If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#11
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
Walter,
I recently found some information regarding how some spyware/adware may use the AppInit_DLLs registry value to load their DLLs. I checked several non-infected machines and noticed that this particular registry value was null on all that I checked: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs = {blank} Obviously, Microsoft placed this registry value there for a reason. What might typically be a legitimate use of this value? I'm just trying to make sure that I do not take out something that belongs. Just to be safe, I typically just rename a copy of the registry key with its original value. But my curiosity compels me about this one. "Walter Clayton" wrote: Generally all I use is AdAware first followed by SpyBot. There's a lot of overlap in the two tools, but they also concentrate on non-overlapping areas. It's also wise to follow up with installing SpywareBlaster. None of these require run time presences although SpyBot will offer to install such. No harm in doing so and in some instances, especially with multi-user machines, a necessity. The biggest issue is remembering to run them periodically after checking for updates. The latter is one of the reasons, other than not changing usage habits, that people get reinfected. It's easier to avoid being click happy than it is to clean up the mess afterwards. There are instances where AdAware/SpyBot may be neutralized or unable to clean something. I handle those on a case by case basis since you're looking at going with some highly specialized tools that if misused will leave the machine unbootable (note that there is a nasty that the current version of AdAware had been cleaning incorrectly that would make it impossible to log on to the machine without taking corrective action). Depending on your level of expertise there are some tools that circumvent issues with removing nasties that are resident in memory even in safe mode. If an XP machine is being disinfected I use a bootable CD created using Bart's tools with fully updated AdAware, Trendmicro, McAfee and Kaspersky tools (all free versions) incorporated. This also allows me to correct any registry issues on the host machine without any major hassles other than knowing what parts of the registry need be hacked. The reason I include and run AV scanners is generally if some one has a load of spyware it's not unusual they'll have nastier stuff as well. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "Andrew" wrote in message ... I already know what Spyware can do and all to your computers but what is the best Spyware and Ad-aware remover programs out there I'm using Spybot 1.3 and Ad-aware 6.0 from Lavasoft and I heard having two good Spyware and Ad-aware remover programs that it will remove about 90% of Spyware and Ad-aware off your computer and keep it out. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
I click on my spyware exe and Windows begins to install Windows Office XP | Snapper | The Basics | 5 | July 22nd 04 02:56 PM |
I click on my spyware exe and Windows begins to install Windows Office XP | Snapper | The Basics | 2 | July 22nd 04 11:13 AM |
I click on my spyware exe and Windows begins to install Windows Office XP | Snapper | The Basics | 5 | July 22nd 04 10:09 AM |
How do I remove Spyware? | Julian Milano | General XP issues or comments | 7 | July 16th 04 08:20 PM |
How do I remove Spyware? | Julian Milano | General XP issues or comments | 5 | July 16th 04 04:18 PM |