Ask Windows XP Expert Walter Clayton About Spyware

Walter,

I recently found some information regarding how some spyware/adware may use
the AppInit_DLLs registry value to load their DLLs. I checked several
non-infected machines and noticed that this particular registry value was
null on all that I checked:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs = {blank}

Obviously, Microsoft placed this registry value there for a reason. What
might typically be a legitimate use of this value? I'm just trying to make
sure that I do not take out something that belongs. Just to be safe, I
typically just rename a copy of the registry key with its original value.
But my curiosity compels me about this one.

"Walter Clayton" wrote:

Generally all I use is AdAware first followed by SpyBot. There's a lot of
overlap in the two tools, but they also concentrate on non-overlapping
areas. It's also wise to follow up with installing SpywareBlaster. None of
these require run time presences although SpyBot will offer to install such.
No harm in doing so and in some instances, especially with multi-user
machines, a necessity. The biggest issue is remembering to run them
periodically after checking for updates. The latter is one of the reasons,
other than not changing usage habits, that people get reinfected. It's
easier to avoid being click happy than it is to clean up the mess
afterwards.

There are instances where AdAware/SpyBot may be neutralized or unable to
clean something. I handle those on a case by case basis since you're looking
at going with some highly specialized tools that if misused will leave the
machine unbootable (note that there is a nasty that the current version of
AdAware had been cleaning incorrectly that would make it impossible to log
on to the machine without taking corrective action).

Depending on your level of expertise there are some tools that circumvent
issues with removing nasties that are resident in memory even in safe mode.
If an XP machine is being disinfected I use a bootable CD created using
Bart's tools with fully updated AdAware, Trendmicro, McAfee and Kaspersky
tools (all free versions) incorporated. This also allows me to correct any
registry issues on the host machine without any major hassles other than
knowing what parts of the registry need be hacked. The reason I include and
run AV scanners is generally if some one has a load of spyware it's not
unusual they'll have nastier stuff as well.

--
Walter Clayton - MS MVP(WinXP)
Associate Expert
http://www.microsoft.com/windowsxp/expertzone
Any technology distinguishable from magic is insufficiently advanced.
http://www.dts-l.org
http://support.microsoft.com/servicedesks/fileversion/default.asp|


"Andrew" wrote in message
...


I already know what Spyware can do and all to your computers but what is
the best Spyware and Ad-aware remover programs out there I'm using Spybot
1.3 and Ad-aware 6.0 from Lavasoft and I heard having two good Spyware
and Ad-aware remover programs that it will remove about 90% of Spyware
and Ad-aware off your computer and keep it out.