How to rid my computer of spyware and adware

4

2

I have a bit of a spyware problem.

I tried using How to Clean up a Windows Spyware Infestation to help get rid of the spyware/adware on my computer. I have autoruns and process explorer and got rid of the files that did not have a publisher or a company name. I restarted the computer and the same files came back. I got really lost towards the end of the article about the winlogon hooks and trying to find the bad handles and DLL files.

I don't want to delete the winlogon file because I won't be able to log in (according to the warning) and there isn't a publisher name like Microsoft corporation.

Joe Costello

Posted 2010-01-26T04:04:31.073

Reputation:

I do not recommend anybody to just blindly get rid of anything that does not have a Publisher/Company Name. That is stupid. That's almost like a Surgeon saying, "Hey, what's that? Is that an organ? It doesn't look like one. I think I should take it out." There are some services and processes installed by PC manufacturers which do not have a Publisher name or a Company Name and which are necessary. – jay_t55 – 2014-06-09T03:38:24.233

Answers

3

Sounds like you've removed all the files without a valid publisher using Process Explorer.

This is the part you might be stuck on:

Evil apps like to attach themselves to unkillable system processes. That way they can't easily be deleted and will magically "reappear".

As before, scan process explorer looking for processes with no valid publisher. Make note of the filenames of these processes. You now need to kill any active threads in unkillable system processes referencing these evil files.

Use the find function in Process Explorer to locate any live references to the evil files. The process properties dialog is where you want to end up, and then select the threads tab and click the Kill button for each evil thread.

Fire up Process Explorer and use the Find | Find Handle or DLL menu to locate all the instances of this DLL by name. (See, I told you this option was powerful.) Kill any open handles to this file that you find, exactly as we did before. But you'll need to go one step further. We know from the Autoruns that this DLL is likely to be attached to the Explorer and Winlogon processes, but let the find results be your guide. Double-click on any processes you found that reference this DLL. In the process properties dialog, select the Threads tab. Scroll through the threads and kill every one that has the rogue DLL loaded.

enter image description here

Once you've killed all the threads, you can finally delete the entries in Autoruns without them coming back. Reboot, and your machine is now completely free of spyware. I count 17 entries in Task Manager, exactly the same number as when I originally started.

Until you do this, the files will not be delete-able!

Jeff Atwood

Posted 2010-01-26T04:04:31.073

Reputation: 22 108

2

To solve the problem you can use

http://free-av.com/en/tools/12/avira_antivir_rescue_system.html

to scan and clean your harddrive completely.

But depending on what you have installed on your system you have to reinstall the system (don't forget to first copy your important data with for example ubuntu-live-cd or knoppix - google for download-links).

Additionally:

  1. scan your system with the already named avira-antivir rescue cd (remember to change the settings to preferred rename the found files)
  2. install spybot search and destroy; run it and search for spyware (often spybot search and destroy does a good job in deleting stuff
  3. install hijackthis, open and scan, copy and paste the log to the hajackthis-website-check and read the shown information
  4. install a good antivirus-program (for example from kaspersky, panda cloud antivirus or AVG Antivirus)
  5. install all system-updates! and the latest version of your favourite browser!

BasisBit

Posted 2010-01-26T04:04:31.073

Reputation: 188

1

The most effective, yet disruptive, way to rid a computer of spyware and adware is to format and reinstall.

Next, I would try using the free solutions and tools that are already on most Windows machines.

Go to Start > Run and type in "mrt.exe" to run the Microsoft Windows Malicious Software Removal Tool. The title bar for the program should have a recent month and year in it to let you know it has been recently updated. Select "full scan" and let it do it's job.

You may also have Windows Defender installed. Run it.

You you might have Microsoft Security Essentials, a free antivirus tool from Microsoft. If not, you may search for and download it.

Lastly, visit onecare.live.com and click on "Safety Scanner." An Active-X program from Microsoft will scan your computer for malware.

Jason Pearce

Posted 2010-01-26T04:04:31.073

Reputation: 206

I don't know that Active-X is the best thing to use when dealing with malware. – Nathaniel – 2010-01-26T05:46:43.570

1

A free software I really like for this kind of mission is Spybot Search and Destroy, http://www.safer-networking.org/index2.html.

Easy to use and effective.

Glimmet

Posted 2010-01-26T04:04:31.073

Reputation: 131

0

I'd recomment giving VIPRE from Sunbelt Software (www.sunbeltsoftware.com) a try.

There's a 15 day trial, and as far as I can tell no limit to the functionality during that time.

cometbill

Posted 2010-01-26T04:04:31.073

Reputation: 611

There are so many Companys making different Anti-Malware-programs which are partly even free (some just for private use, some for all). And often antirus-programs like for example GDATA Antivirus or Tobit Antivirus 'just' use the search-engine and guard of for example McAfee or Kaspersky or Panda. I personally wouldn't trust in a so called Security-Solution of a unknown and small company because these companys most time don't have the experience/know-how and are more likely then the big ones to release updates which cause make your AntiMalware program go crazy (delete imprtant system-files). – BasisBit – 2010-01-27T00:57:01.693

I have been using Sunbelt Personal Firewall, and CounterSpy for years, and recently moved from CounterSpy to VIPRE without hesitation. I have never suffered a virus or malware infection on my machines while using Sunbelt's products, whereas my sister, who does use one of the 'big boys' products has had a machine riddled with trojans, spyware and adware.

I too have used Norton / Symantec in that past, and have problems with the software hanging my machine. – cometbill – 2010-01-27T10:06:26.220

Sunbelt Software have beemn in the field since 1994, and in this last year added a Anti-virus component to the lightweight scanning engine of CounterSpy and released it as VIPRE. I cannot recommend this product highly enough. I got Norton free with my laptop when I bought it, and would not allow that anywhere near my new hardware, such is the bad experinces I have had with Norton and Symantec products in the past. – cometbill – 2010-01-27T18:18:05.187

Asked: 2010-01-26T04:04:31.073

Viewed: 518 times

Active: 2011-10-24T04:51:01.977