Jay Lee’s Patented Spyware Removal System
June 26, 2006
A comprehensive “how to” based on the experiences of Jay Lee, host of Technology Bytes Radio
Updated 8/10/2005
First of all, there is no “sure fire” way to explain in a document how to rid yourself of all spyware and browser hijacks. Depending on the level of infestation this process will either eliminate it all or, at the very least, most of the problems you might be experiencing as a result of this epidemic. In some cases the infestation is so deep and so pervasive that a skilled technician is required to sit down at the troubled PC and duke it out using all the skills he has to literally rip the infection out and still maintain the functionality of the computer.
In this document I will outline the method I use to remove spyware from computers that I encounter.
The first thing you want are the tools. There are numerous companies offering programs that claim to remove spyware from your computer. Some are legitimate and others are not. Some are free and others are not. My experience has led me to several free and extremely effective software applications. The first step will be for you to download and install these program onto the computer you are working with.
Windows Defender. Microsoft finally entered into the spyware fray and their product is, in my experience, one of the the best tools for detecting and removing spyware. Requires XP SP2 or Windows 2000 with all the latest service packs.
Adaware 2007 You can download the free version here. Adaware SE has come a long, long way and is very effective in detecting and removing spyware.
Spybot Search and Destroy. Written by Patrick Kolla, this program is one of the original tools for the removal of spyware. At this time the current version is 1.4. If you are using version 1.2 or 1.3 you must download the latest version to be up to date. The internal update feature of this application will not update the program version. Download version 1.4 from the Spybot home page.
The reason I mention all three of these tools is that my experience has shown that while none of them remove it all, the three used together seem to get the majority of the infestation cleaned up.
Download these programs. If the infected computer cannot access these downloads then download them to another PC and burn them to CD or put them on a portable USB drive so that you can then bring them to the infested computer.
After installing the applications on the infested computer it is important to update the programs. Since spyware is changing daily the makers of these programs offer updated definition files much like anti-virus programs do.
Each program has an update option. Locate the menu and run the update.
Once all the programs are installed and updated you will want to begin the scanning of your system. I recommend closing all applications and rebooting into Safe Mode prior to performing the scan.
In my experience it is safe to remove anything these scans find.
Another step I suggest is checking the Add/Remove Programs Control Panel. Sometimes certain adware and spyware program will have an uninstall option. They are not always obvious. If you don’t recognize the installed program try searching for it on Google.
One of the tricks that the makers of spyware and adware will employ is a complicated uninstall process. They might ask you if you are really sure, others make it where you have to type in a code and others use confusing wording that can lead to no uninstall at all if you are not paying attention.
This next section is more for advanced users.
Advanced Removal Tools
For more advanced spyware removal there is a tool called Hijack This. Be careful with this tool. It will show you all the things that load when you start your PC and allow you to remove them. This tools shows the good and the bad and makes NO distinction between the two.
One more advanced tool you might want to have on hand is LSPFIX. Some adware and spyware programs install a wedge between the system and the TCP/IP stack. TCP/IP is how your computer communicates with the Internet. I have had experiences where the removal of the spyware will actually cause the computer to no longer have the ability to access the Internet.
LSPFIX is a tool that will remove the wedge. This tool is NOT intuitive. It will make an effort to correct the TCP/IP problem and should ONLY be used in default mode and ONLY if your computer can no longer access the Internet at all after the removal of spyware.
For information on what spyware is I refer you to this article written by Dwight Silverman of the Houston Chronicle.
Posted in PC Maintenance, Spyware
content rss
July 15th, 2006 at 1:19 am
have you had any luck with ewido anti-spyware that is at the AVG download site. It seems to protect automaticly and is doing a better job than the beta microsoft program that missed a spy that required a complete drive format. I feel immune with the AVG setup, try it, its gratis.
July 15th, 2006 at 5:36 pm
Ewido is an EXCELLENT program. I need to use it more to see just how capable it is.
August 5th, 2006 at 5:48 pm
Hi Jay,
Thanks for the info regarding spyware. It is very helpful.
I am currently running both Spybot as well as Spyware Doctor . . . . is that not duplicitous? Should I drop one of those and ad Adaware?
Also, what can you tell me about anti-virus software?
My Norton Anti-Virus just expired. I’ve been told to change to McAfee by some because of the problems caused by Norton.
Others advise me to get a product by CNET, the name of which I have forgotten.
I am really confused. I need help with this issue, because I do not want to be ‘unprotected’ for very long!
Your input would be really appreciated.
Thank You,
arie
August 6th, 2006 at 4:00 am
I have yet to find one anti-spyware program that detects and removes em all. That’s why I have the three listed in my outline.
As to anti-virus, check out AVG from http://free.grisoft.com
August 14th, 2006 at 8:44 pm
What’s the difference between Windows Defender and Windows Malicious Software Removal Tool? Do we need both?
August 15th, 2006 at 2:05 am
It doesn’t hurt to have both.
August 22nd, 2006 at 8:31 pm
I’d like to suggest the use of SpywareBlaster
from
http://www.javacoolsoftware.com/spywareblaster.html
I’ve been using this for years and rarely have
any spyware problems.
August 22nd, 2006 at 11:25 pm
II want to download Spybot Search and Destroy, but am not familiar with what the website is asking regarding a “mirror”. Four options are given. Two of which I know are not appropriate. The other two are:
BN FileForum
PlanetMirror W
hat is a “mirror”? and Which “mirror” should I choose?
Thanks.
August 23rd, 2006 at 3:31 am
A mirror is an additioinal website that offers a download of the software. Because it is linked from the original site, you know that you can trust what you are downloading. Essentially, the mirror allows other websites to share the load of people wanting to download software. It can be bandwidth and server intensive.
You can choose whatever mirror is closer to you (usually as long as it is in the same country as you it doesn’t matter).
Does that answer your questions?
Peter
August 23rd, 2006 at 2:17 pm
Yes! Thank you.
September 20th, 2006 at 2:23 pm
I have been playing with EWIDO, here at work, for about two months. There are two versions, an free online scanner and the downloadable 30-day trial version.
I have included EWIDO in my battery of anti-spyware tools because it does something MS Defender and Ad-Aware does not do, it scans the files used by Mozilla’s Firefox. Normally I use the online scanner and save the trial version to erradicate the tough little critters in safe mode.
October 3rd, 2006 at 10:28 am
We remove Spyware and all malware infections daily in our shop.
Someof the tricks we learned in removing any Malmare is,
#1. Update all your Malware Removal Tools (Anti-Spyware-Anti-Virus)
#2. Open all your hidden files
#.3 Shut off System restore (Malware can now hide in system restore on the disk)
Opening all hidden files allow your malware removal tools to scan hidden files, including System Restore Partition.
#4. Set your Hard Drive or drives to “Slave Drive” Settings (unplug your CD Player)
#5. Ready…Run the your Removal tools 2 times.
#. 6 If the system needs Tmp files and defraging
do this at the time your finished in safemode cleansing
your system.
7. now boot up, run all Microsoft Updates, Security Patches…
Have your MS updates Set to auto. down load the Upgraded Version of Internet Explorer 7.0 it is now almost a copy cat of Firefox (Which Microsoft Called Out for Help from Fire Fox)
We have had great luck with “Spydetector” and Ewido…
Plus for Anti-Virus we have been beta testing “Solo Anti-Virus” and Using of course AVG…and now beta testing AVAST.(Avast is more for 64 bit-like in Windows VISTA)
Sheehan O’Brien MCSE-CNA
Compu-Tek of Tampa Bay
http://www.slowcomputeronline.com
April 22nd, 2007 at 11:52 am
I was having a nervous breakdown yesterday because of my computer problem. Found your column of January 04, 2007 got on http://www.atribune.org, downloaded VundoFix; completely corrected everything. ( I had found other “fixes’ previously that would temporarily alleviate the problem but it would immediately return. ) This one really fixed it.
Thank You so much.
April 26th, 2007 at 4:47 pm
I have read your articles on spyware, spybot,etc, and they all cost money.Is there any free spyware programs?
Hutch
May 7th, 2007 at 8:31 am
Leonard, I don’t understand your problem…
AdAware, SpyBot Search and Destroy, and Windows Defender are the spyware tools Jay recommends, and they are all free.
AVG is the anti-virus, and it’s free.
I would personally add that everyone should be running a firewall. The one built in to XP is not good enough, IMHO.
I would suggest the free version of ZoneAlarm.
What might be confusing you, Leonard, is that the companies that make these programs usually have an advanced version that you have to buy.
Some sites can make it hard to find the free version, because they want you to buy the ‘full’ version. Just keep navigating, you’ll find the gold eventually!
June 21st, 2007 at 6:03 pm
really enjoy your chronicle column every tuesday. thanks.
August 9th, 2007 at 12:47 pm
Do you have an opinion on ESET’s NOD32? Is it comprehensive enough?Thanks. Bill
August 24th, 2007 at 12:06 pm
No personal experiece with this product…
But you might want to read the review from PC World
NOD32 has the best proactive protection by far, but its overall malware detection is second-tier, and it has an overly technical interface.
Read more…
July 21st, 2008 at 10:53 am
NOD32 is GREAT! When I was researching which new Anti-Virus to get (because Mcafee turned to crap-ware) I settled on NOD32. It was a dead-tie between Kaspersky Anti-Virus and NOD32. They both caught everything that was thrown at them in all the tests I could find, but NOD32 has a MUCH smaller foot print and is super light on the computers resources. (IMO Kaspersky is a little pricey too.) I think there has been an update pretty much everyday since I installed aswell. True NOD32 may not have an “Idiot-Proof” interface catering to the non-tech saavy, but I personally prefer it that way. Functionallity - Frills = Happy Coumputer Guy! As far as I know NOD32 does strictly Viruses though not spyware. In my experiences, a program that tries to do both, ends up doing niether very well(McAfee,Norton). Smart surfing will go a long, LONG way. I usually use a battery of spyware removal tools, most of which have been listed or mentioned here to clean off spyware (usually off of friends computers). Just my two cents though.
PS If memory serves, VundoFix specifically removes variants of the VirtuMundo virus. I did battle with that thing last year on a couple different boxes and it is a BEAAST! As far as I could tell VirtuMundo actively goes out and downloads more spyware onto systems (and who knows what else). None of the scanners could kill it and only two of them even Identified it…Found a couple different custom fixes (like the VundoFix listed above) and they ended up finally doing it in. Granted that was a while ago so the situation may have changed in regards to the scanner situation since then.