Category: Operating System Security :: Windows :: Anti-spyware
3/9/05
Rev 1.0 :: draconius
Spyware Section added
3/9/05
Rev 1.0 :: draconius
Spyware Section added
See the Security FAQ for all the details
Respect to all the people who helped make the Official [H] Anti-Spyware thread,and the Rampant Paranoia 101 thread where much of this information comes from.
This thread is all about those things we have come to know and love as spyware. Removal tools, information, and helpful software and tips on how to avoid it in the first place are seen below:
(remember...RTFM and google first, try it yourself, then ask questions please!)
- Spyware Removal (Tools, Tips)
- Spybot Search and Destroy 1.3 FinalWith the release of 1.3, there are two new features that will start to help you cut of Spyware before it starts...though some do slip through. TeaTimer is a new feature that will prompt the user to allow or disallow any registry changes. A bit on the annoying side, but worth the effort. ResidentIE is a feature that will block some tracking cookies. Double Click and Avenue A are some of the most prevelent on the net.
- Adaware SE
Adaware has been around for a while and has done a good job. This should be one that is always installed on a machine. Update it often for best results.
- Adaware SE
- HiJackThis!
HiJackThis is a new software that shows you exactly what is running currently. This program will not scan all files and registries... It creates a log file that one can analyze later and can post online for others to review.
Information | Download
Information | Download
- CWShredderthis is another small application written by merijn, however it does one thing that Spybot and Adaware do not: it will kill off CoolWebSearch however, see the quote below for a bit of info!
Information | Download
-
merijn said:[font="]There is a variant of the Coolwebsearch trojan spreading that closes several anti-spyware apps when you try to open them. [/font][font="]If this is happening to you, download PepiMK's CoolWWWSearch.SmartKiller removal tool first and run it. After it does its job, CWShredder and HijackThis will run properly (as well Spybot S&D, Ad-aware and several anti-spyware forums).[/font]
- Spyware Removal Guides
- Review Schadenfroh's excellent Spyware Removal Guide
- Read Junkware 101 @ overclockinghq
- Look at how we do on the [H]: Spyware Removal Procedures
- Read Ice Czar's Outline Below:
-
Ice Czar said:Frist run Adaware (freeware edition), Spybot (freeware)
and CWShredder (freeware) CWTrojan removal tool a which is common hijack mechanism
then run HijackThis (freeware)
then post your log at Spywareinfo forums read the FAQ 1st
HijackThis reports classes of aps, processes and registry keys where hijackware gets entered
legitimate aps and malware are both reported, so you need to know the difference
after they help you get cleaned up
make a note of which aps have vaild entries (make a copy of the legitimate log file)
and run hijackthis after you install legitimate software so you can note new entries
(replace the copy of the legitimate logfile)
its then real easy to spot new invalid entries
-
- Spyware Avoidance!
- Don't use Internet Explorer! Here are some alternative Browsers
- Dont use Outlook / Outlook Express! Here are some alternative email clients:
- Mozilla Thunderbird
- more?
- If you must use IE, here are some good tips:
-
Shado2351 said:Internet Explorer - Strict Internet Options
To make IE safer for browsing, you can adjust your internet options. The idea is to have security on high and cookies off for all sites that are not trusted. This can be annoying for sites that you don't have as trusted or set to allow cookies because you don't frequent those sites, but it's worth the trouble if you use IE.
In Internet Explorer: (always click apply after making a change)
tools>internet options>advanced tab
uncheck "install on demand(internet explorer)"
uncheck "install on demand(other)"
select "do not search from the address bar" //limits the effects of some browser highjackers
privacy tab:
click the "advanced" button
check "override automatic cookie handling"
select "block" for both first and 3rd party cookies
make sure "always allow session cookies" is unchecked.
Then, no sites will be able to set cookies unless you click the "edit" button under the privacy tab, type the site/domain and click "allow".
security tab:
Set the internet and restricted zones to "high"
Set the trusted and local zones to "default level" (click apply) and then change them to medium (make sure to click "apply" again).
Click the "custom level" button for the trusted zone and disable "user data persistence".
Click the "custom level" button for the trusted zone and disable "user data persistence".
Now javascript, java and activeX will be disabled for all non-trusted sites.
select the trusted zone and click the "sites" button.
uncheck "require server verification"
Add your trusted sites. e.g.. *.microsoft.com *.hardforum.com
[*]If that's not your game, try these different apps
- Execution Protection\Patches
- WormGuard (with exe protection)
- WSH Anti-Polymorphism Patch (freeware)
- AnalogX Script Defender (freeware)
- Symantec's noscript.exe
- Spyware Blaster
-