[SMF For Free]

Defeating Spyware

My Tips

First do a scan with spyware scanner such as Spysweeper from webroot.
The trial version of spysweeper will at least tell you the files, and registry keys that affected.

Check your task manager and look at the process list if you see anything usually then I would suggest to find the path of the process. Using the System Information program from the Start menu under Accessories and then under System tools. Open up the software then under software environment under the running tasks group you will see a list of process that are running and the path to each process.

Spyware is normally copied either to C:\ or to c:\windows or c:\windows\system32

You can normally tell if it is an odd filename with no manufactor. If you really wanted to be detailed you can open the file up with a hex editor and check if the file has been compressed. A lot of spyware will use UPX compression and you would see a string UPX! in the file.

There are about 25 to 30 locations where spyware could be installed to run on startup.
Easy one is the startup folder
Win.ini is another.
The rest are mostly in the registry which is another topic.

The best bet is to get Autoruns and Rootkit revealer from Sysinternals Freeware

Autoruns will show everything that starts on startup and allows you to remove and edit items that run on startup, be careful using it. I highly recommend it for removing spyware.

Rootkit realver will find programs that run at low level that intercept the windows api to stay hidden. It searches the disk and the registry for hidden programs and keys.

Some spyware will when you try to delete will say access denied next step would be to boot into safemode and hope the software is not running as well in safe and try to delete the file. To get in safemode and restart your computer press the F8 key after the bios screen appears and you will get a menu choice to boot normally, boot in safe mode, and boot in safemode without networking. Any of the last two will be find, I normally do with networking in case I need to get a file from the internet.

Another way to defeat the file in use error when deleting a file is to get Unlocker from UNLOCKER 1.8.3 BY CEDRICK 'NITCH' COLLOMB will attempt to unlock a file to allow you to delete it.

I would also suggest getting a firewall such as ZoneAlarm so at least you can tell when programs are trying to access the internet.

Always run Windows updates and make sure you are patched. Microsoft normally releases patches on the first Tuesday of the month.

Hope this helps a little. There is a lot to talk about and barely scratched the surface. I think I may write a big article on this one day heh.

[raghav]

But i think macafee complete package is the solution for every thing.

[Afterglowing]

Spybot:Search and Destroy, it rules. Get it at download.com

[Life Xpect]

Wanna get rid of spywares? just get WinPatrol and Spyware Terminator running and you'll be spyware free in no time.. Just take correct decisions when prompted ;)

[Dana]

Good advice everyone.
Spyware is SUCH a pain.

[thebookish]

Spyware are always moving one step ahead than the remover no system is %100 spyware free.

[Life Xpect]

My system.. IS ;)

[ScottHughes]

The trick to eliminating spyware isn't so much the program you use, it's about scanning regularly and keeping the strings updated. Also, just try to avoid getting spyware in the first place.

[webcrawler]

For ordinary surfing, I use diskless CD like that of Ubuntu. It will boot from your CD and load the minimum requirements for surfing. So far it works. I don't have any problem with spywares.

[javablues]

You are probably referring to a bootable live CD with the Operating System and basic applications. Is there such a thing as diskless CD for Windows? Most of the live CDs I know are Linux based. Definitely you are spared from spywares thru live CDs.