Complete Scumware Removal
by LoungeTab (LoungeTab@hotmail.com)
This is an article in response to "Scumware, Spyware, Adware, Sneakware" in 21:2.
First I would like to commend shinohara on writing a great article about the nastiest of nasties. One thing I noticed was where he said MSCONFIG.EXE was available in all versions of Microsoft since Windows 98. Actually, MSCONFIG.EXE isn't included with any installation options of Windows 2000, but any version of MSCONFIG.EXE will work under Windows 2000.
I recommend the Windows XP version which is available at: downloads.thetechguide.com/msconfig.zip
I thought I would also add my own process for eradicating all types of scumware.
Are You Infected?
First, how do you know if you are infected with scumware?
If any of the following sound familiar:
- A gangload of pop-ups, even when not connected to the Internet.
- Internet Explorer toolbars (95% are scumware).
- Homepage hijacking (inability to change homepage).
- Internet activity from modem when no Internet applications are running.
- Numerous processes running that have seemingly random names.
- A process that has "XXX" or "teen" in its name (quit looking at so much porn!).
- Serious decay in system speed.
Then more than likely you are infected with scumware.
What to do next? Let's get rid of it. All of it.
Removal
The following instructions are for users of all versions of Windows.
First you have to download, install, and update these programs. It is extremely important for you to manually update these programs because some of them do not have the latest definitions when you download them.
Now go ahead and restart your computer into Safe Mode (hit F8 before the Windows splash screen comes up).
After your computer has booted into Safe Mode you will want to first run CWShredder.
After launching, select "Fix" and it will search for and remove any CoolWebSearch programs.
CoolWebSearch likes to change many Internet Explorer settings, adding their own websites to trusted sites, changing your search preferences and homepages, and redirecting you to their sites whenever you mistype a URL. CWShredder should take less than a minute to run.
Next on the list is Spybot S&D. Run this nifty little program and it will scan the registry and files for occurrences of scumware. Select "Search and Destroy" from the menu on the left and then scan on the screen it brings up. This program will take about 5-10 minutes to run.
After that is done, run Adaware SE. For this program select smart system scan. This program also searches through the registry and folders for scumware programs. This scan can take anywhere from 10 minutes to 2 hours.
The final file searching program, SpySweeper, is one of the best programs available in my opinion and it would be worth it to purchase the full version. This program does an in-depth scan of all files, folders, and registry entries and removes from them all the leftovers that the previous programs didn't catch. From the main menu select "Sweep Now" and then "Start". After the scan is complete you will be prompted for which files you want to be quarantined. This scan is similar to Adaware and can take anywhere from 20 minutes to 4 hours.
Finally, run HijackThis at the menu select "Scan" and it will display a complete list of BHOs, Internet Explorer toolbars, startup items, and extra buttons added to Internet Explorer. Be sure you understand what each entry is before you remove it! You may want to keep many of these entries.
Kazaa
Did you ever have Kazaa installed on your computer?
If so, go to www.spychecker.com/program/kazaagone.html and download KazaaBegone to eliminate all traces of Kazaa along with the bundled software that came with it.
Internet Explorer
Sick of Internet Explorer? Can't figure out how to completely remove it from your system?
Download IEradicator from www.litepc.com/ieradicator.html to completely remove it from your computer. Be sure to read the documentation because it won't work with Windows XP or Windows 2000(SR2).
Summary
Your computer should now run much faster since you freed up a lot of processing power from processes that were absolutely worthless.
At this point I usually remove all the applications except SpySweeper and always let it run in the background to notify you of any changes that are made to your Internet Explorer files and startup files.