It's good to know that most people are educated enough to use Adaware or Spybot or SpySweeper, but running these programs will not get rid of everything. In this post I will give an overview on how to get rid of ALL spyware, garunteed!
Note: You will probably want to download the programs and updates listed here BEFORE going into safe mode. It is best to download them off another computer and burn them to a CD or put them on a USB drive. If your internet does not work in safe mode, and you need it, try "Safe Mode with Networking".
First, turn off System Restore. Right-click My Computer, and click on the System Restore tab and turn it off there. You can turn this back on when you are finished this.
You are going to want to preform all operations in "Safe Mode".
Reboot your computer, and hit "F8" right before Windows starts to load. Then choose "Safe Mode" on the list.
Once you're in safe mode, you are going to want to clean up all unnecessary garbage on your computer. to start, delete these folders:
C:\temp
C:\windows\temp
C:\documents and setings\"your user name"\local settings\temp
C:\documents and settings\"your user name"\temporary internet files
Note: some of these folders may not exist
Then, from My computer, right-click the C: drive, and hit properties. Click on "Disk Cleanup", and delete everyhing it finds.
Next, you are going to want to run some programs.
First, download and run "Microsoft AntiSpyware, found here:
Microsoft AntiSpyware
After it is done downloading, install and run the program. Wait for it to finish scanning, and let it repair and delete everything it finds.
Reboot your computer, again into safe mode. Now, download Spybot
SpyBot
and Adaware
AdAware
Install and run both these programs, and fix everything they find.
Then, reboot again into safe mode.
*This next part is more tricky and require user discretion on what to fix*
First, click Start and Run, and type "msconfig". In this program, clickthe "services" tab. Click the "hide all microsoft services" box first.
Uncheck the box of everything that looks bad, such as "WinTools" or "eBates". If you see something familiar, such as "Norton services" or "wan miniport driver" or anything you are unsure of, leave it checked.
Next, move to the last tab, "Startup". Uncheck the box of anything that looks malicious, such as "Webrabate01" or "zdrwerxdf.exe" check where the program is stored, the filepath, and make sure it isn't something that you want. Files stored directly in C:\. C:\windows or C:\windows\system32 are a bad sign, especially if thier filenames look random.
After you are done, hit "Apply", "Ok" and then reboot, yet again, into safe mode.
Now you need to download HijackThis, a great program for deleting all kinds of hidden spyware. You can download it for free here:
HijackThis
Install it and run "System Scan". After it finishes searching, you will have a large list of items. Read each one and check the box if it looks bad. Most of the things listed will be bad, but some thing such as printer utilities, and antivirus services will be listed too. You can probably go ahead and delete all BHO's, and anything that looks very weird, or you don't recognize as something you use or installed, check the box. When you are done, hit "Fix selected items". It will make backups, just in case. when this is done, you are probably totally virus and spyware free, or very close to it.
If you cannot access the internet, it is probably beacuse of LSPs, you can download the LSP fix utility here:
LSP Fix
Run the program, and click "I know what I am doing". Then click Finish" it will remove everything in the remove catagory. If there is nothing in this catagory, then your system is probably clean from LSP exploits.
*This last part requires more knowledge on what to delete and what to keep*
First, go into My computer, then click tools, and hit folder options. Go to the view tab and click the "Show hidden files" button. Additionaly, uncheck "hide file extensions for known types" and DO check the "show contents of system folders" boxes.
To make things easier, Click the folders button at the top of the screen to make a tree view. Then goto view --> details, and click arrange icons by type. Then go back to the folders options, view and hit "apply to all folders".
Now, open up "My Computer" and browse to the Program Files directory. Delte any folders that you see to be obviously spyware. Make sure you look in C:\program files\common files too. Culprit folders will look like Mysearch, GAIN, Lycos, istbar, Save, Wildtangent (wt), and many others that look like possible adware.
If you are more proficient at checking your operating system, look in the C:\, C:\windows, and C:\windows\system32 folders for culprit .exe files, such ass hidden .exe's and garbled names or obvious spywareware files. Somecommon ones may be:
-msbb.exe
-anything with a spyware name as an installer
-rundll16.exe
-lasas.exe
-ie.exe
-etc...
After all this is done, reboot one last time to make sure everything is working, and then empty the recycle bin. Your system should now be fully cleaned, anything that gets past this will probably mean you will have to wipe your system out.
Note: You will probably want to download the programs and updates listed here BEFORE going into safe mode. It is best to download them off another computer and burn them to a CD or put them on a USB drive. If your internet does not work in safe mode, and you need it, try "Safe Mode with Networking".
First, turn off System Restore. Right-click My Computer, and click on the System Restore tab and turn it off there. You can turn this back on when you are finished this.
You are going to want to preform all operations in "Safe Mode".
Reboot your computer, and hit "F8" right before Windows starts to load. Then choose "Safe Mode" on the list.
Once you're in safe mode, you are going to want to clean up all unnecessary garbage on your computer. to start, delete these folders:
C:\temp
C:\windows\temp
C:\documents and setings\"your user name"\local settings\temp
C:\documents and settings\"your user name"\temporary internet files
Note: some of these folders may not exist
Then, from My computer, right-click the C: drive, and hit properties. Click on "Disk Cleanup", and delete everyhing it finds.
Next, you are going to want to run some programs.
First, download and run "Microsoft AntiSpyware, found here:
Microsoft AntiSpyware
After it is done downloading, install and run the program. Wait for it to finish scanning, and let it repair and delete everything it finds.
Reboot your computer, again into safe mode. Now, download Spybot
SpyBot
and Adaware
AdAware
Install and run both these programs, and fix everything they find.
Then, reboot again into safe mode.
*This next part is more tricky and require user discretion on what to fix*
First, click Start and Run, and type "msconfig". In this program, clickthe "services" tab. Click the "hide all microsoft services" box first.
Uncheck the box of everything that looks bad, such as "WinTools" or "eBates". If you see something familiar, such as "Norton services" or "wan miniport driver" or anything you are unsure of, leave it checked.
Next, move to the last tab, "Startup". Uncheck the box of anything that looks malicious, such as "Webrabate01" or "zdrwerxdf.exe" check where the program is stored, the filepath, and make sure it isn't something that you want. Files stored directly in C:\. C:\windows or C:\windows\system32 are a bad sign, especially if thier filenames look random.
After you are done, hit "Apply", "Ok" and then reboot, yet again, into safe mode.
Now you need to download HijackThis, a great program for deleting all kinds of hidden spyware. You can download it for free here:
HijackThis
Install it and run "System Scan". After it finishes searching, you will have a large list of items. Read each one and check the box if it looks bad. Most of the things listed will be bad, but some thing such as printer utilities, and antivirus services will be listed too. You can probably go ahead and delete all BHO's, and anything that looks very weird, or you don't recognize as something you use or installed, check the box. When you are done, hit "Fix selected items". It will make backups, just in case. when this is done, you are probably totally virus and spyware free, or very close to it.
If you cannot access the internet, it is probably beacuse of LSPs, you can download the LSP fix utility here:
LSP Fix
Run the program, and click "I know what I am doing". Then click Finish" it will remove everything in the remove catagory. If there is nothing in this catagory, then your system is probably clean from LSP exploits.
*This last part requires more knowledge on what to delete and what to keep*
First, go into My computer, then click tools, and hit folder options. Go to the view tab and click the "Show hidden files" button. Additionaly, uncheck "hide file extensions for known types" and DO check the "show contents of system folders" boxes.
To make things easier, Click the folders button at the top of the screen to make a tree view. Then goto view --> details, and click arrange icons by type. Then go back to the folders options, view and hit "apply to all folders".
Now, open up "My Computer" and browse to the Program Files directory. Delte any folders that you see to be obviously spyware. Make sure you look in C:\program files\common files too. Culprit folders will look like Mysearch, GAIN, Lycos, istbar, Save, Wildtangent (wt), and many others that look like possible adware.
If you are more proficient at checking your operating system, look in the C:\, C:\windows, and C:\windows\system32 folders for culprit .exe files, such ass hidden .exe's and garbled names or obvious spywareware files. Somecommon ones may be:
-msbb.exe
-anything with a spyware name as an installer
-rundll16.exe
-lasas.exe
-ie.exe
-etc...
After all this is done, reboot one last time to make sure everything is working, and then empty the recycle bin. Your system should now be fully cleaned, anything that gets past this will probably mean you will have to wipe your system out.