Monday, November 19, 2018

Anti-spyware Or Spyware?

Spyware has become the most prominent computer security problem. How do you choose a good spyware removal tool? Beware of anti-spyware software which installs spyware/adware to your computer.

Spyware is a hidden software program. It is often used to monitor the browsing and shopping habits of computer users. Spyware can also be a remote control program that steals confidential banking and personal information.

Spyware has quickly become the most prominent internet security problem. According to the National Cyber Security Alliance, spyware infects more than 90% of home PCs. Recent survey shows that spyware is also sneaking into the network of corporate computers.

Spyware is often coupled with free downloads, such as free music, game and software downloads. Spyware may slow down computer, hijack homepage and create uncontrolled pop-up advertisements. Some spyware programs can remain unnoticed, secretly gathering information from the computer. Once installed, spyware is difficult to remove without the help of dedicated anti-spyware software.

Due to the rise of spyware activity, anti-spyware programs are in great demand these days. But are these spyware removal tools the same? Do they provide the security consumers need?

There are many reports that some anti-spyware programs installed their own spyware and adware to the computer. One consumer was quoted saying: “It’s a rip-off. I downloaded the free trial of an anti-spyware program, only to find out that it added its own adware to my computer.” Other consumers have complained that the anti-spyware program they use cannot detect all spyware programs. Some even slow down the computer and create pop-up advertisements.

 There are a few good anti-spyware programs in the market today. On the other hand, dozens of spyware removal programs are blacklisted by consumers. Beware of spyware removal tools that are heavily promoted by e-mail campaigns. Never run any free downloads and free scans from unknown software publishers. Their programs may as well be spyware programs themselves. Read independent product reviews from renowned computer magazines or reputable sources. Spending some extra time in research can save you a lot of hassles in the long run.


Kwan Lo is the owner of, an online review site promoting award-winning anti-spyware software and other internet security software.

Saturday, October 13, 2018

Spyware - Out you Go!

A overview of basic steps to clean computers from most spyware infections. Even though spyware is mutating at a tremendous rate, this strategy of attack will remain viable for quite some time, although some of the minor details will change slightly.

 Despite top of the line antivirus and antispyware protections in place, the spyware creators are still able to create items that get through the filters and cause infections. (But that’s not what this article is about). The most common methods of infection are still infected attachments to emails and “drive-by” hits from websites while browsing the Internet. (But that’s not what this article is about either). Having watched the evolution of some of these infections over the past couple of years, I’ve found a couple of tricks that work on many of these infections. That’s what this article is about: revealing a plan of attack that can eliminate most of these spyware infections.

First, the tools you will need:

Combofix – This free application combines several different cleaners and is updated frequently. Make sure you grab the latest copy. It can be downloaded from I usually do an Internet search on “download combofix” and it pulls up as the 1st or 2nd hit.

Malwarebytes Antimalware – also known as MBAM. Another free download available from many sources, including

The operating system’s system recovery CD. This may be the Installation CD for some OS’s (like Windows XP). It doesn’t have to be specific to this computer, as long as it is from the same OS.

That’s all you need. Go ahead and collect them. I’ll be here when you get back.

I didn’t mention that you also need an infected computer to clean, but I took a guess that you knew that already. Depending on the severity of the infection, you have several steps. I’m going to start with the simplest solution, and then get more difficult. Before you get started, keep in mind that spyware evolves all the time and what works now may not work in 6 months, but the basic strategy outlined below should be effective for the foreseeable future. Finally, although I offer these steps as a possible method for cleaning the spyware, keep in mind that it is still your computer. I take no responsibility for any damage caused by the spyware infection or your attempts to clean it up.

Scenario 1 – Computer still works, even though infected.

If you can get to a desktop and run programs, you can often clean the computer before it gets more severely infected.

1. Copy Combofix to the computer and run it. Combofix will check for Windows System Recovery and install it if it is missing. You want to allow it to do that, and it will need Internet access to do do. When it is done, it may also want to reboot to finish cleaning up. You want to do that too.

2.Install MBAM and update it (the pattern files update every couple of days, this is critical). Then run a full scan. It takes longer, but it doesn’t skip other user profiles, where some infected files might be residing.

3. Continue to run MBAM until it comes back with zero infected files. If you repeat the scans and see the same files over and over, you should have enough control of your computer at this point to research those infections and take specific action against those files.

4. Finally, you can repair any specific damage caused by the infections.

Scenario 2 – Normal boot doesn’t work, the Internet is blocked, or you can’t run programs.

Quite often these days, the infection will block your access to your desktop, or prevent programs from running, or reconfigure your Internet settings so that you can’t successfully run the spyware removal tools. Booting to safe mode quite often prevents the spyware from blocking you.

1.Reboot the computer

2.Press the F8 key about twice a second until you get the Safe Mode menu. Then select “Safe Mode with Networking”.

3.Once the computer boots up, you will have access to your Start Menu and can proceed with the steps from Scenario 1.

Scenario 3 – Safe Mode isn’t working

The trickiest solution is when the infection has blocked your access to the desktop in safe mode. In this case we have to reset a couple of registry settings to re-enable access to the desktop for safe mode to work. WARNING! This routine involves modifying the registry.

1. Insert the System Recovery CD in the computer’s CD drive.

2. Boot the computer from the System Recovery disk.

3. Use the menu to open a command prompt.

4. Run the registry editor from the command prompt by typing regedit.exe.

5. Hightlight HKEY_LOCAL_MACHINE, click on File menu, then Load Hive

6.  Browse to the Windows\System32\Config folder on your system drive (It probably will not be labelled the C drive in Safe Mode) and open the Software file

7. Back in the registry, browse to Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Shell under the loaded hive.

8. Remove everything listed there, then add back in Explorer.exe (Anything else you see here was added by the infection)

9. Close the file and power off the computer, then Proceed with the steps in Scenario 2.

Because Windows always checks that registry key when it boots, it will now use the built in Explorer you are used to using, allowing you to proceed with the rest of your cleanup without too much difficulty. I

f none of these techniques work, you can always check back with us to see if new techniques have been developed.


Alan Crowetz brings a wealth of knowledge to InfoStream, including experience in accounting, communications, desktop publishing and troubleshooting among other skills. As the company's President and CEO, he utilizes these abilities to not only review client computer and networking systems, but also to design solutions and educate clients on alternatives: http://http//