Spyware Removal tips - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

Spyware Removal tips

Description:

... software tools. Lavasoft's Ad-Aware ( http://www.lavasoftusa. ... Ad-Aware. Fire it up and click on Check for updates, connect and download the latest update. ... – PowerPoint PPT presentation

Number of Views:207
Avg rating:3.0/5.0
Slides: 14
Provided by: Has686
Category:

less

Transcript and Presenter's Notes

Title: Spyware Removal tips


1
Spyware Removal tips
First off you need a few software tools.
Lavasofts Ad-Aware ( http//www.lavasoftusa.com
) CWShredder ( http//www.intermute.com/spysubtra
ct/cwshredder_download.html ) HijackThis (
http//www.spywareinfo.com/merijn/files/hijackthi
s.zip ) Pocket Killbox (http//www.bleepingcomput
er.com/files/killbox.php )NOD32 30 day trial
(http//www.nod32.com/download/trial.htm )
2
Spyware Removal tips
  • First thing to do is to pay a visit to your local
    Control Panel and then the Add/Remove section.
  • You just have to know what software is installed
    on your computer.
  • When you find some unwanted once try to uninstall
    them. Some take over five minutes to remove
    themselves. This is to fool you into thinking
    your computer is either not responding or for you
    to cancel the uninstall. They have a delay built
    into them.

3
Spyware Removal tips
  • You can identify them by looking at the last date
    accessed and by the size of the program. They are
    almost all under 2 megs big and used rarely.
  • Most of them are represented by the default icon
    for software (looks like a small computer and
    CD). Some are crafty and call themselves Windows
    Tools and Windosw XP (note the spelling!). If you
    dont recognize them as something you have
    installed then take them out.
  • A few may not uninstall no matter how long you
    wait, dont worry. Some require reboots and those
    you can just tell it to wait until youve
    finished them all. If its a mandatory reboot and
    it forces you well then go ahead and reboot.

4
Spyware Removal tips
  • Now that your Add/Remove is clean lets move to
    the next item, CWShredder. The latest version is
    2.15. This awesome program was purchased by
    Intermute who was then bought out by Trend Micro.
    Double-click on it and run it. It will find any
    CoolWebSearch trojans and their variants and
    remove them Now that your Add/Remove is clean
    lets move to the next item, CWShredder. The
    latest version is 2.15. This awesome program was
    purchased by Intermute who was then bought out by
    Trend Micro. Double-click on it and run it. It
    will find any CoolWebSearch trojans and their
    variants and remove them.

5
Spyware Removal tips
  • Next thing to do is to run HijackThis. This tool
    is dangerous. It lists all programs running in
    your computer good or bad. The latest version is
    1.99.1 so make sure you have that one. You also
    want to run this from your Desktop and not a
    temporary location like inside a .zip file.
  • Click on it and then click scan.
  • You can safely remove all the 01s since those
    are just homepage redirects and hijacks.
  • The 02 s can all go also unless you recognize
    them. The only ones that I keep are the Google
    toolbar, MSN toolbar, or else Adobe Acrobat. The
    rest are usually bad.
  • The 03s are the various toolbars installed. They
    only one I would keep is the c\windows\system\msd
    xm.ocx one. The rest can go.

6
Spyware Removal tips
  • The 04s. These are the programs that run when
    Windows starts up and the ones that are in the
    registry.
  • Default processes that are running with Windows
    XP.
  • Explorer.exeSpoolsv.exeSvchost.exe (4 or 5
    times!)Taskmgr.exe (youre using
    it)Alg.exeLsass.exeServices.exeWinlogon.exeCs
    rss.exeSmss.exeSystemSystem Idle Process

7
Spyware Removal tips
  • Beware of spelling differences! They usually
    target the svchost.exe and make them look like
    scvhost.exe or something similar.
  • Also beware of location. Services.exe does not
    run from the Program Files folder or anything
    else critical.
  • If you are unsure of anything else running you
    can always Google it and it will tell you. It
    doesnt?? Well then delete it because 99.9234822
    of the time if Google has not heard of it then
    you dont need it.

8
Spyware Removal tips
  • Win98 then the only two you need running
    areSystray.exeExplorer.exeAnything else can
    go.

9
Spyware Removal tips
  • Now be careful of the RunOnce folder because
    since youve been through the Add/Remove panel
    there may be some uninstallers that want to run
    next time Windows boots up. Hence the RunOnce
    part. Dont remove them

10
Spyware Removal tips
  • Next up to bat is the 10s 11s, these are always
    LSP or Winsock hijacks. HijackThis does not
    remove them by itself since it would break your
    internet connection. You need either the Winsock
    Fix from my site ( http//www.five-online.com/file
    s/WinsockFix.exe ) or else HijackThis suggests
    the LSP fix from cexx.org.

11
Spyware Removal tips
  • The next ones are the 16s and these are all the
    stuff that IE has downloaded for you in your
    internet travels. You will see baddies in here
    like XXX toolbar and the like. You can tell which
    ones are bad and good by looking at the website
    on the right hand side. If its something you
    like then keep it.
  • The new HijackThis also displays 023s. These are
    the Services that are installed after Windows.
    You wont see the default services here. In order
    to remove these then you will have to access
    services.msc from the Run command. First Stop the
    service and then Disable the service from
    starting up. You will then be able to remove them
    from HijackThis.

12
Spyware Removal tips
  • Ad-Aware.Fire it up and click on Check for
    updates, connect and download the latest update.
    Once that is done click on the Gear icon
    (Settings) at the top and then the Scanning
    button on the left. Change the red X to a green
    \/. Then click Advanced and check off Move files
    to Recycle Bin. Click on Tweak at the bottom and
    expand the Safety Settings on the right. Put a
    green \/ beside Write Protect System FilesClick
    Proceed, Start, and put the radio button to Full
    System Scan and then hit then Next. Sit back and
    watch your computer get soapy clean. Ideally you
    want to run this in Safe Mode. To easily get
    there in Windows XP click Start Run and type in
    MSCONFIG. Click on the Boot.ini tab and check off
    Safe Boot. If you want an Internet connection
    then put the radio button beside Network. In
    order to change it back you must remove the
    checkmark beside Safeboot.

13
Spyware Removal tips
  • If the above hasnt helped you then you missed
    something in the 04 section of HijackThis, check
    it again. If youre absolutely positively sure
    then you may have a .dll hijack which are pretty
    retarded but solveable. You need to boot into
    Safe Mode and turn on your hidden system files.
  • Go to your C\Windows folder and sort by Date
    Modified. You can move all .dlls created
    recently to a folder on your Desktop. Do the same
    with your c\windows\system folder. While youre
    there delete everything from your Prefetch folder
    (XP only) and clean out all your temp files from
    your user directory in Documents and Settings
    under Local Settings. Reboot normally and keep an
    eye on your computer. If it complains of any
    missing .dlls then they will be in that backup
    folder. Recently there has been a rash of them
    that drop a few undeletable .dlls in your
    System32 folder.These ones are identified
    usually by wallpaper that tells you to click here
    because you are infected.
Write a Comment
User Comments (0)
About PowerShow.com