Malware Removal: Temporarily Disable Real Time Monitoring Programs

From CastleCopsWiki

Some security programs with active monitoring processes are known to interfere with automatic scanners and can actually prevent HJT fixes from taking effect.

Please turn off or disable any of the following programs you may have, before running your preliminary scans and for the duration of your HJT cleanup (should you post a log). To do disable these programs, please follow the instructions provided in the respective sections. Some of these programs will automatically restart upon reboot, so you will have to repeat these disabling steps as required. After Malware Removal is complete, you should reactivate these protective programs if you do not intend to post a HijackThis log.

Contents 1 Spybot S&D (Teatimer) 2 Ad-Aware Ad-Watch 3 Spywareguard 4 Windows Defender 5 TrojanHunter Guard 6 Disable SpySweeper 7 WinPatrol 8 CounterSpy 9 AVG Anti-Spyware (formerly ewido) 10 Spyware Doctor 11 Prevx 12 ProcessGuard 13 ZoneAlarm's OS Firewall 14 Ad-Aware 2007 Service

[edit] Spybot S&D (Teatimer)

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
   

[edit] Ad-Aware Ad-Watch

1. Right click on the Ad-Watch icon in the system tray.
2. At the bottom of the screen there will be two checkable items called "Active" and "Automatic".

   Active: This will turn Ad-Watch On\Off without closing it

   Automatic: Suspicious activity will be blocked automatically

3. Uncheck both of those boxes.

[edit] Spywareguard

Right click the running icon of Spywareguard in the system tray to open the program. Then go to Menu, File, and choose Exit. It will automatically restart at next boot.

[edit] Windows Defender

1. Click on "Tools"
2. Click on "General Settings"
3. Scroll down to "Real-time protection options"
4. Uncheck "Turn on Real-time protection (recommended)"
5. Click "Save"
   

[edit] TrojanHunter Guard

1. Disable TrojanHunter Guard by right clicking on the icon in your System Tray.
2. Make sure that the program, TrojanHunter itself, is also closed/not running.

[edit] Disable SpySweeper

Courtesy of Askey127

If you have Spy Sweeper version 4:

• Open it, Click Options over on the left, then Program options
• Uncheck load at windows startup.
• Over to the left, Click shields and Uncheck all there.
• Uncheck home page shield.
• Uncheck automatically restore default without notification.
• Reboot your machine for the changes to take effect before running HJT.

+++++++++++++++++++++++++++++

If you have SpySweeper version 5:

To disable SpySweeper Shields

• Open SpySweeper.
• Click Shield Settings on the right

(or Shields on the left, depending what screen you're on).

• Click Internet Explorer and uncheck all items.
• Click Windows System and uncheck all items.
• Click Hosts File and uncheck all items.
• Click Startup Programs and uncheck all items.
• Close SpySweeper.

Reboot you computer, and ensure Spy Sweeper is disabled.

[edit] WinPatrol

Right-click the running icon of Winpatrol in the system tray and choose exit. It will automatically restart at next boot.

[edit] CounterSpy

1. Right-click the running icon of CounterSpy in the system tray.
2. With your mouse, hover over Active Protection Status (This should be enabled).
3. A menu will slide out and then you need to right click on "Disable Active Protection".

[edit] AVG Anti-Spyware (formerly ewido)

1. Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an 'S' in the system tray.
2. In the 'Resident Shield' section, toggle the AVG Anti-Spyware active protection 'off' by clicking 'Change state' which will then change the protection status to 'inactive'.
3. If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to "Restart the Resident Shield".
4. Reply 'no' and set it to 'inactive' for the duration of your cleanup.

[edit] Spyware Doctor

1. From within Spyware Doctor, click the "OnGuard" button on the left side.
2. Uncheck "Activate OnGuard".

[edit] Prevx

1. Right click on the Prevx icon in your system tray at the bottom-right corner of your screen and choose Show Management Console..
2. On the Management Console click the Protection Level drop-down menu. You will see three levels:

   Maximum
   Off
   User Defined

3. To disable all protection set the level to Off. You will receive a prompt asking "You are about to change your security settings. Do you wish to continue?" Click Yes.
4. Click the X on the upper right hand corner to exit the Management console.

[edit] ProcessGuard

1. Right-click the blue lock ProcessGuard icon located in the system tray.
2. Uncheck 'protection enabled'
3. Click yes.

[edit] ZoneAlarm's OS Firewall

1. Go to the Program tab, then click "Main".
2. Press the first "Custom" button from the top.
3. Uncheck "Enable OS Firewall".
4. Click OK.

[edit] Ad-Aware 2007 Service

1. On your desktop, click Start -> Run and type services.msc in the open box
2. Click OK or hit Enter
3. Scroll down the list of services and double-click "Ad-Aware 2007 Service".
4. In the service properties window that opens, click the "STOP" button.
5. Under Startup Type, use the pull down menu and select "Disabled" from the list of options.
6. Click OK
7. Exit the Services Control Manager
   
   

---

Now continue by cleaning the clutter.

This article is part of the Malware Removal and Prevention series The series was developed as the key deliverable of the Cleaning Malware Project.

Malware Removal and Prevention Overview

Malware Prevention

edit this template