<body><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/platform.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar.g?targetBlogID\x3d8260084\x26blogName\x3dInspirone\x26publishMode\x3dPUBLISH_MODE_BLOGSPOT\x26navbarType\x3dBLUE\x26layoutType\x3dCLASSIC\x26searchRoot\x3dhttps://inspirone.blogspot.com/search\x26blogLocale\x3den_GB\x26v\x3d2\x26homepageUrl\x3dhttp://inspirone.blogspot.com/\x26vt\x3d5304759022731441925', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe" }); } }); </script>

Inspirone

"I maintain that Truth is a pathless land, and you cannot approach it by any path whatsoever, by any religion, by any sect. Truth, being limitless, unconditioned, unapproachable by any path whatsoever, cannot be organized; nor should any organization be formed to lead or to coerce people along any particular path. You must climb towards the Truth. It cannot be 'stepped down' or organized for you." - author: Jiddu Krishnamurthi

Tuesday, February 01, 2005

Removing Spyware & Adware manually - Part 1

Many of my friends have been asking me lately how to get rid of those annoying URL redirections when you open your internet browser or even when performing search on the net. Well i've learned things the hard way and decided it would be worth it to share my experience on the subject.

Spam mails have been annoying our mailboxes for years now and as if that was not enough, we got something relatively new that bugs most of internet surfers these days, Spyware or Adware. If you've been on the net long enough, you probably know what i'm talking about in here. I need not define it in here since I guess that there already lots of stuffs on them out there on the net. I'm only going to go through how I remove those stuffs from a pc that caught them. Its like a damn challenge and I like to catch a spy, you need to be a spy. So lets see how we can remove these annoying URL redirections which sometimes lead you to porn or search sites and do things like wanting to help you online when you dont really need it or deserve it!!!

I won't mention the names in here, but when you try to uninstall some of those spyware and adware from your pc you will come across a screen asking you for "reasons why you are uninstalling their sweet little baby.... and blablabla...". And beware, you might even get prompts that may look like this : "Are you sure you do not want to uninstall it from your pc". By reflex you may have probably selected "Yes", too bad, you've selected to keep this crap. Also you may come across some good Spyware and Adware removing software on the net, some of them work while many are lying to you and dont really do what you expect them to do. Also you may notice that much of these promoting articles for the download of such software warns you that "removing spyware manually from your pc can cause damage to your pc and windows file etc..., so you better use our software for this..." and blablabla. Well basically you can damage windows files if you don't know what you are doing. But I don't really trust those spyware removing stuffs and you never know what they are doing inside. Remember that a job is better done when you do it yourself.

Well let's get to the real stuff now, how do i remove these things. But before we do, note that I tested this on pcs running Windows XP Professional and Windows 2000 Professional and also please read the following disclaimer:

WARNING: I'm not and cannot be held liable for whatever problems you may encounter while applying the guidelines contained in this article to your pc. Including and not limited to loss or damage of data, inability to operate your computer, existing programs not working, business loss or whatever other problem which may result from using the guidelines in here. The use of these guidelines is done at your own discretion and risk and you will be solely responsible for any damage to your computer systems or loss of data that results from it.

I also cannot be held responsible for personal problems resulting for the use of these guidelines including but not limited to hair graying, improper brain function and impotence!!! haha...

1. Ok first thing first let us investigate our enemy. Try to find out by what spyware programs have you have been infected. You can do so by going to the 'Add/Remove Programs' (in Control Panel). Check the company names and programs that looks suspicious to you and do some research on the net to be sure they are spyware or adware. Once you know who you are dealing with, note down their names as they appear in your 'Add/Remove Programs' list as well as the company names, would be useful later on.

2. Now disconnect from the internet (Your pc of course not you!!!). Whether you remove your telephone line from your modem or disable internet connection, that soab should not be given any way to connect. Also if the start page of your internet explorer has been set to any one of these sites, then it would be wise to reset it to blank. Open internet explorer, go to Tools > Internt Options > Start Page and click on the button Blank Page. In case some of you would be asking, you may wish to print this article prior to this or even save it somewhere... Gotcha...:p

3. Now reboot your pc in Safe Mode. For those of you who don't know how to do that please check out these links:
Rebooting in safe mode by symantec
Rebooting in safe mode by pcmag

4. Then from your 'Add/Remove Programs' list, try to uninstall all those Spyware or Adware that allows you to do so. For those who are asking you to connect to the internet or even hanging, just leave them for now, we'll see how tough they really are later on.

5. Most, if not all, of those spyware programs start automatically with your windows. To do this they need to have an entry in your registry under:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run".
This means editing the registry. How the hell do we do that? Well let's see: in Start > Run, type REGEDIT. Expand the keys you see there such that you get "HKEY_LOCAL_MACHINE" and continue to do so until you reach the "Run" key. Inside it you may find some string entries having a value like : "C:\Winnt\System32\ADEGDFG.EXE" or even "C:\Windows\system32\ADEGDFG.EXE" or something similar. In any case the program names would seems like meaningless while others can have genuine meaningful names. So now that we have found potential culprits, let's make sure that they are not the good guys. Note down the names and paths of those files.

6. Using windows explorer try to locate the files you noted in 5. Once you've found them, let's check each one at a time. Right Click on the file, check its Company Name or Author. If you get the same names as the ones noted in 1 above then you got a culprit else, if its something like Microsoft or other software companies then it could pobably be a genuine software which need NOT be removed. Also you may open the file using notepad. Perform a search inside it for "http" or "www". We are basically looking for URL names for search engines, porn sites or any other URL that you get when your internet explorer redirects you to other websites (except of course genuine companies). If you find any in there, there's another culprit.

7. So what to do next? Well these guys are a bit clever sometimes, they duplicate themselves like clones and only their names would differ. List the files in the folder by their Date Modified, you'll notice that the clones would have the same modified date and size and also strange names sometimes. To be sure of them you may want to repeat the process in 6. You can also order them by size and check them.

8. Well now that we found them "Kill'em all, they are bad guys, burn them alive!!!". Yeah well, I take so much fun in doing this and you should also, they deserve it!!! Delete these files but make sure that your are deleting the real culprits by going through the processes in 6 & 7. Once you are done, remove their corresponding String entries from the registry key in 5 by deleting them too.

9. Now let's deal with the tough guys. We'll need to manually remove those not wanting to be removed from our pc. Go to registry again and select the sub key "HKEY_LOCAL_MACHINE\Software". Once you've done this, locate the keys that are named the same as the spyware providing companies that you have investigated. Again when found just kill'em, delete the registry entries. In case it becomes tough to find them in registry a simple search might be useful. Suppose you have a spyware named SearchAssistant.exe, perform a search in registry for that crap and delete all entries related to it. Once done and if done properly, you won't be having those programs listed under your 'Add/Remove Programs'. Then delete all the related installed files and folders from your PC.

10. If you've reached this far without much trouble (and your pc is still working), then Congratulations, you've become a Spyware Buster. Reboot your pc in normal mode and enjoy your internet experience.



Well that's it. Anyone got more to add on to this please feel free to post it in the comments section. Thanx to all in advance for your contribution for a better internet experience.