An Overview of Spyware and Anti-Virus Protection

Section 1 makes sure your computer is not at risk for hard to remove viruses. Section 2 covers cleaning and removal. Section 3 makes suggestions on securing your machine after clean up.

Getting Prepared; Steps to be sure your system is ready to be scanned:

1: Disable System Restore temporarily (WinXP & WinME only) if you are infected; Any trojans, spyware, etc. you may have picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Please follow instructions to do that here: 

For Windows XP:

1: Right click on the My Computer icon on your desktop and select properties.
2: Click on the system restore tab.
3: Check the box that says "Turn off system restore on all drives". Click OK.
4: Click Yes when you are prompted to restart the computer
5: To re-enable System Restore, follow steps 1-3, but in step 3, click to clear the Disable System Restore check box.

For Windows Millenium:

1: Right-click My Computer, and then click Properties.
2: On the Performance tab, click File System, or press ALT+F.
3: On the Troubleshooting tab, click to select the Disable System Restore check box.
4: Click OK twice, and then click Yes when you are prompted to restart the computer.
5: To re-enable System Restore, follow steps 1-3, but in step 3, click to clear the Disable System Restore check box

2: Network Security, Workstation Netlogon Services & Remote Procedure Call (RPC) Helper (Windows XP, 2K, NT); If you have the about:blank or home search hijack you need to check to see if a Windows service name "Network Security Service" or "Workstation Netlogon Service" are running. To do this, click Start>Run, and enter the following in the Open box: "services.msc" (without the quotes). Then click OK. Now, in the Services window that pops up look for exactly the following service names (no others) "Network Security Service" or "Workstation Netlogon Service" or "Remote Procedure Call (RPC) Helper". If you find these services, you must stop it by right clicking on it then select stop. Now, disable it by right clicking on it and selecting Properties. Then in the General tab see the area that says "Startup type: " click on the pull down arrow and change it to Disabled. If it does not exist, do not worry and skip this step.

3: Enable viewing of hidden files and folders and extensions; Some programs can hide this way by not being visible in Windows. Start Windows Explorer and click on your main hard drive, usually c:\. Then select Tool from the top of Windows Explorer and then Folder Options. Go to the View tab. Scroll down to the folder icon that says Hidden files and folders and check show hidden files and folders. Optionally, right below it, uncheck the hide file extensions for known types. Not doing this could allow file extensions commonly used by trojans and spyware to be hidden, for example a file ending in .exe or dll making manually finding it, if needed, difficult to impossible

4: Downloading Tools; Download the following tools and save in your favorite download folder or create one, for example C:\Temp or C:\Downloads. And then install, update, and configure as indicated below.

Ad-Aware SE.......Install, click Check for Updates now and get any updates, then exit.
Ad-Aware VX2 Cleaner Plug-In.....Install only
CCleaner.............Install only, then exit
Spybot................Install, do the search for updates now and get any updates, then exit.
SpywareBlaster...Install, click Download Latest Protection Updates, Check for Updates, and then Enable All Protection, then exit. It does a great job of blocking known vulnerabilities as well as known malicious websites.
McAfee AVERT Stinger....No installation required! Ready to run as is.
CWShredder......No installation required! Just unzip it to a folder.
Kill2me..............No installation required! Just unzip it to a folder.
about:Buster......No installation required! Just unzip it to a folder.
HSRemove........No installation required! Ready to run as is.


Your system is now ready to be properly scanned for spyware, trojans and viruses.

Scanning And Cleaning Steps:

1: Virus And Trojan Scanning;
a) Win9x (Windows 95, 98, 98SE) users boot normal mode.

• do an online scan at Trend Micro's Free Online Virus Scan
• do an online scan at Symantec Security Check
• now boot in safe mode (and remain there) and run McAfee AVERT Stinger. See how to boot in safe mode below.

b) And Windows XP, 2000, NT, ME, users boot in "safe mode with networking support" (and remain in there). See how to boot in safe mode below.

• do an online scan at Trend Micro's Free Online Virus Scan
• do an online scan at Symantec Security Check
• run McAfee AVERT Stinger

How to boot in safe mode: To boot into safe mode, restart your computer and tap the f8 key (after first black and white screen, but before the Windows splash screen) until you get to a black and white screen asking you what to do. With Windows XP, 2000, NT, ME: Use your arrow keys and select "safe mode with networking support".

Booting in safe mode is important because best results are achieved since safe mode disables most drivers and running programs.

2: Clean Your Hard Drive; Remove temporary internet and other files not needed with CCleaner. Run CCleaner with the default options to clean out temporary files. Optionally, check the clean "Delete Index.dat" checkbox.

3: Main Spyware Scan And Removal; Scan your machine with Ad-Aware SE (remember to install the Ad-Aware VX2 Cleaner Plug-In for it) and Spybot. Look for the Immunize feature in Spybot and use it.

4: Secondary Spyware Scan And Removal: Other Removal Tools; Run the other programs you downloaded; CWShredder (make sure you select Fix), Kill2me, about:Buster and HSRemove. They are free, standalone and easy to use. Note: about:Buster and HSRemove need only be run if you are having about:blank or HomeSearchAssistent hijacks. Also, note that HSRemove is not compatible with Win9x or WinMe systems.


These final 2 OPTIONAL steps require you reboot back to normal mode.

5: OPTIONAL: If you can not remove the stubborn "Only the Best" aka "HSA" HIJACKER please view this thread by Chaslang, an expert in removing these things, can be found here: http://forums.majorgeeks.com/showthread.php?t=38772

6: OPTIONAL: Scan With Hijack This; If you have gotten this far without success, you may need to download Hijack This!. Taking a few minutes to read this tutorial is required before posting a logfile so that you can get the most from it and make it easier to diagnose. Please post your logfile as an attachment when asked only.

Make sure that you tell us in your post that you've already followed the instructions on this page so we don't waste your and our time by posting a link to it in your thread. Also, it would be helpful to indicate what kind of problems the above steps have found and fixed (or failed to fix).


Keeping your computer safe and secure:

1: Windows Update; Update Windows at Microsoft Windows Update. Just click on Start, then Windows Update. Many security loopholes are found and exploited and Microsoft patches for these. Millions of people were affected by the Blaster worm because they were not up to date, as an example. If you're not up to date, you're at risk. You can setup automatic updates in your control panel; go to Start, Settings, Control panel.

2:Remove Microsoft Java; Microsofts no longer supported version of Java is often a source of installed spyware and hijacks so it is a good idea to remove Microsoft Java Virtual Machine and Install Sun Java. To remove it follow these steps.

1: Select Start > Run and Enter "RunDll32 advpack.dll,LaunchINFSection java.inf,UnInstall" in the Open box, and click ok.
2: Click Yes to confirm that you want to remove the Microsoft VM
3: When prompted, reboot the computer
4: Remove the following items: (Systemroot is where windows is installed (usually C:\Windows)
The \%Systemroot%\Java folder
The file java.PNF from the \%Systemroot%\inf folder
The files jview.exe and wjview.exe from the \%Systemroot%\system32 folder
The registry subkey HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Java VM
The registry subkey HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ InternetExplorer \ AdvancedOptions \ JAVA_VM
5: Install Sun Java here: http://java.sun.com/getjava/index.html

(Any files or registry entries not found or errors can be ignored and go to the next step)

Optionally, consider replacing your web browser with a free alternative like FireFox or a shareware browser like Opera, for example.