|
How to remove spyware manually
|
System-savvy users can use Windows' built-in tools to root out spyware infections. Yes, there's regedit, but don't overlook the simple disk search. Depending on your setup, you can even manually unregister DLLs that keep reinstalling the nasties. None of these tips is for the faint of heart, and they could prove especially dangerous to people who don't regularly back up their data.
Flay your files and folders Once you've identified a culprit, you can search for its related files. We like to run Bazooka Adware and Spyware Scanner, a quick little app that identifies--but does not remove--adware. It can ferret out fragments, such as folders and text files, that other programs might miss. Even better, Bazooka then links to a comprehensive online list of associated files and step-by-step removal instructions.
To find and eliminate what files and folders you can, start with Windows' search utility. Mark the Advanced Search check box and opt to examine system folders, hidden files and folders, and subfolders. Once the scan is complete, you can right-click the results to learn more about the file properties, open the containing folder, or send it to the Recycle Bin. If Windows can't delete the DLL (or OCX) file because it's in use, it's time to break out the Run command.
Get the DLL out Some spyware uses an ActiveX control to keep reinstalling itself. Usually it's a DLL file, but sometimes the file ends in ocx. Until recently, we'd been using regsrv32.exe to eliminate these files, but that requires that you know and can correctly type the pathname for the miscreant. If you want to take this route, head to the Start menu, initiate the Run command, and type regsvr32 /u full-filepath\yourdll.dll. The /u switch means unregister; to register a DLL, you just leave those characters out.
However, we've also run across a nifty shortcut that saves time and sometimes works where regsvr32 fails. In brief, you type rundll32 yourdll.dll,DLLUnregisterServer into the Run command, and voila! (All you have to do to register a DLL is enter DLLRegisterServer instead.) Senna Spy even includes directions on turning this command line into a right-click context-menu item. If rundll32 doesn't fix your problems, hit the registry.
Break your computer Using the results from Bazooka, information from reputable online forums, or just your nerve, you can lay waste to spyware by scouring your registry. Before you do anything in the Registry, be sure to back it up. Go to the Run command and type regedit to open your registry editor. Under the File menu, select Export. In the Export window, make sure to save All Files to the folder of your choice. If, for instance, you can no longer run Internet Explorer after you finish deleting keys, you can go back into the registry and restore it by importing the saved reg file.
Bazooka lists exact locations where you can expect to find spyware keys. Removing them is much quicker if you plug their IDs into the Find command on the registry's Edit menu. You can also--and this is where you really want to watch your backed-up step--go through the software keys to find leftover program entries. Here's a list of folders to poke around in:
HKEY_CLASSES_ROOT (Be very careful here; when in doubt, leave it alone.) HKEY_CURRENT_USER\Software HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer HKEY_CURRENT_USER\Software\Microsoft\Windows\Run (where many start-up programs live) HKEY_LOCAL_MACHINE\Software HKEY_USERS\Software (rare, but some programs leave junk in there) HKEY_USERS\long-variable-string\Software
|
|
|
|
|
|