I hate spyware.

Here's a list of some very useful applications which i recommend you download for the following reasons:

a) for erasing spyware after it has been installed on your computer
b) for preventing it from being installed in the future
c) reversing the changes it has made on your computer

Adaware 6 Searches your computer for known spyware and erases them. Update your refrence files before scanning for spyware. Download: LINK (http://download.com.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button)

Spybot - Search & Destroy Very similar to Adaware. It sometimes gets stuff that Adaware misses. Less user-friendly IMO. Download: LINK (http://www.safer-networking.org/index.php?page=download)

CWShredder Little app that searches for the many variants of the Cool Web trojan which has many nasty effects. Easily removes all known versions of the trojan. Update once/twice a month. Download: LINK (Save-As) (http://www.spywareinfo.com/~merijn/files/CWShredder.exe)

Hijack This Same guy that made CWShredder. This little app searches your registry for known Browser Hijackers which change your default start pages and add unwanted Favorites. Be careful what you delete because it cannot tell the difference between default settings and hijacked settings. It is easy to tell the difference! Download: LINK (Save-As) (http://www.spywareinfo.com/~merijn/files/HijackThis.exe)


Browser Hijack Blaster Runs in the backround, detecting and blocking any scripts that try to hijack your browser and prompts you. Download: LINK (http://www.majorgeeks.com/download.php?det=3786)

IE-SpyAd Little app which updates the Restriced Sites in the Internet Options>>Security section. After changing the Internet Security to custom (medium), this will prevent any scripts from running unwantedly from all the sites that are in the list. I have yet to see this work! Download: LINK (Save-As) (http://www.staff.uiuc.edu/~ehowes/res/ie-spyad.exe)

Spyware Blaster 3.1 Runs in the backround and prevents known ActiveX scripts from running unwantedly and installing spyware onto your computer. Update regularly. Download: LINK (http://www.javacoolsoftware.com/downloads.html)

Sticky?? Hope this helps someone! :lol:

Good stuff, I was just about to log in and ask something about this!

Just reinstalled family PC and I'm gonna do mine this afternoon. Figured it would be easier to reinstall than get rid of ALL the spyware residing on these machines!

Just if i may add a few steps, only as its the most common problem i fix with PC's both at work and friends PC's.
Heres what i do to clean a PC.

Download a copy of Ad-aware 6 install and UPDATE (< important)
Run it and scan the infected machine, remove/quarantine all files.
Reboot in to safe mode, (F8 on start XP)
Run Ad-aware again scan the infected machine, Take a note of the names of any files it finds, then remove/quarantine all files.
Reboot in to normal windows.
Open ie and use google to search for a few rude words, ie SÊX, FÙÇK etc then close ie.
Reboot in to safe mode, (F8 on start XP)
Now the scary bit from the run command open 'regedit' and search for the name you took down from the last Ad-Aware scan, (note for anything from GAIN also search for Gator), if you fine any reg keys remove them but make sure that there not some thing windows is using, i.e. if your searching for 'gain' it might find something like 'sounds output gain control' leave things like this alone.
Also look in 'HKEY_LOCAL_MACHINE>SOFTWARE>MICROSOFT>WINDOWS>RUN
make sure everything in there is stuff you know about and want, again if you fine anything odd remove the enteries.
I must add the Registry Editor can if you do stupid things BÙGGER your windows install, so use your brain when manually removing Keys, That said sometimes theres no other way to get some spywares talons out of a Windows installation.

The PC 'Should' be clean now but it pays to drop to safe mode from time to time and rescan.

Top stuff

thanks

Also don't install any search toolbars apart from the google one...the rest just draw down tons of spyware.

Its best if you install a firewall, nothing gets in and nothing gets out without you knowning first!

Its best if you install a firewall, nothing gets in and nothing gets out without you knowning first!

eeer not true mate.

We have a two stage firewall here (my work) GNAT and Cisco, and if numb nuts users still click yes to pop ups .........

Oh, Dont forget to Delete everything from

C:Windowsprefetch

And Every Users Temp Internet Files.

Remember : Check this

'HKEY_CURRENT_USER>SOFTWARE>MICROSOFT>WINDOWS>RUN'

&

'HKEY_LOCAL_MACHINE>SOFTWARE>MICROSOFT>WINDOWS>RUN

Logon As every user & Check that key ^^ on the computer. (Many people slip up here)

I also Disable System Restore on machines severly infected with Spyware $hit !

Its best if you install a firewall, nothing gets in and nothing gets out without you knowning first!

Not true ! Spyware arrives with "permission" ..... just not knowingly granted by the user. Stuff with permission goes through firewalls !

Ha, Your Both Wrong in some ways. The worst type of spyware, like 'Only the Best' 'HSA' etc Downloads Via ActiveX without you giving permission, or knowing. This is the worst Kinda of spyware, It will Download, Execute and Install within seconds. So those of you that have Rebuilt due to spyware should be careful! Particulary on those XXX Websites.

Im really Hoping SP2 will help out this problem.

I think you'll find that's what Geoff said chap - it arrives WITH permission, just not with you giving it. The reason it happens is the poor ActiveX security model. It's given permission when it shouldn't be, in essence. Of course, because this happens in the background, you may never know...

HB

I work for a web company - spyware was a big problem for us - we use to use adaware, a^2 and loads of other little apps to strip it off. Now we just use one program - Spy Sweeper from www.webroot.com. It's a very professional app, self updating definitions, scans your computer on shutdown (so you can power down and walk away, it will scan, deal with problems then switch off, no waiting for scans on boot up) and when it scans, it rarely finds anything because it actively blocks spyware before it gets in. It's been our 'single source' solution! :)

Very useful contributions everyone! Something I also have a lot of passion for recitfying in this world! Brilliant to hear all your expert techniques! :)

Excellent information there lads... I re-installed windows 3 weeks ago and downloaded one of those toolbars (it was that smiley one which allows you to enter extra smiley in msn..).

Anyway I just installed ad-aware and it found 291 objects!!! :eek:

If you have win xp home get rid of a file called "winssv.exe". I bought a new laptop and hand no end of problems untill i deleted this file and all the registry entries containing the word "winssv.exe". oh you'll have to stop it running before you can delete it i.e. ctrl + alt + delete and go into processes.

:)

Anyone know how to get rid of cybersitter/www.safesite.com redirecting? Someone here installed it on their machine and left the company, now I can't rid of the damn thing even after uninstall/hijackthis.

Yeh, there are a few known patches to correct this. Just browsed my HD but it looks like I deleted mine after passing it onto my family a few weeks ago.

As with most things mate, search google. There are lots of helpful people out there hosting these things on their own sites. Good luck!

I found an EXE it was using in the windows directory cybk2.exe and renamed it. Its no longer resident in the process list, but its still redirecting...

Another spyware related jobby: I am planning to put hosts files on all the machines stopping advert/spyware links from getting to their native servers and installing rubbish. Does anyone know of a simple way to send updates round the network without having to go to each machine and copy the file on manually?

I'm norton business edition with the client / server tools but it will only send round its own virus definitions, not files of the admins choosing.

Good thread :D

Cheers for all that info, some links have expired.

Go here to download new version of CWShredder.

http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/CWShredder.shtml