HELP! I've been "infected" with "spyware". What do I do?

I keep getting these pop ups that tell me to download something to get rid of it. Do I do it?

I have Ad-aware but it won't run, goes only so far then stops.

Should I take it in for repairs? It works but is VERY slow and I keep getting all sorts of pop ups and other problems.

Thanks to anyone who knows the answer.

Just an ad to get you to buy something (you may have a virus, but the popups wouldn't be able to tell)

Tons of pop-ups that tell you how to get rid of the pop-ups. It directs you to a page where, for a cool $29.99, your problem will be solved. Yeah, right! That's only the beginning. These programs install even more spyware!

The two best spyware removal programs on the market are free. Ad-Aware and Spybot will solve all of your problems.

Just try and end the running process of the crapware first, since this will make it much easier to run the programs.

Malicious scripts and spyware can be removed. It may take time and patience, and you may have to do a little research, but it can be done in the sanctity of your own home.

Lavasoft makes it. The website MIGHT be www.lavasoft.org

But don't quote me on that. Google it. You'll find it. Get the free version.

http://www.safer-networking.org/en/download/index.html

It's free and it really works well.

http://security.kolla.de

see if you can do a check on your computer through there and see what it tells you. You need to identify what you are infected with. GO some place like symantec and get removal instructions.

After go download firefox and stop using IE. Also go to windows update and update your operating system.

flaws and I never updated my files till I had this problem

but I've sorted most of it out, download "spybot search and destroy"
you have to make sure it it this freeware only, and also download "Hijackthis" run both these programs and it should at least show the problem, both of these are freeware, also after youve run hijackthis it will show the loadups that happen when you start your comp and where the problems lie, look for a "bho" load up and delete it and similar files that look abnormal....good luck

also might want to run a scan with anti-virus software.
If you are using windows you now can pick up viruses
from certain websites .

Also be sure to update Windows
Make sure to remove Temporary
files folders etc.....

Like Mozilla, Netscape, or Firefox.

Message removed by moderator. Click here to review the message board rules.

and a personal attack

Message removed by moderator. Click here to review the message board rules.

but there are still some spywares that it doesn't spot.

If you run it and still have problems, see if you can figure out the name of the spyware you are infected with. Sometimes a Google search will lead you to detailed instructions on how to remove it manually.

Most important, NEVER, say "yes" when one of those pop-ups comes up giving a warning about adware or spyware. My son did that once on my computer and got a whole bunch of crap that was a horror to get rid of.

Hold down F8 when you restart. Once rebooted run Adaware. You may get a message that Adaware can't delete some files programs - write these down and remove them manually. Rinse and repeat.

I've cleaned up several systems in the past few weeks. One was just horrid.

I recommend running Ad-Aware first. But since you can't load it up, you may need to clean your system.

Do a disk cleanup first. Amazing what this little often-neglected step will do to speed up a system.

Another thing to do is CTRL+ALT+DEL, which will bring up the process screen. Close out of any program that looks like obvious spyware. Be careful doing this, though. Only close down programs you know to be spyware.

Open up Ad-Aware. And be sure to check for updates (check the symbol on the upper right of the program. Updating is a MUST!

Run Ad-Aware. It may not get rid of everything on the first try, since it can't uninstall running processes. It will give you the option to load up on the next startup. Click OK for this option, then restart. It may very well be possible that you'll have to run it a second time. It certainly doesn't work.

When the spyware is gone, be careful next time. Do not use Internet Explorer for web surfing. It is unsecure and very dangerous to use. It is a flawed program that has not been seriously upgraded in several years. Use Mozilla Firefox, Netscape, Opera or even a stable IE wrap-around like Avant Browser or MyIE (Avant works well as a default browser).

Be careful what you download as well. Popular programs such as AIM and Kazaa are loaded with spyware.

I'm gonna have to get some help, this is mostly greek to me. I used to have Netscape but this computer didn't have it so I just ended up using explorer. I guess I google Mozilla Firefox and download that?

I did get ad-aware to finish its thing. I then restarted my computer and it was still yucky. My son the-hot-shot-college-student (rolls eyes) should be able to follow your instructions tomorrow. Tis the season for parades (poor dear) so he won't be around until later. (He's an intern for the ONLY dem in Utah. Who knew they had so many parades or that candidates walked in all of them?)

I didn't download anything. It either came in an email from someone I know (I don't open them otherwise) or from surfing the web.

Thanks again. I have this real love hate thing going with computers about now.

to download Firefox.
http://texturizer.net/firefox/download.html

Good Luck!

give Mozilla Firefox a try as your browser. I've been using it for about a week now and it's very user friendly. It has a built in pop-up blocker and cookie managing. :)

nothing will. This is from an email from LavaSoft:

<...>

"As if this isn’t enough yet, for a little over a month now, a new style of infection is flying around from CoolWebSearch. With its latest series of variants, it installs multiple files on a system, but one file, the center of the infection, is hidden. Not just hidden by the file attribute, but hidden where special software is required to even find it. I’ll admit, I had to dig for a little bit through my “bag of trusty tools” to find the hidden file from the two variants I’ve seen so far, but while some effort is needed in part from the user to allow Ad-Aware 6 Build 181to remove this pesky file, Ad-Aware SE will have things covered.

And now for the ultimate disaster: the series of VX2 variants that remain a monstrosity in the anti spyware community to remove, right up until our plug-in hit the scene. This awful series of variants perform the worst I’ve seen. They lock into a Windows process such that their removal is practically impossible. This style of infection only works on the Microsoft Windows 2000 and Windows XP Operating Systems, since they’re the only two that really carry the vehicle it uses to latch itself in as it does. The Microsoft Windows NT Operating System does, also, but it’s different enough that the method used to latch in is ineffective. The Microsoft Windows 98 and Millennium Edition Operating Systems don’t have it at all, but a different method, although not quite as sophisticated, is used to prevent removal. Unlike the other topics I discussed, I have no tips on how to take care of this, other than to suggest not getting it in the first place. It all comes back to Safe Computing Practices, which I’ve mentioned in the past. While Ad-Watch does monitor for known installers of this beast, all it takes is a new variant, and that short period of time between its release and our updated definitions, to have it install on a system. Keep definitions updated, and use caution concerning what you download and run."

<...>

So, run SpywareBlaster, Ad-Aware (with the plugin), SpyBot, and anything else around. And hope for the best.

Although much of this stuff uses Active-X in IE, Opera and Mozilla/Firefox are NOT immune to some of it. Both of them have known security holes, and I have a firewall, an anti-virus, and WinPatrol running constantly to help keep the nasties out. Using Opera and Eudora, with the highest security levels, I still get a few data miners and other wierdness showing up.

Even when using another browser, Windows insists on caching web pages and setting up temp files. Digging through them is a pain, but deleting everything in the Windows>TEMP folders is necessary every so often. There is also a Windows>Temporary Internet Files folder tht should be deleted. There's a Windows>Installer folder that looks scary, too.

Update the definition files in the protection software DAILY. AVG antivirus can be set to update automatically, but some of the others, like AdAware, you should choose to update before running them.

Some stuff is more or less normal. Installing a new printer, scanner, or keyboard now comes with a bazillion "call home" programs that may or may not be useful. Even without hackers, trojans, viruses and spyware, the registry can become overwhelmed and slow the machine down. Fixing the registry is not to be taken lightly, but there are programs out there that can do it safely.

There are process viewers that do more than pressing ctrl-alt-del. Many of them, like PrcView, show you EVERYTHING that's running, and give a short description, or allow you to look them up online. Others allow you to see what's in the windows startup and let you stop background programs from starting.

It is an incredible pain in the ass, but there are a lot of people out there who just want to mess with your computer to steal something, snoop on you, or just because they are miserable pricks.

ASndWindows doesn't make our job any easier.

Do this. Should work in XP, Not sure about the others.

Disable Messenger like this:

1. Click on the "Start" button.
2. Right-Click on "My Computer"
3. Choose "Manage" from the menu that appears.
4. In the left column Highlight "Services and Applications"
5. In the right column Double-Click on "Services".
6. Double-Click on the service called "Messenger".
7. Click the "Stop" button to stop the service.
8. Change the "Startup Type:" to "Manual"
9. Click "Apply".
10. Click "OK".
11. Close "Computer Management"

More stupid shit Microsoft enables by default that 99.9% of users don't need and wankers love to exploit.

I changed over to FireFox. Personally, I think that it is a lot better than IE and a hell of a whole lot safer. Plus you can use different themes. :)

Internet Explorer has too many holes in it and EVERYONE is exploiting them.

I did this, and between my using it and keeping Norton up to date, I don't have any problems.

http://www.mvps.org/winhelp2002/hosts.htm

What it does ...

The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the local machine. Another feature of the HOSTS file is it's ability to block other applications from connecting to the Internet, as long the the entry exists.

You can use a HOSTS file to block ads, banners, cookies, web bugs, and even most hijackers. This is accomplished by blocking the Server that supplies these little gems. Example - the following entry 127.0.0.1 ad.doubleclick.net blocks all files supplied by the DoubleClick Server to the web page you are viewing. This also prevents the server from tracking your movements.


You can download the .zip file and when you unzip it (you can use a shareware program called WinZip for this) you can install it. Otherwise, you can open Notepad, click to open a file, and look for this path:

Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
Win 98\ME = C:\WINDOWS

Open the HOSTS file with Notepad. You may notice a few addresses already there, if you have a browser hijack. Just delete those, and "Select All" and "Copy" from this text file:

http://www.mvps.org/winhelp2002/hosts.txt

Paste all of this into your original HOSTS file opened up in Notepad. Then "File" and "Save". The HOSTS file gives dummy 'addresses' for a large selection of malicious sites. With the self-hacked HOSTS file, it gives a dummy address that bounces around a lot. If there's a site that you use that you have trouble getting to after hacking the HOSTS file (ex. Classmates.com, whose only real crime is a lot of banner advertising) you can scan the HOSTS list and remove the entry.

Be sure to keep you antivirus/firewall up to date. I use Norton, and it works for me, though I know many people dislike it. It's a bit tricky to get up and running, but it does protect against malicious email and other assorted nasties. There are other AV/Firewall programs out there as well if you don't like Norton. Remember, an AV/Firewall program may not detect a browser hijack or a script-based attack. Refer to Hijack This for these instances, or roll up the sleeves and get into the system.

I also recommend looking into a registry cleaning program to remove the bad registry entries afterward. Fix-It Utilities is what I use, but I'm sure there's other good ones out there.