while spybot isn’t my thing, every tech has removal tools they love. Once i get one in the shop, i hit up safe mode as the administrator(get a linux SAM password cracker if you need to), disable system restore(SR will save viruses/spyware) and run MWB (also run SuperAntiSpyware if the system can handle it). It’s been noted from the engineers that the quick scan will get 99% of the junk, so don’t bother using the full scan, especially with vista, as the page file search can take several hours and is often times fruitless. while the scan is running, check through the add/remove programs for entries like weatherbug, limewire, MyWebSearch, and other stuff that doesn’t belong there. Companies use these ‘helpful’ and often times ‘cute’ programs, such as cursors, or wallpapers, or screensavers to track your interests and such.

Also run through the program files and hard delete anything not removable from the add/remove programs list. Don’t forget to check the common files directory as well.

Next, run through each users’ temp files located in (typically) c:\documents and settings\user\local settings\temp and just wipe it all out. The temp folder was MADE to be deleted so don’t feel bad.

the next thing to check is the startup programs. goto start -> run and type in ‘msconfig’ then click the startup tabs and uncheck any a) unnecessary programs (stuff your lazy butt and double-click yourself) and b) any programs that contain random strings of letters/numbers, or are blank. apply the settings, hit OK but don’t reboot just yet!

once the first scan is finished for the administrator, you’ll need to logon to EACH AND EVERY user account and run a quick scan. the reason is because some files still can’t be seen by the administrator.

while you’re scanning, this next step is for IE users only. goto control panel – internet properties and find the section to manage add-ons. You’ll want to disabled any addons that again, don’t belong there. Check for ones labeled with registry keys only, and scrutinize the unverified publishers. also, disabled any toolbars. these slow your borwser load times greatly. search engine toolbars are especially annoying because again, they track you every worse than on their actual page.

Firefox users can check, but it’s a TON more secure than IE and rarely adds any add-ons without permission.

once all the accounts have been cleaned, you shoudl be able to log back into regular mode, re-enable system restore, and you’ll be back on track. Make sure you have a GOOD antivirus (not mcafee…EVER, and only choose norton is you must). AVG’s free scanner is still pretty good, although there are some smaller independent ones making names for themselves. remember to update your definitions and scan regularly. een the pros, like myself, sometimes break their eCondom and nasty bits get in.

For the mega-nasty infections, a rootkit killer is advised. for this, i recommend UnhackMe available @ http://www.greatis.com . it can catch pretty much anything before windows loads, enabling you to do registry edits and so forth before a virus can load on the system, particularly, SDRA64.exe, a nasty little guy who hides in the userinit and is pretty clever. removal of this one requires a boot to safe mode, end all svchosts.exe processes in task manager (run command “shutdown -a” if you accidently trip an NT shutdown) and then edit the userinit registry key to only include the path to userinit.exe.

MalwareBytes, SuperAntiSpyware, UnhackMe, and AVG are only a few tools in my aresenal. I might also suggest Security Task Manager as an alternative to Hijack This, as it’s a little easier to read than an HJT log.

Alright, i hope that was a good addition. And Michael, I spent a lot of time typing this (plus i know what i’m talking about lol) so you’d better approve it. =D