How to beat spyware, step-by-step (Part 2)

Mon Aug 7, 2006 6:55AM EDT

See Comments (38)

(Continued from Part 1)

If you've gotten this far, you have a more serious spyware infection. All is not lost, but we've got some more tricks that might fix you up. At this point, make sure all of your data is backed up (to the extent possible), because drastic steps may soon be required.

5) Run HijackThis. HijackThis is a free software tool that scans your computer to find homepage hijackers, one of the most common types of spyware applications right now and the type that standard spyware software is least likely to be able to remove). Scroll down to "Official downloads" to download the tool. Next, simply open the ZIP file you downloaded, extract the application, and run the tool (you don't need to install it). Click the "Do a system scan and save a logfile" button. You'll receive a large text file as well as a dialog box (pictured) which gives you a list of active software processes, which you can then choose to delete. Unfortunately, this list includes both helpful and unhelpful software, so don't just start deleting items. Continue in step 6 to figure out how to fix your spyware infection.

6) Post your log file online. Visit this page, which offers a list of forums staffed by volunteers who can help you interpret your HijackThis log. The SWI Forums are especially busy, but most of the forums on the list are equally apt. And if you click the previous link, you'll see a "Malware Removal" forum which has over 50,000 topics listed: Those are all people like you who are seeking help getting rid of spyware. Register for an account, read the FAQ, then visit that Malware Removal forum, and post a new topic. Paste the content of the text file you created in step 5 into this topic and (politely) ask for help. You will get a response from a volunteer helper, typically within 3 days. You'll be given specific advice on what entries to remove with the HijackThis tool, and you might be pointed to additional software to run to help remove common spyware infections. Follow all the instructions and keep working with the forum helpers until either you or they give up. (And no, don't send your log file to me. I am not nearly the spyware removal expert that these guys are.)

7) Try System Restore (Windows XP only). If that doesn't work, you might try running Windows System Restore to roll back your OS to a time before the infection happened. This isn't foolproof: You might not have System Restore turned on, or the spyware might have shut System Restore off, as well. But it's worth a shot. System Restore can be found under Start > All Programs > Accessories > System Tools > System Restore.

8) Give up and wipe your hard drive. At this point, you've exhausted all the options I know of. You might try again at step 6 to make sure you've done everything you can to salvage the PC. Forum helpers will often work with you for weeks to help fight a spyware infection, but there are tens of thousands of possible variants out there, with new ones cropping up every day. It's just not possible to clean them all, every time. Sometimes the only thing you can do is call it quits, reformat your hard drive, and reinstall your OS. Again, make sure you have your backups ready and verified. Once you're up and running, reinstall your antivirus and anti-spyware applications, and stay vigilant against infection. Good luck.

Comments on How to beat spyware, step-by-step (Part 2)

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 6 Posted by ozsa87 on Thu Sep 3, 2009 7:47PM EDT Report Abuse

    and something more..Hijack is good but if the virus/spyware has infiltrated the svchost.exe then you cannot remove with it, nor with the rest of antispyware stuff, in this case use nod32's dos program. you need fat32 file system (ntfs in invisible in dos) and a boot disk, if you have fat32 and don't have bootdisk, try to search on yahoo/google for a win98 bootdisk creator, I`m sure you'll find. But if you don't have virus in you memory, MBR, or in windows system files then just install nods windows antivirus and I believe you will never get virus again..my experience says that nod is king and norton or others are babies..

  • 7 Posted by that_monkey_is_on_the_run on Thu Sep 3, 2009 10:02PM EDT Report Abuse

    Find a file on the internet called "smitfraud fix". Decompress it in a directory and restart the computer in safe mode. Choose number one and it will clean your system. It will then run disk cleanup. It will ask you if you want to clean the registry. Say "y". Then choose option 2 to restore trusted zones. Reboot the machine and you are good. I had spysherrif and it sucked. That program cleaned it.

  • 9 Posted by lovedogcavalier on Thu Sep 3, 2009 6:57PM EDT Report Abuse

    This was the most complete, erudite but understandable(to illits,like me)discussion of one of the most common problems affecting so many PC users. Thank you. Maybe my next computer won't have to be a pricey MAC

  • 10 Posted by lucho291900 on Thu Sep 3, 2009 6:59PM EDT Report Abuse

    how can i get all these adds from popping up like claxonmedia ads

  • 11 Posted by babygurl_20192001 on Thu Sep 3, 2009 3:01PM EDT Report Abuse

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [PersonalWeb] "C:\Program Files\Claria\PersonalWeb\PersonalWeb.exe" O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1163566836\ee\AOLSoftware.exe O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe /auto O4 - HKLM\..\RunOnce: [AOLRebootNeeded] regsvr32.exe /s O4 - HKCU\..\Run: [Y!TunnelPro] C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-GB ee://aol/imApp O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?1e1c92d51e344337a68ea2777476f083 O8 - Extra context menu

  • 12 Posted by theotherjj.cole on Thu Sep 3, 2009 10:04PM EDT Report Abuse

    Or just switch to a LINUX distro and not have to deal with these issues anymore.

  • 14 Posted by nihorwitz98 on Thu Sep 3, 2009 7:38PM EDT Report Abuse

    Okay, everyone DO NOT listen to this article. You DO NOT want more than one anti-spyware program and anti-virus program on your computer. They conflict with each other causing system instability. If I were to recommend an anti-spyware and anti-virus it would have to be Spyware Doctor by PC Tools and Free AVG anti-virus.

  • 15 Posted by renalator on Thu Sep 3, 2009 8:36PM EDT Report Abuse

    "Or just switch to a LINUX distro and not have to deal with these issues anymore." And forget running any of your fun applications or understanding any of the lingo. I do believe that Linux has the largest database of vulnerabilities according to CERT. "Or ... buy a Mac." I thought MAC's were so easy but now the commercial says there is a MAC Genius? Don't fall for all the hype. If MAC ever gets a share of the internet then they will be attacked also. This is not just a Windows issue this is a software issue. Even your beloved MAC has viruses availble to it thats why they patch things too. But if I were to leave my, virus free for as long as I can remember, Windows XP I would go MAC way over that Linux thing. MAC has some really nice features like itunes and all the media stuff that Microsoft was sued for billions to remove from it's OS install. Just download www.eeye.com product called Blink and you will stay virus free.

  • 16 Posted by stargazingoyster on Thu Sep 3, 2009 9:39PM EDT Report Abuse

    Another micro$hit vulnerability and exploit. Switch to a Linux distro or a mac which is basically NetBSD/UNIX and you wont have to worry about it. But sheeple love using windows because its much easier to complain why your system crashes, gets infected and cant preform right. Got to love the 1500 reboots a day too with windows eh? How about those nifty neato bluecreens constantly? Or having to reformat after every 6 months. No thanks. I love my Linux and wont ever touch windows again. Dont have to worry about virii either. Been running mine nearly 1 and a half years with no reboot. But EXT3 and ReiserFS blows fat and ntfs systems away anyhow. For newbies, mac is perfect, so are alot of user newbie friendly linux's like Xandros, Ubuntu etc...

  • 17 Posted by stargazingoyster on Thu Sep 3, 2009 9:39PM EDT Report Abuse

    renalator said: "Or just switch to a LINUX distro and not have to deal with these issues anymore." And forget running any of your fun applications or understanding any of the lingo." So you couldnt run wine winehq or codeweaver to run all your windows apps on Linux? Might want to think about what ya just said

  • 19 Posted by caesar232002 on Thu Sep 3, 2009 3:16PM EDT Report Abuse

    hume50265...they are using Macs as zombies as well, don't believe everything Apple tells you in their commercials! The only reason hackers are not into Macs at the moment is because PCs are connected to money and valuable information, as soon as Macs become mainstream in businesses, they will be attacked, Macs ARE NOT hacker proof!

  • 20 Posted by mousey_airways on Thu Sep 3, 2009 7:27PM EDT Report Abuse

    http://forums.techguy.org/ I had the 'winantivirus' virus I used Spybot and ad-aware, they got detected but the viruses came back every time i scanned. I used alot of anti-viruses (which i got from yahoo answers) none worked, scanned in safe mode nothing worked. Then i found techguy they asked for a hijackthis log, and they told me to run a few anti viruses. The place is not to crowded and you can get a reply in a few minutes, so if you have any problems goto tech guy http://forums.techguy.org/ And if you do get a message saying your computer is infected with viruses and does some sort of scan hit alt-f4 as it immediatly tries to download things to your computer

  • 21 Posted by visspacem on Thu Sep 3, 2009 10:36PM EDT Report Abuse

    I do appreciate the information about that pitiful open/broken Windows but I saw no mention whatsoever of the only decent OS, that is the Apple OS and not even a word for Mac users. But after all, perhaps, when you have a real computer, you don't need somekind of guru to fix a flawed system in the first place. Article useless Thanks anyway

  • 22 Posted by reefman888 on Thu Sep 3, 2009 8:35PM EDT Report Abuse

    if the average users can understand and have the time to deal with "hijack this", they wouldn't be in that situation in the 1st place.

  • 23 Posted by hkaplan2 on Thu Sep 3, 2009 4:19PM EDT Report Abuse

    Also running msconfig (XP) then opening the startup tab will tell you about potential executables which are launching upon bootup. You can Google anything that looks funky and find out if it is Windows based, or connected to one of your legitimate apps. Uncheck the ones that are questionable and reboot. When you are certain they are bad, you can remove them using regedit. Frequently the bad ones can be located in the Windows System directory as exe files. And they will continue to crop up until you wipe them clean. Adaware does a pretty good job of this.

  • 24 Posted by lustforlife312 on Thu Sep 3, 2009 7:00PM EDT Report Abuse

    Sheesh, such animosity. First, I totally agree with the advice in this column. RUN BOTH PROGRAMS. They do NOT colflict with each other in a Windows XP envoronment. I used to run SpyBot and AdAware and the two of them cleaned nearly every spyware program on my PC. Thing was, I had to run them both nearly every day. Also, Hijack This saved my butt when I had a browser hijack program take over my IE. It's a great program. As for the "pricey" Macs, I bought one two years ago and have not had a single, SINGLE spyware, malware, adware, or hijack problem with it at all. But I'm still a fan of both platforms. And who has the time to learn Linux?

  • 25 Posted by mhaythor on Thu Sep 3, 2009 7:17PM EDT Report Abuse

    You need 1) anti-spyware and 2) antivirus. I've met ppl who assumed that they only needed one or the other. For pay antivirus, McAfee, Kaspersky, Norton, and NOD32 are all good (I like Kaspersky, but you have to have *something*, so any or the above are better than having nothing). For free, it seems Avast and AVG are great options. I have Avast and like it, but recently switched to Kaspersky. For spyware, AdAware and Spybot S&D area almost a 'given' - get them. Get Windows Defender too. I also have Spyware Blaster- a nice little tool that may block some spyware from ever getting on your PC. I liked Trend Micro's AntiSpyware very much, but they ticked me off when I went to register it (the software said 'Only $29' but when I went to register, it took me to page that said 'Only $49' I wish I could trust my fellow man/woman; I mean, why would they attack my computer? But, something's always being discovered by the antivirus/antispyware - and I'm not just talking about tracking cookies. There are quite a few evil people out there, don't trust them. Get protected!

More Posts: First Prev 1 2 3 Next Last

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.