spyware in registry

[dataDude]

I was once told that when spyware is installed it's usually put in a common place in the registry. If that's true, does anyone know where that place may be? I also used to work with techs who knew where in the registry to look to find such things, but he never wrote it down and since then I've forgotten. Can anyone help?

Also, someone I know is having issues with her computer. System is an older HP, celeron, 256, about 30 GB, has AOL v9 installed (and she hates the connectivity issues but loves the features). I recently looked at her registry and found a list of entries that are totally identified as spyware/adware. Should I immediately delete such entries (she knows next to nothing about computers, much less the registry - except that the registry is delicate) or should I maybe consider the possibility that it may interfere with her system? My first instinct is the first option, but I know that I myself suffer confusion from the likes of any registry. Could the spyware possibly be detrimental to the AOL software/functionality?

[Kov-Ice]

Just download and run either or both Spybot Search & Destroy and Lavasoft's Ad-Aware. I believe both scan the registry for malware and remove them for you. Both are free.

[dataDude]

It's been my experience that anti-spyware programs aren't perfect. For each program that I've downloaded/installed each one finds software that another didn't. I don't know why that is, but that's why I have Spybot, Adaware, and Spykiller. I've found Spykiller to be the best but it's still not perfect. Anyway, I neglected to mention that while I'm a little scared by the registry, I'm also fascinated by it and want to learn more about it when I can. Anybody possibly know of any links to a site that will give more information about it or can someone tell me a more in-depth response to the original question and an actual answer to the second question posed before?

The user of the Windows98 machine has both spybot and adaware and neither one of them pick up the registry spyware that I had found. That's what lead me to wonder if those entries might be pointing to important system links or something. They're annoying and she and I both want them gone.

[diver203_98]

You may want to go HERE and do a scan. On the right side of the screen you will see a link to do a scan. It is free, and you will be prompted to install the scanner (twice) You will have to click "yes" to install it. Then just click scan and wait for the results. I know it does scan the regestry, and after the scan you can click on the items listed and it will give you manual instructions on how to remove them. And if you click on the "+" it will also show you the location of the item. It is a realy good scan and I scan with PestPatrol every week along with the afore mentioned AdAware, Spybot. I also scan with HiJachThis (for my own info as I never had to post a scan log) I also have SpywareBlaster and CWShredder if I need to use it.

[Markoman01027]

I highly advise you not to edit the registry, as that *can* create all shorts of problems. Just let the software do their jobs.

[kosova]

i agree never mess with the registry, and if u do, BACK IT UP at all times. I bet what you found as "spyware" isn't probably it. You have to remember the registry runs on keys and values, just because you delete one thing it doesn't mean you will stop the problem, you probably would be causing more. My advice is use SPyBot (i hear it's good) as for lavaSoft Ad-Aware SE Personal to my opinion it sucks, everytime i run it It finds like 50,000 errors it seems like it's not doing anything. As for spy-ware for AOL i don't know considering i've never used AOL, personally i like to use FireFox b/c you have so much control(including pop-up controls)...idk for everyone in this forum but to me it seems right now FireFox is the topdog for controlling malicious mayham like pop-ups and adware...good luck, places like www.downloads.com are good places to find good anti-virus software and all the other pc utilities you need..good luck

[dataDude]

I very much understand the importance of the regiestry and that fooling with it without understand it could mean the death of an otherwise fully functioning OS, but I also know that spybot and adaware are both imperfect. It doesn't sound like anyone around here knows the answer to my question. I guess I'll have to look elsewhere. Thanks for your help guys.

[glc]

They are probably looking in HKLM and HKCU, software/microsoft/windows/current version/run. HijackThis is a lot easier to use to do this.

[dataDude]

Glc, are those places where Windows tell the programs to load at startup? It looks like it to me. That would make sense too, cuz then the spyware program would be loaded all the time unless removed somehow. Is that true?

[Negeva]

If this is your second question: "Could the spyware possibly be detrimental to the AOL software/functionality?" then yes spyware will have a detrimental affect. This is in the same way spyware/malware can and does affect OSes.
Only this weekend I was forced to fix a machine with AOL installed on it - the syptoms were the usaaul slow internet, intermittent crashing and annoying error messages.

Running several scans with Ad-Aware, S&D and a few other scanners as well as some free online scanners cleared the machine up nicely.

Your correct no one spyware scanner is enough, some miss things the others pcik up and vice versa - that's why its recommended to run a few scanners.

I normally run scans in safe mode, if they find anything keep running until all clear. And Ad-Aware does scan the registry if its configured properly - a full system scan(hint).

[glc]

Yes, those are the startup run keys. Another way to see what's going on in there is msconfig.

[Buckfast]

try microsoft anti spyware its free from www.microsoft.com it checks the registry and shows you where spyware is in it.

[mullardel34]

I've run dozens of anti-spyware applications, including those called "rogue". If your main interest is the registry, give AdwareX Eliminator a try.

-----------------------------------

I found the following apps were helpful, and they remain on the desktop:

LavaSoft AdAware Professional SE 1.05 ... (definitions must be updated)
Webroot SpySweeper 3.5 ... (definitions must be updated)
AdwareX Eliminator 2.0 ... (scans the registry thoroughly)
SpyCleaner Gold 9.4
Spyware Nuker 2005
Trojan Hunter 4 ... (definitions must be updated)
SpyCatcher 3.5

There were also 5 or 6 other anti-spyware worth mentioning, but they were heavy on resources (or) I didn't like the interface ... Zero, BPS, MS, SBeltCSpy, etc.

I believe all were fully functional during the trial period. Aluria Security Center (licensed to AOL, I've heard) is very good, but will only scan unless registered.

To see what is happening while you surf, try SpyBlocker 8.6 and use the MAC skin along with the "bug" graphic. Run setup from the tray after installation.