This guide needs an update , sorry..
###################################################################
This guide is to TRY and provide helpful information to help people with any virus /trojan and spyware removal problems.
please post in this section of the forum for further help :
http://www.bluetack.co.uk/forums/index.php?showforum=83
###################################################################
Dont put up with being hacked by Internet Terrorists any longer:
###################################################################
Top Anti-Spyware support sites:
http://forums.spywareinfo.com/
http://www.spywarewarrior.com/
http://www.gladiator-antivirus.com/
http://forums.net-integration.net/index.php
WEBHELPER'S NO:1 SPYWARE REMOVAL SUPPORT HELP PAGE LINKS
http://www.webhelper4u.com/techsupport/tec...portforums.html
Bluetack Firewall IP blocklists for spyware
http://www.spywarewarrior.com/viewtopic.php?t=3741
-----------------------------------------------------------
[quote]What do you think about this?
If you hack into a bank's computer systems and you get caught, you go to jail.
If you write a worm or virus and spread it around, if you get caught, yes that's right, you go to jail.
If you write a program that spreads a spyware agent on everyone's computer system (without their permission) and steals their private information (without their permission) and manipulates their Internet experience (without their permission), and you use other people's web sites to show your advertising (without their permission) and you make lots of money from their work in the process (without their permission) and if you get caught, guess what, you don't go to jail,
you may get rich instead. [/quote]
==============================================================
Bottom Line -- If a personal firewall is the sheriff, a posse is needed to help the sheriff capture the pests sent out by Internet outlaws like spyware, browser hijackers, viruses, Trojan horses, worms, phishing, spam and hybrids thereof.
A layered approach is best to protect your security and privacy:
First line of defense -- Choose an Internet service provider (ISP), an email service and/or a website hosting service that offers online virus, spam and content filters.
Second line of defense -- Install a hardware router with a built in firewall between your modem and your computer or network.
Third line of defense -- Use personal firewall, anti-virus, anti-Trojan, anti-spyware, anti-spam and privacy software on your desktop computer and every computer on your network.
Important Tips -- After installing any security software, immediately check for updates at the vendor's website.
After installing a firewall, use an online testing service to make sure that it is working correctly.
http://firewallguide.com/
========================
IMPORTANT : NEVER JUST CLICK OK !!
ALWAYS READ THE "EULA" BEFORE INSTALLING ANY PROGRAM !!!
"END USER LICENCE AGREEMENT" - eg: the extremely long and confusing fine print !!
==========================
ANTI - Malware/Spyware Help Links
==========================
Online Spyware Scans :
Doxdesk: Online Browser Spyware Scan -
http://www.doxdesk.com/parasite/
Spywareinfo Online Scan:
http://www.spywareinfo.com/xscan.php
GFI Trojanscan:
http://www.trojanscan.com/trojanscan/
Kaspersky online Virus File Checker:
http://www.kaspersky.com/remoteviruschk.html
----------------------------------------------------------------------------
eEye Vulnerability Research:
http://www.eeye.com/html/Research/Advisori...ries/index.html
================================================
:: Spyware Infested Programs ::
================================================
:: ERIC HOWES/SPYWARE WARRIOR - ROGUE SPYWARE LIST ::
- http://www.spywarewarrior.com/rogue_anti-spyware.htm
http://www.netrn.net/archives2/000550.html
http://www.webhelper4u.com/thewatcherlist.html
http://www.spywareguide.com/product_list_full.php
================================================
Helpful Guides:
================================================
Spyware and Adware Removal
http://www.pcreview.co.uk/article-7086.php
GREAT !! Guide to preventing Hijacks and other Internet Terrorist attacks or
How to Stop Hijackers & Spyware Infections, And other malware too!
http://forum.gladiator-antivirus.com/index...?showtopic=9857
[quote]A frequently heard question is "how on earth did I get infected with all that spyware in the first place?"
Well, you usually get infected because your security settings are too low.
Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:[/quote]
How did i get infected in the first place:
http://forums.net-integration.net/index.ph...?showtopic=3051
what to do when you get hijacked:
http://www.spywareinfo.com/articles/hijacked/#removal
HOW TO SHOW HIDDEN FILES:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
HOW TO BOOT INTO SAFE MODE:
http://www.microsoft.com/resources/documen...t_failsafe.mspx
DISABLING SYSTEM RESTORE:
http://www.pchell.com/virus/systemrestore.shtml
Antivirus and System restore:
http://support.microsoft.com/default.aspx?...p;Product=winxp
Antivirus Tools Cannot Clean Infected Files in the _Restore Folder
http://support.microsoft.com/default.aspx?kbid=263455
Disable /Enable System restore
http://service1.symantec.com/SUPPORT/tsgen...001111912274039
Disabling System Restore on Windows ME and XP:
http://www.vet.com.au/html/zoo/system_restore.htm
Uninstalling the MS Java VM
http://209.133.47.200/~merijn/uninstmsjava.html
Remove msn messenger :
http://forum.gladiator-antivirus.com/index...?showtopic=7373
Remove windows messenger:
http://www.spywareinfo.com/forums/index.ph...?showtopic=1677
Messenger PLUS!:
http://www.wilderssecurity.com/showthread.php?p=170026
================================================
- - - - - - - - - :: SELF HELP INFORMATION :: - - - - - - - - - - - - - -
================================================
---------------------------------------------------
:: SPYWARE WARRIOR GUIDES ::
---------------------------------------------------
Self Help Resources Forurm:
- http://www.spywarewarrior.com/viewforum.php?f=26
Malware Removal Tools and Programs forum:
- http://www.spywarewarrior.com/viewforum.php?f=27
Malware Tools and Removal Programs page
- http://www.spywarewarrior.com/viewtopic.php?t=2958
Protection Prevention Detection Program Page
- http://www.spywarewarrior.com/viewtopic.php?t=2961
HijackThis Tutorial- How to Analyse your own log:
- http://www.spywarewarrior.com/viewtopic.php?t=3624
----------------------------------------------------------------------------
PC Hell -Anti-Spyware Information:
http://www.pchell.com/support/spyware.shtml
Start up list ;
http://www.rockymountain.com/ref_startup.htm
CLSID - BHO List - Toolbar List
http://computercops.biz/CLSID.html
Parasites: Cookies, Dialers, Keyloggers, Trackers
Some are Good others are Bad :
http://www.generation.net/~hleboeuf/bhoindex.htm
http://www.generation.net/~hleboeuf/bho_a_d.htm
http://sysinfo.org/bhoinfo.php
http://www.sysinfo.org/bholist.php
http://www.spywareinfo.com/bhos/
http://www.liutilities.com/products/wintas...library/system/
Necessary Startup Programs:
http://www.allsecpros.com/startuplist.html
Start-Up Applications - All
http://members.shaw.ca/austin.powers/
Startup Items List
http://www.3feetunder.com/krick/startup/list.html
Windows Startup Database:
http://www.windowsstartup.com/wso/search.php
click the panel on the left for the good stuff ;
http://inetexplorer.mvps.org/Darnit.htm
Kephyr/Bazooka spyware database :
http://www.kephyr.com/filedb/index/all.html
http://www.kephyr.com/spywarescanner/index.html
Winpatrol Free Stats:
http://www.winpatrol.com/stats.html
Index of English Pest Descriptions:
http://www.pestpatrol.com/PestInfo/default.asp
Wawadave Posted this list :
http://spywarewarrior.com/viewtopic.php?t=1921
http://www.fcenter.ru/Software/Miscellaneo...spywarelist.txt
P2P spyware - slightly old :
http://www.staff.uiuc.edu/~ehowes/soft23a.htm#Infested
pretty old lists but you never know whats still lurking out there 8)
http://home.tvd.be/ws36178/security/spylist.html
http://www.tom-cat.com/links/links-i.shtml#Cleanup
http://xforce.iss.net/xforce/search.php
http://www.sophos.com/virusinfo/analyses/i...ex_dialler.html
http://simplythebest.net/info/spyware.html
http://www.theinfomaniac.net/infomaniac/co...rsSpyware.shtml
http://www.thiefware.com/links/
Missing System Files:
http://www.snapfiles.com/help/missingfiles.html
missing .dll files ? :
dll world
http://dll.yaroslavl.ru/index.php3?lng=&in_char=C
=======================
- HELP SITES -
=======================
Keep up to date with all the current Spyware on the move with this great Blog by Suzi , Admin of Spyware Warrior forum:
http://www.netrn.net/spywareblog/
Everyone needs help sooner or later , these are the best Help sites i know of :
- NO;1 SUPPORT HELP LIST PAGE -
http://www.webhelper4u.com/techsupport/tec...portforums.html
- WEBHELPERS SITE -
http://www.webhelper4u.com/index.html
http://www.spywareinfo.com/
http://forum.gladiator-antivirus.com/index.php
http://www.wilders.org/
http://www.lavasoftsupport.com/index.php
http://www.net-integration.net/
http://forums.net-integration.net/index.php?
http://www.computercops.biz/
http://forums.tomcoyote.com/
http://aumha.org/a/parasite.htm
Mickey the Man`s security forum:
http://pages.infinit.net/carbo1/
KILL SPYWARE FORUM !: http://www.subratam.org/index.php?
http://www.cexx.org/adware.htm
http://www.thespykiller.co.uk/
http://www.freedomlist.com/forum/index.php
Freedom lists free tools page
http://home.villagephotos.com/2003-7/14838...tyFreeTools.htm
http://www.bleepingcomputer.com/forums/index.php?
A² Trojan Scanner/malware detection support forum:
http://forum.emsisoft.com/index.php
=======================================
Internet Terrorist Anti-Spyware Detection / Removal
=======================================
Good sensible advice by HUNTER [gladiator-antivirus admin]
[quote] FIRST CHECK THE OBVIOUS !!
Whether you have used some of these anti-spyware programs and tools for the first time or a thousand..do yourself a favor and First look at your add/remove program and see if you can uninstall what seems to be a problem that way.
It is the easiest way to solve your problem if you find it there to remove...And while you are there..write down all the programs that are in there as a bench mark so that the next time you feel you have been hijacked by an unwanted download you will know at least what should be in there.[/quote]
#######################################################################
Use a HOSTS file to protect yourself from scumbags:
HOSTS FILE GUIDE:
http://www.bluetack.co.uk/forums/index.php?showtopic=3996
HOSTS File information and download at Bluetack :
http://bluetack.co.uk/hosts.html
http://www.bluetack.co.uk/forums/index.php...p?showtopic=812
========================================
--------------------------------------------
Spyware / Adware Removal Tools / Programs :
--------------------------------------------
========================================
- ALWAYS REMEMBER TO KEEP YOUR TOOLS UPDATED !
Subratams Links Pages:
http://www.subratam.org/?page=removal
http://www.subratam.org/?page=software
Recommended Downloads:
http://www.spywareinfo.com/downloads.php
http://www.allsecpros.com/#specials
http://forum.gladiator-antivirus.com/index...showtopic=10547
http://www.blue.net/helpdesk/tools.html
ADAWARE :
Adaware - http://www.lavasoftusa.com/
[quote]AdAware is a privacy tool, that scans your memory, registry, hard, removable and optical drives for known data-mining, aggressive advertising, and tracking components. It then lists the results and offers to remove or quarantine the components. The program detects a wide range of adware/spyware related issues and can be updated with the latest signatures via the built-in update utility. Please be advised that removing certain components may impact the functionality of effected software applications. You should fully read the included Ad-aware documentation before removing any files! [/quote]
:: Great Ad-Aware Help Links ::
http://www.freedomlist.com/forum/viewtopic.php?t=16060
SPYBOT SEARCH AND DESTROY
Spybot Search & Destroy -
http://www.safer-networking.org/
[quote]SpyBot-S&D is an adware and spyware detection and removal tool. This includes removal of certain advertising components, that may gather statistics as well as detection of various keylogging and other spy utilities. In addition, it also securely removes PC and Internet usage tracks, including browser history, temporary pages, cookies (with option to keep selected) and more[/quote]
HIJACK THIS
Hijack This - http://www.tomcoyote.org/hjt/
Hijack This Tutorial :
http://www.spywareinfo.com/%7Emerijn/htlog...ogtutorial.html
[quote]This tool is an additional one to SpybotSD and/or AdAware to clean up leftover problems not detected and removed by those or other anti-spyware programs.
This tool is widely used across the internet now by many help forums to determine problems with a user's internet browsing experience from a wide range of problems stemming from a hijacked browser to sex dialers and spyware that has not even been added to any anti-spyware program.[/quote]
[ post your hijack this log in this forum section or any other security forums listed in this post for help if you dont know what to do. ]
CWS SHREDDER
Specific CWS TROJAN infections usually need to be removed with a specialised tool called the CWS Shredder:
CWS Shredder - http://www.spywareinfo.com/~merijn/
Can't reach the page from a CWS infected computer?
Try using http://209.133.47.200/~merijn/index.html
Windows file replacements:
http://209.133.47.200/~merijn/winfiles.html
FAQ;
http://www.merijn.org/faq.html
CWS trojan Information:
http://www.spywareinfo.com/%7Emerijn/cwsch...chronicles.html
http://www.bluetack.co.uk/forums/index.php...?showtopic=1878
The CoolWebSearch Chronicles
[quote]The latest and greatest nuisance on the Internet, the browser hijacker that won't stop, the trojan from hell... name it what you want, but fact is that a company naming itself 'Coolwebsearch' (CWS) is producing a quickly growing strain of trojans that exploit a hole in the Microsoft Java VM, and change your homepage.
And by changing your homepage, I mean lodge itself onto your system in almost two dozen different ways, change your start page, search page, search assistant, redirecting you to porn sites from other porn sites or even search engines, popping up porn ads and sometimes even carrying a payload.[/quote]
Merijn's CWS Chronicles - http://www.spywareinfo.com/~merijn/cwschronicles.html
Additional variants - http://www.wilderssecurity.com/showthread.php?t=28658
And the indispensible domains list http://www.merijn.org/junk/cws_domains.txt
It is updated very frequently.
An easy way to see and search it is to run cwshredder /debug.
Make a shortcut for your CWShredder, right-click on it, add the " /debug" in Properties.
Anothr great Cws Domain list kept updated by Unzy from wilders.org:
http://users.skynet.be/bk136527/CWS/CWSdomains.htm
===================
-----------------------------
~ Prevention/Detection ~
-----------------------------
===================
Winpatrol - http://www.winpatrol.com
[quote]WinPatrol will help sniff out Worms, Adware, Spyware, Cookies, Trojan horses and other virus type, malicious, nasty "mysteryware" that may attack your computer. WinPatrol puts you back in control of your computer with no need for constant updates.
WinPatrol is free and fully functional with the exception of full access to our PLUS online database. The free version continues to be both; a utility to help you safely clean up sensitive areas on your system and a system monitor that will alert you to changes that occur to those sensitive areas and resources.[/quote]
SPYWARE BLASTER - http://www.javacoolsoftware.com/sbdownload.html
[quote]SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage. This allows you to run Internet Explorer with Active-X enabled, but it will never download or even prompt you for any of the known ActiveX controls. All other Active-X controls or plug-ins will work fine.
Compatible with Windows 95, 98, ME, NT 4, 2000, XP. [/quote]
Alternate Download links:
http://www.net-integration.net/tools/spywa...areblaster.html
http://www.wilderssecurity.net/spywareblaster.html
SCRIPT DEFENDER:
http://www.analogx.com/contents/download/system/sdefend.htm
BHO DEMON - http://definitivesolutions.com/
[quote] "Think of BHODemon as a guardian for your Internet browser: it protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. BHODemon is free, runs in the system tray area, and works on Windows 95 or later operating systems.
"BHODemon scans your Registry for BHOs, and presents any it finds in a list. By highlighting a BHO in this list, and clicking the 'Details' button, you can see information about this BHO, and even disable it if you wish. BHOs are disabled by simply renaming the DLL that houses them. By renaming the DLL, instead of deleting it, you have the option of enabling it later if you wish. Why would you want to do that? Because the program that installed the BHO will not run if it can't find the DLL: Go!Zilla, for example, won't run if you remove its BHOs."[/quote]
TOOLBARCOP:
http://www.mvps.org/sramesh2k/toolbarcop.htm
Active XCavator v2.0 - http://www.cognitronix.com/
Faber Toys - www.faberbox.com/fabertoys.asp
Belarc Advisor - http://www.belarc.com/free_download.html
Process Info - http://www.gomiller.com/downloads/procinfo.html
[quote]Process Info is designed to give you a quick overview of all the processes that are running in your system.
It searches the web for information about the process and help you identified them, distinguishing system processes from spyware, Trojans and other viruses.[/quote]
startup control panel:
http://www.mlin.net/StartupCPL.shtml
Registrar Lite:
http://www.resplendence.com/reglite
[quote]Registrar Lite is a powerful and flexible freeware registry editor. It offers an explorer style interface which supports the clipboard and allows you to drag and drop registry keys and values.
It offers background search and replace, a bookmark editor which allows you to add descriptions to registry keys as well as advanced registry value data editors which support all existing registry data types.
An addressbar allows you to access registry keys and values quicly.
Registrar Lite offers registry key import and export functionality which supports all native registry file types.
When running on Windows XP,2000 or NT, all security features are supported by offering editors which allow you to set registry key&nbps;permissions, auditing and ownership.
Registrar Lite is the freeware edition of the advanced registry manager called Resplendent Registrar.[/quote]
Total Uninstall
http://www.snapfiles.com/get/totaluninstall.html
Track and undo system changes:
Total Uninstall can help you to monitor any changes that were made to your system during installation of a new software product and allow you to perform a complete uninstall without having to rely on the supplied uninstall program (which may leave files or changes behind).
To use it, you simply launch the installation program from the Total Uninstall interface and select the system areas to be monitored. The program will then create a snapshot of your system before it installs the new software and an additional snapshot after install completes. it then compares the two snapshots and displays all changes n a nice, graphical tree view, marking all values and/or files that have been added or changed as well as some before/after details.
Total Uninstall will save these changes and if you decide to uninstall the application, it will reverse all changes to the previous state
Registry Crawler :
Registry Crawler enables system administrators, developers and other power users to quickly find and configure Registry settings. The software provides a powerful search engine that allows you to find Registry information based on a search criterion.
http://www.4developers.com/regc/index.htm
----------------------------------------------------------------------------------------------------------------------------------
WinSock XP Fix "WinsockXPFix.exe" by shaw.ca
On an XP machine, after uninstalling a personal firewall product (such as McAfee Personal Firewall) and having your network settings destroyed there is a nifty little application to fix the winsock settings. You can download it at from http://members.shaw.ca/techcd/WinsockXPFix.exe to replace the registry settings that are causing the problem. It even backs up your registry before it performs the fix.
http://tntmax.com/Download/Software/WinsockXPFix.exe/view
===================================================================
links to guides:
http://www.mjc1.com/id17.htm
http://www.mjc1.com/avpaget.htm
peper trojan removal guide :
http://www.mjc1.com/files/peperpage/
tutorials :
http://www.computing.net/howto/advanced
http://www.computing.net/howto/
Kill2Me may still work on old versions of the parasite, but not on the newer versions.
Fortunately, Option^Explicit has done a fine job of providing tools that work on the newer versions.
Here's the thread for Look2Me in Win 2000 and XP:
http://forums.spywareinfo.com/index.php?showtopic=61
And for Win 98 and ME:
http://forums.spywareinfo.com/index.php?showtopic=62
---------------------------------------------------------------------------------
BROWSER HELPER OBJECTS ( BHO'S )
---------------------------------------------------------------------------------
A BHO is a COM.DLL that allows developers to customize and control internet explorer. When it starts it reads the registry to locate installed bho's and then creates them.
The API's for building BHO's are very cool but the potential for abuse is high. BHO's give give developers almost complete control over internet explorer. However, because BHO's don't necessarely have a user interface, it's possible that there are BHO's running on your system that you don't know about.
BHO LIST download:
http://www.spywareinfo.com/~merijn/files/bholist.zip
what is a bHO by tony KLein :
http://computercops.info/postitle7736-0-0-.html
http://www.generation.net/~hleboeuf/bho_a_d.htm
Tony Kleins Online BHO Database:
http://sysinfo.org/bhoinfo.php
http://pages.infinit.net/carbo1/bho.html
A comprehensive look at BHO'S:
http://msdn.microsoft.com/library/default....se/html/bho.asp
=======================
Report suspected threats :
=======================
Ad-Aware Submissions:
http://www.lavasoftsupport.com/index.php?showtopic=8303
Spybot Search and Destroy Submissions:
http://forums.net-integration.net/index.php?showforum=36
Diamondcs / TDS-3 Submissions:
submit@diamondcs.com.au to submit all your trojans
=======================
SECURITY TESTING SITES:
=======================
http://www.jasons-toolbox.com/BrowserSecurity/
BROWSER SPY
DOXDESK
=======================
Bluetack Security Tools Section:
=======================
http://www.bluetack.co.uk/forums/index.php...hp?showforum=75
#############################################################