RE: RE: Best spyware program

[Mike Fetherston <mike_sha () shaw ca>]

> In my experience none of the spyware scanners ever seem to get a system
> truly clean, especially when dealing with some of the more devious stuff
> out there that keeps a process running with SYSTEM privs. They can be
> handy for early warning though, so I suppose it depends on what your focus
> is. If you're looking for something to tip you off to a possible
> infection, any of a number of scanners works great. If you're actually
> trying to get the system clean, nothing I've tried so far competes with
> booting to safe mode and running hijack this.


That's been my experience as well.  I have the opportunity to see many
infected machines a week all with different symptoms, so I've been able to
try out the order of scanning and cleaning with each Spybot, Ad-Aware, MSAS,
and HijackThis.  All find traces that the other left behind no matter what
order they've been run in.

For a really bad infection I will do as you mentioned above as well as
running the other three that I mentioned all in Safe Mode.  In addition, I
will enumerate the startup registry entries and go hunting for the
individual files.  You'd be surprised how many times these scanners leave
the .exes and .dlls behind!!  While you're in %systemroot%\system32 and
other places that spyware favours, it doesn't hurt to manually scan the file
list.

Mike Fetherston