• Follow us on Twitter @buckeyeplanet and @bp_recruiting, like us on Facebook! Enjoy a post or article, recommend it to others! BP is only as strong as its community, and we only promote by word of mouth, so share away!
  • Consider registering! Fewer and higher quality ads, no emails you don't want, access to all the forums, download game torrents, private messages, polls, Sportsbook, etc. Even if you just want to lurk, there are a lot of good reasons to register!

Your computer, you should have total control over it.


Will Bryant
Staff member

I am no expert, but I make a point to keep myself up to speed with the tools and resources out there that help people combat spyware, adware, viruses, browser hijacking, and all the other malicious crap that the slimebag parasites out there try to infect us with.

Figured I'd toss this thread together and offer a top to bottom brain dump on the subject to see if it can help anyone else. I've shared bits and pieces of this with people in need. Parts helped BuckNutty with a problem on Bucknuts (the HOSTS file edit), others helped vrbryant with a really nasty hijacked browser problem (HiJackThis and amazingtechs.com). All of it has helped me in one way or another, and continues to.

For the sake of organization, I'm going to break everything down into three different sections. Preventative, Corrective and Security/Misc.

Much of the explanative text comes direct from the websites or software in question. Where I have personal comments, you'll find them italicized and in red.


Windows Update:
Microsoft Windows Update

If you're running XP, it should be doing it automatically. If not, or if you're running an older version of Windows, you should be making a point to install critical updates Microsoft puts out. It's these holes that spread viruses like Sasser, the worm that spread out across millions of unpatched computers. Quick, easy and free. The most basic line of defense against infection.

Editing your HOSTS file to *completely* block bad sites:
Blocking Unwanted Parasites with a Hosts File

I've done this myself, it significantly speeds up 90% of my browsing experience. Basically any site that serves ads will be faster, as your computer won't even try to load them. It also prevents a major cause of site lockups. When you connect to the Bucknuts front page, you're also silently connecting to like 10 other machines around the web. If any of those are down, the whole page could stop loading completely and you could be looking at dead space. This is totally unnecessary and preventable on the server side, but that's not always done. This very easy change to Windows is entirely reversible, it's effectively impossible for you to break anything or screw anything up, you're literally just copying a text file to a folder on your computer. I personally recommend making a backup of the original by just renaming it from HOSTS to HOST_orig or something similar.

You can use a HOSTS file to block ads, banners, cookies, web bugs, and even most hijackers. This is accomplished by blocking the Server that supplies these little gems. Example - the following entry ad.doubleclick.net blocks all files supplied by the DoubleClick Server to the web page you are viewing. This also prevents the server from tracking your movements.

In many cases this can speed the loading of web pages by not having to wait for these ads, banners, hit counters, etc. to load. This also helps to protect your Privacy by blocking servers that track your viewing habits, known as "click-thru tracking". Another feature of the HOSTS file is it's ability to block other applications from connecting to the Internet, as long the the entry exists.

There is no need to install, turn on, or change any settings. Windows automatically looks for the existence of a HOSTS file and if found, checks the HOSTS file first for entries to the web page you just requested. The is the location of your computer, so when the entry "ad.doubleclick.net" is requested your computer thinks is the location of the file. When this file is not located it skips onto the next file and thus the ad server is blocked from loading the banner, Cookie, or some unscrupulous ********** file.

In case you're wondering ... this all happens in microseconds, which is much faster than trying to fetch a file from half way around the world. Another great feature of the HOSTS file is that it is a two-way file, meaning if some parasite does get into your system (usually bundled with other products) the culprit can not get out (call home) as long as the necessary entries exist. This is why it's important to keep your HOSTS file up to Date.

Blocking bad sites in your registry

I haven't done this myself yet. It is different than editing the hosts file above, and comes highly recommended by people who have a clue. Might do this over the weekend.

IE-SPYAD is a Registry file (IE-ADS.REG) that adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. Once this list of sites and domains is "merged" into your Registry, most marketers, advertisers, and crapware pushers on the Net will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on you.

Please note that IE-SPYAD is not an ad blocker. It will not block standard banner ads in Internet Explorer. What this Restricted sites list of known advertisers and crapware pushers will do, however, is: stop unwanted crapware from being installed behind your back via "drive-by-downloads"; prevent the hijacking of your home page and other key
Internet Explorer settings; shut down ActiveX, Java, and scripting, all of which can be employed to push obnoxious advertising on you and compromise your privacy and security; block cookies, which can be used to monitor and track your travels around the Internet; combat obnoxious script-based popups that clutter your screen and force unwanted advertising on you.

Real-time virus monitoring and prevention:
I use Norton AntiVirus Auto-Protect which comes with Norton Antivirus 2004 (I think I'm running 2003, but as long as you keep those viral definitions up-to-date it doesn't really matter what the main architecture is). I do not know if there is a similar tool for McAfee, Panda, Kapersky Labs, etc. If not, then I definitely would not recommend one of those. If so, all of those names (and others not mentioned) are generally accepted and appreciated antiviral packages. I prefer Norton. The way it runs, the speed at which new virus definitions are released, the freedom of setting up even complicated scan schedules, and that it protects you in real time from in-bound infection over instant messenging clients, email and other file transfers. Meaning that you know about the possible danger long before it ever gets a chance to even be on your computer, let alone unleash itself. That's why this is mentioned under Preventative, the main antivirus writeup is below under Corrective. If you use Norton and don't have Auto-Protect enabled, go do so now. :wink:

Spyware Blaster - Real-time spyware monitoring and detection:

Have not installed this myself. Does come highly recommended. My only hesitation is that I'm not sure I need it. I'm content to let what little spyware and adware that does get through sit on my machine until AdAware runs. This is because with the HOSTS file correction above, almost nothing gets through, and what does is very benign. On the other hand, anyone who has suffered a major browser hijacking might well feel differently (especially since this software does not run constantly on your system -- meaning it's not a resource drainer), so I have pointed a few folks to this in the past, and heard back very positive things. So I submit it here in case someone needs it (or something similar) in the future. Sometimes it's just nice to know that the weapons are there. Oh, and it's free.

The most important step you can take is to secure your system. And SpywareBlaster is the most powerful protection program available. Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer. SpywareBlaster can help keep your system spyware-free and secure, without interfering with the "good side" of the web. And unlike other programs, SpywareBlaster does not have to remain running in the background.

Robin Keir's home page - Software - K9

I use and highly recommend K9. I used to use SAProxy, but found that K9 is faster, smarter, more effective *and* has a much smaller footprint in terms of hogging system resources. K9 is also free, SAProxy has moved mostly to a commercial model with SAProxyPro.

K9 is an email filtering application that works in conjunction with your regular POP3 email program and automatically classifies incoming emails as spam (junk email) or non-spam without the need for maintaining dozens of rules or constant updates to be downloaded. It uses intelligent statistical analysis that can result in extremely high accuracy over time.

K9 learns from its mistakes and becomes better and better at being able to identify spam. More importantly it learns to recognize what you consider to be spam.

K9 is for standard POP3 email accounts only. It does not directly support Hotmail, AOL or any other kind of webmail type systems, nor does it support SSL or secure authentication as used by MSN.

You can choose to download either the minimalist ZIP file containing the K9 executable only (no installer or uninstaller) or the full installation EXE that will enable you to uninstall the application and all associated files and registry items if you wish to (recommended for first time users). When installing over a previous version you will not lose any information or "learning". K9 does not contain spyware, adware or any kind of malware whatsoever. 100% pure. 100% free.

Spam Arrest - Take Control of Your Inbox?

Besides Norton AntiVirus, this is the only commercial (pay) product I'll mention within. I do not currently use this, but I would if my current emails ever got as bad as my old ones. I consider this an extreme option, but it is the ONLY anti-spam option that is 100% effective. If you want absolutely no spam whatsoever, maybe this is worth it for you. I know several people who use this, and they swear by it, suggest they can never live without it now.

Spam Arrest is a 100-percent effective solution for blocking automated junk emails. It works through the "CHALLENGE-RESPONSE" system.

When email arrives from unknown senders, a reply "CHALLENGE" email is sent back asking senders to verify themselves by clicking on a link to the Spam Arrest website. (Click here to see what the message looks like)

The link takes the senders to a page where they are instructed to type in a word that is shown in a picture -- the "RESPONSE". (Click here to see what the CHALLENGE-RESPONSE word looks like).

It is easy for a human to answer the "CHALLENGE", but automated systems, such as those used to send spam, are stymied and cannot authorize themselves.

Unverified emails are stored on the Spam Arrest website for 7 days, and you may review them at any time. You may pre-authorized senders and entire mailing lists at any time, either by entering them individually, or by uploading your own address book. You may also pre-authorize email from automated services to which you subscribe, such as news services, organizations or even selected retailers and merchants.



Ad-Aware @ Lavasoft - The Original Anti-Spyware Company - Lavasoft

Don't know how else to say it, if you're not running this on a Windows-based PC currently, then you're just asking for problems. After having an antiviral program which is kept up-to-date with virus definitions, I'd say AdAware (which is free and very easy to use) is the second most necessary tool for life on the internet. I extolled its virtues as far back as two years ago on Bucknuts, and I continue to today over here.

With its ability to comprehensively scan your memory, registry, hard, removable and optical drives for known datamining, aggressive advertising, and tracking components, Ad-aware will provide the user with the confidence to surf the Internet knowing that their privacy will remain intact. Let Ad-aware protect your privacy.

Spybot S&D
The home of Spybot-S&D!

You should run this in concert with AdAware. It's a little different in how it works and what it catches. It will find things that AdAware won't, just as AdAware will find things this doesn't. It too is free and easy to use in Basic mode. I do not recommend using Advanced mode unless you REALLY know what you're doing. I do not, am not confident enough in my limited grasp to make manual and unguided changes to my Windows registry, so I stay out of there.

Spybot - Search & Destroy can detect and remove spyware of different kinds from your computer. Spyware is a relatively new kind of threat that common anti-virus applications do not yet cover. If you see new toolbars in your Internet Explorer that you didn't intentionally install, if your browser crashes, or if you browser start page has changed without your knowing, you most probably have spyware. But even if you don't see anything, you may be infected, because more and more spyware is emerging that is silently tracking your surfing behaviour to create a marketing profile of you that will be sold to advertisement companies. Spybot-S&D is free, so there's no harm in trying to see if something snooped into your computer, too.

Virus Protection:
I use Norton AntiVirus for the reasons specified above in the Preventative section. There are a ton of other options, and different people have different preferences. This is just the one I recommend. The problem is that while almost everyone has an antiviral program on their computer, not everyone keeps the virus definitions up to date. If you're going to be on the internet, you have to. Because here's the thing; you're putting everyone else at risk. It's a little like knowing you have viral conjunctivitis (pink eye) and going to an orgy anyway. Catching it yourself is one thing, spreading it to others is something entirely different. Recently the Sasser worm wreaked havoc around the web, spreading from one unprotected computer to another. Many of these computers had antiviral programs that were either out of date, or didn't have real-time protection (as described above). That wasn't why they were exposed though, that was through a known vulnerability in Windows.

Browser Hijacking:

Okay, vrbryant just had to go this route, and in particularly ugly cases, some of you here will as well in enough time. Before you smash your computer, or take it to some hack who will charge you $100+ for the service, first try this. Download HijackThis and run it. It's going to spit out a comprehensive list of what looks like garbage to you. Take that garbage and go to this site. Start a new thread on that board with something reasonable in your subject line. "Please Help, HijackThis Log Enclosed" will work fine. Past the HJT output into the thread and explain what's been happening. In vrbryant's case, his homepage had been permanently changed (couldn't change it back), all his links had been hijacked and had turned green (they went to where the authors of the nasty hijacker software decided), and he was stuck with a new searchbar in his browser itself. It doesn't sound nearly as bad as it was. Worse, every time he rooted it out and uninstalled it with the normal tools (AdAware, Spybot S&D, etc.), it would later just reinstall itself somehow. The good geeks over at AmazingTechs.com will look at your HJT output, and tell you exactly how to fix your problems. Best of all, they're friendly and will do it for free. They are saints, and have helped 1000s of people who had all but given up before discovering HJT and their site. You don't need HJT unless you're having a problem. But when you have a problem, this last line of defense is often the most effective. These guys know their stuff, and I have yet to hear of a case where they've been unable to help.
A general homepage hijackers detector and remover. Initially based on the article Hijacked!, but expanded with almost a dozen other checks against hijacker tricks. It is continually updated to detect and remove new hijacks. It does not target specific programs/URLs, just the methods used by hijackers to force you onto their sites. As a result, false positives are imminent and unless you are sure what you're doing, you should always consult with knowledgable folks (e.g. the forums) before deleting anything.


I'm behind a hardware firewall built in to my router/switch. If you're not behind a hardware firewall, you should probably be behind a software firewall. There's even one built right into Windows XP. As this isn't an area of need for me, I can't speak intelligently about the software end of things. I do know that ZoneAlarm comes highly recommended. I also know most of the antiviral firms also offer firewalls. Norton Internet Security for example includes both a solid software firewall and Norton Antivirus 2004. If you have a need in this area, I recommend hitting the web and doing some reading, and/or perhaps someone on this site with a clue can talk about firewalls a bit and educate us all.

UPDATE: With XP SP2, came a vastly improved Windows Security Center, and a better Firewall. I still can't speak intelligently about software firewalls, but I can say that your system comes with the tools you need to help protect yourself. I would never claim that Microsoft is a forerunner in system security, but some of the recent changes with SP2 have been positive on that front.

Pop-up Blocking:
Pop-Up Stopper Free Edition
POP-UP STOPPER brand ad blocker - FREE popup blocker from Panicware. Trust this pop-up blocker.

This is the one I use. It's effective and entirely free. It's easy to turn on and off by doubleclicking the hand icon in your taskbar, or you can hit the left CTRL button to bypass single blocks.

Mozilla Firefox Browser
Firefox web browser | Faster, more secure, & customizable

I have this on all my computers, despite using Microsoft's Internet Explorer (MSIE) as my primary browser. Firefox is an outstanding browser, and has pop-up blocking built right in. MSIE has features I can't live without, but in many ways Firefox is a cleaner, faster, and better browser. I recommend having it, and using it as either a primary or a secondary vehicle.

Firefox is an award winning preview of next generation browsing technology from mozilla.org.

Firefox empowers you to accomplish your online activities faster, more safely and efficiently than any other browser, period. Built with Tab browsing, popup blocking and a number of other seamless innovations, Firefox stands out ahead.

Password Generation & Management:
KeePass Password Safe
KeePass Password Safe

In terms of need, this is sort of the software equivalent of Tivo. You don't know you need it until you have it, and then once you have it, you can't live without it. DON'T use the same password on every site you visit. This is more important if you bank or shop online. Critically important. DO use as complicated a password as you're allowed on each site. The old complaint was "I visit 100 sites, I can't remember 100 passwords." This solves the issue. Think of it as a wallet for your passwords. Instead of passwords, you have access cards. Nothing to remember, just swipe the card through. KeePass will generate your passwords, and store them for you in an organized database. It is free, open source, and richly developed. It's easy to use, and entirely convenient. It will not only make you more secure, but it will actually speed up your login times at any and all sites.

Today you need to remember many passwords. You need a password for the Windows network logon, your e-mail account, your homepage's ftp password, online passwords (like CodeProject member account), etc. etc. etc. The list is endless. Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem... A serious problem. The thief would have access to your e-mail account, homepage, etc. Unimaginable.

KeePass is a free/open-source password manager or safe which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key-disk. So you only have to remember one single master password or insert the key-disk to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).

Other Settings You Can/Should Adjust In Windows:
Copied from a post by discogail on amazingtechs.com:

I've done all of this myself. It's basic stuff that should have come standard this way in Windows.

You can batten down the hatches a bit to prevent this from happening.
Go to Tools-Internet Options-Advanced...under "browsing"....uncheck both
"Enable install on demand" entries. It's a more secure way to browse the
web. .....unchecking them makes it not possible for web pages you browse to
run or install programs on your computer without first asking your
permission via a dialog box.

You should read the contents carefully and click the "Cancel" or "No" button unless you're sure that it's something that you have requested... make sure that you're not agreeing to the installation of spyware, advertising pop-up generators or other nuisances...or to change your startpage to beebopaloola.com or something.

Also..Click Tools and choose Internet Options
Go to the Security tab and click the Custom Level button..............
In the ActiveX section, set :
Download signed ActiveX controls: to "Prompt"
Download unsigned ActiveX controls: to "Prompt"
Initialize and script ActiveX controls not marked as safe: to "Disable"
This way when a web site attempts to run an ActiveX program you will be asked for permission. Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.

In the Microsoft VM section, set Java Permissions: to "High safety"
In the Miscellaneous section, set Installation of desk top items to "Prompt"

Last edited:


This space left intentionally blank
Wow... great thread. I've seen most of these around before, but never all in one place with such good descriptions. I keep Windows up-to-date, run Norton AV AutoProtect and AdAware, but haven't done most of these other things for fear of screwing something up (I do have a router with built in firewall which seems to stop some of the more troublesome things).

I will definately be trying the hosts file edit tonight. That's too easy not to do and can always be undone if for some reason I don't like it. I may also get K9 and SpyBot.

Thanks for the info!
Upvote 0


Hear The Drummer Get Wicked
Staff member
Months ago Clarity helped me with the "Editing your HOSTS file to *completely* block bad sites" and I highly recommend it. I was having trouble getting on to the Bucknuts board and instantly the problem was solved. I am now going to have to try a couple of these other ones.

Good stuff, Clarity.
Upvote 0


Spybot is great. I had the problem Clarity mentioned where my home page was changing to a search engine. I would change it every morning and when I booted up the following day a new page would come up. There have been a few people I work with that had this problem but thanks to Clarity's suggestions it's been taken care of.
Upvote 0


Wolverine is largest member of weasel family
Great thread! Please keep it handy as I am sure I will need to access it.

Just used CWSshredder to fix a problem I thought was caused by sasser over the weekend. My 14 month old turned off the computer and when it came back up everything was incredibly slow. After doing multiple scans, reboots, system restores, contacting my DSL provider, contacting Microsoft I finally found a thread on a Microsoft forum regarding the computer performance issues.

Downloaded and ran the program and it repaired 7 corrupted IE files. Now I am back to where I wanted to be. Thank God I did not have to do a system reboot.
Upvote 0


Will Bryant
Staff member
osugrad21 said:

Ok when I added the registry to the proper location it asked if I want to replace existing file....any help for the computer illiterate?

I assume you downloaded hosts.zip and are copying the HOSTS file inside to the directory specified on the website. If that's the case, open up the folder that you'll be copying it to, find HOSTS (all caps like that), and right click on it. Select 'Rename' and change it to whatever you like so you have your original one there. I generally rename to filename_date. In this case, I'd rename your original to HOSTS_051004. Once you've done that, copy the new HOSTS from the zip file (again, assuming that's how you got it) into the directory. You won't get the message to overwrite anymore.
Upvote 0


Will Bryant
Staff member
BuckinMichigan said:
Great thread! Please keep it handy as I am sure I will need to access it.

Just used CWSshredder to fix a problem I thought was caused by sasser over the weekend. My 14 month old turned off the computer and when it came back up everything was incredibly slow. After doing multiple scans, reboots, system restores, contacting my DSL provider, contacting Microsoft I finally found a thread on a Microsoft forum regarding the computer performance issues.

Downloaded and ran the program and it repaired 7 corrupted IE files. Now I am back to where I wanted to be. Thank God I did not have to do a system reboot.

CWShredder is great if you have the CoolWebSearch hijack. That's very similar to what vrbryant went through recently, and it was a real mess. Just watch yourself, some of the variants are smart enough that they can reinstall themselves on your computer after a reboot, even though you've used a tool to remove it. Happened to Vince over and over.

In your case, I highly recommend downloading HijackThis, taking the results it spits out, and starting a thread at amazingtechs.com (link above in the HijackThis section). I'd tell them that you had the CoolWebSearch problem, used CWShredder, and that you were hoping they'd give your HJT output a quick once over to make sure there's nothing ugly still hiding on your system.

osugrad21 said:
thanks Clarity

No problem. Let me know if things are faster for you once you've got the new HOSTS file in place. Some people notice a huge increase across the board, for others it's much more subtle. ESPN, CNN, and other commercial sites are usually the biggest difference, but I bet you also notice it at Bucknuts. I'm not trying to pick on them, but they have some really nasty ad stuff set up on that site. Unnecessarily malignant. HOSTS will knock it all out. In the past, I posted stuff like this over there as well. Obviously I can't now, but this is all information that I think can benefit a lot of people. I have no problem if someone wants to copy it, and post it all over there as well.
Last edited:
Upvote 0


Recovering Arcade Junkie
Great post Clarity. You could have saved me a lot of work about a year ago. I use almost the exact same settings and programs you mentioned except for Pop-up stopper. Pop-up stopper is a nice program and I use it on one of my PCs, but find the Google Toolbar seems to be just as effective and I use the search options a lot.

Upvote 0


Staff member
Former Premier League Champ
Absolutely awesome. My home and work computers work about 10x faster, and my games that used to crash my computer at home (like my beloved soccer game) run smoothly now. Thanks Clarity!
Upvote 0


I've always liked them
so to stop the bad host files I right click and save target as, and follow:
Start | Run (type) "services.msc" (no quotes)
Scroll down to "DNS Client", Right-click and select: Properties
Click the drop-down arrow for "Startup type"
Select: Manual, click Apply\Ok and restart
and I'm good to go on that?
Upvote 0


The satanic soulless freight train that is Ohio St
Staff member
Tech Admin
  • Anyone else having problems with the browser hijack virus going around? I've run AdAware twice (newest reference file), and it finds 8 registry entries that are "possible browser hijacks" and deletes them, but even after I change my homepage back to BuckeyePlanet, the home page reverts back to "about:blank" and opens up to some spam site. Obviously there is something that AdAware is not catching which reinstalls the spam registry entries.
    Upvote 0