Forgot your password?
typodupeerror
Bug Security Software Worms

Stubborn Spyware Removal Advice? 223

Posted by Cliff
from the get-that-bad-out dept.
onedobb asks: "I'm sure all of us are familiar with Lavasoft's Ad-Adware and Spybot Search and Destroy, however there always seems to be that particular piece of spyware, or malware that seems to slip past both of those programs (even with the most recent definition updates, and virus definitions). What program combinations, or websites do you use to uproot that last bit of unwanted software intrusion?"
This discussion has been archived. No new comments can be posted.

Stubborn Spyware Removal Advice?

Comments Filter:
  • by Palal (836081) on Friday January 27, 2006 @12:39AM (#14576064) Homepage
    To read yourself of ALL spyware: format c:
    • I'm confused, how the hell do so many people get spyware on their computers?

      Is it lack of caring, just not keeping their computer up to date, not knowing what's okay to install or not?

      I seldom have problems.
      • i've worked with two late 20s female coworkers (one a PhD, one a PhD candidate) in the last year

        both of them downloaded free screensavers off the internet
      • >how the hell do so many people get spyware on their computers?
        >
        > Is it lack of caring, just not keeping their computer up to date, not knowing

        Yeah! And I don't understand how the hell people ever encounter dead batteries in their flashlights - I mean, do they just not care about flashlight maintenance?

        Why on earth does anyone ever experience dropped calls on their cellphones - it's almost as though people haven't memorized the map of coverage areas, and inexplicably neglected to check the bluepri
      • I'm confused, how the hell do so many people get spyware on their computers?

        I can't speak for everyone, but I know that I had to create a house rule after infecting my own PC. No software installation when using ethanol...

    • is there still any place in winxp where you can actually do that from a command line? I thought the best way would be to format from thw XP installer's partition utility

      (just curious. slow night, and your comment sparked my interest)
    • by MillionthMonkey (240664) on Friday January 27, 2006 @02:38AM (#14576634)
      To read yourself of ALL spyware: format c:

      How do you know you're executing the real format executable and not a fake that simulates a formatted system just to fool you?
    • by melikamp (631205) on Friday January 27, 2006 @04:18AM (#14576947) Homepage Journal
      melikamp@woland:~$ format c:
      bash: format: command not found

      Hey, it worked perfectly!

    • ...you can spend weeks trying to clean a spyware infection, while backing up data and reinstalling can be done in a few hours (most of which you are just waiting around and can do something else anyway.)

      Whether this is a good call mostly depends on how much different software you use and how customised you have it. But arguably most people who use lots of highly-customised software are computer-savvy enough to avoid a spyware infection in the first place.

      If you are looking a office worker's computer that is
  • HijackThis + Google (Score:5, Informative)

    by tansey (238786) on Friday January 27, 2006 @12:41AM (#14576077) Journal
    Most of the time if you simply run HijackThis and then search google for any of the suspicious log entries, you'll quickly be directed to a page where someone had a similar log entry, and you'll find out if it's malicious or not.
  • by thenetbox (809459) on Friday January 27, 2006 @12:42AM (#14576087)
    If Spybot, Adaware, Yahoo Antispyware, Sysinternals tools, add/remove programs, etc.. don't work then back up your files and format/reinstall.
    • Always a good time to try Linux or one of the other free Unix's.
    • To keep things clean, once I build up my windows system, I then boot into linux and use partimage. I end up with a nice 2 or 3 GB image of everything just the way I like it. To make things easier, I set up "my documents" on another drive or partition.

      If anything goes wrong, or every 6 months or so, I just re-dump that image onto my computer, and everything's fresh and brand new.
  • Well.... (Score:5, Informative)

    by _Sharp'r_ (649297) <sharper AT booksunderreview DOT com> on Friday January 27, 2006 @12:44AM (#14576094) Homepage Journal
    HijackThis [majorgeeks.com]

    Vundo removal tool [symantec.com]

    Some Free removal tools and the Bitdefender Live CD [bitdefender.com]
  • AVG anyone? (Score:3, Informative)

    by TheMotedOne (753275) on Friday January 27, 2006 @12:45AM (#14576099) Homepage
    I use a combination of both the previous programs mentioned and the AVG anti virus program and haven't had any problems in 2 years. Download link [grisoft.com]
    • Likewise, I use the same software as yourself, but you forgot to mention the weakest link in the chain, IE
      AVG, S&D, Adaware (although less so now, S&D seems good enough) and Firefox!
      Malware free for 2 years :)
  • by iMaple (769378) on Friday January 27, 2006 @12:45AM (#14576100)
    As they say , prevention is the best cure. Repartition the HD (if you are paranoid abt rootkits) and use linux or make sure you dont install random stuff if u choose Windows (and stay away from IE)
  • Spyware (Score:4, Informative)

    by queenb**ch (446380) on Friday January 27, 2006 @12:46AM (#14576104) Homepage Journal
    We use a product called CounterSpy with a trial available here - http://www.sunbelt-software.com/CounterSpy.cfm [sunbelt-software.com]

    We use this at a universtiy on lab computers that are available to the public, as well as desktop machines , laptops, etc. So far, I'll say that we've not encountered anything we know about it hasn't handled.

    2 cents,

    Queen B
    • I found and installed CounterSpy the other day and haven't been thrilled with it so far. After a 40 minute scan, it found a few bad cookies (only scans for IE cookies?) and some odd registry entries, then reported false positives on a couple of md5 .h files and winPcap. There doesn't seem to be a way to tell CS to ignore those files - you can only ignore the spyware it thinks it found. (ie, it thought winPcap was the Ace password sniffer - so if you 'ignore' you'll never see warnings about that password
  • The Nuclear Option (Score:2, Insightful)

    by bobdehnhardt (18286)
    Nuke it from high orbit (in other words, low level format). Repartition, reinstall. It's the only 100% solution.

    And then, don't screw up your system.
    • I don't think low level format means what you think it means.
  • Prevention (Score:4, Informative)

    by mnemonic_ (164550) <jamec@nOspam.umich.edu> on Friday January 27, 2006 @12:49AM (#14576129) Homepage Journal
    1. Run Windows as a normal user, not as an administrator.
    2. Use Mike's ad-blocking hosts file [everythingisnt.com].
    • You might also try the hosts file from someonewhocares.org [someonewhocares.org]. It's worked well for me.
    • Re:Prevention (Score:2, Informative)

      by Bios_Hakr (68586)
      An Ad-Blocking Hosts file is a dumb suggestion. If you can modify the Hosts file, what makes you think that a program you launch can't modify the same file?

      And before you suggest running as a non-admin user, don't forget that a lot of programs will not run properly unless you have admin rights.

      Now, I guess you could put the hosts file on a floppy and write-protect that. Then you can create a symlink to the file on the floppy.
      • >what makes you think that a program you launch can't modify the same file?

        That's true of ANYTHING when runnning admin on windows. Install an antivirus but you get a trojan that hasnt been caught yet? Or your definitions are way out of date. Same deal. At least with ad blocking you're not able to get 90% of the ads and spyware packages out there because you're cutting off the vector to download.

        I wouldnt at all call it a dumb suggestion. Well, its mine, so I kinda life it but you get some added benefit
        • AdBlock and FlashBlock are designed to block ads and flash. Modifying your hosts file to block spyware is a false sense of security. Dangerously false.

          If you use Windows, AutoUpdate at least weekly. Nightly may be overkill, but isn't really hurting anything.

          Turn on the Firewall and do not allow exceptions unless you know what they are for.

          Install and use Opera or Firefox.

          Install and update AVG and/or Avast. Norton is overkill for most home users. Why pay $50 for something only marginally better than th
      • And before you suggest running as a non-admin user, don't forget that a lot of programs will not run properly unless you have admin rights.

        Yes, but only because of stoopid developers who only run as an Administrators (group) user themselves. Most things don't need any kind of Admin access to run.

        Personally, I have had good success with a number of freeware/shareware developers by telling them exactly what breaks about their programs when not running under an Administrators user (sometimes by giving th

        • If you can't get your program's developer to fix the problem then I suggest changing to different software.
          I've taken your advice, and am switching to Linux ...
      • it's a good suggestion. the most common infection vector these days is via IE exploits and iffy websites. blocking these in your hosts file means you won't inadvertently visit these sites in the first place, with the benefit of adblocking from these addresses too. it's another layer of protection.
  • The Solution Nobody Wants You To Know [distrowatch.com]

    Do all your web business with a live CD. You can physically REMOVE the hard drive to ensure that it won't get infected with anything (all you have to do is unplug the IDE cable). Stick anything you want to download/save on a USB drive - you can even format it in FAT/etc. to keep it in Window's file system. Done with the web and need the hard drive, disconnect the ethernet cable (or whatever you use), virus-scan the USB storage, reconnect the hard drive, boot back to Wi

    • While a safe solution, that'd be a real pita if you were working on a document that required constant researching on the net: Write paragraph, reboot to live CD, find facts/quote, reboot to windows, write paragraph, reboot... ARGH!!! You could argue that you could write the document while using the live CD, but then why bother having the windows partition at all?

      "You can physically REMOVE the hard drive to ensure that it won't get infected with anything"

      Further, why have your computer open to disconn
      • write paragraph, reboot...

        No, that's what the USB is for, temporary file storage. Write it all at once and store it there.

        why bother having the windows partition at all?

        Heh, heh, heh. Somebody else said it, not me.

        I'm pretty certain that there's no adware/malware that gains root access and then mount partitions.

        You're right, but what did we learn in class about "foolproof" security? Next thing you know, you'll have malware pop-up boxes: "We've detected that your computer's running: enter root pass

  • by Greyfox (87712) on Friday January 27, 2006 @01:22AM (#14576296) Homepage Journal
    Install Linux.

    OK now that we've got THAT out of our system...

    Use Firefox, install the NoScript plugin, don't run stuff you download from every web site on the planet, and don't run Outlook. I'd suggest using a text-only email client if you can stand it. Oh yeah and don't run as the adminstrator and refuse to use any third party program that claims it needs administrator privs. Also keep your system up to date

    If you're sufficiently paranoid, you should be able to keep even a Windows system reasonably secure.

  • by DongleFondle (655040) on Friday January 27, 2006 @01:30AM (#14576349)
    Adaware and Spybot Search and destroy are your best place to start, but I understand your frustration. Probably three out of the last four times I've dealt with a Spyware infested machine they didn't completely do the trick on their own.

    Install and run Adaware and Spybot S&D, making sure you update the programs and select to perform deep scans (within archives, etc) in the custom scan options. This will probably most of the easiest and most common exploits. Reboot.

    Go through your Add/Remove programs menu and try removing any programs you can identify as spware. If the programs didn't come with an uninstaller, I would have to officially recommend you do not go through any of their steps to download one and run it. I have tried this in the past with mixed results. Some of these programs truly were just severely annoying adware that actually removed themselves at the end of this lengthy process, but some were truly malicious that simply installed MORE spyware after running the uninstaller. I recommend you don't risk this.

    Open up the task manager and go through each and every process, reseaching in if need be [google.au]. I use groups.google.au to get the older version which seems to provide more relavent results. Kill any processes that you find are suspiscious. Hell, kill any processes you can't identify as normal Windows OS or application processes. I dealt with a instance of spyware once that executed two randomly named processes that protected the spyware from removal. If you killed one process, the other would immediately respawn it.

    Go through all of your startup locations: C:\WINDOWS\Start Menu\Programs\StartUp C:\WINDOWS\All Users\Start Menu\Programs\StartUp HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunServices HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run Start --> Run --> msconfig --> Startup tab

    Once again, go through each and every item and delete or disable everything that you can identify as malicious. It's likely that when searching you will run across others who have dealt with the same spyware issues in the past and have had to figure out how to remove them.

    Run your Adaware and Spybot S&D scans again. Reboot. Test your machine to see if the spyware is still there. Still have problems?

    Download and run Hijack This [spywareinfo.com] Pour through your log once more, or alternatively post it to one of the many forums [google.com.au] where professionals are willing to lend you a helping hand. At this point, you may also want to consider downloading and running Rootkit Revealer [sysinternals.com].

    Also, try rebooting into safe mode and running your scans. Even though you are in safe mode, you should still monitor and kill processes that are suspicious. Remember, Sony's Rootkit came complete with a safe mode driver.

    If all of this hasn't worked, then I suggest you back up your data, scan it for viruses, and do a low level format with a utility such as Killdisk [killdisk.com]. Now that you have to reinstall your OS, perhaps now is the prefect time to make the Linux switch [linuxiso.org].
  • I've seen live windows CDs, and I always have the feeling that I should be able to use those to clean off the really nasty stuff. I'm a linux guy, and only deal with this when I'm trying to help someone else out, so I just don't have the windows guruhood to deal with the problem.

    I know it's pretty straightforward to boot with a live CD and run something like ad-aware or spybot from it, but then you're scanning the registry that came off of the livecd, and not the infected one. I think there are tricks to
  • It's easy... (Score:5, Informative)

    by Izago909 (637084) <tauisgod@@@gmail...com> on Friday January 27, 2006 @01:40AM (#14576396)
    Build a Barts PE disc with the following:

    Ad-aware
    McAfee
    Registry Editor PE
    Winsockfix
    LSPfix
    Hijackthis

    Begin by going through each users directory in Documents and Settings. Delete the cookies directory, then every directory in the Local Settings except Application Data. Then go to the Windows directory and delete the contents of the following directories: Downloaded Program Files, Prefetch, and Temp. Then finish by going to the root dir and deleting the contents of System Volume Information, and Recycler folders. This will clear out the majority of the places malware hides and code that reactivates any remaining nasties on boot. Also pay very close attention to any DLL and EXE files in the Windows directory. With a few important exceptions, only malware places libraries and executables in the Windows directory. Generally, if you right click the file and choose Properties and it shows detailed copyright info for a legitimate company, the file is safe; if not, change the extension to BAK and remember to change them back if your software has problems.
    Then start Regedit PE and load the remote registry files including all user hives. It will launch regedit after they are loaded. Remove all spyware keys in the Software subkeys, and then remove the autorun strings from Run, RunOnce, and RunOnceExec locations. Do NOT close regedit when you're done or it will save the changes. While regedit is still running, run a complete system scan with adaware. When adaware is done, close it then close regedit. Next run McAfee to get trojans and viruses. Before shutting down, it's a good idea to run chkdsk just for good measure.
    On reboot, start in safe mode (no network support). Run LSPfix and remove any bad LSP entries (such as newdotnet); most known bad things are automatically put in the right window. If you are unsure about something google it. Be careful or you could destroy your network layer. Then run winsockfix to repair winsock. Then run hijackthis to remove all other unnecessary stuff, but pay attention to path names as to NOT remove good things like antivirus/spyware/firewall entries. Log out (not switch user) and run hijackthis in each users account.
    Reboot in safe mode with networking, install, update, and run spybot and adaware. Update any installed antivirus software, and run a final scan. Reboot again, but in normal mode, and run scans again to verify you don't have any persistent malware. If the scans come up clean, your work is done; if not, remove them, reboot, scan again, and if they still come back, cut your losses and restore the machine.

    PS: I do this several times a day and have seen about every type of malware out there. Believe it or not, MS antispyware will pick up stuff that adaware, spybot, and webroot leave behind. Even if you don't want to use it, you can't do wrong by installing, updating, scanning, then uninstalling when done. MooSoft's The Cleaner and Bazooka can also help you remove persistent trojans.

    Good luck.
    • Call me crazy, but I don't consider your exhaustive steps, "easy". Can't tell if you were being sarcastic or not.

      Anyway, thanks for the HOWTO. It will help if I ever have to disinfect somebody's computer ever again...
    • That list of yours makes Debian look easy and I'm talking about Potato or Woody. The only problem I had with that was devices, which I could live without. These days, I don't have to live without much. Give me simple text files for configuration over registry tweaking any day. Once a machine is configured, it stays that way. Rebuilds, ala M$, have been a thing of the past for me since 1998. The lengths people will go to use M$'s "easy" and obviously second rate OS never cease to amaze me.

      Here [mepis.org] is a l

    • Believe it or not, MS antispyware will pick up stuff that adaware, spybot, and webroot leave behind. Even if you don't want to use it, you can't do wrong by installing, updating, scanning, then uninstalling when done. MooSoft's The Cleaner and Bazooka can also help you remove persistent trojans.

      you may also like to know that those other programs also find stuff that MS antispyware leaves behind. it's a good assumption that each anti-spyware program finds something that the others do not with a lot of overl
    • I do this several times a day and have seen about every type of malware out there.

      Please, please tell me that this is on different systems. If you are doing this on one system, then you are either paranoid, extremely anal, or in desparate need of changing your online surfing habits!

      Since your post is quite informative, I'll assume that you are in fact supporting a number of systems. :-)

  • Ewido Security Suite (Score:3, Informative)

    by Anti_Climax (447121) on Friday January 27, 2006 @01:57AM (#14576481)
    Ewido Security Suite [ewido.net] has helped me remove some pretty nasty stuff that the others didn't even recognize, but the more eyes scanning your system the better.
    • by greg1104 (461138)
      Finally, someone actually answering the question. It's been months since I had a spyware infection that either Ad-Aware or Spybot were really helpful for; those programs are now obsolete in my opinion. Hijaak This and such are great tools, but with the multi-level spyware infections nowadays (BHO + windows service + constantly reloaded DLL) it's a bear to try and nail everything at once even with it.

      I second the recommendation for Ewido for cleaning out nasty infections. The best part is that if your IE
    • Another big fan of Ewido. I spend more time hunting spyware these days than anything else. An Ewido scan in "safe mode", followed by a final grovel with Hijack This will get virtually any system clean.

      Spyware is practically a "Geek Full Employment Program", but I'd prefer to live in a world where this crap did not exist. It's worse than viruses, because spyware has a profit motive. I compare it to shoveling mud out of a pit in a rainstorm - you shovel it out, and it always winds up sliding back in.

  • This Broadband/DSL Reports forum [broadbandreports.com] was recently opened for helping people with infected systems. Its FAQ [dslreports.com] is informative as well.
  • First, make sure you don't get spyware on your system.

    That is: Run Firefox, run Linux when you can, and don't be stupid. Download things that you're reasonably sure are good.

    Second, make sure you can wipe the drive. If you can't wipe and reinstall from scratch, you're not backing up properly. I actually have a theory about this:
    Make an nLite'd Windows install disk, which automates the Windows install.
    Avoid customizing things too much, so that you can deal with the rest via next-next-next if you have to.
    • That is: Run Firefox, run Linux when you can, and don't be stupid. Download things that you're reasonably sure are good.

      "Known good" doesn't make any sense in a world where giant corporations like Sony are trying to install rootkits on your machine. One of the more persistant pieces of spyware I've run into in the past month was from the formerly respectable department store Nordstrom's!

      "Spyware - it's not just for fake Viagra and porn anymore!"

  • by dtfinch (661405) * on Friday January 27, 2006 @03:25AM (#14576791) Journal
    When fighting the kind of malware that installs itself to dozens of executables and dlls, to revive itself later, you can usually isolate most of that crap by searching by creation date, first making sure that explorer shows hidden and system files, and that the search doesn't exclude them.

    You may need to disable system restore to remove some malware, or else Windows will automatically reinfect itself when it sees the files are missing. Reenable it before installing any new/updated drivers, as that seems to be when I need it most often.

    Just in case, before you delete a bunch of stuff and reboot, check HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit to ensure that it's not pointing to the malware, but to userinit.exe, wherever that is. Messing with userinit can render a system so that you can't log in, even in safe mode. XP SP2 might have fixed this, as I've seen some newer systems survive a broken userinit, or completely ignore it.

    Also, empty out your host file (usually c:\windows\system32\drivers\etc\hosts on XP) to prevent browser hijacks.

    If you suspect a rootkit, try a detector like rootkitrevealer. It won't remove it, but it might find it. Last resort: take your hard disk and slave it on another system, and remove the infected files.

    Stinger is a good standalone virus scanner, and a small download

    For future reference: Stop using IE and Outlook Express. Stop downloading free screensavers and other freebies, unless you get them directly from the author's website, and you trust them completely. I've seen places take my own shareware screensavers, bundle them with spyware, and redistribute them without permission or any regard for legality or morality.
  • by Johnno74 (252399) on Friday January 27, 2006 @05:38AM (#14577174)
    Written by Mark Russinovich, the guy who blew the lid on the sony rootkit debacle (and author of other indispensible free windows utils like process explorer, filemon, regmon and many, many others)

    His site is http://www.sysinternals.com [sysinternals.com] and autoruns can be downloaded from here [sysinternals.com].

    Autoruns shows EVERYTHING that is started on your pc at boot & logon etc, including device drivers, services... everything. It can even filter out binaries not signed by microsoft, to make third party stuff stand out like dogs balls.

    Use process explorer to find and kill the spyware processes - you may have to google processes to identify them, but that function is built in. Here is a tip - look for anything that doesn't have a company name of "microsoft"

    Some really stubborn spyware has more than one process running, watching each other and restarting each other if you kill them. Use PSKill (command-line process killer) to kill multiple processes at once, so they can't restart.

    Once you have cleaned out the running junk, use autoruns to identify where it started from and kill it.

    Its never failed for me, and you learn a whole lot about the internals of windows in the process.
  • Glib answer... (Score:3, Insightful)

    by seanellis (302682) on Friday January 27, 2006 @05:54AM (#14577208) Homepage Journal
    ... Linux.

    A particularly stubborn piece of malware was the reason I finally took the plunge and switched to Linux (Mandriva) at home. Plus, as a bonus, suddenly my computer was interesting again.
  • If that last bit of spyware is from those cheeky fellows at the NSA buy a new computer, anonymously with cash, in another city, whilst in disguise and never ever place any of your exisiting storage media in it.
  • just my way... (Score:2, Informative)

    by Sait-kun (922599)
    Of course if you want to be 100% sure a format would work. DO NOT RUN A LOW LEVEL FORMAT! I seen it recommended it's just wrong... Low-level Formatting creates the Tracks and Sectors on a blank hard drive. The drives you buy today are Low-level Formatted at the factory. Low-level Formatting these hard drives yourself is not recommended.

    But not everyone can or wants to go trough the trouble of formatting so what can we do next?

    My standard way to get spyware of a box:

    run crapcleaner this will remove a lot of
  • Hitman Pro (Score:2, Interesting)

    by Jeehannes (871031)
    A Dutch guy made an "all-in-one" solution http://www.hitmanpro.nl/ [hitmanpro.nl] for spyware. It's basically a script downloading, installing and executing AdAware, SpySweeper and other stuff. It works well to protect computers of the unitiated, the clickhappy and the careless (names referring to parents and other relatives:))
  • 0. Prevention. Don't get spyware in the first place. Do the first item on the following list that you can: (in order of decreasing safety) Install Linux, Use Firefox, Use Anti-spyware innoculation/antiviruses, Use Safe Browsing Procedures.
    1. Know your enemy. If you can identify what it is, then you can handle it.
    2. Google for it. You aren't likely to be the first to have a problem.
    3. Use a tool. Common spyware tend to have specialised uninstallers/removers available.
    4. Use manual removal instructions, if al
  • I'll probably get mauled here for saying this, but I've found Microsoft Anti-Spyware to be more effective than either Ad-Aware or Search and Destroy - and the UI is about a hundred times better as well.
  • What program combinations, or websites do you use to uproot that last bit of unwanted software intrusion?"

    http://www.ubuntu.org [ubuntu.org]

    'Nuff said.

  • ... should appear the day after I finally got my system cleaned from one. I had spent the last three days battling spyware, and popups and was ready to give in the towel.
    I had ran Adaware, Spy Sweeper, Spybot S&D, AVG Free, Kasperky, Killbox, and HIJack This, still none fully cleaned it, it got rid of all the other junk and I had blocked my computers IP to keep it isolated on my network so newer adware wouldn't get installed.

    I still had an odd entry in Add/Remove programs ( Network Monitor ) I had
  • Luckily, I haven't had to fight too much malware, but I did have a couple hour bout after letting the kid on the computer once. A few months ago, he did quite a number on the machine. Spybot and AdAware did most of the work but one little bugger was really stubborn. He would run with a different (i.e., un-google-able) name all the time, and if you killed the process, it'd respawn. Try to delete his reg key, and he would re-insert himself. You couldn't possibly work fast enough to kill the process and remove
  • Nobody has mentioned SpywareBlaster. On my Windows machines, I run a combination of programs. I run AVG Anti-Virus for gernal viruses, I also run SpywareBlaster, Spybot S&D, and Ad-Aware for all of the spyware/adware etc. stuff. If there is still something going on, I'd dive into the Spybot S&D Windows startup options, and if that doesn't reveal anything, I'd head over and grab HiJackThis.
  • 1. Switch to a non-IE browser. Permanently. Install the IEView and IEtab extensions, Adblock Plus and the G.Filterset updater.
    2. Use a service like meebo.com or aimexpress.com if you really feel you must IM someone. Uninstall local IM shit. I tell people to remove P2P software as well, because most people are idiots who can't tell the difference between "Britney Spears Naked.AVI" and "Britney Spears Naked.AVI.vbs", and why downloading either would be a bad idea.
    3. Use the Windows XP SP2 firewall (many of my
  • I first try removing junk via Add/Remove programs and then cleanup startup/autorun entries with Startup CPL [mlin.net]

    Security Task Manager [neuber.com] (shareware) rates each process in how likely it is to be malicious and gives you the option of killing or quarantining (or uninstalling the corresponding program if appropriate). I've had good success with eliminating nasties that were sucking so much CPU that Ad-Aware and Spybot couldn't finish scanning.

    BartPE [nu2.nu] is a great live CD, especially with the RunScanner plugin that

It is wrong always, everywhere and for everyone to believe anything upon insufficient evidence. - W. K. Clifford, British philosopher, circa 1876

Working...