Spyware, Browser Hijacks, or other Yuckware? Check here 1st

Update: See also THIS TOPIC and THIS TOPIC

Please start a new topic if you need further help. Don't post your help request to this thread, or to an existing help thread. There's no other way to keep things sorted out and provide for individual attention



Yuckware ... viruses, trojans, worms, browser hijackers, spyware, redialers, and the like ... has become one of the biggest problems on the internet. Removing it from your computer will be quite a bit more time consuming than putting it there was. We'll be glad to help, if you'll take the time and effort to go through all the following steps first. Please read, understand, and follow this list ... it is the starting point for yuckware removal, and in most cases will do the trick all by itself!!!

Do ALL of this, don't skip over anything. Every step is necessary, and the order in which they are performed is important to the success of the plan. This process will call for you to find and delete some things and to download and install a variety of updates and/or applications, in a particular order, and to execute certain of the applications in a particular order. If done as detailed, none of this will harm your system. If any step is skipped, or performed out of order, the desired fix likely will not be achieved. Please read, understand, and be prepared to exactly follow these instructions before beginning. If you have any questions, feel free to ask before taking any chances. Know what you're going to have to do before you start to do it. If you do have questions, it is best to open a new topic with your particular concern rather than asking on this thread - you're more likely to get attention that way.

Note: the bold, italicized, underlined blue items are links that will take you to the appropriate pages for necessary downloads and/or instructions. Just click on them to get to where you have to go. Save all downloads to separate, appropriately named folders on your desktop or to your root drive as directed. To create a folder on your dektop, just right-click on any area of the desktop not occupied by icons, select "New>Folder", then type a distinctive, decriptive name in the highlighted box beneath the icon for the folder that will appear as "New Folder"on your desktop. To create a folder on your root drive, open "My Computer", select your root dive - the drive on which Windows resides (usually "C:\") - go to the toolbar, select "Files", select "New", select "Folder", and name the folder accordingly.

First, if you are using WinME or XP, DISABLE SYSTEM RESTORE!
When ALL the following have been done, re-enable it by following the same instructions, and replacing the checkmark you removed. Doing any of the rest of this with Restore enabled likely will be useless. Note: You will lose your saved restore points when you do this.

Now, look for "TwainTech" , one of the most common hijackers, and if its on your system, get rid of it. Go to Start>SETTINGS>CONTROL PANEL>ADD/REMOVE PROGRAMS, and look for a program named "twain-tec", "TwainTech", or some close variant. If its there, click ADD/REMOVE and confirm you want to uninstall it.

If there is no entry entry in ADD/REMOVE PROGRAMS, it still may be there. Assume it is, and do the following:

For Win95, Win98 and WinXP users:

a) To permanently disable the software click "Start" and then "Run" and type the following command which unregisters the software:

regsvr32 c:\windows\twaintec.dll
(Note: Be sure to include the space between "regsvr32" and "c:\windows")

You then should see a confirmation the operation was successful, or a notification " ... The specified module could not be found". In either case, move on as appropriate.

b) To completely remove the software: reboot and then go to Sart>Run>Search>For Files and Folders, enter "xtarget.dll" (without the quotes), and click "Find (or Search) Now". It will take a while, but wait untill either it finds the file, or says "There are no files to display". If found, right-click on the file, then select-and-confirm delete. Find-and-delete any other files or folders with "twaintec" or "xtarget" in the name.
Don't delete "Twain" files or folders ... just "TwainTech", "twain-tec", or very similar variations. The "Twain" files and folders are needed by your camera or scanner.

For Win2K, WinME and WinNT users:

a) To permanently disable the software click "Start" and then "Run" and type the following command which unregisters the software:

regsvr32 c:\winnt\twaintec.dll
(Note: Be sure to include the space between "regsvr32" and "c:\winnt")

You then should see a confirmation the operation was successful, or a notification " ... The specified module could not be found". In either case, move on as appropriate.


b) To completely remove the software: reboot and then Find and Delete the file twaintec.dll, and find-and-delete any other file or folder with "twaintec*" (without the quotes, but include the *) in its name. Reboot.

Next, in your browser's toolbar, select Tools>Internet Options>Delete Files>Apply>OK. Then, empty your recycle bin. Next, go to Windows Update[/i] and fully update your Windows and your browser. If you primarily use a browser other than Internet Explorer, be sure it too is fully updated.

Then, download and run the latest version of Network Associate's free STINGER before doing anything else.

Next, update your own antivirus program to the latest files, and run a full system scan. If you don't have a currently subscribed antivirus, a few free ones are available, such as Trend Micro's HOUSECALL , Panda's Active Scan, Grisoft's AVG Free[/i][/u], or Symantec's Security Check Free Virus Scan, among others. Whatever you use, do a full system scan, and follow any repair or removal instructions to the letter.

When ALL those steps have been accomplished, download CoolWWWSearch.SmartKiller removal tool and
CWSHREDDER. Note: These files are perfectly safe, and will not harm your system. Save each to your desktop, into separate, dintinctively named folders you will be able to locate easily.

If you are running Win 95 or 98, you'll need a zip utility to extract the files. If you're running Win ME, 2K, or XP, a zip utility is unneeded. Install the apps and run them, CoolWWWSearch.SmartKiller removal tool FIRST, then CWSHREDDER, letting them fix whatever, if anything, they find.

Next, download and install both
Spybot S&D and AdAwareSE , but DO NOT RUN THEIR SEARCHES untill you have opened each one and updated it using its web update function, as explained in the help file for each.

When both products have been updated, disconnect from the internet and reboot your machine into safemode. If you are running Win95, Win98, or some versions of WinME, and customarily use a USB keyboard and/or mouse, you will need to substitute a standard PS2 Keyboard and/or mouse for the rest of this procedure, as the USB devices will not be recognized. If you are running any version of XP, thiat will not be a consideration. On most systems, you can enter safemode from a reboot by tapping F8 as soon as the machine begins to boot up, before any other screen appears. You may hear a beeping noise, and/or see a "Keyboard Error" message. Ignore them and keep tapping. You should soon be presented with a black-and-white boot choice screen. Select the #3 option, "Safe Mode", either by typing the numeral 3 or by using the up/down arrows of your keyboard, and hit enter. Your machine will boot up with only the barest necessities, and no background applications, running. Your display will probably look very different. Ignore that. If the F8 method does not work, another possibility is to tap, or sometimes to hold down, the "Esc" key as soon as the system begins to boot. If methods don't work for you, consult the User Support documentation that came with your machine or as available on the website of its manufacturer.

Once in Safemode, go to Start>Programs>LavaSoft AdawareSE>AdawareSE.exe . When it opens, select "start" from its splashpage and let it run to completion. It may take quite a while. When it has finished, let it "Fix" anything it has found.

Now, go to Start>Programs>Spybot Search and Destroy, and open it. Select "Immunize" , then click "Install". Then select "Permanently running bad download blocker for Internet Explorer", and click "Install". DO NOT place checks in any of the three "Recommended miscellaneous protections" panel at this time. Now, select "Search and Destroy", then select, down at the bottom of the page "Search for problems". Let it run to completion, which also may take quite a while, and let it "Fix" anything it finds. Run it one more time. It should find nothing.

Once again, empty your recycle bin, then, while still in safemode, defragment your drive. That too will likely take quite a while.

Now, open a browser (If necessary, choose "Work off line" and pay no attention to the "Cannot Display Page" message, and, from the browser's toolbar, select Tools>Internet options, and on the General, Security, and Privacy tabs, select the defaults and apply, then click "OK" and close the browser.

Finally, reboot normally. Before doing any other browsing, messaging, chat, email checking or downloading, run HijackThis with no other browsers open or apps running, and save the log.

Now go out on the web as you normally would, being careful what you click on. DO NOT reactivate System Restore unless and untill your machine is behaving properly.

If you insist on things like opening attachments from unknown senders, hooking yourself up with "Exciting Free Browser Add-Ons", "Incredible Search Enhancers", or any other "Amazing Helpers", P2P file sharing, Porn, and surfing without up-to-date security and privacy software, you're on your own. If not, and you're still having problems, start a new topic in The Computers Forum, detailing exactly what you did, what the results were, and paste your Hijack This log into your post.

Remember, do everything listed, in the order listed, and please start a new thread if you need further help. Don't post your help request to this thread, or to an existing help thread. There's no other way to keep things sorted out and provide for individual attention.

Edited occasionally to update links and/or info as needed