# How to clean up spyware

Tags:
1. Apr 29, 2015

### mech-eng

I have installed a program but a lot of different program has been installed without my permission and most of these strange programs are advertisement programs. And there is a registry cleaning program which has been installed secretly. For example, some links are added by theirselves on the Internet Explorer window and sometimes there are chat Windows in which a bot woman wants to speak on love. I have uninstalled some of them via control panel but it haven't worked and I have made an antivirus scan but it also hasn't worked. How can I rescue my PC from them and how can I prevent these situations from occuring to not to have same problems in the future?

Thank you.

Note: My antivirus program is Vipre.

2. Apr 29, 2015

### phinds

You need to figure out exactly what was installed and do a Google search for how to get rid of it. And you DEFINITLY should get rid of it since this sounds like exactly the kind of thing that puts malware on your computer.

Last edited: Apr 29, 2015
3. Apr 29, 2015

### mathman

There is a program "Malwarebytes" by Anti-Malware (you can get it from CNET) which might help.

4. Apr 29, 2015

### StevieTNZ

Which was the original program you installed? Naming it (and also the source from where you downloaded it, if you did download it) might help us to find out what else it installed, and how those additional programs be removed.

It sounds like the original program was a virus and/or malware to begin with, as any legitimate program that wants to install additional programs should give you the option to opt out (and even if you didn't opt out, I wouldn't expect the behaviour on your computer you are experiencing).

5. Apr 29, 2015

### Staff: Mentor

Try anti-malwarebytes first.

Modern viruses can actually prevent anti-virus programs from running correctly against them. Anti-malwarebytes does work well, but if your malware is entrenched it may undo or prevent the installation. At work we just wipe PC's C drives when things are bad. We can rescue them by removing the infected C drive. Then attaching the as a D: on a machine with malwarebytes already on it. Full scan the D: drive. Next replace the D: drive back into its home as C:. Disconnect the internet and see if you can boot without a bunch of error messages, if so, connect to the internet, download anti-malware bytes, install it and run a full scan.

6. Apr 29, 2015

### Borg

@mech-eng A couple of pieces of advice. I would not log into anything with that computer until you are sure that it is clean. Assume that it has also installed a key-logger and is secretly sending logins and passwords to a server somewhere. If you can, try to install a firewall and set it to notify you if anything attempts to connect to the internet. This can help you to find and exterminate the programs that have been installed. I use ZoneAlarm which has a free version that works very well. There are two classes of connections that it will tell you about - programs that are trying to connect to the internet and programs that are trying to act as a server. There are very few that need to act as a server but I would be suspicious of everything at this point.

7. Apr 29, 2015

### B0b-A

You mentioned "Internet Explorer" , so you're on Windows , so you can do a "system restore" to a point in time before you installed the unwanted programs. That should return your computer's registry to how it was. Folders created by installing the unwanted programs will remain, but the unwanted programs won't run.

Use something like the browser addon NoScript will stop drive-by-downloads. But if you authorised the download, without reading the small-print , there is no fix to prevent that occurring again, just more caution on your part.

Last edited: Apr 29, 2015
8. Apr 29, 2015

### StevieTNZ

If your machine runs Vipre as security software, surely during the installation of the additional program it would have notified you something suspicious was being installed... and if that was malware -- http://www.vipreantivirus.com/VIPRE-antivirus/ -- that 100% rating doesn't seem to have worked for you.

9. Apr 29, 2015

### B0b-A

On second thoughts there is a software solution. There is software by Acronis which has a "try&decide" option which virtualizes the entire machine, so operates like Windows "system-restore", but will restore the entire computer , not just the Operating System. So you run Acronis before you install any software, you can then try the software, if you don't like it have Acronis put everything back to the pre-install state. Acronis "try&decide" is not free software ... http://www.acronis.com/en-gb/support/documentation/ATIH2014/299.html

Last edited: Apr 29, 2015
10. Apr 30, 2015

### Gracie thomas

Whenever you install something on your computer, make sure you carefully read all disclosures, including the license agreement and privacy statement. Sometimes the inclusion of unwanted software in a given software installation is documented, but it might appear at the end of a license agreement or privacy statement

11. May 4, 2015

### mech-eng

The original program is googlebooksdownloader but I do not remember whether or not it is from the official site. It is just 643 Kb. Some secretly installed programs were Apple Inc's programs. One is opera, another is bonjour. When I try to close that chat window, this link opens:
but then it turns into this Edit by mentor: links to questionable sites removed
I have also realized that my computer's internet speed has lowered.

Here are the programs probably installed with that virüs:

Mystartseach as a search engine. It is strange that when I try to uninstall this, it prompts a verification code to be uninstalled.

Another one is reg-clean pro by systweak.com
Another one is Steelcut:mysteelcut.com
If I open my pc with a Linux live cd, the virus probably cannot be active so can I find and delete it by this method?
Can you using "resmon" help me determine which program is the virus, and can making a soft recovery which uninstalls all programs but not delete files be solution for getting ride of the virus? What should I do with the installation file which includes the virus. Should I send it to Vipre for examining? How can I learn the name of this virus?

Note:Above information might not be exactly correct.

Should I send the installation file via e-mail to vipre

Thank you.

Last edited by a moderator: May 4, 2015
12. May 4, 2015

### B0b-A

13. May 4, 2015

### mech-eng

Hi, Jim Mcnamara. I cannot understand "Then attaching the as a D:" part and why do you disconnect internet? What does "attaching the as a D: refer to? Would you like to explain in a different way

Thank you.

14. May 4, 2015

### StevieTNZ

D: means D drive (rather than C Drive which is usually where the OS, documents, programs are installed). D drive usually contains the factory settings.

If you Internet speed is slower, I would suspect something is using the bandwidth: most likely the spyware/virus/malware installed. You may even be being DdoS'd.

15. May 4, 2015

### B0b-A

Apparently that "secure-fra.adnxs.com" problem does hog the internet ...

16. May 4, 2015

### StevieTNZ

17. May 4, 2015

### StevieTNZ

I got a mentor to edit your post in case someone accidentally clicked the (then) active links, potentially infecting their computer.

18. May 5, 2015

### WWGD

How about starting up in safe mode and using the tools available there?

19. May 8, 2015

### harborsparrow

I have been using Malwarebytes and it is very good. It is not free ($30 or$40, not sure), but it had paid for itself several times over. Periodically, unwanted programs and ads get onto my puter despite the antivirus I am using, and this program has quickly cleaned them out.

If you use Malwarebytes (and it can be tried out for free), be sure to disable the Windows Firewall and Windows Defender before running it. I've found I needed to run it every few weeks to keep things clean (or if haywire ads start appearing).

20. May 8, 2015

### OCR

Last edited: May 8, 2015