Spyware got me

RawAlex · 2005-12-15, 12:31 PM

Ronnie, having just spent last night removing a certain piece of spyware from my girlfriend's PC (no, I didn't put it there!), I can tell you that some of the newest spyware is basically "remove proof".

Before anything, make sure you have run windows update and that your computer is 100% up to date. Unpatched windows is like locking the door and leaving the window next to it wide open. People will figure it out.

Make sure your virus protection software is 100% up to date (latest files) and the same for your adaware and other tools. Don't assume just because you downloaded them this week that they are up to date, they are often years behind.

My suggestion is this: Start out with the URLs you are being directed to. Google them, and see (like if you get sent to somefuckdomain.com, search for somefuckingdomain spyware or somefuckingdomain virus and see what you get). Normally you should be able to find at least one site with a decent remove once you have a good name for what you have gotten.

Removal is actually pretty easy. DISCONNECTION YOUR COMPUTER FROM THE INTERNET. Too many of these viruses are self replicating in yoru system by keeping a very, very small part of themselves alive on your box, and using that little snip of code to suck the virus back down and reinstalling itself.

Restart your box in safe mode WITHOUT network support.

Run virus scan.

Run Microsoft anti-adware thing.

Run Adaware.

Go into registry and make sure there is nothing in the windows run or windows runonce files. Normally a good virus manual remove will have instructions how to do this.

Check to make sure that the actual Icon you are using to access the internet (your firefox or *ugh* IE icon) is actually going to these programs, and isn't going to a third party program before startup.

After all is done, restart the computer in normal mode without your network attached, and run the scans again.

If you share a network / have more than one computer on your network you should disconnect all computers from the network and treat all of them as if they were infected. Scan each one closely. Many viruses will use windows networking to spread the virus machine to machine inside your filewall area, especially if you have open shared directories.

Good luck.

Alex

2005-12-15, 12:31 PM	#1
RawAlex Took the hint. Join Date: Mar 2003 Posts: 5,597	Ronnie, having just spent last night removing a certain piece of spyware from my girlfriend's PC (no, I didn't put it there!), I can tell you that some of the newest spyware is basically "remove proof". Before anything, make sure you have run windows update and that your computer is 100% up to date. Unpatched windows is like locking the door and leaving the window next to it wide open. People will figure it out. Make sure your virus protection software is 100% up to date (latest files) and the same for your adaware and other tools. Don't assume just because you downloaded them this week that they are up to date, they are often years behind. My suggestion is this: Start out with the URLs you are being directed to. Google them, and see (like if you get sent to somefuckdomain.com, search for somefuckingdomain spyware or somefuckingdomain virus and see what you get). Normally you should be able to find at least one site with a decent remove once you have a good name for what you have gotten. Removal is actually pretty easy. DISCONNECTION YOUR COMPUTER FROM THE INTERNET. Too many of these viruses are self replicating in yoru system by keeping a very, very small part of themselves alive on your box, and using that little snip of code to suck the virus back down and reinstalling itself. Restart your box in safe mode WITHOUT network support. Run virus scan. Run Microsoft anti-adware thing. Run Adaware. Go into registry and make sure there is nothing in the windows run or windows runonce files. Normally a good virus manual remove will have instructions how to do this. Check to make sure that the actual Icon you are using to access the internet (your firefox or ugh IE icon) is actually going to these programs, and isn't going to a third party program before startup. After all is done, restart the computer in normal mode without your network attached, and run the scans again. If you share a network / have more than one computer on your network you should disconnect all computers from the network and treat all of them as if they were infected. Scan each one closely. Many viruses will use windows networking to spread the virus machine to machine inside your filewall area, especially if you have open shared directories. Good luck. Alex