Full Version: Can't get rid of stupid Adware
I can't get rid of this stupid adware on my computer and it's driving my crazy! I'll be trying to play a game and then it gets minused down becuase of the stupid adware. I use Norton and it can't delete it. Any suggestions on what to do?
Download Adaware from www.lavasoft.com
Agree, maybe add Spybot Search & Destroy and use them together, if it is not gone than maybe check out some of the other free analysis sites. One I recommend is here: http://www.auditmypc.com/web-security-reso...s.asp?cat_id=43 I find these folks very on the up 'n' up. 
There are a number of others but some will only tell you there is a problem and try to get you to pay for a solution, don't bother, there are plenty of free ones out there because this has become such a pain to everyone. Also, if you can get a name on it then maybe try going to Sophos.com and check their data base for it and they may have a solution from there. This is just off the top of me head, let us know how you do eh.
As an afterthought, let's all rem to keep your pc clean, ie. your cookies, your temp files, and your caches. A clean machine is a happy machine.
There are a number of others but some will only tell you there is a problem and try to get you to pay for a solution, don't bother, there are plenty of free ones out there because this has become such a pain to everyone. Also, if you can get a name on it then maybe try going to Sophos.com and check their data base for it and they may have a solution from there. This is just off the top of me head, let us know how you do eh.
As an afterthought, let's all rem to keep your pc clean, ie. your cookies, your temp files, and your caches. A clean machine is a happy machine.
Ok after like 2 hours, Ad-Aware finally finished scanning and I realised I don't really like Ad-Aware, it just detects files tht it sees as a threat and YOU have to decide whether to delete them or not.....
Yes but most of the files are going to be spyware or cookies you don't need anyways. If Ad-Aware doesn't do it for you, then try spybot search and destroy or Microsofts Beta Spyware utility.
So, pretty much all of the stuff it detects I should have it delete?
My best reccomendation is Ad-Aware. The files it sees as a threat you can select and not worry about hurting anything.
There are some things even the best adaware software can miss... even Spybot Search and Destroy. If you start seeing random folders in your Program Files folder or your Profile folder, most likely your system has been compromised and, besides a reinstall, it's VERY hard to remove them. I've gone through this a dozen times and just recently found ways to manually remove spyware that's not detected by even the best software.
There are some things even the best adaware software can miss... even Spybot Search and Destroy. If you start seeing random folders in your Program Files folder or your Profile folder, most likely your system has been compromised and, besides a reinstall, it's VERY hard to remove them. I've gone through this a dozen times and just recently found ways to manually remove spyware that's not detected by even the best software.
Every single time I scan with ad-Aware I delete everything it detects and I have never had a problem. Also make sure your definitions are up to date.
Also check and make sure you don't have a virus in my experience I have found that viruses and some spyware can act the same.
Also check and make sure you don't have a virus in my experience I have found that viruses and some spyware can act the same.
Are you sure you got everything removed completely? The problem I have is that even though I run all the scans and remove everything, there is still one resident file that re-installs everything shortly after the scans (about 10 minutes or so), and the whole process starts over. The file is usually deep in the system, plus it has settings that dissallow the deletion of the file from the system, which makes it (well, I thought at first) nearly impossible to remove. But I found a nice way of dealing with files like that, so I feel spyware is not a problem anymore 
How did you deal with the problem could you be a little more specific?
I dunno if the following is what GTX is talking about, but spyware sometimes hides itself in the system restore folder. When it does just that, it's literally impossible to remove the file. But disabling system restore will make you able to delete the file.
There is a possible different scenario, and that is that the spyware isd running, but can't be seen in the task manager. While it's running, it's of course protected against deleting. What usually works is booting the computer into safe mode. Then you'll probably be able to delete the file. If not, all you probably have to do is find the value that makes the spyware start each time you boot, and that would be in you registry
Either in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run AND RunOnce (the latter is unlikely, but still) and be sure to also check HKEY_LOCLAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run AND Run Once.
Of course, there's a little application that can help you out to do this : HijackThis. This is free, and you are encouraged to use this, but be VERY careful. If you are unsure about deleting something it finds, then ask here, or use google.
There is a possible different scenario, and that is that the spyware isd running, but can't be seen in the task manager. While it's running, it's of course protected against deleting. What usually works is booting the computer into safe mode. Then you'll probably be able to delete the file. If not, all you probably have to do is find the value that makes the spyware start each time you boot, and that would be in you registry
Either in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run AND RunOnce (the latter is unlikely, but still) and be sure to also check HKEY_LOCLAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run AND Run Once.Of course, there's a little application that can help you out to do this : HijackThis. This is free, and you are encouraged to use this, but be VERY careful. If you are unsure about deleting something it finds, then ask here, or use google.
psYchotic good plan if (((highjack-This))) don't work then just reformat the hard drive and reinstall windows puls all software.
All in all, a re-format and re-install is the best option.
Yes but with the inherent risks of losing information with a reformat, outweight the benefits of it. Unless of course you have a backedup copy of your windows install.
whats the name of the so called adware ..
there must be a removel tool if not your pretty much out of luck you will have to reinstall windows sorry..
i just went through one and it was in my registry and system 32 so the longer you let it run a muck the worse it will be.......
how can you say that? the damage is done, ..i would not trust anything on my machine with that running around... nothing reinstall/format what ever you have to do get rid of it
there must be a removel tool if not your pretty much out of luck you will have to reinstall windows sorry..
i just went through one and it was in my registry and system 32 so the longer you let it run a muck the worse it will be.......
QUOTE
Yes but with the inherent risks of losing information with a reformat, outweight the benefits of it. Unless of course you have a backedup copy of your windows install.
how can you say that? the damage is done, ..i would not trust anything on my machine with that running around... nothing reinstall/format what ever you have to do get rid of it
As well, before you even start to deal with it make sure all your personal files (ie. photos and files) are backed up ( CD Rs) , this is just SOP. Then go ahead with a reinstall. I have always wondered if it is not in fact better to try a re-install of your OS first before you take the step of a re-format/clean install. I think of this because some times your system isn't as screwed up as you think it is, like you are maybe only missing a file or two (which if it is in your reg then could look like a bigger prob.). So IMO the overwrite doesn't affect too much of what you all ready have...Dunno, just thoughts.
I deal with this stuff on a daily basis with clients....its getting harder and harder to keep these off the system.
One option to help prevent these things from being installed is to take the User accounts out of the Administrator groups and make them in Restricted User accounts. Doing this restricts those accounts from installation access which helps prevent spyware installations.
The downside to this is then your restricted also from installing programs and other things unless you log in with a admin enabled account OR use the RUN AS option.
Best programs for spyware is whats been suggested already:
LavaSoft Ad-Aware Personal
SpyBot's Search and Destroy
Computer Associates Etrust Pest Patrol (click products then security under home and office)
I've been told from quite a few of my clients that the Microsofts Antispyware product works quite well. So a fourth option for people to try if the want.
Best places to start after doing your scans:
Boot into safemode
Start>Run>MSCONFIG> Startup Tab
Don't remove anything once in. Just let it sit in the background for now.
Write down file locations where they are located on the local drive and the Registry.
Usually I have found these programs to reside in the Windows Folder, Windows/System32 Folder, Program Files, Program Files/Common Folder.
Also write down the actual name and extension of the file and try searching the computer for them. Be sure to goto Folder Options and Uncheck the hide system folders and such. I have found many adware/malware hide themselves.
Next is to try and clean out the Registry.
Start > Run > Regedit or Regedt32
**BE SURE TO BACKUP YOUR REGISTRY BEFORE MAKING ANY MODIFICATIONS.
Export > Export Range set to ALL > Typically I type BackupRegisty > Save
Registry Locations typically are here:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run AND RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run AND RunOnce
Also if you get a filename and extension..do a search thru the registry and see if there are any pointers leading to other files. Alot of times you can delete these things but they reappear because another file is doing a check and balance to see if its there or a registry entry is missing and then put them back. Those are the annoying ones by far.
Once you get to here and clean everything you can find..cancel MSCONFIG and open it again.
START > RUN > MSCONFIG > Startup Tab
See if all the Startup Options are cleared out except for what your system/programs need.
Reboot the system and check MSCONFIG and see if anythign new puts it self back in. May want to double check the 4 registry locations too.
May want to goto your Internet Properties and goto Security and be sure all your settings are set to DEFAULT. Spyware alot of times will adjust these settings so they can get in easier. They can also adjust your home page so be sure that set correctly.
There are a couple registry tweaks that can be added to a system so these settings can never be changed.....so might take a look at that also. Never done them myself yet....
Not everybody will want to go this indepth in search of these damn pests. It is very time consuming. If the spyware is bad enough....wipe the system will be the best way to rid them from your and reload and better prepare your system next time around!
One option to help prevent these things from being installed is to take the User accounts out of the Administrator groups and make them in Restricted User accounts. Doing this restricts those accounts from installation access which helps prevent spyware installations.
The downside to this is then your restricted also from installing programs and other things unless you log in with a admin enabled account OR use the RUN AS option.
Best programs for spyware is whats been suggested already:
LavaSoft Ad-Aware Personal
SpyBot's Search and Destroy
Computer Associates Etrust Pest Patrol (click products then security under home and office)
I've been told from quite a few of my clients that the Microsofts Antispyware product works quite well. So a fourth option for people to try if the want.
Best places to start after doing your scans:
Boot into safemode
Start>Run>MSCONFIG> Startup Tab
Don't remove anything once in. Just let it sit in the background for now.
Write down file locations where they are located on the local drive and the Registry.
Usually I have found these programs to reside in the Windows Folder, Windows/System32 Folder, Program Files, Program Files/Common Folder.
Also write down the actual name and extension of the file and try searching the computer for them. Be sure to goto Folder Options and Uncheck the hide system folders and such. I have found many adware/malware hide themselves.
Next is to try and clean out the Registry.
Start > Run > Regedit or Regedt32
**BE SURE TO BACKUP YOUR REGISTRY BEFORE MAKING ANY MODIFICATIONS.
Export > Export Range set to ALL > Typically I type BackupRegisty > Save
Registry Locations typically are here:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run AND RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run AND RunOnce
Also if you get a filename and extension..do a search thru the registry and see if there are any pointers leading to other files. Alot of times you can delete these things but they reappear because another file is doing a check and balance to see if its there or a registry entry is missing and then put them back. Those are the annoying ones by far.
Once you get to here and clean everything you can find..cancel MSCONFIG and open it again.
START > RUN > MSCONFIG > Startup Tab
See if all the Startup Options are cleared out except for what your system/programs need.
Reboot the system and check MSCONFIG and see if anythign new puts it self back in. May want to double check the 4 registry locations too.
May want to goto your Internet Properties and goto Security and be sure all your settings are set to DEFAULT. Spyware alot of times will adjust these settings so they can get in easier. They can also adjust your home page so be sure that set correctly.
There are a couple registry tweaks that can be added to a system so these settings can never be changed.....so might take a look at that also. Never done them myself yet....
Not everybody will want to go this indepth in search of these damn pests. It is very time consuming. If the spyware is bad enough....wipe the system will be the best way to rid them from your and reload and better prepare your system next time around!
I'm 13, so my parents probably wouldn't let me do most of that, even though this is MY computer. Ad Aware took care of a lot of the stuff, some is still left but it's not so bad now.
tom_3 :
It's not that I said don't ever reformat, but before you do weight the consequences. I have, many times, had to reformat because of viruses or spyware in my system. All I am sayings is make sure you have everything necessary to get you computer back up to where it was. If not you might find you missed a driver you can't find again, you might lose a paper you were writing for a class, or something even worse. I just mean it as a warning to be careful. If you can avoid getting spyware and not downloading corrupted files from unreputable sources, then you don't even have to worry about it.
It's not that I said don't ever reformat, but before you do weight the consequences. I have, many times, had to reformat because of viruses or spyware in my system. All I am sayings is make sure you have everything necessary to get you computer back up to where it was. If not you might find you missed a driver you can't find again, you might lose a paper you were writing for a class, or something even worse. I just mean it as a warning to be careful. If you can avoid getting spyware and not downloading corrupted files from unreputable sources, then you don't even have to worry about it.
or if you don't want to re-format the hard drive take out the old and slap a new one in then you would have a bigger hard drive. Just a thought
Ok now it's gotten much worse. I can't even really run Ad-Aware for very long before it shuts down my comp. I'll run a scan on Ad-Aware then after maybe like 20 seconds I get a message saying my computer has to restart and that the restart is being initialized be NT Authority/System. And there's a timer on the message that counts down in seconds from 30 then it restarts my comp.
Any ideas on what to do about that?
Any ideas on what to do about that?
That's a old virus that used to do that. One way to stop it is quickly open up your command prompt and type shutdown -a. That'll stop it from shutting down giving you time to figure out the problem.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.