I am posting this in the hopes that it will help people who have had their internet connection down and don't have any of the tools such as Ad-Aware, Spybot, CW Shredder, or Hijackthis. I don't claim to know EVERYTHING, but I've found that in many cases the following will get a badly infested computer cleaned up to an almost manageable level.
For starters, go through ad/remove programs in control panel. Many pieces of spyware/adware will allow you to remove them through here. It will also clean out some things that the anti-spyware programs don't.
Once you have gotten that cleaned up as much as you can, msconfig should be your next step. Note that you can start with msconfig before doing the add/remove programs step. msconfig comes with Windows 98, ME, and XP. It is notably missing from Windows 2000. In the startup tab of msconfig you will see the various programs that are set to start with windows. Uncheck the things you don't want to automatically start. Note that this doesn't remove the programs from your computer, just keeps them from starting automatically.
After restarting, you MAY have some spyware that put itself back into the startup tab of msconfig. Don't worry about that at this point since you have more cleanup work to do.
For those running Windows 2000 or XP, you should now go into the services section under Admin tools in control panel and make sure that no strange services have been added that you don't want there. Some spyware and viruses put themselves in as a service. Windows 98/ME users don't have a services area to look at.
Now, go into regedit. Be VERY careful in here since it's possible to break things. But if you are careful, you should be fine.
Now, there are several major sections in here that you will need to go through. Most of them have a section for what programs to automatically start(and some of these are where msconfig gets it's information). Go through the sections. What you are looking for is similar to the following:
HKEY_Local_machine
Software
Microsoft
Windows
Currentversion
Run
Note the Run section. This is where the stuff is that you will want to get rid of. There are often other things that you will want to look at, such as RunOnce(for when Windows reboots, it does these once, then never again). RunOnceEx, and so on. It is here that you can remove some things, and the RunOnce type entries will often show that even when the startup has been cleared, the spyware has put itself into the RunOnce sections(note there are sometimes things like runonceservices or other things, they will be grouped near run so are easy to find. Run- are the things you have disabled but can be brought back in msconfig for those interested.
Go through the various sections of the registry, and clear out the stuff you don't want running automatically.
Now, exit regedit. You are almost done with the first pass of trying to clean up your system. Now, check in your windows directory(C:\WINDOWS or C:\WINNT are the two standard places, depending on how Windows was set up on your system). You may find a file called wininit.ini.
Winint.ini is where setup programs and such modify to install things after a reboot. When you download a fix from windowsupdate, or a program needs to reboot for the changes to go into effect, most of the time wininit.ini has the files that are to be installed during a reboot. Many pieces of spyware will detect that they are being removed, so put an installer into this file so it gets re-installed from scratch, even after you have cleaned up your system.
Once you have cleaned out this file, save it, and reboot.
You may need to repeat these steps a few times in order to get the results you want. Stopping unwanted processes before beginning will also help. This includes the services section check since many processes that show up are set up as a service, and will automatically restart. In some cases, you may need to slowly work the number of things down.
The above is also no substitute for using programs like Ad-Aware or Spybot since it doesn't cover many of the registry entries spyware will add to your computer.
I hope this helps some people. The wininit.ini file can also be a fix for other problems, like if you do a windowsupdate and your system seems to be stuck on reboot.
For starters, go through ad/remove programs in control panel. Many pieces of spyware/adware will allow you to remove them through here. It will also clean out some things that the anti-spyware programs don't.
Once you have gotten that cleaned up as much as you can, msconfig should be your next step. Note that you can start with msconfig before doing the add/remove programs step. msconfig comes with Windows 98, ME, and XP. It is notably missing from Windows 2000. In the startup tab of msconfig you will see the various programs that are set to start with windows. Uncheck the things you don't want to automatically start. Note that this doesn't remove the programs from your computer, just keeps them from starting automatically.
After restarting, you MAY have some spyware that put itself back into the startup tab of msconfig. Don't worry about that at this point since you have more cleanup work to do.
For those running Windows 2000 or XP, you should now go into the services section under Admin tools in control panel and make sure that no strange services have been added that you don't want there. Some spyware and viruses put themselves in as a service. Windows 98/ME users don't have a services area to look at.
Now, go into regedit. Be VERY careful in here since it's possible to break things. But if you are careful, you should be fine.
Now, there are several major sections in here that you will need to go through. Most of them have a section for what programs to automatically start(and some of these are where msconfig gets it's information). Go through the sections. What you are looking for is similar to the following:
HKEY_Local_machine
Software
Microsoft
Windows
Currentversion
Run
Note the Run section. This is where the stuff is that you will want to get rid of. There are often other things that you will want to look at, such as RunOnce(for when Windows reboots, it does these once, then never again). RunOnceEx, and so on. It is here that you can remove some things, and the RunOnce type entries will often show that even when the startup has been cleared, the spyware has put itself into the RunOnce sections(note there are sometimes things like runonceservices or other things, they will be grouped near run so are easy to find. Run- are the things you have disabled but can be brought back in msconfig for those interested.
Go through the various sections of the registry, and clear out the stuff you don't want running automatically.
Now, exit regedit. You are almost done with the first pass of trying to clean up your system. Now, check in your windows directory(C:\WINDOWS or C:\WINNT are the two standard places, depending on how Windows was set up on your system). You may find a file called wininit.ini.
Winint.ini is where setup programs and such modify to install things after a reboot. When you download a fix from windowsupdate, or a program needs to reboot for the changes to go into effect, most of the time wininit.ini has the files that are to be installed during a reboot. Many pieces of spyware will detect that they are being removed, so put an installer into this file so it gets re-installed from scratch, even after you have cleaned up your system.
Once you have cleaned out this file, save it, and reboot.
You may need to repeat these steps a few times in order to get the results you want. Stopping unwanted processes before beginning will also help. This includes the services section check since many processes that show up are set up as a service, and will automatically restart. In some cases, you may need to slowly work the number of things down.
The above is also no substitute for using programs like Ad-Aware or Spybot since it doesn't cover many of the registry entries spyware will add to your computer.
I hope this helps some people. The wininit.ini file can also be a fix for other problems, like if you do a windowsupdate and your system seems to be stuck on reboot.
