Welcome Guest ( Log In | Register )


 Rules

Don't want to be BANNED? Read the rules!

3 Pages V   1 2 3 >  
Reply to this topicStart new topic
 Adware/spyware Removal, Sorry if it's being posted before.
Kamikaze_Badger
post Jun 27 2004, 07:27 PM
Post #1


Combat Medic Infantry
******
Group: Members
Posts: 8,112
Joined: 27-June 04
From: E Co 232 Med BN
Member No.: 10,892



I couldn't find this in the Windows OS forums, so I decided to post it, because there will always be someone who needs help with removing the annoying junk.



First off, what is adware? According to Google, spyware is:

QUOTE
A general term for a program that surreptitiously monitors your actions. While they are sometimes sinister, like a remote control program used by a hacker, software companies have been known to use spyware to gather data about customers


And adware:

QUOTE
... adware is considered to go beyond the reasonable advertising that one might expect from freeware or shareware. Typically a separate program that is installed at the same time as a shareware or similar program, adware will usually continue to generate advertising even when the user is not running the origianlly desired program



Now that we know something about them, lets get into removing them. Different tools are made for different kinds of spyware/adware. Some of the best tools are:

Ad-Aware 6.0

Spybot - S&D

Spysweeper


The above three applications are tools made for removal of all types of known spyware/adware. But sometimes, programmers get a bit more devious and write things that aren't as easily detected. Merijn.org has freeware tools for removal of these annoying things. Some of the best known ones:

Hijack This. Browses services, registry, etc for possible spyware/adware. USE AT YOUR OWN RISK!

CWShredder. Tool for the removal of CoolWebSearch(homepage hijacker) variants(more info on CWS can be found here).

Kill2Me. Tool for removal of the Look2me parasite.



Now, you know a bit more about spyware/adware. So, lets get to work on removing it. I highly recommend Spybot - S&D and Ad-Aware 6.0 for this, and Hijack This if you can read and will follow the instructions given here.

Scan using Ad-Aware 6.0, and remove all the files you can. Do the same with Spybot - S&D after you get done with Ad-Aware, so you'll be able to find files that Ad-Aware possibly didn't. And scan with Spysweeper as well, as members here have good feedback on it finding things that Spybot and Ad-Aware don't. I also recommend scanning with Hijack This and then posting your log here if you don't want to read the tutorial I gave you, or don't trust yourself. Remember to make backups, reboot afterwards, and then delete the backups if nothing is wrong, as I doubt it'll be long before companies start writing programs to restore Hijack This backups.



Now, lets say that you've ran Spybot, Ad-Aware, and special tools(such as CWS), but your computer is still acting up. This is where a virus scan might come in handy. The most popular freeware scanner is AVG Anti-Virus. It's very effective, and free. You can also use Mcaffee AVERT Stinger for a quick and dirty emergency scan. Lets just let the description do the talking here:

QUOTE
Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.

This version of Stinger includes detection for all known variants, as of April 4, 2004:

BackDoor-AQJ
BackDoor-JZ
Bat/Mumu.worm
Exploit-DcomRpc
IPCScan
IRC/Flood.ap
IRC/Flood.bi
IRC/Flood.cd
NTServiceLoader
PWS-Narod
PWS-Sincom.dll
W32/Anig.worm
W32/Bagle@MM
W32/Blaster.worm (Lovsan)
W32/Bugbear@MM
W32/Deborm.worm.gen
W32/Doomjuice.worm
W32/Dumaru
W32/Elkern.cav
W32/Fizzer.gen@MM
W32/FunLove
W32/Klez
W32/Lirva
W32/Lovgate
W32/Mimail
W32/MoFei.worm
W32/Mumu.b.worm
W32/MyDoom
W32/Nachi.worm
W32/Netsky
W32/Nimda
W32/Pate
W32/Sdbot.worm.gen
W32/SirCam@MM
W32/Sober
W32/Sobig
W32/SQLSlammer.worm
W32/Swen@MM
W32/Yaha@MM

Note: Windows ME and XP utilize a restore utility that backs up selected files automatically to the C:_Restore folder. This means that an infected file could be stored there as a backup file, and VirusScan will be unable to delete these files. You must disable the System Restore Utility to remove the infected files from the C:_Restore folder.



Another great little utility that a friend of mine once used, which found several new trojans that he had never heard of before(and removed them) that were causing him problems, is Avast Home Edition. Also, Avast Virus Cleaner Tool is a great addition to any collection of anti-virus programs. I also recommend getting McAfee Security Center as well. It's free, and has several excellent features along with it's virus scan, including a firewall, spam blocker, etc. You can find up-to-date virus information here, and can check up on virus myths(like the jdbg hoax) at Vmyths.com.




Messenger Service(AKA - What's-with-all-these-freaking-dialog-windows!? service):

The Windows Messenger service was made to be used by administrators to send messages to network users, etc. But better methods(such as IM and e-mail) were utilized by admins, so it pretty much went dead. But then, companies and spammers found out how to use it to send spam in biblical proportions. You can pay $20 for a program to stop it, or you could disable the service. But, the best way is to use the Messenger-Control Ad-Aware plugin. It stops the messenger service from coming through. If you have to purchase Ad-Aware Plus to install it, then it'll be well spent money. Also, you can use the LSP-Explorer plugin to disable the Messenger Service.



I hope that this guide comes in handy. If you want to see something added, just tell me, and I'll get it on ASAP.





UPDATE:


A little something for those of you who are getting some symptoms of adware and spyware, but are not getting reports of it. There's currently only one, and I'll get some more done over the weekend hopefully.

Symptom: Slow load times on most applications, more of the recent ones than the older ones, but no ad's or browser hijacking.

Solution: You're not infected with adware or spyware. Simply defrag your hard drive, and delete things you dont' need. Some RAID's may also have a slow load time if you've got data set to spread out across multiple disks. If you still get slow things, try going from IDE to ATA, or post your HijackThis log to be reviewed.






File extensions to watch out for

The following is a list of file extensions you should watch out for when downloading files from the internet:

.com
.exe(mainly for pictures and stuff)
.vbs
.*.vbs
.*.exe
.*.com


The last three represent things like mypicture.jpg.vbs or mypicture.jpg.exe. Thanks Ahnya for the advice.



Windows Process Information

http://www.liutilities.com/products/wintas...processlibrary/


The following is a list of processes to watch out for:


  • a.exe
  • adaware.exe
  • Alchem.exe
  • alevir.exe
  • arr.exe
  • ARUpdate.exe
  • av.exe
  • avserve.exe
  • avserve2.exe
  • backWeb.exe
  • bargains.exe
  • belt.exe
  • Biprep.exe
  • blss.exe
  • bokja.exe
  • bootconf.exe
  • bpc.exe
  • brasil.exe
  • BUGSFIX.EXE
  • bundle.exe
  • bvt.exe
  • cmd32.exe
  • cmesys.exe
  • datemanager.exe
  • dcomx.exe
  • directs.exe
  • divx.exe
  • dllreg.exe
  • dmserver.exe
  • dpi.exe
  • dssagent.exe
  • emsw.exe
  • exec.exe
  • explore.exe
  • explored.exe
  • Fash.exe
  • fntldr.exe
  • fsg_4104.exe
  • FVProtect.exe
  • game.exe
  • gator.exe
  • gmt.exe
  • goidr.exe
  • hbinst.exe
  • hbsrv.exe
  • hxdl.exe
  • hxiul.exe
  • iedll.exe
  • iedriver.exe
  • IEHost.EXE
  • iexplorer.exe
  • infus.exe
  • infwin.exe
  • intdel.exe
  • isass.exe
  • istsvc.exe
  • jawa32.exe
  • jdbgmrg.exe
  • kazza.exe
  • keenvalue.exe
  • kernel32.exe
  • launcher.exe
  • loader.exe
  • mapisvc32.exe
  • mario.exe
  • md.exe
  • mfin32.exe
  • mmod.exe
  • mostat.exe
  • msapp.exe
  • msbb.exe
  • msblast.exe
  • mscache.exe
  • msccn32.exe
  • mscman.exe
  • msdm.exe
  • msgfix.exe
  • msiexec16.exe
  • msinfo.exe
  • mslagent.exe
  • mslaugh.exe
  • msmc.exe
  • msmgt.exe
  • msmsgri32.exe
  • msrexe.exe
  • mssvc32.exe
  • mssys.exe
  • msvxd.exe
  • mwsoemon.exe
  • mwsvm.exe
  • netd32.exe
  • nssys32.exe
  • nstask32.exe
  • nsupdate.exe
  • omniscient.exe
  • onsrvr.exe
  • patch.exe
  • pcsvc.exe
  • pgmonitr.exe
  • powerscan.exe
  • prizesurfer.exe
  • prmt.exe
  • prmvr.exe
  • ray.exe
  • rb32.exe
  • rcsync.exe
  • run32dll.exe
  • rundll.exe
  • rundll16.exe
  • ruxdll32.exe
  • sahagent.exe
  • save.exe
  • savenow.exe
  • sc.exe
  • scam32.exe
  • scrsvr.exe
  • scvhost.exe
  • service.exe
  • showbehind.exe
  • soap.exe
  • spoler.exe
  • start.exe
  • stcloader.exe
  • support.exe
  • svc.exe
  • svchosts.exe
  • svshost.exe
  • system.exe
  • system32.exe
  • tb_setup.exe
  • teekids.exe
  • trickler.exe
  • tsadbot.exe
  • Tvm.exe
  • tvmd.exe
  • tvtmd.exe
  • update.exe
  • updmgr.exe
  • ViewMgr.exe
  • VVSN.exe
  • wast.exe
  • web.exe
  • webdav.exe
  • win-bugsfix.exe
  • win_upd2.exe
  • win32.exe
  • win32us.exe
  • winactive.exe
  • WINdirect.exe
  • windows.exe
  • wininetd.exe
  • wininit.exe
  • winlogin.exe
  • winmain.exe
  • winnet.exe
  • winppr32.exe
  • Winrar.exe
  • winservn.exe
  • winssk32.exe
  • winstart.exe
  • winstart001.exe
  • Wintime.exe
  • wintsk32.exe
  • winupdate.exe
  • winxp.exe
  • wmon32.exe
  • wnad.exe
  • wovax.exe
  • wsup.exe
  • WToolsA.exe
  • wuamgrd.exe
  • wupdate.exe
  • wupdater.exe
  • wupdmgr.exe
  • wupdt.exe
  • y.exe


This post has been edited by Kamikaze_Badger: Sep 25 2004, 04:13 PM


--------------------
22 Jan 2010
QUOTE (Kuronin)
Man, Kamikaze Badger is so cool.

s
QUOTE (roadkill)
Graciously recommended from KB, is some muffricken Christian death metal. It is a must hear, it pushes envelopes, explores new ground. Words can't describe just now incredibly awesome this is. Cue the alter smashing, bench flipping, and bible reading while thrashing away at guitars and drums.

I REALLY hate the Army.
Go to the top of the page
 
+Quote Post
exeter_acres
post Jun 28 2004, 04:24 AM
Post #2


Highly Medicated Moderator
*****
Group: Members
Posts: 4,933
Joined: 12-February 03
From: Johns Creek, GA
Member No.: 3,198



It has been discussed...

But an informative post like this is always good....

maybe a sticky is in order as these are common questions....

I run Ad aware and Spybot at least once a week.....or more if I have been visiting websites I don't normally go to....




and welcome to OCC....keep the good info coming


--------------------
I'm Back! e8400 (still working on overclock, currently 4.0ghz (W00t)and hasn't broken a sweat) | DFI Blood Iron Board | GeIL 2GB DDR2 800 | eVGA 8800 GT | OCZ GameXStream 700W PSU | Dtek Fuzion Water Block | Laing D5 pump |Homemade rad and res
and plenty of storage!
w00t

Oh yeah..and I switched to Firefox too... ya happy? ;)
Go to the top of the page
 
+Quote Post
Phil
post Jun 28 2004, 04:28 AM
Post #3


im in ur fieldz, hooverin ur swardz
Group Icon
Group: Donated
Posts: 2,099
Joined: 2-May 04
From: So. Kent CT USA
Member No.: 9,889



I also appreciate it when all this good info is assembled in one place, my only comment is that I would also like to see freeware anti-virus downloads lumped in, too.

This post has been edited by Phil: Jun 28 2004, 04:29 AM


--------------------
Waiting for a good sig quote

Go to the top of the page
 
+Quote Post
Kamikaze_Badger
post Jun 28 2004, 01:14 PM
Post #4


Combat Medic Infantry
******
Group: Members
Posts: 8,112
Joined: 27-June 04
From: E Co 232 Med BN
Member No.: 10,892



Phil, your wish is my command. I'll get Stinger and AVG in there.


--------------------
22 Jan 2010
QUOTE (Kuronin)
Man, Kamikaze Badger is so cool.

s
QUOTE (roadkill)
Graciously recommended from KB, is some muffricken Christian death metal. It is a must hear, it pushes envelopes, explores new ground. Words can't describe just now incredibly awesome this is. Cue the alter smashing, bench flipping, and bible reading while thrashing away at guitars and drums.

I REALLY hate the Army.
Go to the top of the page
 
+Quote Post
LobbDogg
post Jun 28 2004, 03:15 PM
Post #5


Hey kid, I'm a computer, Stop all the downloading!
*****
Group: Members
Posts: 2,419
Joined: 15-March 03
From: Edmonton, AB
Member No.: 3,571



You may want to recommend using the trial version of Spysweeper as well after Spybot, I've seen times where it finds stuff after Spybot has finished, and almost always finds stuff afterwards.
Go to the top of the page
 
+Quote Post
r_target
post Jun 28 2004, 03:32 PM
Post #6


forgotten but not gone
Group Icon
Group: Folding Member
Posts: 5,947
Joined: 22-January 04
Member No.: 7,972



That's a nice li'l quickie guide there. Sticky city.


--------------------
Core2 E6600@3.3|Abit IP35 Pro|Mushkin XP2 6400 2x1GB|EVGA 8800GTS Superclock|Douglas SBD-3
Go to the top of the page
 
+Quote Post
kurosen
post Jun 28 2004, 03:54 PM
Post #7


DTTL!!!
Group Icon
Group: Folding Member
Posts: 1,424
Joined: 23-February 04
From: Brooklyn, NY
Member No.: 8,643



A n00b providing such a well constructed guide. I must say I'm impressed...

Welcome to OCC Kamikaze Badger, DON'T TOUCH THE LLAMAS!! ph34r.gif

Though you have mentioned AdAware, I'd like to point out a very important plug-in called Messenger-Control that should be put to use on Win2000 and XP systems... wink.gif

Nicely done Kamikaze Badger, you get a cookie.

@ <-------cookie


--------------------
IPB Image

Go to the top of the page
 
+Quote Post
Kamikaze_Badger
post Jun 29 2004, 02:06 AM
Post #8


Combat Medic Infantry
******
Group: Members
Posts: 8,112
Joined: 27-June 04
From: E Co 232 Med BN
Member No.: 10,892



Ok, going to add Spysweeper and Messenger-Blocker. Thanks for the support and advice smile.gif.


--------------------
22 Jan 2010
QUOTE (Kuronin)
Man, Kamikaze Badger is so cool.

s
QUOTE (roadkill)
Graciously recommended from KB, is some muffricken Christian death metal. It is a must hear, it pushes envelopes, explores new ground. Words can't describe just now incredibly awesome this is. Cue the alter smashing, bench flipping, and bible reading while thrashing away at guitars and drums.

I REALLY hate the Army.
Go to the top of the page
 
+Quote Post
IUMaestro
post Jun 29 2004, 03:55 PM
Post #9


Cooling Master
****
Group: Members
Posts: 1,574
Joined: 13-October 03
From: Houston, TX
Member No.: 6,446



very nicely done man. good to see somebody put effort into a new post. alot of new members take a while to actually "give bacl" they just usually ask questions alot without helping out in other areas of OCC. you are awesome


--------------------
user posted image
|::- AMD Athlon64 3700+ San Diego @ 2600 MHz -::|
|::- MSI K8N Neo2-F nForce3 Ultra -::|
|::- PC Power & Cooling 510 Deluxe -::|
|::- 2GB (4x512mb) OCZ Platinum 2-3-2-5 -::|
|::- eVGA GeForce 6800GT 256mb @ 435/1100 Mhz -::|
|::- Custom Danger Den Water-Cooling -::|
|::- XP Pro x64 (slipped to 100mb) + Ubuntu dual boot -::|
Go to the top of the page
 
+Quote Post
Kamikaze_Badger
post Jun 29 2004, 05:21 PM
Post #10


Combat Medic Infantry
******
Group: Members
Posts: 8,112
Joined: 27-June 04
From: E Co 232 Med BN
Member No.: 10,892



QUOTE (IUMaestro @ Jun 29 2004, 11:55 PM)
very nicely done man. good to see somebody put effort into a new post. alot of new members take a while to actually "give bacl" they just usually ask questions alot without helping out in other areas of OCC. you are awesome

Thankyou biggrin.gif. I've had about 1 1/2 years of experience on other forums(currently banned from 3 different ones{when I was younger}, so I have a small idea of what to do and what not to do. My sig is what it is because I sometimes need people to tell me if I'm doing something stupid), so I know what people like(sort of). I'll get folding now, as it seems to be the good thing to do as of now(it's only PARTIALLY for the memory here).


--------------------
22 Jan 2010
QUOTE (Kuronin)
Man, Kamikaze Badger is so cool.

s
QUOTE (roadkill)
Graciously recommended from KB, is some muffricken Christian death metal. It is a must hear, it pushes envelopes, explores new ground. Words can't describe just now incredibly awesome this is. Cue the alter smashing, bench flipping, and bible reading while thrashing away at guitars and drums.

I REALLY hate the Army.
Go to the top of the page
 
+Quote Post
Phil
post Jun 29 2004, 06:18 PM
Post #11


im in ur fieldz, hooverin ur swardz
Group Icon
Group: Donated
Posts: 2,099
Joined: 2-May 04
From: So. Kent CT USA
Member No.: 9,889



Thanks for adding the anti-virus info.


--------------------
Waiting for a good sig quote

Go to the top of the page
 
+Quote Post
Kamikaze_Badger
post Jun 30 2004, 02:59 PM
Post #12


Combat Medic Infantry
******
Group: Members
Posts: 8,112
Joined: 27-June 04
From: E Co 232 Med BN
Member No.: 10,892



Thanks for asking me to add it, as I wouldn't of thought of it without you asking.


--------------------
22 Jan 2010
QUOTE (Kuronin)
Man, Kamikaze Badger is so cool.

s
QUOTE (roadkill)
Graciously recommended from KB, is some muffricken Christian death metal. It is a must hear, it pushes envelopes, explores new ground. Words can't describe just now incredibly awesome this is. Cue the alter smashing, bench flipping, and bible reading while thrashing away at guitars and drums.

I REALLY hate the Army.
Go to the top of the page
 
+Quote Post

3 Pages V   1 2 3 >
Reply to this topicStart new topic


 



RSS Lo-Fi Version Time is now: 22nd November 2009 - 03:42 AM
© 2001- Overclockers Club ® Privacy Policy