Spyware Removal....what is your approach

Y

y0bailey

Gawd
Joined
Mar 31, 2003
Messages
558
Alright....so I've had 2 computers this week give me hell and I'm wondering if my spyware/virus removal approach is bad. Take a look, let me know what you would change and why I'm not getting these little boogers. Also let me know your protocol for some helpful pointers.

1)Boot to Safe Mode with Networking
2)Install Spybot S&D, update it, immunize, then run a scan. Reboot when it asks.
2b)Install antivirus (if they don't have one) while scanning with spybot
3)MSconfig and uncheck most of the things I don't know what they are
4)Hijackthis 2.0 and iamnotageeks log analyzer...remove all things in red.
5)Reboot, run Adaware.
6)repeat this cycle and usually I get em all......just not lately.

Also I do windows updates in firefox while this is going on.



Where am I going wrong?
 
Did you make sure System Restore is off? If you're already compromised, turning system restore off will help prevent processes and files from reappearing.

Windows Defender? Also try SpywareBlaster for immunization.

One thing about Spybot is that some items are checked off by default to be ignored. Go into the advanced options and make sure all checked items are unchecked.
 
I work at an anti-virus company providing tech support for end users and have my own method for taking care of malware.

1.) I start the computer up normally, making note of CPU and RAM usage, taking down usual threads and their usage. I also turn off system restore.

2.) Reboot the computer into safe mode and insert my USB drive that has my portable applications and run Ad-aware SE, SpyBot S&D. Cleaning up all stuff they find.

3.) Reboot the computer into safe mode with networking (in case it's wireless) and do a few of the free online scans to check the system, clean up the files this finds.

4.) Reboot the computer normally and check the CPU and RAM and process' again. Repeat if necessary.

Notes: Adaware and Spybot conflict with most anti-virus programs so it's best to run them from a usb stick and not install them. Online scans are also good for this reason
 
Call me crazy but my first question would be, why didn't you already have some sort of protection already installed with some sort of active scanning? adware se pro offers it and any anti-virus now has some sort of spyware/malware detection. Why wait until your infected?
 
rxteenager said:
Call me crazy but my first question would be, why didn't you already have some sort of protection already installed with some sort of active scanning? adware se pro offers it and any anti-virus now has some sort of spyware/malware detection. Why wait until your infected?
Click to expand...

That's probably what he's asking the people that own the computers he's working on.
 
Baredor hit it on the nose.....These sure as hell aren't my computers.

One of them hadn't had a windows update since it was purchased....3 years behind on freaking XP. It was no fun plugging those holes.

I have tried and done what everyone said, but I never turned off freaking system restore! It never even crossed my mind since I have it disabled by default on my XP install.


I will give that a whirl when I get home and start messing with these pieces of crap.

Thanks guys.
 
Spybot and adware just don't seem to be able to cut it anymore. We have been putting spyware doctor on are clients machines that tend to get adware and shit on them. Before that we used webroots spysweeper. Spyware doctor is just the best we have really found. It slows down the boot of a system though. Between it and SAV(symantec) they can pull 80 plus megs at idle. Also spyware doctor seems to add a minute or 2 to the bootup. Even with this it seems to work like magic.
 
If and when I find one that sneaks by the AV program or because the damn program quit updating I first find it in the registry in most cases and kill its process, then delete from the registry and write its name down to find out more about it. Then boot into safe mode and ensure it is not in registry and not in the file manager. Then re-boot and ensure it did not come back, if it did then I reboot into safe mode and remove from reg and delete file again and create a 0 byte file in its name and read only, then re-boot and update virus scanner and run a scan to find the rest and all is well. I leave 0 byte file there as read only for future protection and make sure all windows updates are now complete. Normally takes less than 15 minutes to do this, minus the time for updating and system scan which of course vary by PC.
 
Also, I don't know what they're using for AV, but you could always install the NOD32 free trial - if nothing else, just to clean it up once (although I highly recommend they purchase it).
 
this is my routine for cleanups.

boot normally install AVG antivirus (doesn't install in safemode)
reboot into safemode with networking
install and run in the following order

cleanup40
adwareaway
avg antispyware
ad-aware
spybot
roguescan
vundofix
smitrem
hijackthis
avg antivirus
 
not really, it would take you longer to transfer all the data off the machine, format it. reinstall windows + the 90 something updates. then reinstall all your programs + copy the data back.
 
not with the pure amount of crap on these computers. One run of adaware is taking in the hours, not minutes. Take that over 5+ programs and a simple format with my automated disk + their CD key = win.
 
your making it sound like its to complicated and you want the easy way out. where as i do a handful of cleanups a week and i would say 99% of the machines don't have to be formated. you can clean everything off it.

its easy money. start the cleanup and you can walk away and do something else. come back run the next thing, walk away. using my method a cleanup can take anywhere from 1hr 30mins to 5+hrs, but i only have to be there for maybe 10-20mins of that.

now if this wasn't a consumers machine but a critical business machine, there wont be any data on it (should be on their server). a reimage is quicker.
 
I just format... usually by the time a clients machine gets to this stage, a format is WAY more beneficial.....
 
I use the tools mentioned above and also the Trend Micro online scanner. It's very effective at finding and removing "bad stuff". http://housecall.trendmicro.com/

Also, for "infested" machines, I use a Bart PE CD that I can boot the machine from and then scan with McAfee command line scanner. It really helps to have a clean OS environment.
 
Yes the trendmicro is good and so is http://bitdefender.com .. Adaware and other "Free" tools do not do quite as good of a job cleaning malware. There are other online scanners just google "online scanner".. As for MS Defender, I'm not to impresses by it since I've seen certain trojans get by it.. Just my .02
 
Disable system restore on an infected machine first..

Run CCleaner..eliminates MANY junk files...which saves YOU lots of time..it can be several gigs less of junk files on an infected machine..that ALL your scanners don't have to scan through.

After installing and updating apps...reboot into safe mode to scan/remove.

SuperAntispyware is the first anti ad/spyware app I install, I find it MUCH better than the other freebies.

Spybot S&D, update, immunize, scan

I don't use adaware anymore..don't find it useful, the above 2 combination does better

On some heavily infested machines, I do find Grisofts AS to be helpful

Antivirus, NOD32 on paid for, or if freebie...Kaspersky's AVS through AOL.

TCP/Winsock repair utility is always run.

Eusing registry cleaner (free) on heavy jobs.
 
QwertyJuan said:
I just format... usually by the time a clients machine gets to this stage, a format is WAY more beneficial.....
Click to expand...

Depends with us. Most of the time we will put effort in cleaning up the system(talking about business systems here). Thing is even if you get all the junk off a system it may not run right. In many cases it becomes a better option to reload. Just when we reload we then add more protection to it(in our case spyware doctor) to help stop the shit from comming back. We also do health checkups at a lot of our clients from time to time so in many cases we can catch a machine before it gets this bad.
 
i find it useful to pull the hard drive, stick it in an external enclosure and then plug it into a computer and scan it with as many programs as i have at my disposal.. this usually gets a good amount of stuff off.. then once its back in the computer it makes it easier to track down the rest..

but usually i am a quitter.. i do the first part.. put drive in enclosure.. and just copy off all the stuff and burn it to cd/dvd.. and then reformat... it saves so much time..
 
You must log in or register to reply here.
Back
Top