Detecting Undetected Spywares

[vineetind]

Manually Removing Spwares

How to you know if you are infected or not?

When a computer is infected with spywares the computer resource is used extremely which actually slow down you computer. You might also get warnings such as "You computer might be infected with spyware", We even saw the desktop wallpaper change bringing a "Security warning".

Where to look for spyware?????

Form 1:
Go in your C:\ and look for suspicious names like djkpp.exe
or dgpjj.exe

Form 2:
Hit Ctrl+Alt+Del to bringup you taskmgr.exe
Then goto processes.
In here look for suspicious processes.
Note: if you see a strange process name and tried to end it and get Access denied. It is most likely a spyware.

Form 3:
Look in you startup folder.

Form 4:
Look in c:\windows or c:\windows\system32
How to manually remove spywares?
When removing spywares this can be a tidious job to do.
The reason here is because to successfully remove a spyware you have to actually remove every spyware on your system otherwise when you think you deleted the spyware it will continue to open on startup becuase it is not cleared in the registry for example.

Step 0:
The very first step is to know the location of spywares.
You can find the names in your taskmanager in processes.
Write the process names down on a piece of paper.
Then go search the system for the location.
Do this by windowskey+F4 then hit F3 to bring up the search box. Search the process name you wrote down. Remember to search also for hidden files.

Step 1:
Goto to Start menu > run
type msconfig.
Goto boot.
Then choose Safe-boot to boot in Safemode.
When finish click Apply.
Then you will restart you computer clicking restart.

Step 2:
Now you are in Safemode. You should login as Administator or anybody with Admin privilleges. Now find the process locations and delete the files.
Step 3:

Now it's time to go and play with you registry.
Goto Start > run
Type regedit and press Enter.
You are now in you registry.
Go to this registrykey to
HKEY_LOCAL_MACHINE\SOFTWARE\m*c*s*t\Windows\Curren tVersion\Run
remove all the spyware startup
processes. Delete everything in this key.
And close the registry.

Step 4:
Go back into msconfig.
Remove Safe boot.
Ander reboot into normal mode.
Your spywares should now be no more in the system.
Now one need not depend on anti-spyware programs moreover most of them can't detect the latest spywares too.

Stay updated on National Anti-Hack Group at www.nag.co.in and it's forum's

[swatkat]

Spyware not only use the "Run" keys to start themselves automatically. Atleast there are 38 Autostart locations in Windows and a program can use any one of them. Some "tough" spyware use Winlogon Notify keys to load their DLLs.

[kin.vachhani]

spyware or trojan even use explorer.exe or taskmgr.exe and many more to start up.......nice try but seems to be bundle to me....