AdamTheTech Logo
AdamTheTech
Enthusiast of Technology, Web Development, and Sci-Fi

Microsoft’s Free Virtual Machine Images

Deus Ex: Human Revolution Review

Embed dll Files Within an exe (C# WinForms)

Your Guide to Spyware

Please be aware that this entry is over two years old. Therefore, it may contain broken links, outdated information, or views and content which are no longer completely valid.

Problem Specific Tools

Still other annoying forms of malware mutate so fast that they cannot be thoroughly removed by existing spyware or AV utilities. Such is the case with the CoolWebSearch infections. Spyware utilities may pick up the infection, but are not equipped to fully remove, or remove it correctly without side effects. CWShredder is a utility that focuses solely on removing this annoying pest.

Another annoying pest is the infamous “About: Blank” home page in IE. If it is a hijack and not a simple home page change, like CoolWebSearch, this pest cannot be picked up by existing spyware or AV utilities. Panama Red from the PCMech forums has come up with a fix that can be found here: Click here.

This fix may seem like a daunting task, but if it is taken one step at a time, it shouldn’t be all that overwhelming. Also for this fix, make sure you have your Windows CD. If you have a different Service Pack installed from the one that came on the CD, you will need to slipstream a new CD. Another slipstream guide can be found here.

AboutBuster is another alternative for getting rid of “About: Blank” only if other problems accompany it, only after a spyware scan. The problems can include receiving random pop-ups, and the home page usually being set to “About:Blank”, or sometimes may be similar to “res:///random”.

Yet another annoying pest that is starting to become increasingly common is the nail.exe infection paired with the Aurora pop-up infection. It is nearly impossible to remove these regenerating infestations manually, so a 3rd party utility is extremely useful in this case, which can be downloaded here.

The Spyware Removal Process

Now that you have been introduced to some of the spyware tools that are available, there is a general procedure of attack to rid your system of that pesky software.

First, identify any odd-ball applications listed in Control Panel > Add/Remove programs. You will need to be online to remove certain spyware applications because they require you to go to their website’s uninstall interface. Read carefully! They try to trick users by using odd wording to keep the spyware installed. For example, it could say, “Are you sure you don’t want to uninstall our software? Click yes or no.” In this case, the answer is “No”. Those double negatives can be confusing.

Uninstalling spyware with provided uninstallers saves a lot of hassle later down the road, however, the downside is that some of these uninstallers need an active net connection for the uninstaller to work. Either way, uninstalling everything you can as a first step saves hours of headaches if you do not want to reformat and reinstall the Operating System.

If you simply allow a spyware scanner to try to remove these strains of spyware that appear in “Add/Remove Programs”, you will be left with bits and pieces on the hard drive and in various places in the registry. These left over pieces will have to be removed manually because they are no longer being detected as threats, but may still reappearing, recreating themselves, and causing problems. So, make sure you uninstall items that are listed here, plus any additional packages that looks suspicious:

  • 180solutions
  • B3D Projector
  • BackWeb
  • BargainBuddy
  • CashBack
  • ClickTheButton
  • CometCursor
  • CommonName
  • DownloadWare
  • eAnthology/eAcceleration
  • Ebates Moe Money Maker
  • GoHip
  • Golden Palace Casino
  • HotBar
  • IEDriver
  • Internet Optimizer
  • IPInsight
  • ISTBar
  • MediaLoads
  • MySearchBar
  • N-Case
  • NetworkEssentials
  • New.net
  • SaveNow
  • SearchAssistant
  • SubSearch
  • TopText
  • WeatherCast
  • Win32 BI Application

Note that manufactured PCs come with many pre-installed applications. Do a quick Google search for the application name to see if it is software associated with the manufacturer, or a piece of possible spyware.

Next, go to Start > Run, type msconfig and hit enter. If you’re running Windows 2000, you will need to install this utility manually by following the instructions here.

Once you have the System Configuration Utility open, go to the “Startup” tab and uncheck anything unfamiliar that you don’t want to load when the computer starts up. You do not need to reboot when prompted.

Next, make sure the detection definitions for Adaware, Spybot, and Microsoft AntiSpyware are up-to-date. Each of these tools has their own web update utility built into it. If the spyware infestation is really bad, go ahead and skip this step for now, but make sure you do eventually go back to perform the updates and rescan the computer with all three removal tools. Another option is to just download the updates, then boot in safe mode to perform the spyware scans.

These is no official order in which to use these programs. Personally, I usually start with Adaware since it’s the fastest scanner, and usually removes a good chunk of spyware that may be slowing the machine down. This allows the other two utilities, which are resource intensive, to run a bit more efficiently.

If you have trouble getting rid of something, try booting up Windows in Safe Mode and scanning the computer with the abovementioned removal tools.

After the first set of spyware scans, be sure to clear the browser cache, history, AutoComplete forms, and temp files. Then reboot and run the spyware removal utilities again. There are actually components that are not always detected the first time through, especially if the count is over a dozen separate items.

Next, run the HijackThis utility. Details on its use were mentioned earlier near the end of the “Scanning Tools” section in this article. HijackThis can also help you identify self-regenerating pests so you can find the appropriate removal tool that will remove it.

When all’s said and done, that’s the basic framework of a spyware removal procedure. The procedure can be altered and items swapped around when necessary, but this is one of the most efficient and effective removal procedures to make the most of your time and efforts.