PC Servicing Singapore
Home About Services Software Price List Links Contact
Latest Articles
PC servicing articles
Beware of Trojan Horse!


Adware, Spyware and other unwanted "malware"

April 22, 2005

Spywares or adwares can cause performance problems, annoying pop-up ads and home page changes. This is also called "Desktop" hijacking.

The pop-up ads may broadcast porno materials which are very unhealthy to kids at home.

Spywares are also programs that are hidden, installed secretly and executed transparently in your system. These spywares collect data from your computer, and send it to a remote server, making e-commerce unsafe.

 

Things you can do to get rid the pests

1) Run Windows Update; You can setup automatic updates in your control panel; go to Start, Settings, Control panel. This is the reason why we recommend our clients to get the original Windows XP. Pirated copies of Windows XP may have updating problem.

2) Disable System Restore temporarily if you are infected

3) Enable viewing of hidden files and folders and extensions, system files

4) Virus And Trojan Scanning preferably from safe mode

5) Boot into Safe Mode;

6) Cleanup That Hard Drive with CCleaner. Close all programs.

7) Scan your machine with Ad-Aware and Spybot.

8) Try other removal tools. Your best bet is CWShredder AND Kill2me.

9) Some spyware files stubbornly refuse to allow you to delete them. Try Pocket KillBox.

10) Scan With Hijack This (Read below for detail instructions)

11) In the event when you encounter connection problems after removing network related software, Adware or after registry clean-up; and all other ways fail, then give WinSock XP Fix a try.

 

Ad-Aware SE Personal Edition (RECOMMENDED)

http://www.lavasoftusa.com/support/download/

Latest definition file

http://download.lavasoft.de.edgesuite.net/public/defs.ref

Manual Installation: Unzip the archive, replace the existing file and restart Ad-Aware\Ad-Watch.
You can also use the webupdate component implemented in Ad-Aware to install this update.

 

Spybot - Search & Destroy (RECOMMENDED)

Spybot - Search & Destroy can detect and remove spyware of different kinds from your computer. Spyware is a relatively new kind of threat that common anti-virus applications do not yet cover. If you see new toolbars in your Internet Explorer that you didn't intentionally install, if your browser crashes, or if you browser start page has changed without your knowing, you most probably have spyware. But even if you don't see anything, you may be infected, because more and more spyware is emerging that is silently tracking your surfing behaviour to create a marketing profile of you that will be sold to advertisement companies. Spybot-S&D is free, so there's no harm in trying to see if something snooped into your computer, too :)

http://www.safer-networking.org/en/home/index.html

 

CWShredder

A small utility for removing CoolWebSearch.

 

Pocket KillBox

Pocket KillBox is a program that can be used to get rid of files that stubbornly refuse to allow you to delete them.

http://www.bleepingcomputer.com/files/killbox.php

 

SpywareBlaster

It doesn't scan and clean for spyware - it prevents it.

http://www.javacoolsoftware.com/spywareblaster.html

 

SpywareGuard

A real-time protection solution against spyware!

http://www.javacoolsoftware.com/spywareguard.html

 

BHODemon

http://www.definitivesolutions.com/bhodemon.htm

 

List of Spyware removal / detection tools

http://www.spychecker.com/topdownloads.html

http://www.spywareinfo.com/downloads.php?cat=sp#det

 

HijackThis

Hijack This is for advanced users.  Only use this tool if the above softwares cannot remove the particular spyware found in your PC.

HijackThis, a general homepage hijackers detector and remover. It does not target specific programs/URLs, just the methods used by hijackers to force you onto their sites.


1) Download 'Hijack This!' (UIRL: http://hijackthis.de/index.php)

2) Unzip the archive to its own folder, for example C:\Program Files\HJT
and run "HijackThis.exe". (Double-click it)

3) Click "Scan" button

4) Click "Save Log" button to save the hijackthis.log file

5) Study the hijackthis.log file, read these first!

Official Hijack This Tutorial

A website located here http://hijackthis.de does a great job of figuring out many problems for you.

Simply paste your logfile there and click analyze.
 

6)  Enable viewing of hidden files and folders and extensions

7) Open Window Task Manager and end nasty process

8) Run Hijack This and check nasty items that you identified in step 5

9) Close all browsers (IE / Netscape / Opera). Click "Fix Checked"

10) Restart your computer in safe mode

11) In safe mode, delete malicious exe files identified in step 5

12) Restart your computer in safe mode, run Hijack This scan

13) Study the log file again

 

Start your system in safe mode

1) Run msconfig

2) Select BOOT.INI tab

3) Check /SAFEBOOT

4) Click OK, then click Restart

To boot in normal mode, run msconfig and uncheck /SAFEBOOT

Alternately,

Press F8 as the PC is about the start. The timing is very important. Press F8 repeatedly just after the BIOS screen and before the Windows logo appear.


 

Recommended software to protect your privacy and security

One of the most important things you need is a firewall. Our recommendation of a good firewall that is also available in a free version is Outpost Free from Agnitum. Note: Don't expect support from those guys though - they need a month to answer every single email, and different support people tell you conflicting things. If your computer crashes after the installation of Outpost, simply uninstall it (the uninstall works fine), and don't hope for a solution coming from them.

You should also have an anti-virus application. The big ones (McAfee, Symantec, ...) are all quite good and easy to find. As we often get asked for free alternatives, I recommend to have a look at Anti-Vir Personal Edition from H+BDEV, which is free for private use.

The third kind of software that is needed would be some kind of spam blocker. If you use Mozilla Mail or Thunderbird, you already have everything integrated. (Update: We have removed the link to MailWasher here, as with more and more spam, it got unreliable and we finally stopped using it, replacing it with the much better Thunderbird filtering as well as our own procmailrc files)

Mozilla as well as Firebird and Opera) have popup blocking integrated, but IE does not, and the integrated ones are not perfect all the time either. For novices, I recommend a simple (but nontheless effective) filter like WebWasher; for advanced users who want to tweak every little bit, I recommend Proxomitron.

 

Patch your Operating System

Windows Update will install patches to secure your machine. Patches are updates that help resolve known issues and protect your computer from known security vulnerabilities.

1. Go to the following website: http://windowsupdate.microsoft.com
2. Click on Express Install (Recommended): High Priority Updates for Your Computer
3. Install ALL high priority updates to help keep your computer up-to-date and secure. To install these updates, click Install.
4. Reboot your machine when prompted.

Setup Windows Update Notifications