New Posts New Posts RSS Feed - An indepth look at removing spyware
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

An indepth look at removing spyware

 Post Reply Post Reply
Author
woodio View Drop Down
Admin Group
Admin Group
Avatar

Joined: Oct/27/2006
Points: 477
Post Options Post Options   Thanks (0) Thanks(0)   Quote woodio Quote  Post ReplyReply Direct Link To This Post Topic: An indepth look at removing spyware
    Posted: Dec/13/2006 at 4:16pm
When a customer's PC comes into our shop that is absolutely infested with spyware, there are many steps that need to be taken in order to completely remove the malware.
 
Spyware will normally slow a machine down to some extent, but if using the PC is nearly impossible because of lockups or slowness, it may be more reasonable to just stop here, and reload the machine using the operating system CD that came with the computer. If there is data that needs to be recovered, back it up to a flash drive, or install the hard drive as a slave into a second PC. Trying to clean up a PC that has hundreds of infections is usually too time consuming for it to be worthwhile.
 
Booting into safe mode
Assuming that you are using Windows, (you probably wouldn't have to worry about spyware if you weren't), the best way to remove spyware is in safe mode. Many of the malware programs that slow the machine down will not have the chance to run. This will allow you to install and run anti-spyware software much easier.
 
Reboot or turn on the PC, and press the F8 key after your machine's POST screen has finished running. Choose "Safe mode with networking". The PC will boot with only a minimal amount of services running, which will make removing the malware easier.
 
Running the anti-spyware software
These programs will do most of the work for you. I usually run multiple anti-spyware programs, in this order.
 
 
Hijackthis is great for removing some of the trickier spyware, but it can also be somewhat dangerous. Make sure you only check files that you know are related to the malware, as I found it bringing up several items that I actually wanted to keep, like antivirus programs and sound and video control software that runs in my taskbar.
 
Sometimes these programs do not remove all of the malware, and problems still persist. Removing the malware manually may be more successful.
 
Manual Removal
Removing Run keys from registry
Some programs may launch themselves when Windows starts by installing keys in the registry. To find and delete these keys, open the start menu and then run. Type "regedit" in the run box and click OK. Navigate in the left pane to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
From here you can delete the keys that reference the malware.
 
REGEDIT
 
Removing malware entries from MSconfig
Malware can also add itself into MSconfig much like the registry keys, and cause your PC to load the malware on startup. To access MSconfig, open the start menu and then run. Type "MSconfig" and click OK. Click the Startup tab, and then uncheck any entries relating to malware.
MSCONFIG
 
Removing malware files with Pocket Killbox
If you used an anti-spyware program that couldn't remove certain files, (mainly ones that are currently in use) the program Pocket Killbox can be useful. This program can delete files before Windows loads, which is great for stubborn files that can't be deleted even in safe mode. Download the software here: http://www.bleepingcomputer.com/files/killbox.php
Simply type the exact location of the file, and click the red X to delete it. The most effective options for me seemed to be "delete on reboot" and "Unregister .dll Before deleting", if the file is a DLL.
 KILLBOX
 
 
Back to Top
adamwlewis View Drop Down
Admin Group
Admin Group
Avatar

Joined: Oct/25/2006
Location: United States
Points: 78
Post Options Post Options   Thanks (0) Thanks(0)   Quote adamwlewis Quote  Post ReplyReply Direct Link To This Post Posted: Dec/14/2006 at 11:41am
I use a freeware tool called startup control panel. It shows you everything that runs when your computer boots. Check it out:
 
 
 
read more about adam lewis on his blog

Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down