Windows Tutorials - Herong's Tutorial Notes
Dr. Herong Yang, Version 4.11

Removing Spyware

Part:   1  2  3  4  5 

Windows Tutorials - Herong's Notes © 2006 Dr. Herong Yang

Trojan and Adware - Vundo

Controlling IE Addons

Removing Spyware

Web Log Analysis

Paint - Graphics Tool

WinRAR - RAR Compression Tool

FTP Server and Client

Crossover Cable Network

... Table of Contents

This chapter describes:

  • What Is Spyware?
  • HijackThis - Browser Hijacker Detector
  • Spyware - WebBar - htwtb.bin
  • Spyware - SurfBuddy - sbuddy.dll
  • Spyware - WebSpecials - webspec.dll
  • Spyware - DSSAgent - DSSAGENT.EXE
  • Transponder - Best Offer - farmmext.exe
  • Spyware - dinst.exe - dsr.dll

What Is Spyware?

A couple of weeks ago, I had to spend a several hours to help a friend of mine to remove spyware on his computer. It was a very interesting experience, and I want to share with you.

First, I searched the Web for a good definition of spyware. Here is what I found:

Spyware is a broad category of malicious software designed to intercept or take partial control of a computer's operation without the informed consent of that machine's owner or legitimate user. While the term taken literally suggests software that surreptitiously monitors the user, it has come to refer more broadly to software that subverts the computer's operation for the benefit of a third party.

Spyware differs from viruses and worms in that it does not usually self-replicate. Like many recent viruses, however, spyware is designed to exploit infected computers for commercial gain. Typical tactics furthering this goal include delivery of unsolicited pop-up advertisements; theft of personal information (including financial information such as credit card numbers); monitoring of Web-browsing activity for marketing purposes; or routing of HTTP requests to advertising sites.

HijackThis - Browser Hijacker Detector

HijackThis is probably the most popular spyware detection tools available on the Internet. So I downloaded HijackThis v1.99.0 from the Web site: http://www.merijn.org/.

Here is a basic tour of how to use HijackThis:

1. Run HijackThis, it will offer you a couple of command buttons on the first dialog box.

2. Click the "Do a system scan and save a logfile" button. HijackThis will scan your system and show you the "Save logfile" dialog box.

3. Select a directory and enter a file name for the log file, for example, c:\temp\hijackthis.log.

4. Open c:\temp\hijackthis.log with a text editor. You will see a HijackThis report like this: 

Logfile of HijackThis v1.99.0
...

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
...
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
...
C:\WINDOWS\Explorer.EXE
...
C:\local\hijackthis\HijackThis.exe

(Continued on next part...)

Part:   1  2  3  4  5 

This site Web Google

Dr. Herong Yang, updated in 2006
Windows Tutorials - Herong's Tutorial Notes - Removing Spyware