Definitive Spyware removal toolkit... 1

[Ali147gta]

I'm trying to put together a 'definitive' spyware/malware removal toolkit, so far I have the following app's (please note I'm not including things like Adaware,Spybot MS Anti Spyware) So far I have the following, does anyone have any other reccomendations???

Hijack this
CW Shredder
Toolbar Cop
IEFix
Winsockfix
About Buster
Stinger

anymore for anymore ?

 

[erikhertzel]

Where do you download and what are the following?

IEFix
About Buster

 

[Ali147gta]

IE fix

http://www.jayloden.com/iefix.htm

About Buster 4.0

http://www.spychecker.com/program/aboutbuster.html

 

[Ali147gta]

aah and HSRemove

http://www.hsremove.com/

 

[jimbopalmer]

lspfix

http://www.cexx.org/lspfix.htm

I tried to remain child-like, all I acheived was childish.

 

[rockerfellerz]

This one is usefull - Pocket killbox

http://www.bleepingcomputer.com/files/killbox.php

If you're going through Hell...keep going... (Winston Churchill)
RocKeRFelLerZ

 

[bcastner]

IE fix

http://www.jayloden.com/iefix.htm

Absolutely do not download this.
It attempts to change your search page, your homepage, and installs .OCX controls that are not appropriate. I had to use a System Restore point to get my system working as it was before using this application as a test.

The "real" IEFix was written by Ramesh Srinivasan (MS-MVP, AumHa-VSOP) and has nothing to do with the link provided above.

The real IEFix:

http://www.mvps.org/sramesh2k/IEFIX.htm

 

[Mike2287]

Nice catch Bill.

 

[Ali147gta]

Just, checked this, sincere apologies for posting the incorrect link,

Many thanks bcastner....

 

[jrbarnett]

Something I forgot to add to this list. Not specifically antivirus/antispyware/antimalware software, but Process Explorer from

http://www.sysinternals.com

is indispensable for terminating trees of processes simultaneously when there are multiple processes that keep each other alive and reload the other, such as Windows TaskAd.
Its also useful for terminating processes where the spyware/virus author has put code in to terminate task manager, registry editor or similar.

John

 

[iamnotageek]

http://downloads.subratam.org/VX2Finder(126).exe

... very useful for removing vx2/abetterInternet, especially if you don't want to run Adaware. Instructions are here...

http://forums.subratam.org/index.php?showtopic=534

Another handy tool...

http://downloads.subratam.org/DllCompare.exe

...with instructions at

http://forums.subratam.org/index.php?showtopic=1725

The latter one is good for tracking down rogue dlls that hijackthis and scanners don't seem to find.

I second the motion on ProcessExplorer. You can easily spot suspicous running processes/sub-processes and find out where they live by going to View - Select Columns and checking Image Path. It is one of the few that will show you all of the dlls running under a particular instance of svchost. These are shown in the lower pane, if you change lower pane view from "handles" to "dlls."

As a side note, I used ProcessExplorer when I was first fighting with one of the latest strains of VX2. It showed two instances of svchhost running in a mode that would not allow access to view those processes.