This will scan your computer, make sure your firewall or pop up stopper is turned off, re turn them on when you have done, it will get rid of any that are lurking, from then download maybe AVG and its free download from grisoft.com and update it daily.

I had a run-in with these types of things (nasty) a few months ago, maybe a year or so now. Through a search I foudn a great site that gives step by step instructions on how to clean this mess up. Go to www.majorgeeks.com and to the support forums, and check out the spyware forum. There is a post stuck towards the top that says "READ THIS FIRST..." before posting. They have links to several programs (all free) you can download them right there even. I have cleaned up many a computer in the last several months using these steps. Good luck with it and if you have any question you can send me a message or join major geeks (free) and ask away. They are always very good at answering me, great great support!

Dawn

Hi Neb,

Firstly, a Trojan, is a program which much like the Trojan Horse of history, has got inside your defenses by pretending to be something else. Once on your system,they can exhibit any number of undesirable traits, including home-page hijack, downloading of undesirable adds, keylogging, and a whole lot of other things you'd rather not have.

The best way to defend yourself from them is to be a bit more selective of the things you click on. However, since you're already infected, its necessary to get rid of them.

No single program will get rid of all Spyware. It's usually necessary to run a couple.

Adaware is a good start, its usually non-destructive, so you can run it without too many qualms. But just like anti-virus programmes, its important that you update and use the latest version.
The latest version of Adaware is SE personal, and its available for free at


Also try Spybot Search and Destroy, it's a bit more aggressive than Adaware, but I've been using it for years with no adverse effects. Its available free from here http://spybot.safer-networking.de/en/index.html

Once you've got rid of them, its important to keep them out. Firstly insure you have a Firewall installed, and that its switched on. At the very least you should have Windows Firewall on.

In addition, download and install Spyware Blaster, another free programme, it does not remove spyware, but it does set up a barrier, to prevent the re-infestation of many types of spyware. Find it here http://www.javacoolsoftware.com/spywareblaster.html Also from the same place download and install Spyware Guard, it actively prevents you from downloading spyware. This is the link. http://www.javacoolsoftware.com/spywareguard.html

If you've used these, you should have got rid of your spyware and insured that you are less likely to get infested again.

One last bit of info, you may have been infested by one of the CoolWebSearch variants. These are particularly difficult to deal with. Both AdAware, and Spybot do not always successfully remove all variants 100%.
In this case try downloading CW Shredder, a small free standing piece of software that usually removes it completely. Download it from here. http://www.majorgeeks.com/download4086.html

Lastly, one of the reasons you've been infested, is because you're probably using IE as your browser. IE is notoriously insecure, and because it is the most popular browser, it stands to reason that more Spyware is written for this, than any other browser.

Try using Firefox, I've been using it for quite some time now, and since I have, I've not picked up any Spyware. Download it here http://www.mozilla.org/products/firefox/

For a bewildering amount of extra information, and for help in removing spyware not addressed by the programmes above, visit Spyware Warrior, here http://www.spywarewarrior.com/rogue_...tm#trustworthy

Added a bit of extra info to post above. Hope this helps.

hi

hi
just to confirm what you have read, and probably got confused with

We use avg antivirus, zone alarm firewall, and spybot, they are all free and are quite easy to use and install, i to have had trojans etc ( avg and zone alarm do block or let you know they are there ) spybot has cleaned them all with no trouble, We also found that with one trojan it got in through a hole in internet explorer for which there is a update, so check for updates, ( also update spybot the others do it automaticaly )
Just take your time and you will get it sorted

Palms

Hi Neb
Gary has posted some great links and advice, I would advise checking the links below for extra security though.
Windows xp Tweaks and Security

Download Hijackthis and then paste the log file here and it will tell you what it thinks are spyware and all other bad processes.

Other programs reccomended are
Trojan Defence Suite ( best on the market )

ccleaner

Winpatrol

They will help on your problem.

Cheers
Romany

Wipe hard drive?

Just a thought... are you trying to preserve the data on this machine? If you simply want a useful computer, by far the most complete method for getting rid of adware, spyware, trojans, and the rest is to completely wipe the system hard drive and reinstall the operating system. Any computer shop or handy geek friend would be able to do this for you, or you could easily do it yourself. If this is a Windows PC or a Mac, simply put the original system disk in the hard drive and follow the instructions on doing a complete reinstallation.

In fact, if there is data you want to preserve, consider writing that data to a CD or similar isolated place, reinstall the operating system, and then run the adware/spyware/virus detection programs on the CD files rather than on the entire system.

i use ad-aware, hijackthis, zone alarm (the free version), norton anti-virus, and win patrol. all are excellent programs (as mentioned above). they all handle slightly different things (also as mentioned above). zone alarm and win patrol are preventative. the others are cleaners. and for browsing i mostly use mozilla (ya gotta love tabbed browsing).

you shld also keep a clean restore point in windows xp that you're sure is NOT infected in any way. you dont want to RESTORE a virus or other malware.

another good help is something like norton GHOST. this makes an image of your entire drive (or whatever portion you specify) that can be saved OFF of the computer and used to restore your system. it will even backup windows itself, including those files that normally cant be backed up because windows is currently running.

and lastly, if i'm at all suspicious of a program i'm about to install, i use a program called 'Total Uninstall'. this is a logger program. you use IT to install the suspicious (or any) program. as that program installs, total uninstall logs EVERYTHING that is done to your computer, including the registry, and all drives specified. because total uninstall monitors the API (application program interface) and all calls made to it, EVERY API call is logged. and before even running, total uinstall scans your system to see what's there first so it can restore whatever it needs to. it even logs AFTER the install. thus, if your program turns out to be malicious, you run total uninstall again and have it remove the errant program. this is a great program in case any of your other anti-malware fails to spot something.

K.

Just a word of warning.

Kraellin uses Hijack This. This is not a program to be used without expert advice.

It is quite possible to totally wreck your computer using it.

The best way to use it, is to use the logging facility, and post the log to a help forum, such as http://spywarewarrior.com/index.php

Here expert advisers will take you step by step through the procedures you need to do to remove the offending spyware.

gary is correct. hijackthis can remove registry entries which may be critical to your system. however, it does have a feature to back those items up before removal, allowing you to restore them if needed.

also, hijackthis was developed primarily as an aid to those whose browser had been 'hijacked'. hijacking is the action of altering one's browser settings and parameters by a thrid party with such things as changing your home page, changing your preferred search engine, embedding 'call home' devices such as dialers (and others), and a number of other unwanted programs and devices. thus the name 'HijackThis' (it's one word in this case; no space between hijack and this).

it's an excellent program for what it's designed to do, but it is powerful and a bit dangerous in that you can mess some things up on your system. i've never seen it completely render a system inoperable, but it could conceivably screw up your browser pretty badly.

the latest version also comes with a couple other security features. i highly recommend this program. i forget whether there is a 'pro' version or not. i'm currently using just the free, unregistered version, and would not run any system i own without it.

also, while still on the subject of security and browsers, it's a good idea to set certain functions of your browser to something other than 'enable'. things like active x and scripts are a bit of a security risk. set them to at least 'prompt' in your options/preferences lists, which will force the browser to offer you a choice when a website wants to install a script or active x app. cookies can also be used to track information and i tend to set these to 'prompt' also. the newest browsers have very good cookie handling routines. mozilla, for example, will allow you to set certain sites as 'always allow cookies from this site' or 'never allow', thus giving you tailoring abilities when you trust or dont trust certain sites.

zone alarm can also be used for anti-malware. not only does it block unwanted incoming garbage, but it also detects outgoing signals from your computer. thus, if you do get a 'call home' program put on your system, when the call home device attempts to call home you will alerted by zone alarm and can block it. typically, 'call home' devices are keyloggers, dialers, spyware and so on.

a keylogger registers and logs every key you hit on your keyboard. thus, if you manually enter a password, this gets logged by the keylogger and sent out on the net to the receiver somewhere and they now know your password(s).

dialers typically attempt to call out to a location which contains other malware. the dialer then attempts to download this other malware onto your machine. this other malware often contains other trojans or viruses, or means whereby an attempt is made to charge your money for something.

'spyware' can be anything from simple cookies that keep track of your password and login data for a given site, to full blown 'we want to know everything that's on your system, including passwords, credit card numbers, and other security information.

but prolly the worst offender for putting malware on your system is your email program. if you're using micosoft's outlook or outlook express in particular, you shld turn off viewing emails in html format (i seem to recall this was because of the active x feature which the html format could use). your anti-virus program shld also be set to check every incoming and outgoing email. and there are a couple other things to change as well, but i've turned all those off so long ago that i dont currently recall them all.

sadly, there are malicious people out there. it pays to be just a bit cautious.

if all of this is a bit confusing, the simple solution is get an anti-virus program and a firewall of some sort. those are just plain required any more. and as mentioned in an earlier post by someone else, even if all you have is microsoft's default firewall that comes with windows XP, use it!

K.

Hi Kraellin,

With Hijack this, you can alter more than just browser settings. Although it is rare to totally foul up your system, due to the backup system, it is still possible to not only wreck your browser, but also to affect critical systems files. As I said in my earlier post, always seek expert instruction, unless you are a very experienced operator and absolutely sure of what you're doing.

If you're using IE as your browser, it's worth installing ie-spyad, available from here https://netfiles.uiuc.edu/ehowes/www/main.htm
this is a programme which adds known ad and spyware distribution sites to the Restricted Sites zone of IE.

These sites are then set to max security in IE, and downloads and Active X controls are shut off if you visit them.

Also consider installing a hosts file, this puts a whole lot of known crudware sites into your hosts list, and allocates them the number 127.0.0.1 also known as local host. Thereafter, if you try to go to a site that's on your list, the address found for the url you enter will be wrong, and you will not be able to go to that site.

If you are using Spybot Search and Destroy, it comes with a hosts file.

For Mac users with Spyware problems (Rare but becoming more common) the only scanner I know is here http://macscan.securemac.com/