On BNET: 5 classic computer pranks
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 8 of 212:
Next »
« Previous
Try this.
Removing Spyware is tricky as everyone has discovered. I can normally clean a major infected computer in about 3 hours. It's not necessary to know the name of the Spyware you are trying to remove but it can help. Here is my basic process.

1) Delete all temporary internet files & cookies.

2) Check add remove programs for any Adware that may be listed. Log onto the internet and try uninstalling everything that may be showing up there. A lot of these programs uninstall are bound to the internet. Be very careful when you read the uninstall steps as the questions lead you to answer the wrong way. Also if possible go to the website and look in their tech support section if there is one. LOP for example has a global removal tool that will uninstall every one of their Adware programs in one step.

3) Kill all running Spyware & Adware processes. If you don?t know which processes are the Trojans & Adware a virus scan will at least identify the files. Note that most processes you see running are also the name of the file on the system. While investigating the processes & files on the system check the file properties and a legitimate file will have the software company there. If there are no identifiable properties it becomes my suspect. The Windows task manager (ctrl + alt + del) has a process list in Windows 2k & XP, Win98 needs a process viewer installed. Spybot & MS Anti-Spyware has process viewers and a kill command is available there.

4) Update your anti-virus software and do a complete scan of all files. If your anti-virus software won't run it's possible you have an assassin Trojan on the system. Recently I?ve been dealing with the Sober virus and it?s new job is to take out any anti-virus & anti-spyware removal tools. It also blocks access to all websites that will help you remove the infections, they are blocked in a global variable that shows up in the host file but when you look at the host file there is nothing there. I found that Spybot will kill these entries in the advanced tools hosts tool. If you?re anti-virus software fails to run, uninstall it and after a reboot reinstall and update the software but don?t reboot the system or the assassin will take it out again. Disconnect from the internet then run the complete scan and remove all the virus?; any virus that cannot be deleted or quarantined are running as a process and the system has the file locked. To delete these, kill the associated process to the virus file name. If you can?t kill it and it keeps coming back do a registry search for the file/s name and delete all references to it/them. Then pull the plug on the computer, do not shut down as the virus will replace its load entry in the registry. Pulling the plug causes complete data loss and virus? are not immune to that so when you restart the system after pulling the plug the viral process is not loaded. Rescan your computer and you can now delete the file/s. Do not reconnect to the Internet yet.

5) If you haven?t done this yet, make sure you install and update your anti-Spyware application. It?s a good idea to do this before you start your cleanup/removal because there are going to be downloader?s found by the anti-Spyware scan. Anything that is found but cannot be removed, once again, is the same problem as the virus in step three. Do the same thing here. Identify the files, delete the registry entries, pull the plug, restart Windows in ?Safe Mode? and rescan the computer for both virus and Spyware.

6) Restart the computer normally and rescan for both virus and Spyware. It should come up clean this time.

7) Once your system is clean, open up Internet Properties and reset Internet Explorer back to the default settings. This is under the Programs Tab and there you will see a button to ?Reset Web Settings? check the box to reset the home page (this will be MSN but you can change that later).

8) Reconnect to the Internet.

To manually remove the Hyperload Mah Jongg examine the Registry and delete the entries for it. Kill any running process associated with Hyperload Mah Jongg (possible to have to pull the plug again) and then delete the install folder. Restart the computer in normal mode and if there is any file missing or load errors write down the file name and search the registry deleting any reference to it. Restart the computer again.
Posted by: Uncle Buck   Posted on: 05/13/05 You are currently: a Guest | Members login | Terms of Use
Reply to Story No further replies to this post will be accepted.

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Looks to me like . . .  James Dean_z | 05/04/05
Could have been cured long ago  Too Old For IT | 05/04/05
Maybe ... maybe not...  dalecosp | 05/04/05
Black box is spyware  MacGeek2121 | 05/04/05
Not to mention  rsouza@... | 05/05/05
MSAS is not spyware!  Uncle Buck | 05/12/05
spyware Hyperload Mah Jongg  GeoWolford | 05/13/05
Try this.  Uncle Buck | 05/13/05
Looks to me like  broom | 05/04/05
Public execution would stop...  Anton Philidor | 05/05/05
Public Executions!!!  rsiron2000@... | 05/06/05
when you kill one...  linuxoverwindows | 05/07/05
Message has been deleted.  MIS Master | 05/04/05
Yes, but this is a Windows ONLY problem  Jeff Spicoli | 05/04/05
they dont have time for you 4% Linux strokers  MIS Master | 05/04/05
Message has been deleted.  Jeff Spicoli | 05/04/05
yes, but but  tomhood@... | 05/04/05
You obviously know nothing because...  Windroid_Deprogrammer | 05/04/05
Hey ZDNet, please read...  Windroid_Deprogrammer | 05/04/05
False info helps no one.  Tank252ca | 05/04/05
Nope  Jeff Spicoli | 05/04/05
False info?  dimonic | 05/04/05
PIllory be d*mned, let's give 'em 39 lashes apiece...  dalecosp | 05/04/05
WOW  DalyDose | 05/04/05
You're missing it dude-aloo  Jeff Spicoli | 05/04/05
You are working for MS  dimonic | 05/04/05
I look at it this way  Jeff Spicoli | 05/04/05
Not everyone reads the news.  The King's Servant | 05/04/05
You so crazy  mmck | 05/06/05
Jeff you ARE an....  DragonBRockin | 05/04/05
did I hit a nerve?  Jeff Spicoli | 05/04/05
Nope...  DragonBRockin | 05/04/05
Hey delete message police, over here^^^  Windroid_Deprogrammer | 05/04/05
Nice try Jeff...  DragonBRockin | 05/04/05
Windroid_Deprogrammer = MepisLINUXuser  Windroid_Deprogrammer | 05/04/05
Jeff you're missing the point  qtrback | 05/04/05
%3 - %7 $$$$ develop  stemcellphone | 05/06/05
RE: You're missing it dude-aloo  nightshade0143 | 05/05/05
They "deserve" to be toyed with???  alhefner | 05/06/05
ok...time the hell out....  rob.astleford@... | 05/04/05
What good would Linux a real Linux Virus do?  klmmicro | 05/05/05
Microsoft know their users.  Anton Philidor | 05/05/05
A lot of users foresake security for said same reason  FilledOut | 05/05/05
.. so waiting for the wailing  Too Old For IT | 05/04/05
...as are the rest of us...  dalecosp | 05/04/05
RE: .. so waiting for the wailing  nightshade0143 | 05/05/05
It's not a Windows problem, it's a legislative one.  digital@... | 05/04/05
Not so fast...  dalecosp | 05/04/05
remember, focus on the desease  qtrback | 05/04/05
Solution or part of the problem??  TotalKayeos | 05/04/05
RE: It's not a Windows problem, it's a legislative one.  nightshade0143 | 05/05/05
Wake up!!  bammike | 05/04/05
Dear uniformed Mac-sucking tool,  workgroup@... | 05/04/05
You obviously don't read the Microsoft website  Bennopia | 05/08/05
Right, and just how may magical pixies fly out?  workgroup@... | 05/19/05
BlaBlaBla  rsouza@... | 05/05/05
RE: BlaBlaBla  Linux User 147560 | 05/05/05
break and entry  pesky_z | 05/04/05
Don't use a Masterlock? You deserve to be robbed blind!  Jeff Spicoli | 05/04/05
sales pitch still isn't working  MIS Master | 05/04/05
that's because you enjoy being whipped..  Jeff Spicoli | 05/04/05
Message has been deleted.  MIS Master | 05/04/05
Message has been deleted.  Jeff Spicoli | 05/04/05
Blame the victim  osreinstall | 05/04/05
Love my little Mac  Bill4 | 05/04/05
That's a valid point  woot! | 05/04/05
And..  Jeff Spicoli | 05/04/05
What are you talking about?  jpfitz@... | 05/04/05
Don't be embarassed  LinuxHippie | 05/04/05
so to recap...  Cahill, US Marshall | 05/04/05
Good Answer!  brian.giordano | 05/04/05
Yet, another Microcult member...  Windroid_Deprogrammer | 05/04/05
Really?  Linux User 147560 | 05/05/05
If you move to a Mac the advertisers won! - until next time  osreinstall | 05/04/05
Did you shut the M$pyware off?  Windroid_Deprogrammer | 05/04/05
Go back to your other alias Mepis  osreinstall | 05/04/05
I like this screen name...  Windroid_Deprogrammer | 05/04/05
It is 100% client mode  osreinstall | 05/04/05
Its more like this...  kdaulton | 05/04/05
Nah  Jeff Spicoli | 05/04/05
Ok.. So.. In that case...  Wolfie2K3 | 05/04/05
Times have changed  dimonic | 05/04/05
Bingo!!  rob.astleford@... | 05/04/05
You sound like me...  Windroid_Deprogrammer | 05/04/05
Oops, that's windohs, not windows, sorry (nt)  Windroid_Deprogrammer | 05/04/05
Thankyou for the compliment...  Windroid_Deprogrammer | 05/04/05
no one deserves to be robbed  Youdontget Myrealname | 05/05/05
Congress H2929  LaSenorita | 05/04/05
Good thinkin  qtrback | 05/04/05
Spyware Removal Tools  LaSenorita | 05/04/05
add these to your list...  dalecosp | 05/04/05
Lets not forget...  DragonBRockin | 05/04/05
warning on Spyware Blaster  Neil Parks | 05/04/05
Good advice!!!  DragonBRockin | 05/04/05
Spyware Removal Tools  yableep | 05/04/05
Maybe, maybe not...  BitTwiddler | 05/04/05
Thanks for the tip  qtrback | 05/04/05
I like CounterSpy  lildreamweaver | 05/05/05
Spybot is good, but...  BitTwiddler | 05/04/05
I use both Spybot and Ad-Aware  doctormoriarty | 05/05/05
Don't blame us  qtrback | 05/04/05
Spyware removal advice  Paul.Quirk | 05/05/05
Free AdAware does work  Anton Philidor | 05/05/05
Knowing vs unknowing  Dr_Zinj | 05/04/05
The sweetness of vindication!!!  Thuss80 | 05/04/05
Hang 'em all by the gonads  bammike | 05/04/05
That would severly limit the posters on Zdnet  FilledOut | 05/05/05
A Virus is merely a harmless annoyance  dbrimlow | 05/04/05
Harmless annoyance  hrengifo | 05/04/05
Applause  qtrback | 05/04/05
Here is an idea for you  Linux User 147560 | 05/04/05
brimlow on;y 1/2 right; wrongthink re: virus...  ricmeyer@... | 05/04/05
LOL!  dbrimlow | 05/05/05
I Found A Great Antivirus Program  lildreamweaver | 05/06/05
virus vs spyware  hesim | 05/04/05
Spyware on Warez & Kazaa  l.bancroft | 05/04/05
New.Net not removed by SpyBot S&D by default  just_wondering | 05/04/05
Umm, if you read up, you will...  Windroid_Deprogrammer | 05/04/05
ignoe, not remove  qtrback | 05/04/05
WhenU revealed  Melgibstone | 05/04/05
'No comment' - why? what's he hiding?  buran | 05/04/05
Think about it....  jesup | 05/04/05
WhenU's gone lawsuit happy  doctormoriarty | 05/05/05
Spy ware with so called free programs  AZson | 05/04/05
Spybot vs. Eudora  meckles | 05/04/05
Logic dictates...  aaron91983 | 05/04/05
Spyware  The Punisher | 05/04/05
instant execution  WarHippy | 05/28/05
Charge for Spyware  Allen_z | 05/04/05
Have you been tricked into buying an Operating System  johnpall@... | 05/04/05
tricked into buying an Operating System  doc_cotton | 05/28/05
Tricked?  WarHippy | 05/28/05
Here is what the law should look like...  Windroid_Deprogrammer | 05/04/05
Whoa!!!!  DragonBRockin | 05/04/05
Ever Been Tricked Into An OS Upgrade By Microsuck?  itanalyst | 05/04/05
itanalyst  DragonBRockin | 05/04/05
Hey dude, the name is a joke and...  Windroid_Deprogrammer | 05/04/05
Its all good dude  DragonBRockin | 05/04/05
Also...  DragonBRockin | 05/04/05
Okee dokee then. (nt)  Windroid_Deprogrammer | 05/04/05
than hackers (not then) oops  Windroid_Deprogrammer | 05/04/05
You don't have to be tricked...  BitTwiddler | 05/04/05
I love term 'drive-by install', makes me feel...  Windroid_Deprogrammer | 05/04/05
Don't expect legislative help  the_doge | 05/04/05
I think members of congress like...  Windroid_Deprogrammer | 05/04/05
tricked isn't the word for it  fmbrowniii | 05/04/05
I am sure you are not the first to...  Windroid_Deprogrammer | 05/04/05
that's buy, not by, sorry. (nt)  Windroid_Deprogrammer | 05/04/05
tricked  stemcellphone | 05/06/05
linux spyware  007lizard | 05/04/05
Linux is safe from spyware  matrixdomain | 05/04/05
Ease of use=ease of infection  doctormoriarty | 05/05/05
Windows can easily be made safe  mggordon | 05/05/05
Windows can easily be made safe  doc_cotton | 05/28/05
Get Noticed  WarHippy | 05/28/05
Breaking and Entering  Maximum Overdrive | 05/04/05
IN DEFENSE OF ADWARE  scott.sangster@... | 05/04/05
Are you serious?  ploco@... | 05/04/05
It's because of the  Linux User 147560 | 05/04/05
Well Said  Altern_z | 05/06/05
Analogy -- close but Wrong  jjsch | 05/04/05
RE: IN DEFENSE OF ADWARE?  damox_z | 05/04/05
Hear Hear!  daver_z | 05/05/05
Say What?  Altern_z | 05/06/05
there is no defence  jb_bristol | 05/21/05
Speking from Experience  deanbu | 05/04/05
SPYWARE  goldbug@... | 05/04/05
This is a Homeland Security Issue  osreinstall | 05/04/05
not quite  aaron91983 | 05/04/05
Work with this a little  osreinstall | 05/04/05
Yeah, fire them b@$t@rd$, throw away the key!  MepisLINUXuser | 05/05/05
How about the Social Security Administration  osreinstall | 05/05/05
Reward courageous anti-spyware companies!  sconnell@... | 05/04/05
Better yet  Zoraster | 05/04/05
Linux is not that clean  dgclay | 05/04/05
Clean is not the issue (right now)  mggordon | 05/05/05
spyware  mysongreg | 05/04/05
Re Spies:CATCH 22 ---!!!  mysongreg | 05/04/05
Uh, what's your point?  mejerry | 05/04/05
Tricking Kid's into Spyware  jjsch | 05/04/05
time for ur wakeup call  conan99 | 05/04/05
Tricking Kid's into Spyware  jjsch | 05/04/05
Adware/Spyware  w2xaq | 05/04/05
Love That Spyware!  mejerry | 05/04/05
Spying On The Spyware Makers  dfarrich@... | 05/04/05
Help us track them down  zimjones | 05/04/05
Spyware/Ad-ware forever  larrye2001@... | 05/04/05
I have a tip to get rid of your spyware etc.  itlover | 05/05/05
Here's a better tip.  daver_z | 05/05/05
The only way to stop spyware  daver_z | 05/05/05
No one mentioned the EULA  dbrimlow | 05/05/05
the system  stemcellphone | 05/06/05
RIGHT ON, DUDE!!  WarHippy | 05/28/05
Attack tracebacks  dubina | 05/05/05
trace spyware  doc_cotton | 05/28/05
Hi  Jeff Spicoli | 05/05/05
Target the Problem  amgold | 05/06/05
Fix it before it starts.  cbcooper79 | 05/06/05
One more important thing  cbcooper79 | 05/06/05
Spyware,REAL  draziwdlo | 05/06/05
Spyware,REAL  doc_cotton | 05/28/05
Exposing the spyware makers  Reverend_z | 05/06/05
Well What goes around...Comes around...on&on&on...  OldDodge64 | 05/06/05
nothing works  jimmyjam_z | 05/07/05
SPYWARE  padj22 | 05/08/05
Microsoft  Bennopia | 05/08/05
Amen!  doc_cotton | 05/28/05
Spy master  purwin@... | 05/08/05
spy master  irvinghca@... | 05/19/05
MICROSOFT=LEGAL?? HA! HA! HA!  WarHippy | 05/28/05
spyware  irvinghca@... | 05/19/05
Better Than Spying  DRogue6 | 02/17/06

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
Click Here
advertisement

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline