Stubborn Spyware Removal Advice? 223
onedobb asks: "I'm sure all of us are familiar with Lavasoft's Ad-Adware and Spybot Search and Destroy, however there always seems to be that particular piece of spyware, or malware that seems to slip past both of those programs (even with the most recent definition updates, and virus definitions). What program combinations, or websites do you use to uproot that last bit of unwanted software intrusion?"
The only solution ... (Score:3, Insightful)
If these don't work... (Score:3, Insightful)
The Nuclear Option (Score:2, Insightful)
And then, don't screw up your system.
You're Asking this on Slashdot? (Score:4, Insightful)
OK now that we've got THAT out of our system...
Use Firefox, install the NoScript plugin, don't run stuff you download from every web site on the planet, and don't run Outlook. I'd suggest using a text-only email client if you can stand it. Oh yeah and don't run as the adminstrator and refuse to use any third party program that claims it needs administrator privs. Also keep your system up to date
If you're sufficiently paranoid, you should be able to keep even a Windows system reasonably secure.
Mod it up . . . it hurts, but its true (Score:2, Insightful)
Re:The only solution ... (Score:4, Insightful)
How do you know you're executing the real format executable and not a fake that simulates a formatted system just to fool you?
A four-step process. (Score:3, Insightful)
I only know of one problem. You really have to learn by removing a bunch of this crap yourself - new junk hides itself in new ways.
My five-step process:
1) Reboot in safe mode
2) Delete anything in C:\WINDOWS and C:\WINDOWS\SYSTEM32 (or whatever directories of choice) that has a hidden attribute and appeared since "problems began" (usually a month or so).
3) Wipe all temp directories. (that's C:\Documents and settings\username\local settings\temp and \temporary internet files, and maybe others I've forgotten).
4) Use regedit to remove strange Run, RunOnce, etc. entries. If in doubt, google, then destroy. Your user can always reinstall.
5) Reboot into normal Windows, then run a good antivirus and a good adware remover. BEFORE reconnecting to the network. (This may require having virus defs on a USB key).
The anti-spyware seem to get ~80% of what's out there. This gets 95%. Upgrade to the GP's PE environment instead of safe mode, you're probably at 99%. Anything else, transfer files off and reformat, because it's probably a rootkit. With practice, I got the above proceedure down to half an hour during "new computer" season.
Glib answer... (Score:3, Insightful)
A particularly stubborn piece of malware was the reason I finally took the plunge and switched to Linux (Mandriva) at home. Plus, as a bonus, suddenly my computer was interesting again.
That's actually not bad advice... (Score:3, Insightful)
Whether this is a good call mostly depends on how much different software you use and how customised you have it. But arguably most people who use lots of highly-customised software are computer-savvy enough to avoid a spyware infection in the first place.
If you are looking a office worker's computer that is just running say Office and a web browser, format and reinstall is often substantially easier than attempting a manual clean (if the automated cleans fail.)
Oh, and by the way - people who get spyware infections aren't stupid; computer sysadmin work just isn't their specific domain. They have better things to be doing (such as their actual work.) I know there are plenty of things I don't know about.