Recently, I have been working as a computer consultant and often come across computers inundated with spyware. It can be pretty difficult, even for me, as most anti spyware programs can’t do the job alone. That’s where I come in I guess since most users I visit have already tried a number of different pieces of software.
I’ve since come up with a system that works fairly well for me and I would imagine it doing the same for you.
Avoiding Spyware
It isn’t that hard to avoid spyware. I don’t run any kind of anti-spyware software on my computers and I have never been infected. What’s my secret. Press NO! That’s all there is to it. When you are surfing the internet and the pop-ups or dialog boxes come up either press the "NO" or "CANCEL" button or the RED-X button in the upper right to close the window.
Getting The Software
First thing you’ll need to do is grab the newest versions of Windows Defender, Spybot Search & Destroy and Spyware Blaster. There isn’t any need to purchase any software and most of the ones you see advertised in the pop-ups caused by spyware will just put more of it on your system.
Installing the Software
First install Spyware Blaster. This doesn’t remove any spyware from your computer but will modify the registry to prevent known spyware from being installed. You wont even see the active-x dialog box! Install it, follow the default prompts and run it. Once its running, click the Updates tab to get the latest updates. Once that’s done, press the Protection tab and then towards the bottom press the “Enable all protection” link.
Now install or upgrade your Spybot Search & Destroy (SS&D). Make sure to get all of the updates for it as well. Update: Once all the updates are complete, press the Immunize button on the left. It will then tell you that a number of protections are available. Simply press the Immunize button on top to enable these protections. Finally, run a complete scan on your system and remove EVERYTHING that shows up. You may need to reboot during this process so that I can attempt to remove some start up items.
Do the same with Windows Defender (WD). During the installation make sure to choose all the defaults. Once it is installed, press the button to download the latest updates and perform a quick scan. Then scan your system. Remove EVERYTHING that it finds.
Well now you are probably like “Duh, I do that all the time.” Well, now to the good stuff.
Disabling Start Up Items
Fire up msconfig (Start>Run>msconfig) and disable all of your startup items. Don’t worry we’ll put them back later. Now we need to boot into safe mode. Shut your computer down and then turn it back on, this will give you more time to do what you need as opposed to a restart.
Booting into Safe Mode
Once you turn the computer back on, start pressing the F8 key in one second intervals. If you get a keyboard error, turn off the computer and try again, but wait a few seconds before hitting F8. If you get it right, you should be presented with a text menu, of which the first choice is “Safe Mode.” Select it and hit any key. Update: If you see the WIndows loading screen you missed it and will need to reboot again, just this time press F8 sooner or more frequently. It will probably take a little while longer then you are used to when booting into safe mode.
Deleting Temp Files
Log in with administrative rights (either the administrator or a user with those rights) and open up Windows Explorer (not IE).
Goto Tools>Folder Options then hit the View tab.
Under the Advanced settings, scroll down until you see “Show hidden files and folders” and ENABLE it. Then right below, UNCHECK “Hide extensions for known file types.”
Press "Ok" to close the dialog box.
Now click on the C: drive on the right, then the /Documents and Settings folder. You will see a folder for each user on the computer. And you will need to do the following for EACH user except for “Default User and All Users.”
Click the + sign next to one of the users. Then click the /Local Settings folder, then the /Temp folder. This is a common place for spyware files to reside. Mostly because it his hidden and in a location most users wont suspect.
Select ALL the files you see in the /Temp folder and DELETE them. You might come across some that won’t delete because they are in use. The easiest thing to do is to just rename the file and then try to delete it again. If that doesn’t work, you’ll have to reboot back into safe mode after you’ve renamed those files. At any rate, make sure you delete all the files and folders in the /local settings/temp directory for each user.
Do the same for the /windows/temp and c:/temp directories and then empty your Recycle Bin.
Re-Enabling Start Up Items
Launch msconfig again and re-enable all of your start up items. Reboot the computer and boot back into Windows normally.
You will probably get a few errors on startup this time. This is actually a good thing because that means that some of the spyware that SS&D and MAS didn’t remove were cleaned out by clearing the temp files.
Take note of the errors, playing close attention to any files names or program names associated with them. Fire up msconfig again and uncheck those items from startup and any others you don’t want. You generally don’t need any of the HP printer driver crap either.
Deleting Temp Internet Files
Next, open Internet Explorer, goto Tools>Internet Options. On the General tab, press the “Delete Cookies” button and then the “Delete Files” button. Make sure to check “Delete all offline content” when you are deleting files. It will take a few minutes to complete.
Restoring IE Security Defaults
Next goto the Security tab, select Internet and then press the “Default Level” button. Do the same for Local Intranet, Trusted sites, and Restricted sites.
Now goto the Privacy tab and the Advanced tab and press the “Default” buttons there too. Hit "Ok" to close that dialog box.
Disabling Active-X Extensions
Now goto Tools>Manage Add-Ons. You will see a list of all the active-x extensions installed in your IE. You should disable anything you don’t recognize. Make sure to keep any Adobe, Macromedia, Apple, Microsoft stuff or anything you KNOW you need. You can always re-enable it if something doesn’t work afterwards.
That’s should be about it. I am sure there are some of you that need more help then what is covered here, but due to the enourmous amount of spyware out there, it is impossible for one piece of software or any single article to cover. If all else fails you can always reinstall Windows or take your computer to a proffesional.
Good Luck!
Tony
Good Luck!
Tony
Bookmark
Hits: 6829
Comments (0)
Show/Hide comments
Show/Hide comment form
