# Use Adaware/Spybot before fixing with H/T



## $teve (Oct 9, 2001)

There are certain malwares that are best removed before running adaware or spybot.
Obviously in the case of a CWS/LOP/New.Net hijack get that out the way if you want to thin the log down a little,but this may be the way to go.First we need to see an UPTODATE H/T log.

There are new BHO`s everyday and more are escaping both AW and SSD scans.If we get the poster to download,update and CONFIGURE {especially in the case of Adaware}both of these programs.....and scan/remove all thats found,then post a 2nd H/T logfile we can see any new hijackers and get the poster to either send it to us at [email protected] {thanx to liam:up:}
Or straight to Lavasoft http://www.lavahelp.com/submit/
Its going to have a symbiotic effect of us helping the "clever people" make their program better able to help us.Thats what ive been trying to do lately and ive sent about a half dozen or so "newbies" to the people concerned.

Adaware configuration...... For anyone who hasnt got a notepad copy of this on their desktop....here it is.

Go here and download Adaware SE.

Install the program and launch it.

First in the main window look in the bottom right corner and click on *Check for updates now* then click *Connect* and download the latest reference files.

From main window :Click *Start* then under *Select a scan Mode* tick *Perform full system scan*.

Next deselect *Search for negligible risk entries*.

Now to scan just click the *Next* button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose *select all* from the drop down menu and click *Next*)

*Restart your computer*.

After the all clear advise to install both Spywareguard and Spywareblaster from http://www.javacoolsoftware.com/spywareblaster.html

Any input feel free to add.


----------



## $teve (Oct 9, 2001)

Ill bump this till it gets stickied.


----------



## Flrman1 (Jul 26, 2002)

$teve

I think you have hit on something good here. I think those of us that regularly work the security forum here should make a more concerted effort to keep each other apprised of newly found baddies.

Liams idea for the Hotmail addy is a great idea and we all should follow up on that. If we simply submit the files to the developers without doing some legwork of our own sometimes it takes a while to find out the results of the analysis of said file. If we use the Hotmail addy and do some analysis of our own as well we can stay a step or two ahead here.

Maybe we could stick this thread and use it to keep each other posted about the newly discovered baddies. 

Maybe unstick a couple of the outdated ones.


----------



## Davey7549 (Feb 28, 2001)

Steve
I will stick this one for the time being but it is really Rog who is controlling and makes decisions on what is stuck to top in the security forum.
I will PM him with this link so he can make final determination if it stays.

Dave


----------



## $teve (Oct 9, 2001)

No problem Dave..........Rog wasnt around so next in command....whether you like it or not was you

Also ask Rog to take a look if we can get rid of a couple of outdated stickies.

Thanx.


----------



## Rollin' Rog (Dec 9, 2000)

I've been trying to trim the stickies from time to time and I'm certainly open to suggestions on what to keep or remove.

Personally I'll leave the suggestions on installing Spywareblaster or Spywareguard to those who are familiar with them and think they are worth their weight. Asking folks to install, understand and effectively use up to 5 programs (HijackThis, Spybot, Ad-Aware, etc..., not to mention antivirus and firewalls when needed) to do both cleaning and prevention may be asking a lot in some cases.


----------



## $teve (Oct 9, 2001)

I agree Rog......Maybe un-stick this at the end of the week,all the relevent people should`ve seen it by then.

Thanx


----------



## amthmi (Mar 23, 2002)

How about instead of unsticking the important threads you roll them
into an archived post of "Important Info" after a short stay at the top.

Important: Recent Critical Updates
http://forums.techguy.org/t109391/s.html

Important: How to get rid of DREPLACE... at last
http://forums.techguy.org/t175330/s.html

Etc....

That way they don't get lost and are still available for easy access.
Just a thought...


----------



## $teve (Oct 9, 2001)

And not a bad idea at all:up:


----------



## junglejorge (Nov 16, 2003)

$teve thank you for that AdAware config. tip. I just ran it this morning and deleted 29 files. I ran it an hour after with your config. and I deleted 18 more.

Thank you so much. I have a thread in here called Anti-Trojan -

http://forums.techguy.org/t179935/s.html

Please can you take a look at it and make some suggestions.

Thank you again.

p.s. Mr. $teve do you have a similar configuration for Spybot Search and Destroy. I run both because the find spy/ad-ware's the one or the other will miss.


----------



## $teve (Oct 9, 2001)

Spybot comes configured more "user friendly"


----------



## IAMSKINZ (May 3, 2003)

Steve....

In this paragraph:


> Then.....
> Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and tick "Automatically try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot"


The setting:
Automatically try to unregister objects prior to deletion" 
We recommend not turning it on at this time, it will be replaced with a new tweak in Ad-aware 6.2.....
When Build 181 was released, the new scanning\removal engines will do this chore without that setting on.

Thanks to all of you here that are doing such a great job keeping everyone cleaned up out there.
Also thanks for all of the submissions that are being set in 

Have fun.............


----------



## $teve (Oct 9, 2001)

SKINZ.......noted:up:

And your welcome.


----------



## prpltbrd (Jun 30, 2003)

Thank You for this information, It will be useful today as I have to repair a friends computer and I believe he has a lot of issues pertaining to this.

Thanks again


----------



## Guest (Dec 13, 2003)

You forgot the hijack this link!!!!!!! the most important

http://mjc1.com/mirror/hjt/


----------



## $teve (Oct 9, 2001)

> _Originally posted by Deathdealer:_
> *You forgot the hijack this link!!!!!!! the most important
> 
> http://mjc1.com/mirror/hjt/ *


Tis post was originally directed at the techs.......but seems to have served a wider audience.So good point Dd:up:


----------



## LANMaster (Jan 6, 2003)

> _Originally posted by $teve:_
> *Spybot comes configured more "user friendly"
> 
> *


and more user deadly.

Spybot just crashed my system making it unbootable.


----------



## $teve (Oct 9, 2001)

> _Originally posted by LANMaster:_
> *and more user deadly.
> 
> Spybot just crashed my system making it unbootable.  *


1st time ive heard of that Mike........Possibly a clash with another app......Did you get it resolved?


----------



## foxfire (Jan 14, 2003)

Steve, A relative beginner just peeking in here. 
I run Adaware 6 weekly & Spybot occasionally(not as user friendly as A6) & have AVG6 running.

If I download Spywareblaster & Spywareguard will it conflict with the above?
If I end up like LANmaster, I am in deep trouble!

regards
Foxfire


----------



## Flrman1 (Jul 26, 2002)

foxfire 

Yes you should get SpywareBlaster and SpywareGuard. They don't conflict with each other. Many people here use them all as do I. Never had a problem.


----------



## foxfire (Jan 14, 2003)

flRMAN 1,
Thats excellent thank you, it should prevent me bothering you people on this particular subject in future.

May I just say that during the past year I have had unstinting help & advice which has helped me out of several technical scrapes & allowed me to develop my knowledge significantly.

The selfless manner in which you continuously donate your time & help is totally praiseworthy & I am grateful to you all.
Donation follows.


Foxfire


----------



## Flrman1 (Jul 26, 2002)

:up:


----------



## $teve (Oct 9, 2001)

:up:


----------



## Paquadez (Jun 9, 2003)

IF you are running Spybot AND you are running SYgate personal Firewall, be careful about updating Spybot live, online!

I tried last afternoon - and have spent hours until now, unscrambling the problems!


The problem seems to have arisen, when I reached that magic point, "Do you wat to re-boot your computer now?"

I did, otherside what was the point?

When I did, the OS went into a loop.

Eventually had to re-load Win 2000 pro AND IE6, dump Sygate AND Spybot, before I could get back online!
Now re-loaded Sygate, seems OK.

Except I am still getting all sorts of dumb MS messages about errors and Application Software (e.g. Adaptec) wanting to install summat or other!

The most worrying is a registry error, which seems to be an Adaptec area. Ah well, now back to HT and another scan!

Still some residual system probs left to sort!

You have been warned!

Paq


----------



## Carolinamom1 (Mar 9, 2004)

> _Originally posted by foxfire:_
> *
> The selfless manner in which you continuously donate your time & help is totally praiseworthy & I am grateful to you all.
> *


:up: Here here! This is an awesome forum with awesome people. Kudos and thanks to all.

Best,

Leslie


----------



## $teve (Oct 9, 2001)

Leslie.........Thanx,it really means a lot to us all,knowing the help is appreciated.


----------



## persnickety (Apr 16, 2004)

Hey, I have a question! I ran adaware and it found tons of junk on my computer, I then deleted it but after that I got a DNS error even though my network connection was fine...My Dad said that the spyware may have corrupted a registry key needed for the internet connection to run. After a little research, I replaced the corrupted registry key (wsock2) and I'm connected to the server, however, I am now getting HTTP 404 and nothing I have done will fix it...please help!

I've been told by others that the only way to fix this would be to completely wipe out my hard drive and start from scratch...is that true?


----------



## e-liam (Jun 19, 2003)

Hi Persnickety,

Please download 'Hijack This!' from here, unzip, and place it in its own folder, (not in the temp folder) doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, click "Save Log", and copy and paste it in a reply.

This will give us a rundown of whats going on in your PC. One of us here will be glad to analyse it for you. *Dont* fix anything yourself yet, as a lot of the stuff on that list will be harmless or required.

BTW, please start a new thread, as it can get confusing answering multiple queries on the same thread..  

Cheers

Liam


----------



## $teve (Oct 9, 2001)

e-liam said:


> Hi Persnickety,
> 
> Please download 'Hijack This!' from here, unzip, and place it in its own folder, (not in the temp folder) doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, click "Save Log", and copy and paste it in a reply.
> 
> ...


After doing the above,could you post your Hijackthis log as a *NEW POST* here:http://forums.techguy.org/forumdisplay.php?f=54 please.


----------



## kieffer (May 8, 2004)

Is it OK to delete the quarantined archives after running AdAware in this way? Thanks for this in-depth advice, by the way.


----------



## kieffer (May 8, 2004)

Also, today I installed Norton Firewall. Will I need to use AdAware and Spyware also, and are they compatable with Norton Firewall?


----------



## $teve (Oct 9, 2001)

kieffer said:


> Also, today I installed Norton Firewall. Will I need to use AdAware and Spyware also, and are they compatable with Norton Firewall?


Yes......you can use both programs without a problem.

:up:


----------



## brancht (May 20, 2004)

Thanks, to $teve and others on this thread. 
I did the instructions for Ad-aware, and it helped one problem, but not another. I was having to log in to everything twice or more (was something mining passwords?) 
That is fixed now. But I still get "page not found" when trying to connect to javasoft links, and some others.


----------



## brancht (May 20, 2004)

Thanks, to $teve and others on this thread. 
I did the instructions for Ad-aware, and it helped one problem, but not another. I was having to log in to everything twice or more (was something mining passwords?) 
That is fixed now. But I still get "page not found" when trying to connect to javasoft links, and some others.


----------



## $teve (Oct 9, 2001)

Check your security settings......Cookies enabled,that sort of thing.


----------



## GSPack (Jul 28, 2004)

Thank you for this absolutely informative thread..you make running Adware so much easier and in layman's term..I have had it on my puter for over 6 months (didn't really know how to use it other than click start and quarentine and delete...LOL)and it has been a godsend and since getting the Hyjack Webrebates and you guys showing me how to get rid of thru both Adware and Hyjackthis I am back up and running.

Tust me I will be back here and browse all the forums to learn more about keeping my puter safe and sound..Wish I could donate but as it is I can only download free versions of saftey programs to try and stay up and running..some day I will...and I will recomennd your site to everybody I know!

GSPack
"Never too Old to Learn New Tricks"


----------



## Danny_ (Aug 3, 2004)

Tbh, spybot looks pure crap to me. There are never any updates and it seems to just find cookies. Ad-aware looks a lot better. I have them both though.


----------



## zombeelad (Aug 5, 2004)

Can anyone help me with this problem. My computer has suddenly acquired a mind of its own. it keeps redirecting my browser to http://www.windowws.cc/hp.htm?id=632. This is so SO annoying. i cant open my mail account, i cant do anything. it takes over all the time. if anyone who has more tech knowledge than me knows how to fix this problem, could you let me know and i will be SOOO happy. Thanks!!


----------



## LDTate (Aug 13, 2004)

Question: Hope she doesn't mind the example 



> CookieGal
> Turn off system restore. On the desktop, right-click on My Computer, click properties, click system restore tab, check turn off system restore, click apply and then OK. Restart your computer. Once your system is clean you will turn it back on and create a new restore point.
> 
> Rescan with Hijack This, close all browser windows except Hijack This, put a check mark beside these entries and click fix checked.


Is it best to to it this way? I always do the system restore thing after the HJT fix and after the safe mode boot.


----------



## IAMSKINZ (May 3, 2003)

Ad-Aware SE.....

Current Build # 1.03

Note: My idiocy disclaimer..... If this info has been posted , well just CluBB me.

Download: http://www.lavasoft.de
Note: The installer file once run will allow the option of removing the older version if accepted, or of course you can manually remove it.
The Ad-Aware SE program will by default install to this location:
C:\Program Files\Lavasoft\Ad-Aware SE Personal
If you are using a licensed version, replace the "Personal" with "Plus" or "Professional" depending on your version.

Some updates to links and topics.

Ok, It is Ad-Aware SE now and is highly recommended to upgrade. However we will continue to support, write Reference Files, etc. for Ad-aware 6 Build 181 for 90 days after the initial release of Ad-Aware SE (August 9th 2004).

Ok, new stuff...

Lavasoft submission system location: http://www.lavahelp.net/submit/

Note: All Lavasoft Knowledge Base or Lavahelp articles, the URL has changed.
For each, simply replace the .com with .net ...
Previous Lavasoft submission system: 
http://www.lavahelp.*com*/submit/
Present Lavasoft submission system: 
http://www.lavahelp.*net*/submit/
Remember, your submissions are highly appreciated and will in turn benefit all.
The upgrading of all Knowledge Base articles is now currently in progress.

As always, run the Webupdate tool before using the scanner. The Reference Files ars now called Definition Files. It is imperative to use the latest one.

For those who wish to do the complete scan now, as in a first scan to deep clean, there is a special setting for this:
Run the scanner using the Full Scan (Perform full system scan) mode.
A full scan is the previous "Custom" in-depth scan mode that scans your whole computer for Spyware infections. When performing the new "Full Scan" the following settings are default, no changes need to be made:

- Full Memory Scan is performed
- Registry Scan is performed
- Deep Registry scan is performed
- Cookie-Scan is performed
- Favorites are scanned
- Hosts file is scanned
- Conditional scans are performed
- Archive files are scaned
- All fixed drives are scanned

Logfiles are of course up to the discretion of the expert help here and should not be posted unless requested by the TSG Support Team.
Please respect all other programs that are requested for additional diagnostics.

One last note:
As always, the results from any Ad-Aware scan are completely up to the individual user to make the decision of one of the following:
Removal.
Quarantine.
Removal plus Quarantine.
Add to the Ignore List.
Or simply leave them be, choose nothing for removal and close out the program.
If in doubt, ask for assistance, or use good old Google to find information on something you are not familiar with.

Ad-Aware SE is completely configurable to each users needs. It also includes one of the most in-depth Help Manuals that I have witnessed in any program recently (or ever) so it is highly advisable to read through it and become familiar with the power and configurability of Ad-Aware SE before the first use.

We at Lavasoft hope that you will all benefit from the frequent use of this advanced security program.

Thanks all....

Jerry Skinner
Lavasoft Technical Support Forum Administrator


----------



## winchester73 (Aug 18, 2003)

Ad-Aware SE 1.04 now available: http://forums.techguy.org/t270823.html


----------



## 3disonx3 (Jun 23, 2004)

thanks


----------



## profps (Aug 20, 2004)

On the original topic about the sequence of program runs and settings and whether to sticky-note-post them, please consider the following:

1. Develop a "Best Practices" list starting with routine maintenance like disk cleanup tools/IE settings/.tmp file purges through to the point of generating a hijack log for the experts here.

2. Post this on the home page, and perhaps require new users to click through it step-by-step before posting.

I've noticed that our local heroes and heroines are forced to repeat much basic information in individual threads that could be handled by a global Standard Operating Procedure (SOP). Most users can follow an SOP "recipe" to download and run ad-aware at certain settings and bake at 350 degrees for 35 minutes or until flakey. If users began threads after the SOP (using the threads more for exceptions or at least post-SOP-HJlog-generation), less clutter might help not only the rescuees to search the threads for "their" problem but also the rescuers to alleviate their drudgery and increase their time for more challenging work.

Also, would it help to add sub-folders to Security to organize by infection, by symptom, or to separate general discussions from a "case" folder where each user permanently has their own thread with their userID as the thread title (like a doctor's file, providing continuity over time)?

I'm new here so if these ideas are stupid I'll demote myself from "intermediate" to "village idiot."

Profps


----------



## Flrman1 (Jul 26, 2002)

New Add On for Adaware SE:

http://forums.techguy.org/t272760.html


----------



## winchester73 (Aug 18, 2003)

http://forums.techguy.org/t272623.html


----------



## jillian2 (Sep 11, 2004)

When I click on the Lava support link mentioned in above post , I get "This Page Cannot Be Displayed". I tried both, the .com and the .net links.

Thanks,
Jillian


----------



## MightyQueenC (Jul 7, 2004)

This made our TV news tonight:

If a Moderator sees a more appropriate place to post this, please feel free.
Thanks
Carolyn  

http://www.cjoh.com/view_info.asp?id=1545

Enclosed is the additional information for SPYWARE .
9/26/2004 SPYWARE

Efforts to steal your personal Identity information can take many forms. One approach is to use what is called
spyware. Programs that run in the background of your computer and can , among other things , try to get your personal information out to someone else.

Repair shops are plenty busy these days fixing computers overrun by spyware.
Steve DiLoreto
Repair Shop Owner
"I would say it is probably the number one issue right now, spyware."

Consumer Reports says just about anyone who goes online has spyware on his computer. This one is overwhelmed by it.

Kim Kleman
Consumer Reports
"Spyware is parasite software that sneaks onto your computer when you click onto a pop-up ad or download free software. It can track where you go online and even highjack your browser."

A computer loaded with spyware can be inundated with pop-up ads. They just keep coming. And if you try to do a search, the computer slows to a crawl or freezes up.

*Consumer Reports` Dean Gallea just tested six programs designed to protect your computer against spyware. Ad-aware`s free program is a good choice*. Whenever you run it, Ad-aware scans your computer and eliminates any spyware it finds.
The 27-dollar version of Ad-aware does provide continuous scanning. So does PestPatrol, which costs 40 dollars. Consumer Reports says don`t put off installing a spyware program. Otherwise your computer could wind up in the shop like so many others.

Consumer Reports says the spyware programs it recommends are available online. The Ad-aware software is available at Lavsoftusa.com. You can find Pest Patrol at pestpatrol.com.


----------



## $teve (Oct 9, 2001)

Good post Queenie.....:up:.........that tale should be in everyones inbox,the more people know the score the less infected machines we see.


----------



## combsdon (Jan 4, 2001)

are there any free popup blockers that work and can be trusted?????


----------



## $teve (Oct 9, 2001)

combsdon said:


> are there any free popup blockers that work and can be trusted?????


I have not had one single popup in years,I dont use a popupstopper apart from Googles toolbar.
I have Adaware/Spywareguard/SpywareBlaster/Spybot with "Imunise" on.
But this little thing also helps keep the crap away.
http://www.mvps.org/winhelp2002/hosts.htm


----------



## planter008 (Oct 19, 2004)

i was praying for some help like this. Without you guys i dont know where id be. Probably me and my baby wearing dingy clothes somewhere in the gutter. thanks a lot guys


----------



## Bush Lady (Jul 25, 2004)

I ran the Ad-aware SE. I had 466 items to delete


----------



## wannaknowhow (Oct 21, 2004)

I am running Ad-Aware right now and already have close to 50 items. I installed Spybot S&D and run that at least once a week. My question is if Spybot is supposed to remove all the spyware, why do I need Spywareguard and SpywareBlaster?


----------

