Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running and run them in SAFE MODE if you can and if you can't then run them in normal mode.
*Note*
How to Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
*Note* For Ad-AwareSE also install the VX2 Add-on Cleaner To run this tool once Adaware is updated click on Add-ons in the left-hand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
Also make sure you are using the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)
STEP 2
Run an Antivirus/Spyware scan
If you have a high speed connection Please go to at least two of these sites and run an online Virus Scan. This will help clear out a lot of the malware first so the Analyst's can then attack the main infections.
If you already have an Antivirus program make sure you have an updated database for it and run it as well. You need to do both as one scanner may pick up what the other missed.
Be sure to have the AutoFix box(es) checked if they are required.
Uninstall Malware from Windows Add/Remove Program Tab
Open your add/remove programs tab and remove any of the following programs if you find them listed. These are all malware (spyware/adware) entry’s that may appear in the add/remove programs tab so IF you find the entry...uninstall the program.
180 Search Assistant
180Solutions
Active alert
Ad Service
AdTools
AdTools Service
Alexa toolbar
BargainBuddy
Bullseye Networks
CashBack
cosmi
DH
EasySearchBar
Elite Sidebar
Elite Toolbar
Freeze Clip Art
GAIN
Gator
Hotbar Outlook Tools
Hotbar Web Tools
HuntBar
Internet Optimizer
ISTbar
ISTSvc
MaxiFiles
Media Access
Media Gateway
MySearch
MyWay Search Bar
MyWebSearch
NavExcel Search Toolbar
NavHelper
ncase
Oemji Toolbar
Open Site
Preview AdService
Search Toolbar (HuntBar/WinTools)
ShopperReports by Hotbar
Sidefind
SideSearch
Slotchbar
Software Update Manager
SurfAccuracy
SurfSideKick
Upspiral Toolbar
TurboDownload
VBouncer
Viewpoint
Viewpoint Manager
Viewpoint Media Player
WareOut
WeatherBug
Web Rebates
Web Search Toolbar (WinTools)
Webhancer
WhenU (any entry)
WeirdOnTheWeb
Windows AdService
Windows AdStatus
Windows ServeAd
WinTools
WinTools Easy Installer
WSEM Update
These are Optional removals but we recommend you remove them as well.
Download Accelerator Plus
Kazaa
Kontiki
Messenger Plus
NetPumper
NewDotNet
P2P Networking
StarWare
WildTangent
*Note* If you're unsure about ANY entry then leave it alone.
STEP 4
Search for Rogue and Suspect Programs
Please visit the following site and REMOVE/UNINSTALL any program you have that is listed on this site.
This site is updated and maintained with a list of known "Rogue" and "Suspect" programs. These programs can not be trusted as they either don't do what they say, are poorly designed, or take advantage of the user in an effort to get YOU to spend money on buying their products. Several of these programs actually install "Spyware/Adware" on your system!
STEP 5
Update your Operating System
This is a basic step that many users fail to do. In a high percentage of cases this is the reason the user is infected in the first place. At times...we may STOP the cleansing process until this is done.
*Note* There are some infections that may prevent you from updating your Operating System. In these cases...please make sure you tell the analyst this on your first post. They will provide a "General" fix and try to fix that option first.
Before you proceed any further, please visit the Microsoft's Windows Update Page and install ALL Critical Updates for your system (except service pack 2) (SP2) . SP2 should only be installed on a fully disinfected system. At the minimum install at least SP1a for both XP and IE6. Without these updates your system is wide open to re-infection and you are wasting your efforts to clean your system. After you have completed your clean-up, you will have you return to the Windows Update page and install SP2. Then you need to learn how to better protect yourself online.
Please apply those updates, If during the updating process you get a message that your product key is invalid ....then you may not have a legitimate copy of Windows XP. Unfortunaly you can not update Windows XP to SP1
Thank you for your cooperation.
Setting up Hijackthis for the scan
1. Make sure the hijackthis program is updated and in it's own folder on the root drive (C:\HJT)
2. If you are using msconfigs selective startup please make sure EVERYTHING in the startup tab is checked as we need to see everything listed there. To set this up...please do the following.
Click Start> > Run> > Type in msconfig. Once that loads open the STARTUP tab. Make sure there is a checkmark in every box in the list. Click APPLY. Or you can select " Normal Startup-load all device drivers and services" under the General tab. You may be asked to REBOOT. Please do so.
*Note* Windows 2000 does not have this function.
3. Make sure you close down EVERY open window and close ALL browser windows. The only thing that should be open is the Hijackthis program.
This concludes the basic steps Everything listed here is an effort from us to help you...help yourself. Once your issue is resolved you will need Antivirus, Spyware and Firewall programs to help you prevent this from happening again in the future. Thank you for taking the time to read this.
Disclaimer: All information on this site is provided for informational purposes only! By no means is any
information presented herein intended to substitute for the advice provided to you by any health care or other professional
or organization.
tweet this!