Troubleshooting spyware: best place to start?

Slowhand

Member
Mar 21, 2011
134
0
76
Hi everyone, I'm trying to learn where you start troubleshooting when you realize you have been attacked by spyware, adware, or hijakers on a browser.

In other words, where do you start? Which software programs do you use first. OR where do you look first for solutions. It's annoying to suddenly discover you now have 10 pop ups and I'm trying to learn the quickest way to get rid of them.

I would love to learn your particular way of fixing spyware problems. I'd be grateful for any help. :$ :)
 
 

Ketchup

Elite Member
Sep 1, 2002
14,559
248
106
Unfortunately, this is not a one-size-fits-all sitation. A lot of it depends on what is attacking, and how long it has been given free rein. But, here is a general order that fits most:

If spyware/hijackers are obvious, turn off system restore.
Go to programs and features and remove toolboars and questionable programs.
Open up msconfig and deal with programs are allowing the intrusion through.
Clean out user temp folders.
Clear browser history and any add-related toolbars still installed.
After that, Superantispyware and Malwarebytes for anything else.
 

Slowhand

Member
Mar 21, 2011
134
0
76
Unfortunately, this is not a one-size-fits-all sitation. A lot of it depends on what is attacking, and how long it has been given free rein. But, here is a general order that fits most:

If spyware/hijackers are obvious, turn off system restore.
Go to programs and features and remove toolboars and questionable programs.
Open up msconfig and deal with programs are allowing the intrusion through.
Clean out user temp folders.
Clear browser history and any add-related toolbars still installed.
After that, Superantispyware and Malwarebytes for anything else.

Thank you so much Ketchup. I looks like I'm dealing with a very nasty virus instead of spyware/hijacks. I'll post more info as I troubleshoot it. :)
 

Dahak

Diamond Member
Mar 2, 2000
3,752
25
91
Unfortunately, this is not a one-size-fits-all sitation. A lot of it depends on what is attacking, and how long it has been given free rein. But, here is a general order that fits most:

If spyware/hijackers are obvious, turn off system restore.
Go to programs and features and remove toolboars and questionable programs.
Open up msconfig and deal with programs are allowing the intrusion through.
Clean out user temp folders.
Clear browser history and any add-related toolbars still installed.
After that, Superantispyware and Malwarebytes for anything else.

Pretty much this but for the
Clean out user temp folders. -- I would add Windows\Temp, any other user them folder, browser caches as well

And if it is really bad, you can look at Hitman Pro, which you create a bootable USB drive, and boot from it.
After the scan it will ask to activate it, you can get 30 days, after entering email
 

Virgorising

Diamond Member
Apr 9, 2013
4,470
0
0
Unfortunately, this is not a one-size-fits-all sitation. A lot of it depends on what is attacking, and how long it has been given free rein. But, here is a general order that fits most:

If spyware/hijackers are obvious, turn off system restore.
Go to programs and features and remove toolboars and questionable programs.
Open up msconfig and deal with programs are allowing the intrusion through.
Clean out user temp folders.
Clear browser history and any add-related toolbars still installed.
After that, Superantispyware and Malwarebytes for anything else.

PERFECT AND COMPLETE!:biggrin:
 

xgsound

Golden Member
Jan 22, 2002
1,374
8
81
Currently this is how I start; I look at Startup (I use Startup Control Panel) and installed programs for new unfamiliar or random labeled items to disable or remove.

Periodically or when there are problems:
a. run tdsskiller – this checks for rootkits and corrects -3 minutes
b. run ADWcleaner- very fast and effective malware cleaner. scan/ select clean -5 or 10 minutes
c. Reboot and run Adwcleaner again (it's fast) until it's clean.

If problems persist:
a. run rkill – it takes 2 or 3 minutes to start and 3 more to finish DO NOT REBOOT
b. when rkill finishes, run Malwarebytes a full scan and fix all - 1 hour or so.

Download from www.bleepingcomputer.com if availiable

TDSSKILLER
Adwcleaner
Rkill
Mbam
ccleaner
Startup Control Panel by Mike Lin
 

Slowhand

Member
Mar 21, 2011
134
0
76
Currently this is how I start; I look at Startup (I use Startup Control Panel) and installed programs for new unfamiliar or random labeled items to disable or remove.

Periodically or when there are problems:
a. run tdsskiller – this checks for rootkits and corrects -3 minutes
b. run ADWcleaner- very fast and effective malware cleaner. scan/ select clean -5 or 10 minutes
c. Reboot and run Adwcleaner again (it's fast) until it's clean.

If problems persist:
a. run rkill – it takes 2 or 3 minutes to start and 3 more to finish DO NOT REBOOT
b. when rkill finishes, run Malwarebytes a full scan and fix all - 1 hour or so.

Download from www.bleepingcomputer.com if availiable

TDSSKILLER
Adwcleaner
Rkill
Mbam
ccleaner
Startup Control Panel by Mike Lin

Thanks everyone for your great help. Ok, on the software listed above, I've used some of them before, but I was confused a bit on which Mbam to download: the regular one or the "exploit one". Also didn't include in my OP that I'm using Windows 8 (just in case that helps you). Concerning SCP I downloaded a zip file from Major Geeks but did not find using search function at Bleeping Computers. I did however get the rest of the list from Bleeping and they are the bomb!!! :D
 

Slowhand

Member
Mar 21, 2011
134
0
76
Thanks everyone for your help. Got it. In safe mode, used Rkill, then MBAM, then a basic virus scan and found all the malware and got rid of it.
 

Z15CAM

Platinum Member
Nov 20, 2010
2,184
64
91
www.flickr.com
Keep updated Malwarebytes and McAfee STINGER through CMD on a 64 Bit or GUI 32 Bit Platform with MS DEFENDER DISABLED and manually run MS Malicious Tool - Run them Manually - You don't need anything else and it's FREE - Don't run them in the back ground.

The main thing is NOT to install anything with Malware other then if you like the program then you have to edit the App and rid the crap - Not only in the file itself but also in the registry to make it useful without disabling it or having the app reporting to a home page.

Most Authors build their program Malware Free - It's just that they can't make money wit out it unless it's infested with Malware Advertizing crap.

Prime example is a Russian app named NetVampire Pro - Probably the best Downloader ever.

CuteFTP is another all time Great Downloader that was destroyed by Malware.

HACK and Hack ;o)
 
Last edited:

xgsound

Golden Member
Jan 22, 2002
1,374
8
81
Thanks everyone for your help. Got it. In safe mode, used Rkill, then MBAM, then a basic virus scan and found all the malware and got rid of it.

It's great to hear something worked. Thanks for saying what the solution was!!

Jim
 

ringtail

Golden Member
Mar 10, 2012
1,030
34
91
IMHO, best place to START = install the Hosts file available at http://winhelp2002.mvps.org/hosts.htm

It defeats spyware. Then any undetected surreptitious spyware is simply not able to phone home...it can't do its job, so it fails. That means that bye and bye (after a few months, say maybe within 6 months or thereabouts)
your address as a "likely pigeon idiot dupe who will give money" will eventually fall off the target lists of those evil bastards who are trying to harvest YOU.

Then your trash email diminishes drastically.

If you're on Windows 7 then it's simple as pie...just download the free hosts.zip file, then antivirus-scan the friggin daylights out of that downloaded file, then use either 7z or Windows to "Extract All" into this location: Windows/System32/Drivers/Etc.

If you're on Windows 8 then I have no clue...

Then send a real nice money donation to the author man who publishes and maintains updates of the Hosts file, and ...

REMEMBER TO return monthly to his url seeking updated hosts files. (You can put in your email to get notified of updates...I did that with a healthy cash donation but it didn't work for me. So look back there manually once a month, as I also do, and download & install (overwrite) any updates into your
Windows/System32/Drivers/Etc.)

Obviously you'll also run a deadly antivirus program at least daily. That should root out nearly all the crap...junk spybots as well as the viruses, trojans, worms, rootkits. I run full scans of Kaspersky 2 - 5 times daily EVERY DAY. YMMV.

Occasionally (maybe around once a month), download some OTHER protection program and run that. The alternate AV detector which apparently is favored on these AT forums is Malwarebytes. It does a pretty good job.

The idea is, by occasionally running a different brand that uses different detection algorithms than what your habitual antivirus program uses, you have a chance to clean out any malware your main program may miss.

Be sure that when you run a secondary program, that you
(a) install it with the idea that you'll only keep it on your computer temporarily, and
(b) first totally disable your main antivirus program (NOD32 or Kaspersky or NortonPathetic or whatever other brand). You have to disable your MAIN AV program in advance to avert conflicts between them.
(c) Run the secondary program, say maybe monthly, clean out any crap it detects, then utterly uninstall the secondary program. Then go back to frequent scans with your main program.
(d) Around a month later, rinse, repeat.

The "antivirus" programs are SUPPOSED to also detect and destroy any non-virus bots. I can say for sure that Kaspersky certainly deals them death.

No telling what evils operators like Obama's NSA (transparent was his sworn campaign promise!) might put onto your box that's undetectable...watching you,..watching and watching and waching YOU, every url you hit...every letter you mail its photographed front & back, retained forever...every phone call, every email, LOTS more....



 

John Connor

Lifer
Nov 30, 2012
22,757
618
121
Currently this is how I start; I look at Startup (I use Startup Control Panel) and installed programs for new unfamiliar or random labeled items to disable or remove.

Periodically or when there are problems:
a. run tdsskiller – this checks for rootkits and corrects -3 minutes
b. run ADWcleaner- very fast and effective malware cleaner. scan/ select clean -5 or 10 minutes
c. Reboot and run Adwcleaner again (it's fast) until it's clean.

If problems persist:
a. run rkill – it takes 2 or 3 minutes to start and 3 more to finish DO NOT REBOOT
b. when rkill finishes, run Malwarebytes a full scan and fix all - 1 hour or so.

Download from www.bleepingcomputer.com if availiable

TDSSKILLER
Adwcleaner
Rkill
Mbam
ccleaner
Startup Control Panel by Mike Lin

In addition to these I run Super antispyware Free and Herdprotect.

Using a configured Sandbox with Sandboxie would go a long way.

Did you have any anti-virus installed?
 

Ketchup

Elite Member
Sep 1, 2002
14,559
248
106
You mind elaborating on this part? How will turning off system restore help with removing spyware?

Yes, as Malware has time to grow and do it's thing, it will infest system restore points. I learned this years ago and make it a normal practice when someone needs this sort of thing done. If caught early enough, system restore points can help, but I don't take the chance.