RMRK is retiring.
Registration is disabled. The site will remain online, but eventually become a read-only archive. More information.

RMRK.net has nothing to do with Blockchains, Cryptocurrency or NFTs. We have been around since the early 2000s, but there is a new group using the RMRK name that deals with those things. We have nothing to do with them.
NFTs are a scam, and if somebody is trying to persuade you to buy or invest in crypto/blockchain/NFT content, please turn them down and save your money. See this video for more information.
How do you get rid of spyware?

0 Members and 1 Guest are viewing this topic.

****
Rep:
Level 89
I is my hero!
How do you get rid of spyware?

****
Rep:
Level 89
What will that crazy ape do next?
download ad-aware
My Project: Dark Empire
http://rmrk.net/index.php/topic,7815.0.html
Official Site: http://darkempirerpg.tripod.com
Process: Getting back to work.

Always looking for sprites, if your interested, PM.

"But then I realized, why stop things from exploding, when in fact it is in exploding that things reach their perfect form. Of course, they only reach it for a few glorious seconds, but during that short time there is no object in the universe more beautiful." -Kite Rockswell, the Mad-Mad Bomber, from The Final War, my very own novel project.  PM me if you would like to read.

"Oh, sure, blaim the wizards..."

pokeball :)OfflineMale
********
Cheese
Rep:
Level 95
?
Spoiler for:
What is malware?

Malware is pretty much any application that reduces the functionality and performance of a pc.

<b>some examples include: </b>
Popup windows alerting you that your "machine is at risk", or that "your machine is infected"

Changes to your homepage, and/or sudden redirects to pages that you would normally <b>never visit</b> (also known as browser hijacks, or browser re-directs)

Random browser lockups & crashes. Usually, the browser locks up, and eventually the window that it’s in turns white, with a "(not responding)" message in the title bar.

However, this does <b>NOT</b> mean that you <b>DO</b> have spyware. This could also be caused by corrupted plug-in from a bad install, or bad download.

Now, there’s 2 ways to go about this, and they both have their good points & bad points:

<hr>
One, is to adjust your browsers security settings by removing execution privileges for certain folders on your system, as well as disabling features that could be used to cause you grief, such as active x & javascript.

Exec & Synja both have a tutorial on that, I'll have to convince them to post it here on the forums :-P

Basically what the above means is, is that because each user has rights & abilities, (such as running files) by removing it, malware may still be downloaded to your pc, but, because it doesn’t have permission to run (aka – execute) it cant modify your system (such as: disabling taskmanager, running on boot up, etc)


(Note: This tips/tutorial is geared more towards Internet Explorer users - If you use Firefox, that’s fine. Personally, I don't like it, but on the same token, I have more than the "average" users knowledge, so doing this is a snap for me and other peeps here on the Comp & Tech forum)

The good thing about doing this, is that it's a one time deal. Do it once, and your good for life. (At least... until you reformat =o| )

The only bad thing, (and this can't even be deemed "bad") is that it may seem too intimidating for someone who uses their pc for browsing the web, and writing email.
<hr>
The second thing to do, is to install, configure, update, and then scan your system for malware, which is the purpose of this tutorial.

And yes, that is the preferred order. What good is doing a scan if your using out of date "fingerprints" to scan? Thats like looking at last weeks t.v guide to find out what time this week your favorite t.v. show is on.

Now:

First things first.

Scanners:
There's a whole plethora of them out there:
<a href="http://www.ewido.net">AVG/Ewido</a>
<a href="http://www.pctools.com/spyware-doctor/">Spyware Doctor </a>
<a href="http://www.webroot.com/?rc=4929&ac=5190722">Webroot</a>
<a href="http://www.safer-networking.org/en/download/">Spybot Search & Destroy</a>
<a href="http://www.lavasoftusa.com/software/adaware/">LavaSoft Ad-Aware</a>

<b>Note: Use ALL the default installation options - especially the one that says "install for all users" or "install for just this user"</b> ( Make sure the "install for all users" option is the one that’s checked - You'll see why later on in this tutorial.)


It's always a good idea to update the definitions before doing a scan & removal, simply because new malware is being written & released on literally an hourly basis. Granted, updating your definitions now, may not protect you against malware that was released 10 minutes ago, but it still a good idea.

For the purposes of this tutorial, my workstation has Ewido/AVG Anti-spyware installed, so that’s where the screen shots are going to be from.

<b>Here's the main screen for AVG:</b>
<img src="http://i49.photobucket.com/albums/f257/zero_defekz/Tutorials/avg_main.jpg">

Now, before we do anything, we want to update our signatures/definitions. Because like what was previously stated, new spyware types are being released on literally on an hourly basis.

<b>So, click the following icon:</b>
<img src="http://i49.photobucket.com/albums/f257/zero_defekz/Tutorials/avg_circled.jpg">
<b>Clicking that icon will bring you to the following screen:</b>
<img src="http://i49.photobucket.com/albums/f257/zero_defekz/Tutorials/avg_update.jpg">

<b>Now, before you scan, you want to change the default action:</b>
<img src="http://i49.photobucket.com/albums/f257/zero_defekz/Tutorials/scanner_circled.jpg">

<b>Then, click the "Settings" tab</b>
<img src="http://i49.photobucket.com/albums/f257/zero_defekz/Tutorials/settings_circled.jpg">

<b>After that, click the link that says "Recommended actions" and a little drop down menu will open up:</b>
<img src="http://i49.photobucket.com/albums/f257/zero_defekz/Tutorials/reccomended_actions.jpg">

Personally, I would reccomend that you select the "Delete" option. There is one down side to this however:

If an application critical file becomes infected, (usually malware targets files that end with .dll) then Ewido/AVG will delete the file, more than likely rendering the program unusable.

<b>However, there is a very simple fix for this: just reinstall the application. </b>

Ok.

Lets go through our checklist:
Anti-Spyware application installed? - Check
Spyware definitions updated to the latest signature file? - Check
Default action set to delete? - Check

Now, lets get the ball rolling:

Once the above things are done, reboot your pc.

Immediately, during the boot up process, <b>continually hit the "F8" key</b>

(You only have a 5-10 second window to access the boot up menu, so you have to continually hit the F8 key)

You should get a black screen that says "Windows Boot Options menu"
You want to select <b>"Safe Mode"</b>

<img src="http://i49.photobucket.com/albums/f257/zero_defekz/Tutorials/boot_options_menu_safe_mode.jpg">

Now, your going to see <b>a lot</b> of white text show up, don't worry about this, that’s normal.

However, when you get to the login screen (It should be blue screen with 2 user accounts showing up)

<b>Make sure you select the account titled "Administrator"</b>

Why?
2 Reasons:
1. Because usually pre-built pc's have 2 accounts on them:
One titled "Administrator" and the other, depending on the make/model/manufacturer, will say something along the lines of: "HP_User"

2. Most types of malware installs it self under the account that was being used at the time of infection, and, 95% of the time malware creates several registry keys to allow it to start up when windows starts up. However, that usually only applies to the account that was being used when the pc was infected.

Usually, the Administrator account isnt the one that’s being used.

Most of the time, you wont see the login screen that allows you to select the account if there’s only one person using the pc.

Windows Xp, by default, automatically logs into the one account that was created when the pc was built. ( for example - if its an hp machine, there will be 2 user accounts: one called "hp_user" and one called "Administrator" the pc will then automatically log in using the "hp_user" account)

Now, because the Administrator account isn't normally used, the chances that this user profile has the start up entries for the malware written to it, is fairly low. This is important because, when a file is running, Windows prevents the files from being changed (namely: deleted and/or renamed)

Have you ever gotten the error message:

"Cannot delete "file name here" - Access is denied. Please make sure the disk is not write protected, or that the file is not in use"

That is because the file is in use, and windows has "locked" the file. The same thing applies to malware.

Here's why we did this:
1. Safe mode loads up with the bare minimum files needed to make it to the desktop.

2. Chances are that the Administrator account doesn't have the entries needed for the spyware to start up.
(Some spyware still starts up regardless if your in safe mode or not… think of this as added insurance that its <b>not</b> running.

Think of it like this: because each user profile is like a different set of instructions, and the instructions are specific to each person.


Now that that explaination is out of the way, lets go on with the scan.

<b>Click the "Scanner" icon </b>
<b> Then below that, you should see "Complete System Scan"</b>
<img src="http://i49.photobucket.com/albums/f257/zero_defekz/Tutorials/system_scan.jpg">

Allow the scan to finish, and if anything comes up in the window, there should be a link at the bottom that says: "Apply default actions"

<b>One important note:</b>
 It would be a wise idea to install/update and then scan with several different scanners, because one scanner will pick up several things that another scanner failed to pick up. There is no one "cure all" scanner out there.



from myspace. xD
Watch out for: HaloOfTheSun

*
Rep:
Level 102
2014 Biggest Narcissist Award2014 Biggest Forum Potato2014 Best Non-RM Creator2013 Best Game Creator (Non-RM)2013 Best IRC ChatterboxParticipant - GIAW 112012 Most Successful Troll2012 Funniest Member2012 Best Use Of Avatar and Signature space2012 Best IRC ChatterboxSecret Santa 2012 ParticipantProject of the Month winner for November 2009For being a noted contributor to the RMRK Wiki2010 Most Successful Troll2010 Biggest Forum Couch Potato2010 Best IRC Chatterbox
I don't know...maybe Make use of your virus protection program?

****
Rep:
Level 89
I is my hero!
Yeah okay thanks, yeah my virus protector thing deletes all this stuff but pop-ups randomly appear(one just popped up)

********
EXA
Rep:
Level 92
Pikachu on a toilet
Project of the Month winner for April 2007
Antiviruses don't protect against spyware. The anti-spyware program I use is called "Spybot - Search and Destroy"
Get King of Booze for Android, for iOS, for OUYA or for Windows!
Visit our website.
You can also love/hate us on Facebook or the game itself.


Get DropBox, the best free file syncing service there is!

***
Rep:
Level 87
Spybot S&D is a really wonderful program when it comes to this. It doesn't search every file on your computer... It searches every threat that it knows.

********
Sailor Man
Rep:
Level 95
So about that money...
I use Spyware Doctor.

Actually if people pester me enough I could upload the install file.

*
Rep:
Level 102
2014 Biggest Narcissist Award2014 Biggest Forum Potato2014 Best Non-RM Creator2013 Best Game Creator (Non-RM)2013 Best IRC ChatterboxParticipant - GIAW 112012 Most Successful Troll2012 Funniest Member2012 Best Use Of Avatar and Signature space2012 Best IRC ChatterboxSecret Santa 2012 ParticipantProject of the Month winner for November 2009For being a noted contributor to the RMRK Wiki2010 Most Successful Troll2010 Biggest Forum Couch Potato2010 Best IRC Chatterbox
Antiviruses don't protect against spyware. The anti-spyware program I use is called "Spybot - Search and Destroy"
That reminds me...I removed that on accident when I got McAfee. Dammit.

EDIT: That was surprisingly a fast download.
« Last Edit: March 18, 2007, 10:48:00 PM by Irockman1 »

*
Full Metal Mod - He will pillage your women!
Rep:
Level 93
The RGSS Dude
I have a solution.

STOP LOOKING AT PORN
"The wonderful thing about Tiggers
Is Tiggers are wonderful things
Their tops are made out of rubber
Their bottoms are made out of springs

They’re bouncy, trouncy, flouncy, pouncy
Fun, fun, fun, fun, fun!
But the most wonderful thing about Tiggers
Is I’m the only one, I’m the only one."

***
Rep:
Level 88
I hate to hate things.
You don't NEED to look at porn to get infected - BlackHats now bobbytraps averything in the internet, INCLUDING sites about rpgmaker and specially application downloads. They also -in my case- explore a flaw in win 2000 that allows the PC to be targeted if you use ANY P2P program, and from nowhere, a 'virus.exe' show ups in your windows NT/system32 directory.
I lost months of precious time and two versions of my game to those pests.
 The solution is this: you HAVE to get absolute control of EVERTHING that goes on your PC - i mean, all processes that are running NOW and conections monitoring, etc. I have a few softwares for that, they're quite light:
http://www.ewido.net/en/
 Ewido is the best anti-malware, and NO - you dont leave it into auto startup, because sometimes worms do infect all autostartup applications, including antivirus! Ewido is a run-and-shut down application for removing malwares. It seems that it turned into the new AVG or something.
http://www.bitdefender.com/
 This antivirus is the best. At http://www.virustotal.com, he's the one that get's ALL threats, them i started using it.He is firewall, behavioral spyware watcher and shield. But sometimes applications start to go slow or buggy becaause of him, but you can block all internet traffic and disallow his watchers to work.

http://www.techadvice.com/win2000/m/msconfig_w2k.htm
 Now that'sa interresting piece of free software: The old windows versions had ir, but microsoft removed it because people could easily turn off AOL crap with it. He's a startup manager, and a good one. One way to know if you're infected is to verify his startup menu: something different shows up, no doubt: is a virus/spyware.

Ther's a couple more tools that WILL help you:
http://www.microsoft.com/technet/sysinternals/default.mspx
 A software called PROCESS EXPLORER, V.9.25. All it does is show up EVERTHING that's running on your PC RIGH NOW and has the abbility to shut down any process you want. If you ever try to do that on the standard windows process explorer, he will sometimes tell you that it "can't, because is a crucial system app". Of course, black hats WILL make spyware and vírus non-disable, so you HAVE to have process explorer to shut it down.

Most viruses i caught with those last free two, normally new spyware that's NOT recognized by any protection software, them restarted windows in SAFEMODE and removed them manually (otherwise windows won't let you).
 Don't EVER DELETE THEM! Create a folder in c:\, like C:\VIRUSCAUGHT, and them sent the víruses to http://www.virustotal.com. They have a anti-virus lab battery that WILL detect the new threat, and eventually your anti-vírus - who's best be in virustotal lab list - will  have the virus signature in his update. Usually this takes about a couple of days.
 When you start to look at things on your computer with them? After you install them the first time, and everytime something weird starts to happen, so make a lot of backups - specially the crucial system ones, like REGISTRY backup and "Documents and Settings" folder.
 I defeated a couple of threats myself with this procedure.. hope that helps.
« Last Edit: March 24, 2007, 04:06:23 PM by Ericmor »
I need some real WORKING AVI script in RMXP!
3D ANIMATIONS:
http://www.youtube.com/profile?user=Ericmor
3D and 2D anime ART:
http://ericmor.deviantart.com/gallery/