What is Spyware? A technology that assists in gathering information about a person or organization without their knowledge. On the Internet, "spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties." Even in some cases after these programs have been removed from your system. As such, spyware is cause for public concern about privacy on the Internet. Also in many cases causes unknown browser problems.

How did this happen?

When your Security settings are "soft" these sites take advantage of this and actually install software on your system without your knowledge or consent. In other cases downloaded software comes bundled with other "components" (spyware\adware) that you don't realize exists until you start having problems or discover your browser has been hijacked.

Recommended Minimal Security Settings

Close all instances of Internet Explorer and Outlook Express
Control Panel | Internet Options | Click on the "Security" tab
Highlight the "Internet" icon, click "Custom Level"

• "Download signed ActiveX scripts" = Prompt
• "Download unsigned ActiveX scripts = Disable
• "Initialize and script ActiveX not marked as safe" = Disable
• "Installation of Desktop items" = Prompt
• "Launching programs and files in a IFRAME" = Prompt

Click on the "Content" tab, Click the "Publishers" button

• Highlight and click "Remove" any unknowns, click Ok
  Why is this important? [read this]

Click on the "Advanced" tab

• Uncheck: "Install on demand (other)", click Apply\Ok
  To test your setup after making the above changes [click here]

How To: Prevent this from happening again?

The first thing you must remember is the above spyware tools are basically for removal after the fact. The trick is "layered protection" for maximum prevention!

1) Use a HOSTS file and keep it updated!
2) Make use of IE's Restricted Zone
3) Install a firewall (see -  Security Issues)
4) Install an Antivirus program (see -  Security Issues)
5) Improving the security of your computer (Microsoft)

To safely remove or block these type files from your system

Experienced Users SpyBot 1.2 [freeware] http://security.kolla.de/
Once installed make *sure* to update via online before scanning!
Fix the items labeled in red, items labeled in blue-green are optional.
Support Forum: http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi
How To: http://www.tomcoyote.org/SPYBOT/

Novice Users Ad-Aware [freeware] http://www.lavasoftusa.com/
Once installed make *sure* to update via online before scanning!
Support Forum: http://www.lavasoftsupport.com/

To double-check your system - (after using one of the above)

Go to: http://www.tomcoyote.org/hjt/ Download "Hijack This!" [freeware] or download direct [here]

Unzip, double-click "HijackThis.exe" and Press "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Click: "Save Log" (generates: "hijackthis.log") HijackThis Tutorial (recommended read)

Next, go to: http://www.spywareinfo.com/forums/

Sign in, go to the "Spyware and Hijackware Removal" section.
Press "New Topic", copy and paste hijackthis.log into your new message.

Visiting the SpywareInfo forum to finish cleaning up your system is highly recommended, as neither Ad-Aware or SpyBot can no longer completely remove these pests. This is mainly due to new daily threats and the use of random generated filenames used by these parasites!

Dealing with Rapid Blaster (parasite)

• Download: RbKiller.exe
• http://www.wilderssecurity.net/specialinfo/rapidblaster.html
• http://doxdesk.com/parasite/RapidBlaster.html

Dealing with Coolwebsearch and affiliates

• CWShredder  (Kills Coolwebsearch and affiliates) read this first!
  Download: "cwshredder.zip" Unzip and run the included "CWShredder.exe"
  
  Then follow up with either Ad-Aware or SpyBot, then HijackThis!
• More info on Coolwebsearch and the gang
  
  Editors Note: there are now nearly 10,000 Coolwebsearch affiliates!
  They do this as a "Pay-per-Click" scheme, basically getting a few cents for each user that gets hijacked to Coolwebsearch or one of it's major affiliates. Nice guys huh? Most of these affiliates are Adult related, so be careful where you surf and practice Safe Hex!

Additional Prevention

Both the HOSTS file and the Restricted Zone entries both target most of the major parasites, hijackers and unwanted search engines. If you are also having trouble with unwanted pop-ups - [start here]

Various Registry Fixes

• RepairDefaultPrefix.reg [right-click and select: Save As]
  Repairs the corrupted or altered (spyware) HTTP prefixes
  Note: HijackThis can also repair the DefaultPrefix entry [more info]
  
  
• RepairTabs.reg [right-click and select: Save As]
  1) Restores the missing Tabs in IE (usually spyware related)
  2) Unlocks the grayed-out Home Page section
  3) Removes the Administrator message in Internet Options
  Note: HijackThis can also repair the "Missing Tabs" restriction [more info]
  
  
• UnlockNoBrowserOptions.reg [right-click and select: Save As]
  Removes the Administrator message in Internet Options
  SpyBot also has this option in the Immunize section [more info]
  
  
• EnableRegistryTools.reg [right-click and select: Save As]
  Unlocks the "Disable Regedit" entry, or use HijackThis [more info]
  
  
• UnlockHomePage.reg [right-click and select: Save As]
  Unlocks the grayed-out Home Page section on the General Tab
  Tip: Prevent your "HomePage" setting from being Hijacked

To use: download - right-click and select: Edit to view in Notepad.
Right-click and select: Merge - to enter the info into the Registry, and reboot.

Note: always backup the Registry before making any changes. Also be aware these reg files are intended for stand-alone or home users. Corporate users are urged to check with their network supervisor before removing restrictions.

Removing Unwanted IE Menu Items

• Scan your system with Ad-Aware or SpyBot (see above)
• Run HijackThis! and select the "08\09" items you want removed. [more info]

To manually remove from the Registry [Experienced Users]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt]

• Click open "+MenuExt" (left pane) Locate the desired Menu Extension (highlight)
  Make a note of the corresponding (htm) file (right pane)
  Right-click the desired key (Menu Extension) select: Delete
  Note: always Export before editing the Registry.
• Close Regedit, Open Windows Explorer
  Locate and delete the "corresponding (htm) file" (if exists)

Repairing your Winsock Connection

If you have suddenly lost your Internet connection after removing spyware (such as NewDotNet, and Commonname) the following steps will help restore your connection.

• Repairs Winsock 2 settings: http://www.cexx.org/lspfix.htm
• WinsockFix.exe (by: Option^Explicit) [download]

Various Troubleshooting Articles

• Home Page Setting Changes or Cannot Change Your Home Page Setting
• A New Window Appears When You Visit Some Web Sites
• Error Message in Mfc42.dll Appears When Starting, and then Internet Explorer Quits [more info]
• Ftapp.dll Causes an Error Message [more info]
• Error Message: "Msbb.exe has encountered a problem and needs to close..." [more info]
• IE Stops Responding or the Home Page Takes a Long Time to Open
• IE Caused an Invalid Page Fault in Module Unknown (SaveNow or New.net)
• Wurld Media Version of the Bpboh.dll File Causes an Error Message in Windows
• List of all known Browser Helper Objects
• How to Disable Third-Party Tool Bands and Browser Helper Objects
  [more info] BHODemon 1.0 [freeware]
• Frequently Asked Questions About Internet Security (recommended read)
• Home Computer Security (recommended read)

Other Spyware related Sites and Newsgroups

• news://alt.privacy.spyware | news://news.grc.com/grc.spyware
• Google Groups - Spyware (Web based link)
• CEXX.ORG Spyware Message Board
• Andrew Clover's Parasite List (detection and removal instructions)
• Security and Privacy Forum by Net-Integration (recommended)