About Unwanted-ware
Types of Programs
When you download and install software, other applications may creep into your system as add-ons without your knowing it.
Included are adware, spyware, dialers, keyloggers, trojans and usage trackers. Adware is rarely malicious, but can be a nuisance, sending pop-ups tailored to your interests. Spyware may use your Internet connection to send personally identifiable information to a collecting device on the internet. Note that these intrusions are likely to be connected to the program they came with. This means that you may remove the downloaded program and the spyware may remain. Similarly, if you remove the spyware, the downloaded program may no longer work correctly. Gather enough unwanted add-ons and they compete with other applications for processor cycles or internet bandwidth. Performance can be so degraded that doing productive work may be difficult.
The Harm They Do
These intrusive applications can be quite harmful. They are potentially
- an intrusion on your privacy
- running without your knowledge or consent
- used to create a digital "persona" that is not really you
- continuing to send information long after you have forgotten the program that introduced it
- saturating data transmission, slowing performance
- leaving ports open, making your computer vulnerable to attack
- carrying out tasks you would otherwise not allow
- difficult to remove or stop
You have a compromised, inefficient computer, and it is difficult to clean up the mess.
Why Did I Get Infected in the First Place? You probably trust the Internet too much . . . do you
- install freeware programs - P2P programs like Grokster, Imesh, Kazaa and others
- skip
installing the latest security fixes from Microsoft
- have an out-of-date installation of Microsoft's Java VM with bugs
exploited by browser hijackers
- allow Internet Explorer to run ActiveX controls
What Do I Do Now? There are at least three procedures to adopt, and we focus on the latter two:
- tighten the level of security in your browser
- update and run adware and spyware removal tools regularly
- update and run adware and spyware protection programs
toTop
Readme Before Using Cleanup Tools
Keep the following points in mind if and when you use removal tools:
- Only one sure method of removing all malware: reformat & reimage the computer
- Use with caution: these tools can remove legitimate components or system files
- No single detection/removal program does it ALL - use them in tandem
- You must decide if action is needed or not when using these applications
- It is up to you to not allow removal of files that are needed by the operating system
- If you are unsure whether a file is critical for your system, use Google to search for information on the file by name
Before using a specific tool, become more familiar with it:
Disclaimer: Use at your own risk. ITC takes no responsibility for loss of data or functionality that may result from your using these programs. |
toTop
Suggested Tools
These programs are either free or have a functional free version. Additional resources are listed in the Related Links section at the end of this document. The ideal defense would detect intrusions, enable you to clean them from your computer, and protect your computer from targeted installations. Some tools cover all three phases, others focus on only one phase.
Choose among the listed applications to cover these bases: adware, spyware, detection, removal, protection. Use the programs, one after the other, in a single cleanup session. Sometimes more than one pass is necessary to remove all debris.
If you have been gathering spyware and adware for a long time, you may not be able to clean all such programs from your computer. The mess may be so entangled that your only recourse is to reformat the hard drive and reinstall the operating system ( Back Up Important Files First ). With a fresh start, you can keep your computer relatively clean, resulting in better performance.
Disclaimer: To the best of our knowledge the following programs adhere to high standards and have earned a reputation as safe and effective. They may leave your computer crippled if the wrong files are removed. Back up all important files (My Documents, etc.) before using these applications. |
Protective programs ( * below) catch intrusions before your machine is infected.
Google: Your Friend
- not a program, but using it may save you from mistakenly removing necessary files. Enter the name of any file listed as suspect by one of these applications, and the references reported will help you know how significant the file may be.
AdAware SE Personal - (not recommended due to licensing restrictions for educational institutions). Since adware is often associated with the program that installed it, indiscriminate removal of listed files can cripple your computer, leaving you unable to run the program you need.
toTop
VX2 Cleaner - this add-on to AdAware enables one to remove a very difficult variant of the VX2.
VX2 is an IE Browser Helper Object. It can update itself and install other software. Instructions are at website.
HiJackThis -
(for advanced users) - this utility examines key areas of the Registry and your hard drive and lists the contents. These are areas which are used by both legitimate programmers and hijackers. It is up to you to decide what should be removed. Never "Select All & Remove". Such blanket removal might include items needed to run legitimate programs and add-ins. Once you run the application, save the log file and "cut & paste" its contents into the Logfile Analyzer. If you are unable to complete the cleaning using those results, check the expert advice on cleaning your system that is available through one of the Computer Tech Help Forums.
BHODemon - protects your computer from Browser Helper Objects (BHO) which are small programs that run every time you start an Internet browser.
Browser Hijack Retaliator - offers real-time protection for your IE Home Page, Search Page, bar and favorites.
IE Hosts file* -
blocks ads, banners, cookies, web bugs, and even most hijackers.
This also helps to protect your Privacy by blocking servers that track your viewing habits, known as "click-thru tracking".
IE-SPYAD* - A Registry file (IE-SPYAD.REG) that adds a list of sites and domains associated with known advertisers to the Restricted sites zone of Internet Explorer. Merge this list of sites and domains into the Registry, and the web sites will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs onto your PC. Included with IE-SPYAD are an installer (INSTALL.BAT) and an uninstaller (IE-ADS-UNINST.REG).
Microsoft Windows Defender* - Microsoft's antispyware program, Windows Defender, is available to Microsoft Genuine Advantage users (OS installation can be verified as a legal copy). It appears to do a thorough job of both scanning your system for spyware and protecting it from the spyware in its definitions file, which can be automatically updated.
Spybot S&D (for Search & Destroy) - a free utility that can start in two modes: Easy mode for new users who want just the basic features, and Advanced mode for professional users and those who want more control. Both modes are available in the free version.
SpySweeper - ITC has a multi-user license for this product. So that we can account for each copy, you must download from our Distributed Software Database. Once your information is entered you will be given a product key.
SpywareBlaster* - prevents
spyware from installing in the first place, and it does not have to be running in the background to do its job. Free for personal and educational use.
SpywareGuard* - a complementary program to SpywareBlaster
that gives real-time protection to your system. Free for personal and educational use.
SpywareBlackList File* - blocks all known "bad" ActiveX controls from running inside Internet Explorer.
For a full technical explanation how this works, look at this
Microsoft article. Free for non-commercial, personal use.
toTop
Take the challenge - Run Browser Security Tests after cleaning your system . . .
Jason's Toolbox - See how close you can come to a fully protected system. Running the tests should help increase your awareness of common threats and give enough information to avoid them. New tests are added frequently - run them on a regular basis.
How to Clean Your System
The steps below are minimal. For heavily infected machines, repeating these steps may be necessary. If you are running Windows XP, create a Restore Point before proceeding.
- Check the Add/Remove Programs Control Panel for unfamiliar entries
- Detect "Unwanted-ware"
- Clean your computer of such programs
- Protect your computer from unknowingly acquiring malicious programs
- Repeat cycle on a regular basis . . . weekly would not be too often
These programs must be used with discretion. Check the Related Links below for information on the applications. Become familiar with a program's effects before you use it. Do not remove everything that is listed without checking on the named file, program, Registry value, etc. If you remove a system file by mistake your computer may malfunction. Search for the file name with Google before you check it for removal. The tutorial Basic Spyware, Trojan And Virus Removal is highly recommended.
Disclaimer: The information provided on this page comes without any warranty whatsoever. Use it at your own risk. ITC does not endorse any program listed herein. Links are made only to free reputable resources. |
toTop
When removing both viruses and spyware - write down the steps you take. - BEFORE YOU BEGIN: Backup important files, preferences, etc.
- For viruses . . .
- Download & install virus definitions (using Live Update or Software Central)
- Re-start your computer in Safe Mode by tapping the F8 key (top row) repeatedly until you receive a menu and can select the Safe Mode option.
- Double-click "My Computer", right-click "Local Disk: C". Choose "Scan for Viruses".
- Record your results: names of viruses or other infestations
- Go to Symantec Antivirus Research Center Support, search for virus by name, and follow removal instructions provided
- Re-scan in Safe Mode. Your anti-virus software may not yet be working properly.
- Follow with one of these free online scans:
- PANDA SOFTWARE Free On-line Virus Scanner
- HOUSECALL
- SYMANTEC Free On-line Security Check
- For spyware, apply two or more detection/removal tools to your system
- Check for the latest version, then run the selected tool
- "When in doubt, leave it out" - if unsure about a file, leave it be
- Consult the tool's website for information on a questionable file
- Use google.com to search for named files - gather more information
- Check the Known Programs List at PC PitStop
- Re-run the tool until your system comes clean
- Follow with one of these free scans:
- SpywareGuide's scanner
- Earthlink's SpyAudit
- Install one or more of the protective programs ( * in list above) to catch intrusions before your machine is infected.
toTop
Suggested Best Practices
Scheduled Maintenance ? Absolutely!
- keep the operating system patched (schedule automatic Windows Update)
- keep virus definitions updated (schedule Norton Antivirus automatic update)
- keep the computer free of viruses by continually scanning (enable real time protection)
- make periodic backup copies of important files on at least two different media
- update the definition files for your Cleaning Tools before using them - each time
- clean your computer on a regular basis (weekly - more often if you use the Internet a lot)
- use caution when visiting "popular" web sites and be careful what you download
toTop
Related Links
The Applications: * = provides realtime protection
Browser Hijack Retaliator * - http://majorgeeks.com/Browser_Hijack_Retaliator_d4582.html
IE-SPYAD * - https://netfiles.uiuc.edu/ehowes/www/resource.htm
Microsoft Windows Defender - http://www.microsoft.com/athome/security/spyware/software/default.mspx
Spybot S&D Tutorial - http://spybot.safer-networking.de/en/tutorial/index.html
Spybot S&D features - http://spybot.safer-networking.de/en/features/index.html
SpySweeper - http://www.webroot.com/
SpywareBlaster * - http://www.javacoolsoftware.com/sbhowtoupdate.html
SpywareBlockList File* - http://www.spywareguide.com/blockfile.php
SpywareGuard * - http://www.javacoolsoftware.com/spywareguard.html
toTop
Forums:
SpywareInfo Support Forums - http://forums.spywareinfo.com/
Software Updates Forum - http://forums.tomcoyote.org/index.php?showforum=30
The Tech Guys Computer Help Forum - http://forums.techguy.org/
Tech Support Forums - http://www.techsupportforum.com/
TomCoyote Forum - http://forums.tomcoyote.org/
toTop
Online Scans:
NoAdware.net - http://www.noadware.net/
PestPatrol.com - http://www.pestscan.com/
SpywareGuide.com - http://www.spywareguide.com/
toTop
Additional Information:
Comprehensive discussion - http://www.intranetjournal.com/spyware/spyintroprint.html
Links to detection, removal, and prevention software - http://www.spywareguide.com/
Malware Removal and Prevention - http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Overview
PCHell - http://www.pchell.com/
Spyware Removal Tools - http://arstechnica.com/reviews/apps/spyware-removal.ars
SpywareInfo - forum, newsletter, software (untested) - http://spywareinfo.com/ Tools (untested) - http://www.thefreecountry.com/security/spywareremoval.shtml
Ewido Security Suite - removes trojans, backdoors, worms, keyloggers, dialers and other spyware - at http://www.ewido.net/en/
a² Free - provides protection against Trojans, Dialers and Spyware. a² fills the gaps that malware writers exploit - at http://www.emsisoft.com/en/software/free/
Tutorials - http://www.bleepingcomputer.com/tutorials/category38.html
Utilities - http://cexx.org/adware.htm
toTop |
