How to beat spyware, step-by-step (Part 2)

Mon Aug 7, 2006 6:55AM EDT

See Comments (38)

(Continued from Part 1)

If you've gotten this far, you have a more serious spyware infection. All is not lost, but we've got some more tricks that might fix you up. At this point, make sure all of your data is backed up (to the extent possible), because drastic steps may soon be required.

5) Run HijackThis. HijackThis is a free software tool that scans your computer to find homepage hijackers, one of the most common types of spyware applications right now and the type that standard spyware software is least likely to be able to remove). Scroll down to "Official downloads" to download the tool. Next, simply open the ZIP file you downloaded, extract the application, and run the tool (you don't need to install it). Click the "Do a system scan and save a logfile" button. You'll receive a large text file as well as a dialog box (pictured) which gives you a list of active software processes, which you can then choose to delete. Unfortunately, this list includes both helpful and unhelpful software, so don't just start deleting items. Continue in step 6 to figure out how to fix your spyware infection.

6) Post your log file online. Visit this page, which offers a list of forums staffed by volunteers who can help you interpret your HijackThis log. The SWI Forums are especially busy, but most of the forums on the list are equally apt. And if you click the previous link, you'll see a "Malware Removal" forum which has over 50,000 topics listed: Those are all people like you who are seeking help getting rid of spyware. Register for an account, read the FAQ, then visit that Malware Removal forum, and post a new topic. Paste the content of the text file you created in step 5 into this topic and (politely) ask for help. You will get a response from a volunteer helper, typically within 3 days. You'll be given specific advice on what entries to remove with the HijackThis tool, and you might be pointed to additional software to run to help remove common spyware infections. Follow all the instructions and keep working with the forum helpers until either you or they give up. (And no, don't send your log file to me. I am not nearly the spyware removal expert that these guys are.)

7) Try System Restore (Windows XP only). If that doesn't work, you might try running Windows System Restore to roll back your OS to a time before the infection happened. This isn't foolproof: You might not have System Restore turned on, or the spyware might have shut System Restore off, as well. But it's worth a shot. System Restore can be found under Start > All Programs > Accessories > System Tools > System Restore.

8) Give up and wipe your hard drive. At this point, you've exhausted all the options I know of. You might try again at step 6 to make sure you've done everything you can to salvage the PC. Forum helpers will often work with you for weeks to help fight a spyware infection, but there are tens of thousands of possible variants out there, with new ones cropping up every day. It's just not possible to clean them all, every time. Sometimes the only thing you can do is call it quits, reformat your hard drive, and reinstall your OS. Again, make sure you have your backups ready and verified. Once you're up and running, reinstall your antivirus and anti-spyware applications, and stay vigilant against infection. Good luck.

Comments on How to beat spyware, step-by-step (Part 2)

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 1 Posted by wilfredpacio on Thu Sep 3, 2009 10:46PM EDT Report Abuse

    What about regedit and clean out Windows Run keys?

  • 2 Posted by damnhesofine on Thu Sep 3, 2009 3:34PM EDT Report Abuse

    I believe we've downloaded some Malware on the the PC, but i cant get it off... Its listed in Norton as(SpySherrif.AdWare windows32.dll) that one i believe i got off (yay) but the other is SpySherrif.AdWare and its listing is "nj.exe" . and its dug in a little deeper. I brought up registry in Hijack this for help , but thought it wise not to mess with that! can you help with what i need to remove? here's the listing: Logfile of HijackThis v1.99.1 Logfile of HijackThis v1.99.1 Scan saved at 7:19:00 PM, on 8/24/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wdfmgr.exe c:\Progr

  • 3 Posted by buiboy98 on Thu Sep 3, 2009 3:15PM EDT Report Abuse

    you can google the stuff u find on hijack this and it'l usually tell you if the things in it are bad or not

  • 4 Posted by lesliepatrus on Tue Sep 5, 2006 3:06AM EDT Report Abuse

    If you are wondering how to use HiJackthis, run the program and create a log file. Select the entire contents of the log file and paste it here: http://www.internetinspiration.co.uk/hijack%20this-Automated%20analysis.htm Scroll a third of the way from the bottom of the window and click on the tiny little button that says: "Analyze" From there it will give you a quick reference for each of the items if they are safe or not. For the ones that are not "safe" you can read what other users say about the entry. If you want to get rid of an entry, go back to "Hijackthis" and select the corresponding line and fix it.

  • 5 Posted by ozsa87 on Thu Sep 3, 2009 7:47PM EDT Report Abuse

    I don't know you guys, but I use nod32 antivirus, and I have no virus and no spyware for 2years, it has active protection, and simply don't let virus to run.. I wrote about it at http://makesens.blogspot.com/2006/08/discover-best-antivirus-on-internet.html If you have question about drop an email at ozsa87@yahoo.com try it, I say honest, its the best I`ve ever seen.

  • 6 Posted by ozsa87 on Thu Sep 3, 2009 7:47PM EDT Report Abuse

    and something more..Hijack is good but if the virus/spyware has infiltrated the svchost.exe then you cannot remove with it, nor with the rest of antispyware stuff, in this case use nod32's dos program. you need fat32 file system (ntfs in invisible in dos) and a boot disk, if you have fat32 and don't have bootdisk, try to search on yahoo/google for a win98 bootdisk creator, I`m sure you'll find. But if you don't have virus in you memory, MBR, or in windows system files then just install nods windows antivirus and I believe you will never get virus again..my experience says that nod is king and norton or others are babies..

  • 7 Posted by that_monkey_is_on_the_run on Thu Sep 3, 2009 10:02PM EDT Report Abuse

    Find a file on the internet called "smitfraud fix". Decompress it in a directory and restart the computer in safe mode. Choose number one and it will clean your system. It will then run disk cleanup. It will ask you if you want to clean the registry. Say "y". Then choose option 2 to restore trusted zones. Reboot the machine and you are good. I had spysherrif and it sucked. That program cleaned it.

  • 9 Posted by lovedogcavalier on Thu Sep 3, 2009 6:57PM EDT Report Abuse

    This was the most complete, erudite but understandable(to illits,like me)discussion of one of the most common problems affecting so many PC users. Thank you. Maybe my next computer won't have to be a pricey MAC

  • 10 Posted by lucho291900 on Thu Sep 3, 2009 6:59PM EDT Report Abuse

    how can i get all these adds from popping up like claxonmedia ads

More Posts: First Prev 1 2 3 Next Last

Post a Comment

Sign In to Post a Comment