Copyright © 1999 - 2006, Sandra Hardmeier, All
Rights Reserved Worldwide
Last updated
20/08/2006
Get yourself a copy of BHODemon, available at
http://www.definitivesolutions.com/bhodemon.htm.
It does not need installing - simply unzip and run the EXE programme. It is very
easy to use. It will often find the following hijackware DLL files, and give you
the ability to disable them easily.
Many people like AdAware, available at www.lavasoft.de. Make sure you keep the
signature files up to date and remember, AdAware only removes the current
install; it can't do anything about software that reinstalls itself (unless you
want to get stuck in an endless loop of hijack/cleanout/hijack/cleanout).
Sometimes you will have to track down and remove the software that keeps putting
the hijackware back - hence this advice section. Warning: AdAware is now version
6.181. All previous versions are NO LONGER SUPPORTED and will not be updated.
The more experienced user can try Spybot. Again, it is a free programme which
can be downloaded from:
http://spybot.eon.net.au/. Warning: it is NOT a good programme for the
inexperienced. If you want to use this programme, please get the advice of those
more experienced before 'fixing' anything that it finds.
Go to the link below to check your system for parasites (supplied by
Doxdesk.com):
http://inetexplorer.mvps.org/parasite.htm
Another excellent programme that allows you to examine your system and *create a
results log for experts to examine* is HijackThis, available from:
HijackThis.exe
(direct download)
Download and run the latest version of "Cool Web Shredder"
http://www.trendmicro.com/cwshredder/
Here is advice specific to:
home page hijackings
http://inetexplorer.mvps.org/answers.htm#home_page
pop-up ads
http://inetexplorer.mvps.org/data/popup.htm
search engine hijackings
http://inetexplorer.mvps.org/answers4.htm#search_engine
IMPORTANT: The above programmes are excellent, and a lot of credit goes to
those who authored and update the programmes, but they can NOT detect everything
that is out there - as time goes on the programmes will become more and more
unwieldy if they try to maintain a standard of positive identification for as
much spyware as possible, and it will be harder and harder for the programmes to
catch everything that is out there. More and more spyware uses RANDOM names as
part of their programme making it impossible for positive identification to
occur, therefore....
It is VERY IMPORTANT that you learn how to examine your system for potential
problems as well as using 'fixit' programme such as AdAware or Spybot.
Check your startup folder and MSCONFIG (startup tab). You can also check the
following registry keys and edit as appropriate (if you have experience with
same).
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce
The following link will lead you to some Microsoft KB articles about the basics
of the Registry and working with it:
http://inetexplorer.mvps.org/answers.htm#Registry
An experienced computer technician can use programme such as AutoStart Viewer
for in-depth diagnosis:
http://www.diamondcs.com.au/index.php?page=asviewer
Empty your IE cache and your other temporary file folders, eg: c:\windows\temp
(if using Windows 98) or C:\Documents and Settings\<name>\Local Settings\Temp
(the path to your temp folder will change depending on your name) - sometimes
programmes can be hidden in there - watch out for mysterious *.exe files or
*.dll files in those folders.
Go to IE Tools, Internet Options, Temporary Internet Files {Settings Button},
View Objects, Downloaded Programme Files. Check for unusual objects there.
Go to IE Tools, Internet Options, Accessibility. Make sure there is no style
sheet chosen (under User Style Sheet - format documents using my style sheet).
If the option is turned on, turn it OFF.
It is possible to turn off third party extensions (Enable third-party browser
extensions (requires restart) at IE tools, internet options, advanced) to
disable *all* plug-ins but troubleshooting will be difficult and it is only a
BANDAID. Nothing gets fixed. There is software that depends on 'third party
browser extensions" to work, including Acrobat, Microsoft Money, and many other
programmes.