Post: #1
Title: How to remove spyware manually
Author: أبوالريش
Date: 11-21-2004, 08:23 AM
System-savvy users can use Windows' built-in tools to root out spyware infections. Yes, there's regedit, but don't overlook the simple disk search. Depending on your setup, you can even manually unregister DLLs that keep reinstalling the nasties. None of these tips is for the faint of heart, and they could prove especially dangerous to people who don't regularly back up their data.
Flay your files and folders
Once you've identified a culprit, you can search for its related files. We like to run Bazooka Adware and Spyware Scanner, a quick little app that identifies--but does not remove--adware. It can ferret out fragments, such as folders and text files, that other programs might miss. Even better, Bazooka then links to a comprehensive online list of associated files and step-by-step removal instructions.
To find and eliminate what files and folders you can, start with Windows' search utility. Mark the Advanced Search check box and opt to examine system folders, hidden files and folders, and subfolders. Once the scan is complete, you can right-click the results to learn more about the file properties, open the containing folder, or send it to the Recycle Bin. If Windows can't delete the DLL (or OCX) file because it's in use, it's time to break out the Run command.
Get the DLL out
Some spyware uses an ActiveX control to keep reinstalling itself. Usually it's a DLL file, but sometimes the file ends in ocx. Until recently, we'd been using regsrv32.exe to eliminate these files, but that requires that you know and can correctly type the pathname for the miscreant. If you want to take this route, head to the Start menu, initiate the Run command, and type regsvr32 /u full-filepath\yourdll.dll. The /u switch means unregister; to register a DLL, you just leave those characters out.
However, we've also run across a nifty shortcut that saves time and sometimes works where regsvr32 fails. In brief, you type rundll32 yourdll.dll,DLLUnregisterServer into the Run command, and voila! (All you have to do to register a DLL is enter DLLRegisterServer instead.) Senna Spy even includes directions on turning this command line into a right-click context-menu item. If rundll32 doesn't fix your problems, hit the registry.
Break your computer
Using the results from Bazooka, information from reputable online forums, or just your nerve, you can lay waste to spyware by scouring your registry. Before you do anything in the Registry, be sure to back it up. Go to the Run command and type regedit to open your registry editor. Under the File menu, select Export. In the Export window, make sure to save All Files to the folder of your choice. If, for instance, you can no longer run Internet Explorer after you finish deleting keys, you can go back into the registry and restore it by importing the saved reg file.
Bazooka lists exact locations where you can expect to find spyware keys. Removing them is much quicker if you plug their IDs into the Find command on the registry's Edit menu. You can also--and this is where you really want to watch your backed-up step--go through the software keys to find leftover program entries. Here's a list of folders to poke around in:
HKEY_CLASSES_ROOT (Be very careful here; when in doubt, leave it alone.)
HKEY_CURRENT_USER\Software
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\Run (where many start-up programs live)
HKEY_LOCAL_MACHINE\Software
HKEY_USERS\Software (rare, but some programs leave junk in there)
HKEY_USERS\long-variable-string\Software
|
Post: #2
Title: Re: How to remove spyware manually
Author: fagyra
Date: 11-23-2004, 02:39 AM
Parent: #1
Dear Abul Riesh
This is some kewl information you are sharing with us, personally I find dealing with the registery too complicated for my somewhat moderate computer skills. I have, however, researched spyware removal and found that there are 4 programs that worked well for me:
1- Ad Aware
2- Spybot
3- OmegaKiller
4-Spyware Blaster
Ad Aware and spybot work together (each seperately are no good) to remove ad-ware and spyware
OmegaKiller removes all the annoying toolbars on explorer
and finally spyware blaster is immunization
و الوقاية خير من العلاج
I am sure that if you are working on the registery level, you are much more advanced than I and know more about htis stuff than me... I am posting for the benefit of all and i hope some find this useful
and sorry for my intrusion
|
|