Copyright 1999 - 2006, Sandra Hardmeier, All Rights Reserved Worldwide
Last updated 20/08/2006

Get yourself a copy of BHODemon, available at http://www.definitivesolutions.com/bhodemon.htm.

It does not need installing - simply unzip and run the EXE programme. It is very easy to use. It will often find the following hijackware DLL files, and give you the ability to disable them easily.

Many people like AdAware, available at www.lavasoft.de. Make sure you keep the signature files up to date and remember, AdAware only removes the current install; it can't do anything about software that reinstalls itself (unless you want to get stuck in an endless loop of hijack/cleanout/hijack/cleanout). Sometimes you will have to track down and remove the software that keeps putting the hijackware back - hence this advice section. Warning: AdAware is now version 6.181. All previous versions are NO LONGER SUPPORTED and will not be updated.

The more experienced user can try Spybot. Again, it is a free programme which can be downloaded from: http://spybot.eon.net.au/. Warning: it is NOT a good programme for the inexperienced. If you want to use this programme, please get the advice of those more experienced before 'fixing' anything that it finds.

Go to the link below to check your system for parasites (supplied by Doxdesk.com):
http://inetexplorer.mvps.org/parasite.htm

Another excellent programme that allows you to examine your system and *create a results log for experts to examine* is HijackThis, available from:
HijackThis.exe (direct download)

Download and run the latest version of "Cool Web Shredder"
http://www.trendmicro.com/cwshredder/ 

Here is advice specific to:

home page hijackings
http://inetexplorer.mvps.org/answers.htm#home_page

pop-up ads
http://inetexplorer.mvps.org/data/popup.htm

search engine hijackings
http://inetexplorer.mvps.org/answers4.htm#search_engine

IMPORTANT: The above programmes are excellent, and a lot of credit goes to those who authored and update the programmes, but they can NOT detect everything that is out there - as time goes on the programmes will become more and more unwieldy if they try to maintain a standard of positive identification for as much spyware as possible, and it will be harder and harder for the programmes to catch everything that is out there. More and more spyware uses RANDOM names as part of their programme making it impossible for positive identification to occur, therefore....

It is VERY IMPORTANT that you learn how to examine your system for potential problems as well as using 'fixit' programme such as AdAware or Spybot.

Check your startup folder and MSCONFIG (startup tab). You can also check the following registry keys and edit as appropriate (if you have experience with same).

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce

The following link will lead you to some Microsoft KB articles about the basics of the Registry and working with it:
http://inetexplorer.mvps.org/answers.htm#Registry

An experienced computer technician can use programme such as AutoStart Viewer for in-depth diagnosis:
http://www.diamondcs.com.au/index.php?page=asviewer

Empty your IE cache and your other temporary file folders, eg: c:\windows\temp (if using Windows 98) or C:\Documents and Settings\<name>\Local Settings\Temp (the path to your temp folder will change depending on your name) - sometimes programmes can be hidden in there - watch out for mysterious *.exe files or *.dll files in those folders.

Go to IE Tools, Internet Options, Temporary Internet Files {Settings Button}, View Objects, Downloaded Programme Files. Check for unusual objects there.

Go to IE Tools, Internet Options, Accessibility. Make sure there is no style sheet chosen (under User Style Sheet - format documents using my style sheet). If the option is turned on, turn it OFF.

It is possible to turn off third party extensions (Enable third-party browser extensions (requires restart) at IE tools, internet options, advanced) to disable *all* plug-ins but troubleshooting will be difficult and it is only a BANDAID. Nothing gets fixed. There is software that depends on 'third party browser extensions" to work, including Acrobat, Microsoft Money, and many other programmes.