How to beat spyware, step-by-step (Part 2)

Mon Aug 7, 2006 6:55AM EDT

See Comments (36)

(Continued from Part 1)

If you've gotten this far, you have a more serious spyware infection. All is not lost, but we've got some more tricks that might fix you up. At this point, make sure all of your data is backed up (to the extent possible), because drastic steps may soon be required.

5) Run HijackThis. HijackThis is a free software tool that scans your computer to find homepage hijackers, one of the most common types of spyware applications right now and the type that standard spyware software is least likely to be able to remove). Scroll down to "Official downloads" to download the tool. Next, simply open the ZIP file you downloaded, extract the application, and run the tool (you don't need to install it). Click the "Do a system scan and save a logfile" button. You'll receive a large text file as well as a dialog box (pictured) which gives you a list of active software processes, which you can then choose to delete. Unfortunately, this list includes both helpful and unhelpful software, so don't just start deleting items. Continue in step 6 to figure out how to fix your spyware infection.

6) Post your log file online. Visit this page, which offers a list of forums staffed by volunteers who can help you interpret your HijackThis log. The SWI Forums are especially busy, but most of the forums on the list are equally apt. And if you click the previous link, you'll see a "Malware Removal" forum which has over 50,000 topics listed: Those are all people like you who are seeking help getting rid of spyware. Register for an account, read the FAQ, then visit that Malware Removal forum, and post a new topic. Paste the content of the text file you created in step 5 into this topic and (politely) ask for help. You will get a response from a volunteer helper, typically within 3 days. You'll be given specific advice on what entries to remove with the HijackThis tool, and you might be pointed to additional software to run to help remove common spyware infections. Follow all the instructions and keep working with the forum helpers until either you or they give up. (And no, don't send your log file to me. I am not nearly the spyware removal expert that these guys are.)

7) Try System Restore (Windows XP only). If that doesn't work, you might try running Windows System Restore to roll back your OS to a time before the infection happened. This isn't foolproof: You might not have System Restore turned on, or the spyware might have shut System Restore off, as well. But it's worth a shot. System Restore can be found under Start > All Programs > Accessories > System Tools > System Restore.

8) Give up and wipe your hard drive. At this point, you've exhausted all the options I know of. You might try again at step 6 to make sure you've done everything you can to salvage the PC. Forum helpers will often work with you for weeks to help fight a spyware infection, but there are tens of thousands of possible variants out there, with new ones cropping up every day. It's just not possible to clean them all, every time. Sometimes the only thing you can do is call it quits, reformat your hard drive, and reinstall your OS. Again, make sure you have your backups ready and verified. Once you're up and running, reinstall your antivirus and anti-spyware applications, and stay vigilant against infection. Good luck.

Comments on How to beat spyware, step-by-step (Part 2)

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 1 Posted by wilfredpacio on Wed Aug 16, 2006 6:39PM EDT Report Abuse

    What about regedit and clean out Windows Run keys?

  • 2 Posted by damnhesofine on Thu Aug 24, 2006 9:07PM EDT Report Abuse

    I believe we've downloaded some Malware on the the PC, but i cant get it off... Its listed in Norton as(SpySherrif.AdWare windows32.dll) that one i believe i got off (yay) but the other is SpySherrif.AdWare and its listing is "nj.exe" . and its dug in a little deeper. I brought up registry in Hijack this for help , but thought it wise not to mess with that! can you help with what i need to remove? here's the listing: Logfile of HijackThis v1.99.1 Logfile of HijackThis v1.99.1 Scan saved at 7:19:00 PM, on 8/24/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wdfmgr.exe c:\Progr

  • 3 Posted by buiboy98 on Mon Sep 4, 2006 9:28AM EDT Report Abuse

    you can google the stuff u find on hijack this and it'l usually tell you if the things in it are bad or not

  • 4 Posted by lesliepatrus on Tue Sep 5, 2006 3:06AM EDT Report Abuse

    If you are wondering how to use HiJackthis, run the program and create a log file. Select the entire contents of the log file and paste it here: http://www.internetinspiration.co.uk/hijack%20this-Automated%20analysis.htm Scroll a third of the way from the bottom of the window and click on the tiny little button that says: "Analyze" From there it will give you a quick reference for each of the items if they are safe or not. For the ones that are not "safe" you can read what other users say about the entry. If you want to get rid of an entry, go back to "Hijackthis" and select the corresponding line and fix it.

  • 5 Posted by ozsa87 on Tue Sep 5, 2006 4:47AM EDT Report Abuse

    I don't know you guys, but I use nod32 antivirus, and I have no virus and no spyware for 2years, it has active protection, and simply don't let virus to run.. I wrote about it at http://makesens.blogspot.com/2006/08/discover-best-antivirus-on-internet.html If you have question about drop an email at ozsa87@yahoo.com try it, I say honest, its the best I`ve ever seen.

More Posts: First Prev 1 2 3 Next Last

Post a Comment

Sign In to Post a Comment

 

Sign In to see your profile information, saved products and more...

Register Sign In

My Favorite Gadgets

 



Quick Compare See All Favorite Gadgets
 

Recent Activity

 

Recently Viewed

on | off on | off
 

Recent Searches

on | off on | off
 
 
 

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.