How to get rid of Spyware/Adware/Pop ups :

Does your computer have all these pop ups asking you “do you want to increase your breast size?” or “your the 182093719823th winner! Claim your prize here!”?

Is your computer running slower than balls?

If so, you probably have a lot of spyware.

All of it is harmful to your computer in some way.

What we will need, are a couple tools.

They are all available free on the internet. If your computer is so F’ed up where you can’t even get on the internet, then find a friend with a CD burner and download these applications (AND their latest updates!)

Full Scanners :

Lavasoft Ad-Aware Personal
Spybot Search and Destroy
Microsoft Anti-Spyware

Specific Scanners :

CWShredder - Looks for pretty much all of the CoolWebSearch variants
HijackThis - a very powerful tool used to clean up unwanted programs embedding themselves in your system registry and startup… but potentially devistating if you don’t know what you are doing.

If you really are screwed, you might need :

LSPFix - This program pretty much fixes the Layered Service Provider software embedded in Windows. If lots of spyware/malware/adware has been on your system and you can’t get on the internet, this is probably your case.

Now, removing spyware so it is completely gone is a bitch. Problem is, most of the shit that fucks your computer up is loaded at your Windows startup, and if you try deleting something that is already loaded into memory, you’ll find that you can’t.

To minimize the amount of things we load into memory, we start into safe mode. On Windows 98, 2000, and XP versions, you simply restart your computer, and hit the F8 key right after the bios finishes “loading” (Memory check, drives check, you may have other things displayed after your bios finishes everything it needs to do), then select safe mode. 2000/XP users can select "Safe mode with Networking Support if you need to get stuff off of the internet.

Now, the fun begins.

Upon entering safe mode, your computer will prompt you with a dialouge box telling you that you are in safe mode and yada yada yada. Click ok.

First things first, go to your control panel (Start => Settings => Control Panel) and double click on “Add or Remove Programs.” Scan the list of programs and look for the obvious ones (like “BargainBuddy” or “SurfCompanion”) that are spyware. Some will require that you connect to the internet to remove. Otherwise will try to trick you into making you keep it by wording things confusingly (like “Are you sure you want to not uninstall BargainBuddy?”). Bastards. Just uninstall what you know is spyware of somesort. If you want to know, you can either google them or ask us here.

Now here comes the more Automatic parts :

Install Ad-aware. Run the update. First perform just a “Smart system scan”. See what you come up with, check all the boxes and delete the fuckers.

Next, install Spybot. Run the updates, do NOT immunize your system yet. Scan the computer, check everything it finds, and delete.

Go back to Ad-aware and do a “Full System Scan.” Again, upon completion of the scan, make sure all the boxes are checked for removal. I tell you to do a full system scan after the 2 scans because it sometimes picks up things that the other 2 don’t catch, but they scanned.

After these scans, either program may tell you that "adaware/spybot cannot remove “xxxx xxxx.” This may be because it is loaded in memory. Would you like to scan on next restart? This just refers to the problem I pointed out before, where certain things won’t be able to be cleaned if loaded into memory. Don’t worry about it for now. Click yes, and let them run when you next restart. If it still doesn’t work, well, we can worry about that later.

Installation of MS Anti-Spyware is not possible in Safe Mode, so don’t worry about that now.

At this point, go ahead and restart your computer and let those programs scan again. If your computer boots up ok, try surfing a little bit. See if the pop ups have slowed. If not, you may have a more serious problem that we can deal with in other ways.

So you rebooted, and your computer still sucks…

reset the computer and go back into Safe Mode.

Copy HijackThis into a folder onto your desktop (if you haven’t done so already). Run the program. Select scan and create log. At this point, it will display everything going on in your registry (well not everything, but a lot) and your startup file for Winblows… I mean Windows. DO NOT MAKE ANY CHANGES AT THIS TIME UNLESS YOU REALLY KNOW WHAT YOU ARE DOING. Make sure the log was created - and click on the log. Copy and paste it in this thread here and some of us more advanced computer nerds can tell you what to get rid of and what to keep.

Certain things (like new.net adware) can’t be fixed with just Hijackthis - that’s where the LSPFix comes in handy.

Further still, you may need to go into your registry via regedit and start tinkering around in there. But like HiJackThis, that’s relatively advanced and if you don’t know or are even semi-confused about what you are looking at, I would fuck around in there.

So, if you have any more questions or you have logs from HiJackThis, feel free to post them here.

Awesome writeup! Thank you!

sticky?

omg thanks, i can finally get rid of that shit

sweet.

Another little trick other than going into safe mode would to be to create another user on the computer through User Accounts. Give it administrator access and then restart the computer. This will allow you to run programs like hijack this and scan all the files, removing any that could have been in the start up for one of the other users.

Some programs that are not found usually reside in your temp folders, and what you would want to deo is delete the cookies and temp files for each user on the computer. The path for that is

C:\Documents and Settings%username%\Local Settings\TEMP

and

C:\Documents and Settings%username%\Local Settings\Temporary Internet Files

Once in those Folders, click Edit Select All, File Delete. This may take a few minutes if it was never done. After you have done that for all users, these files will all be in the recycle bin. I would empty that. After that is done, I would run the scanners again.

When all that is complete, restart the computer and login to your main account again and delete the User Account that you created.

While you can do this, a lot of spyware isn’t just user specific… that’s the problem.

Ill add my 2 cents on this POS elite toolbar shit, as its pretty bad.

Technical Summary of the EliteToolbar malware:

Name: EliteBar IE Toolbar

Company: Search Miracle (www.searchmiracle.com)

Description : EliteBar (ELITETOOLBAR VERSION xx.DLL) IE toolbar. Component of SearchMiracle.
Adware applications, toolbars and browser extensions may serve advertisements even while you are not surfing the Internet.
This application may serve various types of advertising, not limited to pop-up ads. It may result in blocking the activity of a PC user since this malware consumes a lot of memory because it constantly monitors if someone is deleting it from the registry or is trying to kill it in some way. It may also block anti-virus programs and contains a list of *.exe program names in memory to block them if it detects they are running in the task manager.

Summary of the EliteToolbar Remover v.2.0.1:

A lot of people around the Internet are having problems with one of the latest Elitetoolbar malware variants.

Actually some software like Spybot v.1.3, CWShredder v.2.12, Noadware, Adaware v.6, SpyNuker 2004 and SBC Yahoo! Anti-spy have no success in deleting this very frustrating malware. These programs find and delete it, but it keeps coming back since this new variant is very difficult to remove from the operating system.

The main problem is that the malware creates a lot of registry entries and executes at PC startup, winding itself into RAM and deletes its own *.exe from the C:\Windows\System32 directory.

When ordinary tools try to remove it, they only clean the registry calls, the C:\Windows\EliteToolbar directory and the cabinets files where it originated from, but they don’t take any action against the malware itself that is currently running in RAM and waiting for the PC OS to be shut down only to repeat the infestation once again!

This new version of the EliteToolbar has all the previous disadvantages of the CoolWebSearch malware and some new ones including pop-up windows every 2 minutes, a permanent block of the Google Toolbar (if present), redirecting of any instances of Google and Yahoo web-browsing, and so on…

This is a very tricky situation that keeps frustrating people who experience it!
There is a freeware utility that helped you restore your OS functionality by killing this malware. Since this version 1.0 of our EliteToolbar Remover, the silly guys at EliteToolbar have released some new variants of their malware. The variants in circulation from the end of January 2005, in fact, do a cache detect of the words: “EliteToolbarRemoverV10.zip” which was the old name of our previous version 1.0.

If you are trying to download it from a mirror site you will receive the following error:

‘‘Cannot copy file, Cannot read from file source or disk’’

This is not a message from your operating system, but a stupid message from the malware that is actually running in your PC.

The new variants of the malware also completely conceal the presence of the EliteToolbarRemoverV10.exe, so that if you are opening the archive you can only see the readme.doc file that is attached to that and you cannot see the *.exe even if though it is really there! After all, these are very clever programmers, aren’t they?

Anyway, it is sure that these people will also blacklist the new name of the zip we are using now, so if this occurs and some new variants will circulate the Internet from today we suggest you to download the software to another PC and take it on a diskette or a USB pendrive and run it on the infected PC in Safe Mode, as usual.

Look carefully at what you have to do:

The only thing you have to do is to reboot your machine in Safe Mode (just click the F8 key as the PC is starting, just before the MS Windows flag screen appears) and run the EliteToolbar Remover, then click the “Kill Elite Toolbar” button and wait until it finishes its work.

Occasionally a DOS box may appear asking your permission to delete some files in temporary Windows directories. You must accept the deletion of these to be sure of properly removing the malware!

Here

Download firefox or opera (both free) and stop using IE. This will seriously eliminate about 99.9% of spyware. The majority of spyware comes from activex which neither browser supports (thank god). Of course you could disable it in IE but it gets annoying when it tells you 100x per page that it may not load correctly without activex.

Next step would be to create an administrative user that will ONLY be used to install software. You should never actually login as this user, to install the software just right click on the program and go to “Run As” and enter the login/password of the administrator user.

Now go into safe mode with networking disabled and login as Administrator, go to User Accounts (located inside of the control panel) and change all of the users (besides your new administrative user) to Limited User. *Note: This only helps if you are using the NTFS (ugh) filesystem, Fat32 is worthless as far as privledges go.

Not trying to start a browser flame war, but as far features, functionality, and security goes, IE sucks. If you MUST use IE, ONLY use it for sites that specifically require it.

holy shit, i You