Spyware Killa - Merry Christmas!
Quick Links

Spyware

Articles

Miscellaneous

Spyware Removal

This is a 4 part process:

Note: Blocking spyware cookies requires IE6.
You can download it here, follow the other steps and return to part 1.

Part 1: Removing Spyware Cookies

If you have Windows XP, go to: c:\documents and settings\(username)\cookies
If you have other versions of Windows, go to: c:\windows\cookies

If you have never opened this folder in your entire life, you would find a HUGE list of cookies that look very intimidating.
First of all, do not delete these cookies. They will be autmatically deleted off later, and will never return.

Maybe yours looks a bit like this:


And the list goes on... Already I can spot some spyware cookies (the ones in red). There are probably tons more spyware cookies like:

  • owner@advertising[1]
  • owner@bfast[1]
  • owner@doubleclick[1]
  • owner@valueclick[1]
  • owner@trafficmp[1]

Now, you are probably curious how to get all these cookies away, and the answer is simple. There are actually 2 ways to do this, the easy, or the hard way.

Easy way:

  1. Download SBAI (Spyware blacklist auto installer). It's a registry file that automatically imports the whole spyware blacklist into your computer's Internet Explorer cookie settings.
  2. Then open up Internet Explorer 6. Click on Tools --> Internet Options --> Privacy, and set the slider to "High".
  3. Open up your cookies folder again. Now drag-select all the cookies besides index.dat and delete them.
  4. Done!

Hard way: Manually enter the spyware blacklist into Internet Explorer's cookie settings:

  1. Open up Internet Explorer 6 (IE6).
  2. Click on the toolbar menu Tools --> Internet Options --> Privacy and click the button "EDIT". (The -->'s stand for the submenus)
  3. Open up another window of IE6, click here to go to the spyware blacklist.
  4. Copy (Ctrl + C) the sites in red, switch to the other window of IE6 that has the cookie blocking text box, paste (Ctrl + V) it in there, and click "block".
  5. If the error "Invalid domain" pops up, just manually type in the address into the box.
  6. Repeat steps 4 and 5 until you have blocked them all. If you want higher security, block the sites in yellow/green too.
  7. Click on Tools --> Internet Options --> Privacy, and set the slider to "High".
  8. Open up your cookies folder again. Now drag-select all the cookies besides index.dat and delete them.
  9. Done!

Your cookies folder should look something like this after you surf the net with the spyware cookies blocked (no junk cookies):

Part 2: Manually uninstalling spyware programs

Now this is where it gets tricky. Without a complete list of spyware programs in my blacklist, it is very hard to find and uninstall spyware programs without the knowledge of which programs have spyware in them.

However, we can narrow the possibilities down by going to Control Panel --> Add/Remove Programs. There we can see the list of uninstallable spyware programs. Those that do not have an uninstaller will be removed in the next step: Running automatic spyware removal programs.

To find out which uninstallable programs have spyware in them, compare those programs on the Add/Remove Program list that you are not familiar with, with a spyware programs list. My list has only the common spyware programs, so you can go to external lists such as www.spychecker.com or search for a spyware programs list on Google.

When you have found a suspicious spyware program (like HotBar), click "Uninstall" on the Add/Remove Programs list and if there is an option "Custom/Advanced" click it. Do not go for the automatic uninstall because chances are the uninstaller will leave spyware components behind. After clicking "Custom/Advanced", select all of the components and click "Next" until the uninstallation is done.

Step 3: Running automatic spyware removal programs

There are many spyware removing programs out there, some better some worse. Luckily for us, the "best" ones out there are free. The two best ones (in my opinion) are SpyBot Search & Destroy and Ad-Aware 6.0.

You can download Spybot Search & Destroy at http://www.safer-networking.org
and Ad-Aware 6.0 at http://www.lavasoftusa.com.

After downloading them, first you should update their detections/spyware database, so you can remove the latest spyware. Do this by clicking on "Search for updates" for Spybot, and "Check for updates now" for Ad-Aware.

Now, click on "Check for problems" in Spybot or "Start" in Ad-Aware.
Note: Run one removal program at a time, it is faster than running both at once.

After the scanning is done, you might see a ton of spyware found. Don't worry, it's normal for that to happen for the first time. For Ad-aware, click "Next" after you have finished scanning, and right click on the first option box. Then, click "Check all" and then press "Remove" or "Continue". For Spybot, click on "Select all items" and "Fix selected problems".

Warning: If any program stops working/doesn't load after you have uninstalled or ran Spybot/Ad-Aware, this is because that program checks for the presence of that spyware component. If it is uninstalled, the program will purposely not run. An example is Go!Zilla, it will not work without its spyware components.

Step 4: Cleaning up the registry

This step is optional, and should be only performed if you are adept in transversing around the registry. In other words, you need to know the in's and out's of the registry.

Although Spybot and Ad-Aware usually do a clean job in clearing up spyware, sometimes they leave a few traces here and there. Even though these pieces may not be very dangerous, it's much safer to delete them off than let them sit there, since some of them might still be intact.

Finding spyware in the registry is not that hard as it sounds, it's just time consuming.

  1. First, go to run in the start menu. Click "Run", then type in "regedit". You can use another registry editing program if you like (e.g. Reghance by Lavasoft).
  2. Search (Ctrl + F) the entire registry for spyware keywords like "Web3000", "NetSonic", "gozilla" or "go!zilla".
  3. Then, delete these folders (del).
  4. Click find next (usually F3),
  5. Repeat steps 3 and 4 until there are no more found.
  6. Start from step 2 with another keyword. Proceed after all keywords are done.
  7. Under "hkey_current_user" and "hkey_local_machine", find "software" and browse through all of them.
  8. When you find a suspicious company name that you don't know, double click on it to see what software it manufactures. If you didn't install or use this program, and it's not a driver program, you can safely delete off this registry key.

Usually even if you delete off a software key that you need, it will be re-created. That is why you have to remove the spyware program/host or the registry keys will just be created again.

 Note:

Never set the option "block all cookies" in ANY type of browser, firewall or security software.

This is because if you do that, some sites, for example, online banks, will NOT WORK.

It may affect your email and many other sites, so DO NOT do this UNLESS you make specific allowances for some sites' cookies.

«© 2002/03 - SpywareKilla»

1