delete the entry. (this is why I had you save the registry.)
5. After eliminating the threat
Reboot. Be positive the problem is gone. If it comes back, you missed a registry setting, you didn't delete it properly, or you didn't fix it.
If after these steps you still have a spyware problem, post in the forums, and we'll help. Spyware is a changing art; they're getting smarter and smarter. Updating your spyware definitions and scanning regularly are ways to keep you clean.
Oh, and never click 'yes' in those windows installer things in IE.
Hope this helps somewhat...
MOD's sticky this if you would like to.