Front Page  |   Information  |   Computer  |   Computer setup tips  |   Router setup tips  |   Funnies & Everything Else  |   XP setup tips  |   Address munging for newsgroups  |   Junkware  |   Alternate Data Streams

Do you seem to be getting spam from my domain? Please see this note I'll put a after something when it's added to the page. After the item has been on the page for about a month, I'll take out the and just leave the "Added" date. At least I'll try to do it every now and then. If you find a dead link, a typo or have a suggestion, there's a link at the bottom of the page that you can use to send me an Email. Date format is MM/DD/YYYY

Do you use Computer Associates' ETrust Anti-virus? Even if you don't you should be concerned about Alternate Data Streams on Windows 2000 and XP. ETrust has created thousands of unnecessary files on my drives, and they haven't offered any solution yet. So I did some research. I like and use Firefox. Which ever browser you use, make sure you keep it updated. That goes for all critical software.

I'm putting this page together to help me clean up people's computers, but it can serve as a reference for anyone else needing information or tools to deal with junkware too. My main purpose is so that I have the links available to me when I'm out and about.

One very important thing to remember is that this is a really hot topic right now, and like anything that people need help with there are some who will take advantage of that fact. Some of the adware removers/scanners are pure scams. Some will install their own junkware, some will install even worse things. There are cases where someone has taken a free program like Spybot, renamed it, and sold it as thier own. Beware of anything that has too much hype, or tries to scare you into buying their product. If you go to a web page and there are big flashing letters that say SPYWARE HAS BEEN DETECTED, DOWNLOAD OUR SCANNER NOW, go somewhere else fast. A good list of fake or problematic Spyware removers is the Rogue spware list. Also check out their companion page on Family Resemblences. Please note that these are not my lists, I just reference them.

Many of the sites and programs listed here are provided by people who just want to help clean this stuff up. Often they started by working on cleaning one specific nasty, and things snowballed. Most of them provide their time and web space at no charge, but many accept donations to help them cover their costs. Please consider donating. Some programs have free and paid versions. The paid versions have more features. If you like and use the free one, consider buying the paid version to support them.

Junkware, adware, spyware, scumware, crapware, or parasites, whatever you call it, it's gotten totally out of conrol during the last half of 2003 and beyond. Some articles about it are at aumha.org, Eric Howes site and Eric's comments (1863kb PDF) to the FTC. And now there's a first anniversary follow-up by Eric and Ben Edleman. Ben has some excellent articles about how some spyware infestations are carried out.

An April 2004 Infoworld.com article about what percentage of computers are infected with some sort of malware. It's gotten worse since then, not better.

The Houston Chronicle printed a good article in 2004 with lots of information about spyware and tips on how to clean up. And more importantly, how to avoid it in the first place.

At least some of the crap that gets installed on people's computers earns money for college students. They get paid to post the bait that sucks people in. See this PCWorld article from June 2004.

An example of how much money is involved can be seen in the legal actions that New.net has been taking.

Arstechnica.com has a good article with descriptions of malware and some screen shots.

Forums and sites with information

• SpywareWarrior.com is a good place to start. They have links to articles, forums, blogs and many anti-spyware sites.
• A long list of tools is at one of Eric Howes' pages. I haven't even looked at many of them. let alone used them. But they're highly recommended by many people and there's something listed there for just about any nasty you'll come across. I have used most of the following at one time or another.
• Merijn.org This link actually goes to the mirror at Spywareinfo.com since his pages are often unavailable due to the amount of traffic.
• Spywareinfo.com (Also sometimes unavailable)
• The Parasite pages at doxdesk.com.
• Spywareguide.
• Aumha.org forums.
• Wilders Security forums.
• Pest Patrol's (now Computer Associates) research center.
• Instructions for manual removal of lots of pests are at PC Hell.
• An excellent list of programs and methods to protect your computer are in this newsgroup post.
• You can check running processes using What's Running or snapfiles.com. I haven't tried either one but they've been recommended by people I trust. I have used HiJackFree and Process Explorer plus other utilities from that second page.
• Once you find out what's running, even just with Task Manager, you can check to see if it's legitimate at liutilities.com whatsrunning.net processlibrary.com

Software to help clean up a computer

Where it's appropriate, I've linked to the front pages of the companies providing free software. Generally the free software is only one of their offerings, and they hope that you'll like it and buy something else from them. So it seems fair to let people see what else they may have. You may have to poke around a bit to find the free version.

NIST.org has a list of online Virus and Spyware scanners.
• Spybot Search and Destroy. Donations gladly accepted.
• AdAware. Free and paid versions.
• Setup instructions for both AdAware and Spybot.
• Sunbelt Software has Counterspy which has a 30 day trial. Added 08/10/05
• MS Anti-spyware is free from Microsoft. For XP only, and verification of having a legitimate copy of Windows XP is now required. As of March 2006 it has now been renamed Windows Defender and will work on Windows 2000 Service Pack 4. It has also been changed a lot. Added 08/11/05
• A-Squared Anti-Trojan has free and paid versions. Added 08/11/05
• Webroot Spysweeper. Added 08/11/05
• Pest Patrol has an evaluation version.
• Autoruns for monitoring startup items. Free from Sysinternals.
• Sysinternals also has RootKitRevealer. It's still under development, and may find false positives. Sometimes lots of them. But it's a very powerful tool which may help spot something. But you have to decide what's a problem and what's OK, there's no guidance. It just does a scan and reports things that don't match. Help is available though from the RootKitRevealer Forums or many other online sites.
• SilentRunners is a VBS script that looks up a lot of startup items and lists them in a text file. By default the text file is saved to the directory that SilentRunners is started in. See the page for instructions on how to change that and more.
• HijackThis (part way down the page). Freeware with donations accepted.
• Spywareinfo, Bleepingcomputer.com and Aumha.org have tutorials for HijackThis.
• A web page that will do a basic analysis of your HijackThis Log. It's not perfect and will flag a lot of "questionable" entries, but it's a good place to start on a very complex list. NetworkTechs also has a HJT Analyzer. Use both and compare the results to increase your chances of spotting false positives.
• Several tutorials for using different Spyware/Hijacker removal tools from Bleepingcomputer.com.
• SortedPC.com has a list of online virus and parasite scanners. Always a good idea even if you think you only have adware problems. There's so much overlap in malware types these days that the lines have blurred. Added 08/13/05
• There's a list of clean, free security related software at Respect2Glory's website.
• Eric Howes has a list of Spyware/Adware/Hijackware Tools that is much more comprehensive than what I have here.

Cleaners for specific nasties:

• CWShredder for Coolwebsearch was originally developed by Merijn Bellekom of the Netherlands. Because that whole site was often down due to DOS attacks, CWShredder could also be downloaded from Aumha.org which was an official mirror site. And still is, even with the ownership changes of CWShredder.
  
  Merjin had to give up on trying to keep up with CWS, it morphed too fast. his program has been taken over by Intermute who now maintain and update it. And Intermute has now been absorbed by Trend Micro, but CWShredder is still free. It's also available as part of a for pay suite of software tools. Two other sites with information about CWS are Michaelhorowitz.com and Silentrunners.org.
  
  
• Sunbelt Software has a cleaner for a keylogger that is associated with CWS Added 08/11/05
  
  

Ways to protect yourself so it doesn't happen again.

Use common sense. There Ain't No Such Thing As A Free Lunch. If you're thinking about installing some free software, read the EULA closely. Often there are clauses in there about the "additional" software that will be installed. Many times that additional software doesn't uninstall when you uninstall the host software. Sometime the additional software installs even if you cancel out of the original installation.

• Stay up to date with patches and upgrades. If a software vendor releases a security patch or upgrade, it's almost certainly worth installing. For Windows and IE you can check Windows Update. For other programs you'll have to check the vendors site now and then unless they offer a mailing list to send notifications. Most don't due to problems with spam blocking.
• Use a web filter like Proxomitron that will block a lot of the scripts and other methods that some of these things use to get installed.
• Eric Howes' Enough is enough for IE.
• IESPYAD is also for IE users.
• Spyware blaster and Spyware guard. Freeware with donations accepted. Configuration guides for Spywareblaster and Spywareguard.
• You can block a lot of ads and unpleasant sites using a hosts and/or PAC file. Sheryl Canter has information and instructions.
• Use an alternate browser although that's not a guarantee either. I use Opera and Firefox.
  
  
  With several recent exploits taking advantage of unpatched Internet Explorer vulnerabilities, using another browser becomes an even better option. It is not a perfect solution, and some of them are subject to some of the exploits, although to a lesser degree than IE. And as others become more popular, or maybe just as they become more recommended for security, they will also have problems. But the developers react faster, and have fewer interacting "features" to deal with.
  
  

Written for Check out the Any Browser pages.

If something doesn't work right please Email me.

Page Revised 10:22 PM 11/19/2006

---