Sam's Spyware/Adware/Malware Removal Experience

Scanning and Removal Programs

Detection and Removal of Spyware, Adware, etc.
ProgramCostDescription
AdawareFreeScans and removes
Spybot S&DFreeScans and removes
Spyware blasterFreeScans, removes, and protects
Microsoft's Antispyware betaFreeScans, removes, and protects
HijackthisFreelogs potential problems, can remove some
AboutBusterFreeremoves CoolWebSearch, a really nasty infection
ewido14 day free trial.Scans and removes. Can deal with CoolWWWSearch.
Spy Sweeper14 day free trialScans and removes. Also actively protects.
Trend Micro's HousecallFree ScanInvoked from the web page
lspfixfreeUtility fixes a specific problem. Be careful. Make sure and read the docs.
CWShredderFreeFor years, the main weapon against CoolWebSearch. See this history.

There are some web sites that make it their business to fight spyware. They have their own lists of helpful tools. Check out lists from Spyware Warriors and Subratam.org (click the "Removal tools" button on the left). For a more thorough comparison and analysis of some of these and other scan & remove programs, check out Spyware Warrior's guide to Anti-Spyware Programs.

9/10/2005. I found some new-to-me web sites focused on helping people get rid of spyware/adware/malware and added links to them.

8/14/2005. I have had to do battle with some really bad spyware/adware/malware infections on my family's PCs over the last couple of years. When I am desperately trying to remove one of these nasty problems, I have to search the net and try different strategies until something succeeds. Each time, I document what I have learned here, in hopes it will help others.

If you are reading this page because you have an infection, you have my sympathy and I wish you good luck.

If you have questions like "who writes spyware?", "who writes adware?", "how does adware get onto my PC?", "what companies create spyware and adware?", and "how do these companies make money?", then I highly recommend Benjamin Edelman's web site. Mr. Edelman has done some very thorough research into some of these deceptive adware creators, e.g., eXact Advertising, Direct Revenue, and 180solutions. His Advertisers Supporting eXact Advertising is quite informative. If you are going through hell to remove this stuff from your computer, you should consider boycotting these companies! According to this, Direct Revenue is also very closely tied to eXact and VX2, etc. Counter Spy Research Center is also a good site.

The author of this article about VX2 traces web sites and companies (e.g., eXact Advertising) involved in foisting VX2, BetterInternet, etc. on unsuspecting users. He also claims that VX2 is install by "install007.exe", a program downloaded to your computer when your browser visits 2nd-though.com, if your browser supports the HTML iFrame tag and the OBJECT tag. Spyware Warrior has references to a Newsweek article on the company and people behind VX2, eXact, Direct Revenue, etc.

Especially Heinous Spyware Sites and Products

A website that claims to perform spyware or adware removal, but in fact adds spyware to your computer -- these are the worst. Check out Spyware Warrior for a list of these websites. Even if you become desperate for help, don't get faked out into going to them. Here's an article about a recent such program. Here's a blog from Suzi, the person who runs SpywareWarrior's efforts to combat these sites.

Experts are Waiting to Help You

There are web sites that claim to have experts who will examine your PC and tell you what's going on. One, ASAP, is an alliance of professionals with pointers to member sites. Examples are Wilders Security Forums, Tech Support Forum, Broadband Medic, PC Sympathy, Castle Cops, and Computer Cops to name a few. Each of these sites has instructions for how to tell them about your problem. The way most of them work is they ask you to download and run the freely available Adware/Spyware detection and removal software. Adaware and SpyBot Search and Destroy are two such programs that are very good.

The next step is to download and run HijackThis and/or ewido and post the log it can create to their forum. This is how the expert "examines your PC": by looking at the log you post. The expert will then tell you (by posting a response to the forum) what you do next. HijackThis is capable of removing items in addition to creating the log. It is a great program.

I do not have personal experience using these sites as described above. I have encountered them as I search the internet with the symptoms of my infection. These sites pop up and I read the posts in a forum to see how an expert helped someone with symptoms like mine. The expert might have requested that the user remove a bunch of files using HijackThis. I'll look to see if I have those same files on my system. If so, I'll search the net for those filenames to see what I can find. This will likely take me to other forums, etc.

I was able to fix my son's 8/2005 infection of CoolWWWSearch as a result of an excellent posting on a forum in Geeks to go!. For the details, see below.

CoolWWWSearch

8/2005 A person named Insipid has a very complete set of instructions for removing this malware. Scroll down to where you see this line: Ok, let's get rid of this infection. I have copied his intructions here so they don't get lost.

Until I read Insipid's instructions, I'd never heard of ewido (download free version). It is the program that got rid of all CoolWWWSearch remnants. I googled to find out more about ewido and to answer the question "how is it that I've never heard of them?" The reason was quickly obvious -- I haven't had any recent spyware/adware problems so I missed the appearance of ewido. It is now a standard weapon for the good guys in the adware/spyware battle (see Geeks to go's instructions). I should mention that this infection was on my son's computer which is difficult to get into safe mode. I ran ewido in "normal" mode and it did a fantastic job.

I spent a few hours trying to remove CoolWWWSearch. Spyware Search and Destroy (Spyware S&D) would find it, but could not removed it so it would ask if Spyware S&D could be started on my next reboot. I'd say yes and reboot. It still could not remove CoolWWWSearch. I tried many different suggestions from the net until I found the instructions from Insipid took care of everything.

Look2Me, ZestyFind, and VX2.BetterInternet

by Nictech, 2nd-Thought, XzoomY, et al.

Look2Me/VX2.BetterInterenet is the worst spyware/adware that I have encountered. Worst is measured by how much time I had to spend removing it from my computer. A person named Option^Explicit has contributed quite a bit to eliminating VX2. Removal of VX2 is difficult because Nictech has attached their software to Windows Explorer and/or Winlogon. Also, they aggressively evolve their malware. Here is what some wise folks have to say about Look2Me/VX2.BetterInternet: Counterexploitation PC Sympathy, Symantec, Kephyr on Look2Meand Keyphyr's entire online Encyclopedia of bad software, which includes multiple references to Better Internet.

Symantec has information and a removal program. Adaware has a Special VX2 removal package.

Here is free download page for a tool focused on uninstalling betterinternet, presented by Spy-Sweeper. Although I have not tried this tool, I tried and then purchased Spy-Sweeper a few months ago for one of my computers. It was able to clean up one bad virus/adware/spyware that nothing else could get rid of. Although quite thorough, it takes a while to do a complete scan of your system.

I recommend Spyware Removal and Prevention Guide. In addition to explaining how to install and configure Adaware and Spybot Search&Destroy, two excellent and free Spyware and Adware removal programs, it describes a third program, SpywareBlaster, which is supposed to protect your system from infection in the future. This may be well worth the effort.

Links to Adaware, Spyware, Malware, etc info

Each link is a pointer to a web page that indicates, quite strongly, that the item is spyware, adware, malware, or something else that you probably don't want on your computer. A BHO is a Browser Helper Object Read about them here and here. BHOs aren't all necessarily bad.

bxxs5 [BHO]. This link and some others on this page are to www.keyphyr.com. The descriptions of spyware, adware, etc. on these web pages is well researched.
default-home-page
MySrchAs [BHO]
TvmBho and also here [BHO].
WebSavingsFromEbates

These are just some of what I've run across myself or helping others. I'm not an expert.


Send email to Sam, but don't hold your breath for an answer.