Adware SpyWare and MaulWare removal instructions

G

Guest

Intended Audience IT Professionals

One IT Pro Perspective
AdWare and Spyware and MaulWare removal IT Pros
Scope of this document is intended for Windows NT, 2000, and XP systems(Windows 95,98 and ME require more challenging methods of inoculation)

Detecting and Cleaning Instructions
1. Check task manager for annoying apps running in the back ground and kill them or End Process Tree. Kills all child processes spawned by parent processes
Booting to safe mode also helps for severly infected systems
2. Run MSCONFIG in startup tab inspect all unknown apps or commands.
Operating systems not having this tool can be accessed in registry editor
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Note: you should export these hives before removing any registry keys
3. Uninstall programs known or suspected to cause problems from control panel
Note: Good habit is to reboot system even if not prompted after removing a large number of software installations only if you intend to install software. Helps prevent Registry corruption. Especially WIN98, NT4, ME, WIN2k. Windows XP is a much more stable system than the later systems, I still recommend rebooting this system also. Murphy’s Law
4. Delete all files from all temp folders and user temp folders.
5. Delete all files in Temporary Internet Files including cookies
6. Install AD Aware from Lava Soft and apply update definitions
7. Close Desktop – Task Manager – Processes <tab> End Process Tree - explorer.exe

8. run Anti Virus from command line DOS. Task manager – File – New Task (Run…) type CMD <Enter>
9. Navigate using DOS commands to the Anti-virus directories and run by typing the command name *.exe. Hint Create a batch file to launch software…. Saves time in the future J or create a floppy disk with the batch file
10. Let the software do its work.
11. Reboot system
12. Again inspect Task Manager for annoying apps and End Process Tree
13. check the OS start processes using step 2.

To limit AdWare and spyware infections
Current Recommendations
1. Temporary Internet Files should be flushed More frequent, Make a habit to delete all files either before closing or just after you start your browser. How often? at least once a day. I am looking for an automated process for this method. Might be an API call a reg setting etc…
2. Flush user dependent temporary folders and system temp system folders. A script or batch can be created to run during start up or logon processes
3. MSN Toolbar with Popup blocker. Seem to be working for me…
4. Create an user account with limit privileges not an Admin account…

If any of you have you can add to this doc go for it...

I am currently beta testing the XP SP2.... Lots of bugs and user issues...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top