This is G o o g l e's cache of http://sharethefiles.com/forum/viewtopic.php?t=3659 as retrieved on Oct 21, 2007 00:57:00 GMT.

G o o g l e's cache is the snapshot that we took of the page as we crawled the web. The page may have changed since that time. Click here for the current page without highlighting. This cached page may reference images which are no longer available. Click here for the cached text only. To link to or bookmark this page, use the following url: http://www.google.com/search?q=cache:bX05dw8qYkwJ:sharethefiles.com/forum/viewtopic.php%3Ft%3D3659+sysd m.cpl+registry+nt+vm+applet&hl=en&ct=clnk&cd=5&gl=us&client=firefox-a Google is neither affiliated with the authors of this page nor responsible for its content. These search terms have been highlighted: sysdm cpl registry nt vm applet

irc.p2p-network.net

Advanced Search

Home

Register Memberlist

FAQ & Rules The Guide Subtitles Tutorials Log in to check your private messages Log in

Security Post Links

sharethefiles.com Forum Index Tutorials ELIMINATE SPYWARE, ADWARE & POP-UPS Previous topic : Next topic Display posts from previous: All times are GMT Post new topic Reply to topic Wed Nov 05, 2003 10:29 am Author Message NiKEUS Senior Old Folk Senior Old Folk Karma: Joined: 30 May 2003 Posts: 2036 Location: UK Post subject: ELIMINATE SPYWARE, ADWARE & POP-UPS Reply with quote Got Spyware already and its killin ya? check out the tools first

Introduction At least once a week I am called to fix someone's computer. It comes with the role of being a "computer guy" I suppose. I am used to it, so I rarely complain when I end up at a friend's house trying to figure out why their PC is slow and unstable, or why they are constantly receiving pop-up messages telling them to buy diplomas or check out the latest XXX site. The repair procedure is getting easier all the time though, and I'll explain in this guide how I go about repairing a PC in this condition. Before following the steps in this guide, be sure your PC is virus-free. If you don't have a virus scanner, check your PC online or download a scanner! Symptoms and Causes Slow PC - If your PC is running much slower than you remember it running in the past, it might have spyware or adware installed. Internet toolbars or homepages have changed - If your PC has new, strange toolbars that you don't remember installing or your homepage constantly changes back to some site you don't intend to visit, you almost definitely have some form of adware/spyware installed. Strange pop-up Internet windows - If you see weird pop-up ads while surfing the Internet on sites that usually don't have pop-ups, or the pop-ups are adult related on non-adult sites, you probably have adware installed. These are Internet sites though, not Windows Messages (see below) Windows Messages (from the "Messenging" service) - If randomly ads appear offering diplomas or pornographic sites and the windows look like the example shown below, your IP address has been subscribed to a messenging service.

What is Adware? Spyware? Messenger Service? Adware - Designed solely to make money at your expense, Adware will pop random ads up when you least expect it. You'll be visiting Yahoo.com and all the sudden a porn banner will pop-up. Your child will be reading something on National Geographic's site and a bright blinking banner advertising an Internet Casino will appear. These programs are hidden within Windows, but will do major damage. Granted they rarely hurt your PC permanently, but they will slow it down and make it almost unusable most of the time. The programs are often memory and CPU hogs and are poorly coded, so your PC usually becomes unstable. Spyware - Most people use "Adware" and "Spyware" synonymously, but I consider Spyware to be a more intelligent version of Adware. Spyware is the nastier of the two, and will collect personal data about your PC and your habits in order to make even more money. Advertisers make more money when you are interested in the ads, so Spyware collects information about your Internet browsing habits in order to sell this information for more dough. For example, if you visit car sites a lot, the random ads will be car ads. This way they'll also seem more fitting so people won't question the ads as much. It's believed that Spyware designers also sell these habits to retailers in order to gather demographics. Spyware and Adware can both hide themselves many ways. The most common is to load at Windows' startup and stay resident in system memory. Some Spyware will appear on the navigation bar in Internet Explorer and since most people cannot figure out how to remove it, they will be stuck with it even if it's right in front of them. Still, other users won't even notice the navigation bar. This type is generally the worst when it comes to slowing a PC down. Messenger Service - The Messenger service is enabled by default within Windows 2000 and XP, and will allow network users to communicate with one another. Unfortunately, advertisers have figured a way to profit from this and the best solution is to disable the service entirely, as you'll read later.

Where do they come from? How can I fight back? Adware and spyware usually come to your PC three ways, listed from most common to least:

1) File sharing programs such as KaZaA, Morpheus, Bearshare, Grokster, Edonkey2000 and Limewire. Almost any free file sharing program out there will install Adware on your computer except a few (such as a stripped version of "Kazaa Lite or Emule"). 2) Internet sites that attempt to install plug-ins or extra features. It's hard to decide which of these are bad and which are actually beneficial, but for the most part, if you're reading a site you know is not as well established as another (comparing a Geocities hacking site to Microsoft.com, for example), be careful about installing add-ons. When you first visit the site, boxes might pop-up telling you to install the "Comet Cursor" or "Gator advertising Network". Some users either accidently click "Yes" or just click it to make it go away. Be very careful if the corporation is not one you haven't heard of! 3) Installed with legitimate programs. I have seen Spyware install with software that appears to be legitimate, including game demos and ISP software. Be careful of what you install and always choose "Custom" installs to see what kind of crap people package with their software. How can I fight back? It's not easy. The best thing you can do for now is remove the Spyware, Adware, and Messages. You probably will not be able to find the original source of the problem so nobody will be held responsible. Boycott the file sharing programs that install these backdoor programs or download Lite versions. Help others remove Spyware and be careful in the future with your PC. Know Your Enemy Windows 95/98/Me: Just hit CTRL-ALT-Delete and scan for the Spyware types mentioned below. Windows 2000/XP only: In order to conquer Spyware, you must first know the names of the programs. Close any program you can in your system tray (bottom right corner) and close any programs you have open except this Window (unless it's printed). Now hit CTRL-ALT-Delete and click the "Processes" Tab. With everything closed, you should have less than 20 programs open, even less if you have disabled your virus scanner for this test. The programs you should see include: -taskmgr.exe -explorer.exe -iexplore.exe -spoolsv.exe (maybe) -svchost.exe (even 4 or 5 of it) -winlogon.exe -lsass.exe -services.exe System System Idle Process

Other programs running are fine as long as you know what they go to. For example a file that begins with "NV" is probably an Nvidia display driver or application and any program that begins "NAV" is probably Norton Antivirus. If you see many other programs such as "Dialer", "Freeaccess", "Offer", "Save*", "GATOR", "Newdotnet" (or New Net, New.net), "Xupiter", "Shop*", "Ad*", "Bargains", "NewsUPd", prepare to nuke them. Now, let's remove this junk! Removing Spyware and Adware First, go to ad-aware.com and download Ad-Aware from Lavasoft. Install it and run it. Check the "My Computer" box on the left to select every option for scanning. Then choose "Scan Now". This program will eliminate just about every Spyware/Adware program you'll encounter, so it's a good tool to keep around. It will even remove Spyware that was uninstalled a long time ago. It will also remove advertising cookies. It is a good idea to back-up your files (the program includes a back-up utility) before you remove them. Of course, after it's done its job you could always uninstall the program, but you might want to download it again later.

I recommend checking for Adware once a month (minimum) in order to stay clean or again whenever your PC seems slow. Second, disable 3rd party browser extensions in Internet Explorer. This will prevent some Spyware from contaminating your PC in the future and stop those annoying Gator and New.Net shell extensions from taking over. To do this, start up Internet Explorer and go to the "Tools" tab at the top. Then choose "Internet Options". Move to the "Advanced Tab" at the right. Uncheck the box "Enable third-party browser extensions (requires restart)". Choose OK until you're out of this menu. Don't restart until you're done with this guide, though, as you'll need to restart again anyway.

Third, choose "Start", "Run", and type "msconfig". Hit OK. Move to the "Startup" tab.

This is the list of programs that launch when Windows starts. Scroll through your list and be sure there aren't any extra programs you don't want to run, such as Gator or those mentioned earlier. I also turned off "qttask" (Quicktime's taskbar component) and "ADGJET" (some Sound Blaster Live utility). Once you're finished here, choose OK and then "Exit without restart". Finally, enter the registry editor ("Start","Run", "Regedit", OK). Navigate to HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run. Here are the programs set to run when Windows starts. This list should be basically the same as the MSCONFIG list we just saw. If you see any additional programs that appear to be out of the ordinary, delete the entry (backup first!) and close the registry editor. Nuke the Windows Messenger Pop-ups Fortunately, these are very easy to fix. Head back to the MSCONFIG utility ("Start", "Run", "msconfig", OK). This time click the "Services" tab. Scroll down until you see "Messenger". Uncheck this box. Choose OK. Then choose "Exit without Restart". Close all your programs, reset your PC, and you'll probably never see those messages again. Once your PC reboots, you can test to see if the messages still work by doing the following: Choose "Start", "Run", then type "net send * test". If a message pop-ups saying "test", you have not disabled the service correctly. this guide comes from Tweak3D

Donate | FAQ | Rules | Search Forums | Search Google | Get Emule | Emule Help | Emule Mods | TFOSoft Last edited by NiKEUS on Wed Nov 05, 2003 11:13 am; edited 2 times in total NiKEUS is offline View user's profile Send private message Back To Top Wed Nov 05, 2003 11:01 am Author Message NiKEUS Senior Old Folk Senior Old Folk Karma: Joined: 30 May 2003

Posts: 2036 Location: UK Post subject: Reply with quote

Tools to Prevent and Dispose Author: Mike Healan There is a despicable trend that is becoming more and more common where the browser settings of web surfers are being forcibly hijacked by malicious web sites and software which modifies your default start and search pages. Sometimes internet shortcuts will be added to your favorites folder without asking you. The purpose of this is force you to visit a web site of the hijacker's choice so that they can artificially inflate their web site's traffic for higher advertising revenues. In some cases, these changes are reversible simply by going into internet options and switching them back. Not always, however. Sometimes it's necessary to edit the windows registry (gasp!) to undo the changes made. Sometimes there is even a combination of registry setting and files clandestinely placed on your hard drive that redo your settings every time you reboot the computer. No matter how often you change your settings back, they are changed again the next time you restart. There have even been cases where internet options have been removed from the tools menu by registry hacking to prevent you from controlling your own computer! Even AOL has become a browser hijacker by placing it's web site free.aol.com in Internet Explorer's trusted sites security zone, thereby bypassing the most frequently used security settings. This occurs after installing their AOL software, AOL Instant Messenger, Netscape 6.x, and ICQ2001b has reportedly done this. AOL then exploits this by downloading ActiveX components to your computer without your consent. The CWS trojan also does this.

Preventing a hijack Most people use Internet Explorer, which is the most prone to these sorts of exploits due to its insecure nature. You would be safer using a better, more secure browser, such as Mozilla. If you insist on using Internet Explorer, you need to tighten up your browser's security settings. Open your control panel and open Internet Options to the Security tab. In the activex area, disable activex that is not marked as safe and not signed. If they can't sign their own code, you certainly shouldn't run it on your system. For activex marked as safe and signed, set to prompt. Why is activex so dangerous that you have to increase the security for it? When your browser runs an activex control, it is running an executable program. It's no different from double clicking an exe file on your hard drive. Would you run just any random file downloaded off a web site without knowing what it is and what it does? Always keep current with the latest security fixes from Microsoft. In particular, make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers. Better yet, replace Microsoft's Java VM with Sun's Java JRE. The following software will also greatly decrease your odds of getting hijacked in the first place. Browser Hijacker Blaster [recommended] Guard-IE IE-Spyad Spyware Blaster Settings Sentry [From the maker of

Spyblocker] These products will protect your settings and possibly prevent this from happening. However, if you have already been infected, you will need software specifically designed to remove this sort of garbage so that the problem is solved completely. Any of the products below will completely remove most hijackers, unless it is one which has just started spreading. Spybot S&D [recommended] Ad-aware Aluria Spyware Eliminator If you have a hijack that is not fixed by any of these products, you may use these solutions below that I've come up with after helping to fix these same problems countless times through email and at the forums. Read on... Please read the disclaimer below before doing anything described here. By following any of these instructions, you agree to be bound by the disclaimer. If you do not agree, do not follow these instructions. Also note that with Windows NT/2K/XP you will likely need to be logged in as an administrator for much of this. Go ahead and do that now. The situation: Your browser now has a new start page and a new search page. Every time your browser loads a page that doesn't exist, you end up at some strange site, probably filled with popup ads. You go to Tools > Internet Options to fix this, only to find that option grayed out. You open the control panel, only to find Internet Options missing from there too. You try to open regedit to start hacking away at the registry, but you're given the message that "your administrator has not given you that privilege". Some scumbag webmaster has gotten a scumbag script kiddie to truly mess up your browser settings, and has made it next to impossible for you to change it back. Notice that I said "next to impossible"........... So, what do you do here? Skip any step that deals with a problem that doesn't effect you Assuming that none of the spyware removal programs listed above helps you, the very first thing you need to do is download and run HijackThis. Put a check mark next to every search and start page setting it lists which you haven't put there yourself and choose fix. Do the same for any hosts file entries. If it lists anything as O5, O6, or O7*, fix those as well. Please ask for advice at the forums before using HijackThis to change anything else. *Note: Spybot S&D, Start Page Guard, Settings Sentry, and similar programs may provide options to lock settings against unauthorized changes. If you have these options enabled, HijackThis will detect that as a restrictions hijack. Disable those options before scanning with HijackThis. Second, you have to get Internet Options back into the control panel. Do a file search and look for a file named "control.ini". Open it in Notepad. You may see something like this: [don't load] inetcpl.cpl=yes Delete the "inetcpl.cpl=yes" line under "[don't load]". Save and close the file, then try the control panel again. If it's still not there, restart your machine and it should be there. For Windows 2000 and XP, you will need to edit the registry to do this. Go to the start menu > RUN command > type REGEDIT and press enter. Navigate through the registry keys until you get to HKEY_CURRENT_USER\Control Panel\don't load\. Look and see if inetcpl.cpl is listed. If it is, delete the entry for it and log off.

See the list at the bottom of this page to identify other entries. Thanks to Corné de Leeuw for this information. Run a search on your hard drive for any files ending with *.hta or *.js. If you find any, open them in notepad or some other text editor and look for the URLs that you have been hijacked to. Any file with those URLs, delete them. Also delete all *.tmp files on your drive; some of them contain malicious code (for e.g. browser hijacks or malware (re)installations). Besides, deleting *.tmp files doesn't hurt, unlike dll's which are also used sometimes for this purpose. (Thanks to cexx.org for the additional info in this step). HijackThis will list any BHO installed on your computer. Check the BHOs listed against the list of all known BHOs maintained at this site by a member of our support forums. If you find one listed as some sort of spyware/malware/hijackware, run HijackThis again and find that BHO in the list. Check its box and have HT fix it. If you find a BHO that is not included in the list, please make a post in the Browser Hijackings section of our support forums with the HijackThis log pasted in along with an explanation of your problem. Please wait for replies before deleting this BHO, as it may be a new one which I can have added to various spyware/malware cleaning programs. It may also be an innocent file that is not causing your problem, so please wait for advice before deleting it. Now you need to see if there is a startup entry for your hijacker file. The next time you reboot, the hijack might come right back. The reason for this would be an entry in the run section of the registry. Look in HijackThis for 04 startup items. Check the entries listed against Pacman's List. Items listed as virus, malware, spyware, or something else that is undesirable, put a checkmark next to it and "fix" it. If you find entries in your log that are not listed, you can report them at the forums. Again, it will be absolutely necessary for you to close all open Internet Explorer windows before any of these changes will take effect. That includes this window. Some changes may even require a log off or even a reboot before they have any effect. Still not fixed? I hope this helps anyone who has become a victim of a browser hijack. If it does, great. If the problem still remains after doing all of the above, you can visit our support forums and post the specifics of your problem there and I or someone else can troubleshoot the problem. Before posting, please make sure you have followed all of the instructions above.

Related Links: http://www.cexx.org/hphijack.htm - Homepage Hijackers http://www.spywareinfo.com/articles/lop/ - Lop.com http://www.pcworld.com/news/article/0,aid,63345,00.asp - Stealth ad explosion http://www.pcworld.com/news/article/0,aid,101916,00.asp - Web Ad Explosion http://www.pcworld.com/news/article/0,aid,84464,tk,dn021402X,00.asp - Invasion of the browser snatchers http://www.spywareinfo.com/newsletter/archives/september-2002/09212002.html#xupiter - Xupiter

Disclaimer of Warranty Go back "SpywareInfo and/or the author" assumes no responsibility for errors or omissions in these materials. THESE MATERIALS ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. "SpywareInfo and/or the author" further does not warrant the accuracy or completeness of the information, text, graphics, links or other items contained within these materials. "SpywareInfo and/or the author" shall not be liable for any special, indirect, incidental, or consequential damages, including without limitation, lost revenues or lost profits, which may result from the use of these materials. The information on this server is subject to change without notice and does not represent a commitment on the part of "SpywareInfo and/or the author" in the future.

That said, if you do happen to find a problem with anything here, please contact me immediately. I'll do my best to correct the problem as soon as possible.

Control panel applet file names Thanks to Corné de Leeuw for this information. Go back access.cpl - Accessibility Applet appwiz.cpl - Add/Remove Programs Applet console.cpl - Console Applet timedate.cpl - Date and Time Applet desk.cpl - Display Applet fax.cpl - Fax Applet hdwwiz.cpl - Hardware Wizard Applet irprops.cpl - Infrared Port Applet intl.cpl - International and Regional Applet inetcpl.cpl - Internet Settings Applet joy.cpl - Joystick Applet liccpa.cpl - Licensing Applet main.cpl - Mouse and Keyboard Applet mlcfg32.cpl - Mail Applet mmsys.cpl - Sound and Multimedia Applet modem.cpl - Modem and Phone Applet ncpa.cpl - Network and connectivity Applet netcpl.cpl - Network and Dial-up Connectivity Applet nwc.cpl - Netware Client Applet odbccp32.cpl - ODBC Applet devapps.cpl - PC Card Applet ports.cpl - Ports Applet powercfg.cpl - Power Management Applet sticpl.cpl - Scanner and Camera Applet srvmgr.cpl - Server Manager Applet sapi.cpl - Speech Properties Applet sysdm.cpl - System Applet telephon.cpl - Telephony Applet tweakui.cpl - TweakUI Applet nusrmgr.cpl - User Manager Applet wspcpl32.cpl - WSP Client Applet quicktime.cpl - QuickTime Applet S32LUCP1.cpl - Norton Live Update Applet cpqmgmt.cpl - Compaq Insight Agents Applet wtcpl.cpl - Wild Tangent Auto Updater Applet (This updater is spyware)

Taken from Spywareinfo Donate | FAQ | Rules | Search Forums | Search Google | Get Emule | Emule Help | Emule Mods | TFOSoft NiKEUS is offline View user's profile Send private message Back To Top Fri Jun 18, 2004 2:16 pm Author Message EclipseGSX Head Honcho

Head Honcho Karma: Joined: 10 Jun 2003 Posts: 16510 Location: USA Post subject: Reply with quote Here are the steps I usually take when approaching a PC that's inundated with Spyware/Adware. Keep in mind that depending on how bad the infection is, you may need to perform these steps while in Safe Mode (F8 during bootup): 1) Run through Add/Remove Programs and see if anything can be removed from in there. This will at least eradicate the most obvious threats. 2) Check your running processes for strange entries and end-task them (be careful). 3) Clean out the %userprofile%\Local Settings\Temp (or just %temp%) directory and Temporary Internet Files. 4) Run a Spyware and Adware removal tool. I recommend Spy Sweeper above all others, but Spybot Search and Destroy and Ad-Aware do a decent job as well. 5) To remove rogue browser helper objects (BHOs) and plugins, as well as address programs that are starting up automatically with Windows unbeknownst to you, HiJackThis is an indispensable tool. This isn't something you want to run with reckless abandon, but it's fine for anyone with a little know-how. It allows you to scan your system and remove things based on your own judgment (it doesn't analyze things for you). There is also an option to create a log so more skilled professionals can judge the state of your system and how badly it is compromised. 6) Clean up any excess directories from Program Files and give the HKCU and HKLM/Software registry sections a once over to make sure there aren't any bits and pieces of the junk left over. I also recommend looking under HKCU and HKLM/Software/Microsoft/Windows/CurrentVersion/Run and making sure that all those startup programs are in check. That's pretty much it. Keep in mind that the removal of some types of Adware/Spyware can lead to a loss in network connectivity or cause certain programs not to work. In these cases you need to rebuild the Windows Sockets layer (sounds harder than it really is). For this express purpose, I recommend throwing a WinSock fixer on floppy. Windows 2000/XP - http://www.spychecker.com/program/winsockxpfix.html Windows 9x - http://www.bu.edu/pcsc/internetaccess/winsock2fix.html You may also need this registry fix (9x only): http://members.lycos.co.uk/eclipsegsx/registry/winsock.reg (right-click, save target as...) -Eclipse « Forum Rules § Forum Search § .bin/.cue Guide § Tutorials § Donate! » EclipseGSX is offline View user's profile Send private message Visit poster's website ICQ Number Back To Top Mon Jun 21, 2004 4:26 pm Author Message Moore Established Established Karma: Joined: 02 Jun 2003 Posts: 1421 Location: On the Run Post subject: Difference between Safe/Legit & the Dodgy Spyware remove Reply with quote

There are evergrowing number of companies entering the Anti-Spyware market , unfortunately not all of them have your best interests in mind when they put out their programs for general use ... The following information should be used to help you work out which Anti-spyware software can be trusted and which ones should be avoided at all costs. Some of the programs below are even a hacked / ripped off version of a free program which the company then sells to people , even though the original free version is often better and even has much more reliable forum technical support. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Spyware Remover comparision >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Spyware Comparison Test LINK ! >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> AdAware Using the initial point of the guest OS, AdAware was updated to the most recent reference file in order to achieve the best results possible from the scan. On AdAware’s first scan it was able to detect 813 objects which consisted of 9 processes, 270 registry keys, 41 registry values, 463 files and 30 folders. Because many of the files found were currently running on the system, it was necessary to run AdAware upon system startup, so a reboot was inclined. After the reboot, AdAware found a few more files, totaling the final figure to 869 objects found. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Spybot After the first scan, SpyBot reported that there were 371 infected files in which a second and third scan were needed to finally, according to SpyBot, rid the computer from all the infections. In total, SpyBot scanned and detected 382 files. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> SpySweeper The first scan resulted in SpySweeper confirming there were a whopping 8,267 traces on the machine, which included 76 files. A scan after the computer was rebooted resulted in 34 more traces bringing the grand total to 8,301 traces. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> SpyHunter After SpyHunter was done scanning, it reported 6 objects in the memory, 152 in the registry, 29 cookies and 323 files. A second scan was necessary in which SpyHunter found a few extra objects. In total, SpyHunter reported 535 objects scanned on the infected computer.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> SpyRemover After the scan, SpyRemover’s initial scan was identical to SpyBot’s in finding the same number of infected objects. After a few other scans, the total amount of objects found were 381; 1 object less than SpyBot S&D. Apart from the fact that SpyRemover is a total rip off of SpyBot, they have the audacity to charge you money when the original can do much more. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> *SpyRemover Either SpyRemover is a spin off by the creators of SpyBot S&D, or this is a total rip off of it. SpyRemover is almost exactly similar to SpyBot in just about everything. The user interface is extremely alike; SpyRemover also creates a system restore point before removing any files infected. The only difference between the two, apart from the side that SpyBot S&D creates a backup of the registry for the user, is the price. Both look exactly alike, and as we will see next, both found the same amount of objects, SpyBot S&D is free while SpyRemover charges before you can remove any of the files. It really comes to a surprise how this application was downloaded by nearly 500,000 users. I wonder how many of those actually paid for it? >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> * SpySweeper Running an AdAware scan after SpySweeper determined it had "cleared" all the malicious objects resulted in AdAware finding 304 objects still present on the machine. The objects consisted of 25 registry keys, 6 registry values, 264 files and 9 folders. Obviously, 304 objects left behind is a big deal. What does this mean? It means that though SpySweeper was reportedly able to find a massive amount of traces on the system, it only goes to show that one spyware removal tool alone cannot completely rid an infected pc of all malicious objects. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Now here's something everyone should take note of. ! >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Updated List of Rogue/Suspect Anti-Spyware Programs >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> June 13, 2004 >> http://www.netrn.net/archives2/2004_06.html << I received this list from Eric L. Howes, the developer of IE-SPYADS. Note he also includes legitimate and recommended spyware removal programs. ** Rogue/Suspect Anti-Spyware Products ** AdProtector (adprotector.com/protectorsuite.com/redv.net) Adware Agent (killersoftware.com) AdwareHunter (adwarehunter.com/browser-page.com) eAcceleration "Stop Sign" (stop-sign.com/eanthology.net/eacceleration.com) Easy Spyware Killer (easyspywarekiller.com) InternetAntiSpy (internetantispy.com) NoAdware (noadware.net/netpalnow.com/noadwarenow.com) Privacy Defender (pcsecurityshield.com)

PurityScan (purityscan.com/puritysweep.com) Real AdWareRemoverGold (adwareremovergold.com/sg08.biz) -- may be TZ Spyware Adware Remover SafeGuardProtect/Veevo (safeguardprotect.com/veevo.com) ScanSpyware (scanspyware.net) SpyAssault (spyassault.com) SpyBan (spyban.net) -- noadware clone SpyBlast (spyblast.com/advertising.com) Spyblocs/eBlocs.com (eblocs.com/spyblocs.com/spybloc.com) SpyBouncer (spybouncer.com/stingware.com) SpyCleaner (spycleaner.net) SpyDeleter (spydeleter.com/209.50.251.182) SpyEliminator (securetactics.com) -- dead? SpyFerret (onlinepcfix.com) -- also Lop Uninstaller, Xupiter Uninstaller SpyGone (spygone.com) SpyHunter (enigmasoftwaregroup.com\spywareremove.com\spybot-spyware.com\spybotsearch.c om\blacklistonline.com\66.98.222.170\1spybot.com\spybot-download.com\deletes pyware.net\spybots.net\spybot-search.com) SpyKiller (spy-killer.com/maxionsoftware.com/spykiller.com/spykillerdownload.com/freespyware-scan.com) SpyKillerPro (spykillerpro.com) Spyware Annihilator (solidlabs.com) SpywareBeGone (spywarebegone.com\freespywarescan.org) SpywareCleaner (checkforspyware.com/ - spw2a.com/sc/ - spw2f.com/sc/ spw3e.com/sc/) SpywareCrusher (spywarecrusher.com) SpywareNuker (spywarenuker.com/trekblue.com/trekdata.com/spyware-killer.com/adaware.com/a da-ware.com/spy-bot.biz/spynuke.com) SpywareKilla (spywarekilla.com) SpyWare Killer (cosmi.com) SpywareRemover (spy-ware-remover.com/spywareremover.com) -- same as SpywareNuker SpywareThis (spywarethis.com) SpywareZapper (spywarezapper.com) -- may be TZ Spyware Adware Remover SpyWiper (mailwiper.com) ssppyy pro (ssppyy.com) TZ Spyware Adware Remover (trackzapper.com) VBouncer/AdDestroyer (spywarelabs.com/virtualbouncer.com) Warnet (warnet.com) XoftSpy (download-spybot.com/paretologic.com/downloadspybot.com/no-spybot.com/spy-bo t.net) -- may be a SpyHunter clone ZeroSpyware (zerospyware.com/zeroads.com) Added on 06/17/04: Spyware C.O.P. (spyware-cop.com) Spyware Stormer (spywarestormer.com) ** Rogue/Suspect Anti-Spyware Sites ** 5spynetwork.com comparespywareremovers.com safespy.net spybot.com spyhunter.com spy-hunter-detector.com SpywareInfoooo.com

** Clones/Knockoffs ** Rogue: BPS Spyware & Adware Remover (bulletproofsoft.com) -- AdAware knockoff, uses hacked SpyBot db NoAdware (noadware.net/netpalnow.com/noadwarenow.com) -- AdAware knockoff SpyFerret (onlinepcfix.com) -- uses hacked SpyBot db SpyGone (spygone.com) -- SpBot S&D ripoff SpywareNuker (spywarenuker.com/trekblue.com/trekdata.com) -- uses hacked SpyBot db Legit: SpyStopper (itcompany.com) -- SpyBlocker clone (licensed) SpyRemover (itcompany.com) -- SpyBot S&D clone (licensed) Spyware X-terminator (stompsoft.com) -- Pest Patrol clone (licensed) Note: "Rogue/Suspect" means that these products are of unknown, questionable, or dubious value as anti-spyware protection. Some of these products simply do not provide proven, reliable anti-spyware protection. Others may use high pressure sales tactics and false positives to scare up sales from gullible, confused users. A *very few* of these products are either associated with known distributors of spyware/adware or have been known to install spyware/adware themselves. Users looking for reliable anti-spyware products are advised to stick to those with well-deserved reputations and proven track records. These include (but are not limited to): AdAware http://www.lavasoft.de/ PestPatrol http://www.pestpatrol.com/ Spybot Search & Destroy http://spybot.safer-networking.de/ Webroot Spy Sweeper http://www.webroot.com/ And for spyware prevention, see: SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html SpywareGuard http://www.javacoolsoftware.com/spywareguard.html Winpatrol http://www.winpatrol.com ############################################ Check these posts out by The Webhelper, Enigma Software's Spyhunter looks like it changed into XosftSpy after ripping off Spybot Search and Destroy for a while first : Webhelper Review: XOFTSPY: http://spywarewarrior.com/viewtopic.php?t=1154 Open post to C. Stark enigmasoftwaregroup.com: http://spywarewarrior.com/viewtopic.php?t=2116

Enigma Software threaten Spyware warriors : http://www.bluetack.co.uk/forums/index.php?showtopic=3524 Enigma Spyhunter has been included in the latest Ad-Aware definition file : http://www.lavasoftusa.com/news/20040528.shtml ################################################### Moore is offline View user's profile Send private message Visit poster's website Back To Top Post new topic Reply to topic sharethefiles.com Forum Index Tutorials ELIMINATE SPYWARE, ADWARE & POP-UPS Jump to: You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Back To Top Page 1 of 1 Jump to:

Powered by phpBB © 2001, 2002 phpBB Group Avalanche style by What Is Real © 2004