Spyware Removal Guide
Annoying pop-ups in the corner? Strange behavior from the Internet? Unexplained slowness? Chances are your computer isn’t possessed, you just have a nasty case of spyware. Similar to a virus, spyware can impede or even prevent normal operation on your computer. Have no fear though, because most spyware can be removed with a little time and patience. Read on and I will walk you through some simple steps that anyone can do, to help keep your computer running in tip top shape!
Before we begin, a few words of warning and caution. First, this guide will not be a be all end all answer to spyware. While most of the time a computer is cleanable, there are a few times when the infection will be so bad and have corrupted so much that you will not be able to fully clean the computer. If this is the case, you will need to wipe clean your computer and reinstall your operating system. I will put up a guide for that soon. Second, a computer infected with spyware, or any kind of computer virus for that matter, should be quarantined as best as possible. Any device that connects such as a USB flash drive, should be left disconnected for the length of infection, as some varieties of spyware can in fact jump to the flash drive and spread to other computers in this fashion. Beyond those two warnings, use your best judgment. If you have any specific concerns feel free to leave a comment at the end of this entry.
This guide is going to be centered around the use of Spybot Search and Destroy, but there are several Anti-Spyware products on the market free for download and use. They all have similar functionality and if you find yourself good with one you should be able to pick up use of another without too much difficulty. For really bad spyware infections, running multiple products often will help ensure that your computer is as clean as can be! I will include links to both Spybot Search and Destroy plus a few other spyware removal tools at the end of this article.
Install Procedure
First and foremost, you will need to install Spybot Search and Destroy before you will be able to use it. You can find the install file here: http://www.safer-networking.org/en/download/index.html From there you will have an installer file, that you need only double click in order to install. The install will give you a few check boxes to select, generally, I uncheck both Teatimer, and the SDHelper. While nice, both of these use up a lot of resources, so if you have an older computer I would definitely recommend not installing them. The choice is yours though, and a newer machine should be more than able to handle the extra strain. Once the install is done, go ahead and run the program for the first time. Spybot will give you an option of 7 steps to preform before getting into the actual program. You can choose to do them now if you would like, or click through them and just go right into the program. The only one I would absolutely recommend is the update of Spybot. Even with a recent download of the install package there could be recent updates to the definition files that tell the program what to look for. The updater will give you a list of places to download the update from, choose anyone from your country of choice and then download the updates. If you skipped the install of Teatimer, feel free to uncheck any updates for it. Once all that is done, you’re finally ready to start cleaning up your computer.
Checking for Problems
This part pretty much runs itself. On the main page of the program, there is an option to check for problems. Clicking this will automatically launch the anti-spyware tool and start checking your computer. Be patient with this as it can take anywhere from 15 minutes to an hour depending on the age of your computer and the amount of files it has to check through. While it is running you can continue to use your computer, just be aware that things might run a little slower, so either find a good time to take a break, or just make sure you have a little extra patience.
Once the process completes you will see one of two things. Either your computer is clean, and the results say no threats found, or it will say one or more threats found. If you received the first response, congratulations, keep up the good work and safe internet browsing. If you are like the majority of computer users, myself included you probably have at least a a few threats found. Not a problem, at all, there should be a button at the top of the window that says fix selected problems. Clicking that button will go ahead and remove all of the issues that it found. Generally this will run through without any problems and take care of all your issues. If for whatever reason Spybot cannot immediately remove a threat it will ask you if you want to run Spybot first thing when your computer next turns on, and will then prompt you to reboot your computer. Go ahead and do this, you will see a Spybot window show up and start running before your normal login screen will show up. Be patient as this will take about the same time as the previous scan did. Depending on the level of infection you may have to run this a few times. Persistent infections are also best treated with the use of multiple programs as well. I will post links to a few of them at the end here.
Hopefully by now any spyware that was on your computer is taken care of. If not it might be worth getting help from a resident family computer geek, or barring that, if you feel like shelling out a little money, finding a local computer shop to give you a hand cleaning your computer.
Spyware Removal Programs
Good luck, and again, feel free to leave a comment if you have any questions.
03.05.2009(9:02 pm)
As someone who does this every friggin day as well:
while spybot isn’t my thing, every tech has removal tools they love. Once i get one in the shop, i hit up safe mode as the administrator(get a linux SAM password cracker if you need to), disable system restore(SR will save viruses/spyware) and run MWB (also run SuperAntiSpyware if the system can handle it). It’s been noted from the engineers that the quick scan will get 99% of the junk, so don’t bother using the full scan, especially with vista, as the page file search can take several hours and is often times fruitless. while the scan is running, check through the add/remove programs for entries like weatherbug, limewire, MyWebSearch, and other stuff that doesn’t belong there. Companies use these ‘helpful’ and often times ‘cute’ programs, such as cursors, or wallpapers, or screensavers to track your interests and such.
Also run through the program files and hard delete anything not removable from the add/remove programs list. Don’t forget to check the common files directory as well.
Next, run through each users’ temp files located in (typically) c:\documents and settings\user\local settings\temp and just wipe it all out. The temp folder was MADE to be deleted so don’t feel bad.
the next thing to check is the startup programs. goto start -> run and type in ‘msconfig’ then click the startup tabs and uncheck any a) unnecessary programs (stuff your lazy butt and double-click yourself) and b) any programs that contain random strings of letters/numbers, or are blank. apply the settings, hit OK but don’t reboot just yet!
once the first scan is finished for the administrator, you’ll need to logon to EACH AND EVERY user account and run a quick scan. the reason is because some files still can’t be seen by the administrator.
while you’re scanning, this next step is for IE users only. goto control panel – internet properties and find the section to manage add-ons. You’ll want to disabled any addons that again, don’t belong there. Check for ones labeled with registry keys only, and scrutinize the unverified publishers. also, disabled any toolbars. these slow your borwser load times greatly. search engine toolbars are especially annoying because again, they track you every worse than on their actual page.
Firefox users can check, but it’s a TON more secure than IE and rarely adds any add-ons without permission.
once all the accounts have been cleaned, you shoudl be able to log back into regular mode, re-enable system restore, and you’ll be back on track. Make sure you have a GOOD antivirus (not mcafee…EVER, and only choose norton is you must). AVG’s free scanner is still pretty good, although there are some smaller independent ones making names for themselves. remember to update your definitions and scan regularly. een the pros, like myself, sometimes break their eCondom and nasty bits get in.
For the mega-nasty infections, a rootkit killer is advised. for this, i recommend UnhackMe available @ http://www.greatis.com . it can catch pretty much anything before windows loads, enabling you to do registry edits and so forth before a virus can load on the system, particularly, SDRA64.exe, a nasty little guy who hides in the userinit and is pretty clever. removal of this one requires a boot to safe mode, end all svchosts.exe processes in task manager (run command “shutdown -a” if you accidently trip an NT shutdown) and then edit the userinit registry key to only include the path to userinit.exe.
MalwareBytes, SuperAntiSpyware, UnhackMe, and AVG are only a few tools in my aresenal. I might also suggest Security Task Manager as an alternative to Hijack This, as it’s a little easier to read than an HJT log.
Alright, i hope that was a good addition. And Michael, I spent a lot of time typing this (plus i know what i’m talking about lol) so you’d better approve it. =D
06.11.2010(4:28 am)
To the point and well written, thanks for the post