|
| |
Spyware/Adware Tricks....
Your PC is running Windows which means that there
are a number of processes running at any one time which are loaded into
RAM. It also means that the Operating System (XP, Vista or whatever) is
customised in a way to suit you and is not quite the same as any other
installation of Windows. The information that these customisations are
made up from is held in something called the 'registry' which is
basically a map of all the software you have installed, what colour and
background preferences you have and what hardware has been installed
etc. The registry is held on the disk of your computer and can be edited
using 'regedit' like you would a giant text document. Additionally you have
a Hard Disk itself which hold all of the system
files and application files that Windows is made up of. Spyware/Adware
uses these tools to make sure that it is extremely difficult to remove.
The latest incarnations of Antivirus 2009/VirusResponse
2009/XP Antivirus etc are truly designed around Windows and being a
continual pain in the neck. One could liken them to a Fungus that lives
on trees in the way that they have evolved as a pest to Windows. Once
one of these pests is either in RAM as a process or in the registry or
on the disk, it can repeatedly reload itself from the Internet and
re-materialise in RAM and the Registry. These latest version attach
themselves to Internet Explorer as an 'add-on' that always takes you
back to the same page where you are told you must buy yet more
anti-spyware to clean your computer.
Most of these applications
descend from Eastern Block countries and Russia. The example I was
looking at the other day was from Russia. How do I know this? Well when
the pestware takes you to a site to download itself again the domain
name was
http://startedwebsite.com/
which is registered to a gentleman (I think it's a he) in Russia. The
website gives the impression that the user has already shut down but if
you go to the full FQDN which is something like
http://startedwebsite.com/antivirus/xp
(do not click this!) the pestware is still downloaded so they are simply
pretending to have been shut down - they have literally thougth of
everything -. They have also thought of everything when it comes to the
design of the software. Let us talk about how to remove it in all of
it's forms.
1. Close the Scanner
application and delete
c:\program files\vir* folder.
The folder is not called vir* but virlib or virdub or something
similar - it has a few varieties so delete the folder that starts
with vir which contains the scanner and hold down [SHIFT] key as you
press delete so that the pestware doesn't go into the recycle bin.
2. Start task manager
[Ctrl+Alt+Del]
and right click on any processes that resemble iebt.exe (i.e.
iedbt.exe and the like) and choose 'end process tree' which are the
processes that make the pop-up appear bottom right; make sure they
are not re-appearing in the list then delete the
c:\programs\application
folder.
3. Go to the Control Panel
and double click Internet Options and go along the top to the
'Programs' page. Click on the button that says manage add-ons.
Highlight the add-on iebt.dll
and then at the bottom of the applet move the blob into the disabled
position. Also find 'Internet
Services' in the list and
disable this also.
4. Go to Control Panel and
make a note of the names of the new programs that have appeared such
as IEBrowse
and Internet Explore.
Make a note of these names exactly as they appear. Open the registry
editor (Start=>run and type regedit and click OK or start=>all
programs=>accessories=>run and type
regedit
and click OK if youre on Vista.)
!BEWARE! Editing the registry is
dangerous and can render you system un-bootable or even
unrecoverable!! ReadAllAboutIT or sircles.net take no responsibility
for what may happen even if you follow these instructions correctly!
Browse to
HKEY_LOCAL_MACHINE > Software >
and find the entries with the names you noted (or just do a search
for them.) Delete these entries from the registry. (Any software
that is installed makes an entry here in the registry so that it
appears in Control Panel under the add/remove programs list. It also
adds a filed that shows Windows where the executable .exe file is
which will remove that software which is what is triggered when you
choose to add or remove applications.
5. Go to start=>run=>
and type msconfig.
Go to 'startup' at the top and remove anything to do with
'Virus Scanning'
or 'Antivirus'
that you have not purchased. (This software pretends to be an
antivirus application and so Windows will actually warn you that it
is out-of-date. Microsoft need to address this problem immediately
as it one of the most emabarassing things i have ever seen befall a
software company!)
| |
| |
|
Provided by:
|
Spam, viruses, worms and
malware are all adding to the cost of keeping a reliable
email server on your premises.
What about if the experts were to look after one for you?
We do your antivirus, antispam, backups and keep everything
up to date on a system that is secured so only you have
access to your data. |
Provided by:
|
Our
FREE consultancy service is designed for SMEs who
would like some help to get moving toward a streamlined &
reliable computer system.
We analyse your network and workflow and tell you what we
think you should be doing with NO obligation. We want to set
an example for quality of service and we want to help YOU to
prove it. IT Solutions and
Support |
|
|
