De-spywaring a computer...

matthias00

Okay, so I've dealt with spyware in the past. Our battles have ended in less than satisfactory fashion, usually with some of the spyware hiding from everything I do.

So now that I am going over to someone's house to de-spyware their computer either today or tomorrow, I kind of want to get it as right as I can.

So what is the latest and greatest in terms of anti spyware programs, and what are the best techniques to get rid of existing spyware?

Last time I tried this, I used a combo of spybot and Lavasoft Ad-Aware, and when that didn't work I tried Windows Defender. Is this a viable tactic now, or is there a better one?

Also, I might try HijackThis, looking for any weird stuff that's running in the background. Is that still the best way to be 100% sure of everything?

Basically, I'm just wondering if the way I clear out spyware is going to work. The computer used to be in an office or something, used by like 20 different people, so I'm assuming it's gonna be pretty bad... I just want to know the best way to make it better.

And yeah, I know that if things are just too bad, I can do the "Nuke it from orbit" option that is reformatting, but I don't think the computer owner wants me to do that.

Thanks.

Raere

Run those three and see what shows up after that. Might also want to run a rootkit cleaner, those are starting to show up more and more and just contribute to botnets. Make sure that you set up automatic updates and leave something resident like Windows Defender behind to keep them protected. See if anything else persists after that, you can take more extreme measures like running some programs that will show every single startup process in detail to see what should and shouldn't be there.

LoveIsUnity

Also, make sure that you boot in to Safe Mode and run those programs.

Thanatos

In general, if the Spybot/Ad-Aware combo doesn't take care of it, I reformat.

Voro

First, to nuke the spyware: Spybot, lavasoft Ad-Aware, and AVG Anti-Spyware (had better results with this than with the other two).

Then, avast! Antivirus to clear out anything more malicious. I used to use AVG Antivirus, but it found less viruses and couldn't remove the worse ones. Avast has some false positive issues with assuming isos and rars are decompression bombs, but those shouldn't be a problem when someone competent is overseeing the process.

Lastly, run CCleaner. It's the best way to keep the PC running with near-fresh install performance without nuking your Windows install.

And yes, Hijackthis is excellent when trying to track down the worst of the worst malware. That was the only way I figured out which startup item was always infecting the system processes when Windows loaded, regardless of normal or safe mode. Had to use the recovery console to fix it, but it was preferable to a format.

matthias00

So the AVG antispyware is better than the microsoft antispyware?

Monoxide

First of all, you shouldn't do this yourself if you don't know what you're doing, as there's a possibility of making things worse with some of these utilities. Anyway:

matthias00 wrote: »

So the AVG antispyware is better than the microsoft antispyware?

Yep. I usually go, in safe mode:

Ad-Aware -> Spybot S&D -> AVG/Defender/SpySweeper depending on what might already be installed on the machine -> HijackThis. If anything looks wonky in HijackThis, remove the entries, and run whichever of the above that you haven't yet. Then go on to virus and malware cleaning:

You should run a few of the various specific utilities like AIMFix, VundoFix, Combofix, Stinger, etc. These are made to pick up common viruses and malware and do a damn good job. For the rest, run Norton/McAfee/Panda/AVG (Whatever they have installed), then follow that up with BitDefender in Safe Mode and/or NOD32. If BitDefender doesn't pick anything up, it's most likely clean, but sometimes on a badly infected system, it doesn't hurt to run NOD32 as well. It's pretty effective, and both BD and NOD have free online scanners. Ewido has one also that works pretty well, you can give that a shot if in doubt.

Uh, let's see, what else. Oh, right. Rootkit Revealer. On an infected PC, rootkits are definitely a possibility. You never really know what Trojan32.Downloader.Whateverthefuck's true intentions were without a lot of research, and it's better to be safe than sorry.

Follow all of that up with CCleaner, check msconfig and whatnot, make sure everything is pretty and running smoothly.

Fortunately, most of the utilities I just mentioned are available in a convenient package on Bootzilla, which was formerly known as BHT. Just download that, throw some extra installers (or even better--portable versions) for missing stuff (like AdAware) in the folders, read the readme and follow the instructions. It has a batch file that will make an ISO for you, you just have to read the readme. I can't say this enough, read the readme. If you don't, it won't be 'built', and you'll likely have outdated stuff.

I'd Fuck Chuck Lidell Up

LoveIsUnity wrote: »

Also, make sure that you boot in to Safe Mode and run those programs.

a lot of people tend to forget this step

however it is key to getting rid of most of these

safe mode doesn't open anything that isn't necessary to boot windows which makes it easy to get rid of any .com's .bat's and .exe's you don't want on there

mastman

in addition to all the above advice here is some manual tricks for those pesky ones. In order of ease, try the following:

- Most of the .exe's nest themselves in Windows/system32 folder. stop the process and delete the exe

- if it restarts itself automatically before you can delete the exe after stopping the process, rename the .exe and restart your computer then delete it.

- also, you can click start->run and type in "msconfig" go to the startup tab, and un-click the shit that looks bad. restart computer then delete the files

and run those antispyware/antiadware/antiadware scans like 50 times throughout. they scan the registry for bad shit too which is much harder to manually perform.