Re: Deleting Troublesome Adware

From: Robert McClenon (robert.mcclenon_at_verizon.net)
Date: 11/28/04 

Date: Sun, 28 Nov 2004 15:32:29 GMT

On 27 Nov 2004 17:59:15 -0600, Chuck <none@example.net> wrote:

>On Sat, 27 Nov 2004 18:18:05 GMT, Robert McClenon <*email_address_deleted*>
>wrote:
>
[snip]
>>
>>Thank you. I tried it, but I didn't find any of the registry entries.
>>
>> - - Bob McClenon
>
>Bob,
>
>For spyware, running the Windows Uninstaller, and manually deleting registry
>entries, is a waste of time. HijackThis, and expert advice, is essential.
>
>Start by downloading each of the following free tools:
>AdAware <http://www.lavasoftusa.com/>
>CWShredder <http://www.majorgeeks.com/download4086.html>
>HijackThis <http://www.majorgeeks.com/download.php?det=3155>
>LSP-Fix <http://www.cexx.org/lspfix.htm>
>WinsockXPFix <http://www.spychecker.com/program/winsockxpfix.html>
>Spybot S&D <http://www.safer-networking.org/index.php?page=download>
>Stinger <http://us.mcafee.com/virusInfo/default.asp?id=stinger>
>TrendMicro Engine <http://www.trendmicro.com/download/dcs.asp>
>TrendMicro Signatures <http://www.trendmicro.com/download/pattern.asp>
>TrendMicro Instructions <http://www.trendmicro.com/ftp/products/tsc/readme.txt>
>
>Create a separate folder for HijackThis, such as C:\HijackThis - copy the
>downloaded file there. Create a separate folder for the two TrendMicro files,
>such as C:\TrendMicro - copy the downloaded files there (unzipped if necessary).
>AdAware, CWShredder, and Spybot S&D have install routines - run them. The other
>downloaded programs can be copied into, and run from, any convenient folder.
>
>First, run Stinger. Have it remove any problems found.
>
>Next, close all Internet Explorer and Outlook windows, and run CWShredder. Have
>it fix all problems found.
>
>Next, disable System Restore.
><http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm>
>Boot your computer into Safe Mode.
>http://support.microsoft.com/?id=315222
>Run C:\TrendMicro\Sysclean.com. Delete any infectors found. Reboot your
>computer, and re enable System Restore.
>
>Next, run AdAware. First update it ("Check for updates now"), configure for
>full scan (<http://forums.spywareinfo.com/index.php?showtopic=11150>), then
>scan. When scanning finishes, remove all Critical Objects found.
>
>Next, run Spybot S&D. First update it ("Search for updates"), then run a scan
>("Check for problems"). Trust Spybot, and delete everything ("Fix Problems")
>that is displayed in Red.
>
>Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
>HJT Log.
><http://forums.spywareinfo.com/index.php?showtopic=227>
><http://forums.spywareinfo.com/index.php?showtopic=11150>
>
>Finally, have your HJT log interpreted by experts at one or more of the
>following security forums (and please post a link to your forum posts, here):
>Aumha: <http://forum.aumha.org/index.php>
>Net-Integration: <http://forums.net-integration.net/>
>Spyware Info: <http://forums.spywareinfo.com/>
>Spyware Warrior: <http://spywarewarrior.com/index.php>
>Tom Coyote: <http://forums.tomcoyote.org/>
>
>If removal of any spyware affects your ability to access the internet (some
>spyware builds itself into the network software, and its removal may damage your
>network), run LSP-Fix and / or WinsockXPFIx.

I will refer back to your post any time that I have a problem with
spyware again. I did remove the spyware this time. What I did was to
restart Windows, then open the Task Manager and cancel all of the
processes that I didn't recognize, and then drag the spyware/adware to
the Recycle Bin, and then empty the Recycle Bin, and then restart
Windows. That seems to have worked.

Thank you for your advice.

     - - Bob McClenon