I found the best route with this stuff is to try to identify as best as you can the particular ad or browser that is the culprit and then use the keyword on Google. If you are lucky you'll be pointed to the fix. Additionally if you can identify the company who put the crap in your system, you may be surprised to find they have a website with directions for removal buried somewhere.

But you will have to be more specific than you were in your question here.
posted by jeremias at 7:30 AM on August 19, 2004

Run SpyBot and HIjackThis, as well. Always do this, as no program (to my knowledge) removes all annoyances.
posted by signal at 7:31 AM on August 19, 2004

I found the best route with this stuff is to try to identify as best as you can the particular ad or browser that is the culprit and then use the keyword on Google

EXACTLY. If you do a search for it (I bet it's looksmart - that happened to me about half a year ago) usually, someone else has the same problem.

The other thing you can do is go to add-remove programs and see if you find it there. If you do, uninstall it, then do a registry search for it and delete the matching keys, then reboot.

Typical Disclaimer: If you aren't SURE about what keys to delete from the registry, do not use this method.
posted by erratic frog at 8:35 AM on August 19, 2004

I have found that SpyBot finds more stuff than Ad Aware.
posted by Richat at 8:35 AM on August 19, 2004

If you're willing to spend a little for protection, spy sweeper works very well. No matter what you use. make sure you update the signature files frequently. It's definitely a cat and mouse game twixt spyware and the anti-spyware people.
posted by rtimmel at 9:55 AM on August 19, 2004

Did you try starting windows in Safe Mode and then running Ad Aware?
posted by Hall at 10:03 AM on August 19, 2004

I had the same problem. Or I think I did based on your desciption. It sounds like a browser hi-jack (i.e., your homepage is locked into one particular search site).

If that's the case, I had the same problem a few weeks ago and Spybot worked. Ad-Aware didn't do the trick, even after tweaking the settings, starting in safe mode, etc, etc.
posted by probablysteve at 10:28 AM on August 19, 2004

CwShredder has killed a lot of nasty browser hijacks for me that no other software could get out. Occasionally the hijack-ware will dump stuff into your registry (nasty) [that keeps reloading a javascript which changes prefs in IE] that only cwshredder gets out (although sometimes you have to do it by hand).

In the future, stop running Active-X as much as you can, or switch to mozilla (I know, I had a certain amount of dislike for firefox/mozzila as well, but I've been using firefox at work for quite some time now and I've gotten used to it. It helps that the plug-ins seem to install more smoothly with it now.)
posted by fishfucker at 12:35 PM on August 19, 2004

Wow, how topical can you get? I've been battling something like this for the past two days on my Win2000 machine at home.

I downloaded Ad-Aware and it found several hundred things to remove (I had let things get pretty bad).

the problems persisted, especially after a reboot and reconnection to the internet.

I then tried CWShredder and it claimed my system was clean. I think this one is looking for a pretty narrow range of problems. I then tried Spybot and it found another couple of hundred things to remove. This still hasn't fixed it yet. I will try HijackThis as mentioned above...

I'm wondering if it could be something that an anti-virus software would find? At one point during the spybot scan it gave me an error message that seemed to indicate a virus was infecting one of my windows dll's but like a genius I didn't write it down.

My basic symptom is that after a reboot, when I'm connected to the internet, the pop-ups start pretty quickly and stupid stuff starts to be installed on the machine. Running Ad-Aware before connecting to the internet seems to kill whatever was loaded on boot-up, but then it comes back again after a reboot.

Another thing I need to do is to upgrade to IE 6 from 5.5 and run a full regimen of windows updates so something like that could fix it as well. eventually i want to switch browsers, but one thing at a time...
posted by jacobsee at 1:51 PM on August 19, 2004

Obligatory "switch browsers" message.
I have had exactly 0 spyware incidents after switching to Opera and Mozilla.
It's far better to prevent than cure.
(and I know this isn't the question, I already answered it above).
posted by signal at 4:03 PM on August 19, 2004

Well, I would suggest in the future try to avoid using IE and go with FireFox ;)
But yes we all have to use IE sometimes and stuff can end up from that.
I like Spybot Search & Destroy + SpywareBlaster+ SpySweeper (all Freeware). As someone said, no one app seems to catch everything. Here's a list of anti-spyware software that you might want to avoid: Rogue/Suspect Anti-Spyware Products & Web Sites.

I had to remove something like this on a friend's machine. One of the worst things:
the main reason she knew it was there was she complained her PC was "running really slow." So I go to ctrl-alt-delete to see the running processes, and see the mystery app sucking up like 98% of her free resources. I could literally feel the heat rising off her CPU fan, which is never a good thing. In a few days, it could have totally burned out the CPU. So besides all the other evils, these things can actually destroy hardware.
Spybot didn't whack it, either. It involved looking for the path of the mystery .exe, ending the process (obviously) and deleting the directory. But no, this wasn't enough. There was *another* app that reinstalled the spyware upon restart. So then I had to go find *that* app and get rid of it, as well as go into MSCONFIG and get rid of the things running on startup. Then for good measure, I looked at some web sites for the names of the spyware files, and then searched through the registry and deleted any keys associated with it. It was a chore, and I don't think it's something someone without a bit of PC knowledge could have eradicated.
posted by sixdifferentways at 5:08 PM on August 19, 2004

There was a thread about Windows utilities recently that you might find useful. I'll throw in another vote for HijackThis, it's worked well for me in the past.

Another thing I'll suggest is to look up the DNS servers of your ISP. There are several Registry keys that store the Domain Name Server addresses that are used by Windows apps. We saw that the IP addresses stored in the keys didn't look like the usual SBC IPs. I may have this wrong, but I think this is how they are able to hijack requests: they change the DNS servers so that all requests for www.google.com or others are sent to their phony DNS and redirected to their search site. I looked up the correct IPs from sbc.com and put these values back in the Registry keys . I also put them in explicitly in the TCP/IP settings.

We had tried pinging and using nslookup from the command line, but no dice, I think because the DNS servers were wrong. However, we could see Google just fine if we used its IP address (no DNS lookup!). Once we changed the Registry keys to the proper DNS addresses browsing went back to normal. I'll add that we removed all the executables and folders for the hijack software at the same time, so the keys wouldn't be re-written.

I've probably written too much and I apologize for the wordiness. I hope any of this helps!
posted by brism at 8:42 PM on August 19, 2004

Maybe this is an obvious question, but why is Firefox invincible to spyware threats? Is it all because of DirectX?

(proud Firefox user, make the switch, it's well worth it)
posted by ALongDecember at 9:51 PM on August 19, 2004

You're thinking of ActiveX, ALongDecember, and that's a big part of the problem. Microsoft allows malicious websites far too much power to change things on the user's computer. The other, better browsers reduce this ability, and also help stamp out the popups through which a lot of people blindly allow malware to write itself to their hard drives. Firefox is also faster! (DirectX, by the way, is a library and API for multimedia programming, used especially by games.)

Personally I run both AdAware and SpyBot periodically and make sure to get the latest definitions each time. Neither one stops everything, but each one usually finds something, even if it's just a cookie I'd rather not have.
posted by Songdog at 7:27 AM on August 20, 2004

Ahhh, thanks Songdog. I confuse all of these xtreme Microsoft names.
posted by ALongDecember at 5:32 PM on August 20, 2004

This thread is closed to new comments.