Why is it so hard to remove spyware?
Badly behaved spyware is very anti-social. Often it is self-aware, using multiple hidden processes that may not only take over your Web browser and generate pop-up windows, but also search for and disable popular antivirus and anti-spyware programs. Also, the spyware will often hide installers in different folders and automatically reinstall if removal is attempted, often when the computer is restarted, but sometimes as soon as the spyware is removed or stopped.
It is very important to keep this behavior in mind when trying to remove spyware. The key is making sure that the spyware has little opportunity to reinstall, and that we empty out the most common hiding places.
Preparation
? Back up all essential data.
? If you are running Windows Me or Windows XP, create a restore point (restore points were introduced with Windows Me):
? Windows Me
? Windows XP
Tip: Some people recommend that System Restore be turned off and all Restore Points deleted before attempting spyware removal. DO NOT DO THIS. If something goes wrong (anything is possible) you will have no way to reverse your actions. You'll want to delete your old Restore Points, but the time to do that is later, not now.
? If you have lots of icons on your desktop, create a folder and move as many icons as possible in to that folder. A crowded desktop can cause problems if we must work in safe mode.
? Download all of the following helper software and save them to your (now clean) desktop:
Spyware removal
? AdAwareSE - If you have an older version of AdAware (6 or earlier), you must update. AdAwareSE is the only version of AdAware that is supported by Lavasoft. Older versions are no longer updated, and cannot detect the newest spyware.
? Spybot Search and Destroy
? CWShredder - Use the stand-alone version.
? Microsoft Windows AntiSpyware (Beta)
Repairer software
? Lspfix - Suitable for all consumer versions of Windows (although if you have Windows 95, you will need to obtain Winsock 2 first).
? Winsockxpfix - This is for Windows XP only.
? Install AdAwareSE and Spybot Search and Destroy. Update both programs using the "Check for Updates now" link on AdAware's opening screen, and the "Search for Updates" button on Spybot's opening screen. Do not run the programs yet.
Top of page Let's get cleaning Part 1 ? Temporarily show hidden files.
For Windows XP:
1.
Click Start, and then click Control Panel.
2.
Click Appearance and Themes, and then click Folder Options.
For older systems:
1.
Double-click My Computer, click View, and then click Folder Options.
2.
On the View tab, under Hidden files and folders, click Show hidden files and folders, and clear the Hide protected operating system files check box.
IMPORTANT Files are hidden by Windows for a very good reason. It is not wise to experiment with these files. Unfortunately, to successfully remove modern spyware we must turn this protection off temporarily. Please turn the protection back on when you have finished cleaning your system.
Always delete all cached Temporary Internet Files before trying to remove spyware.
? Go to Control Panel, Add/Remove Programs. Remove any spyware that you recognize, but be careful. There may be programs that you do not recognize which may be related to your ISP or hardware installed on your computer?if you do not recognize an entry, do not assume it is spyware. Conduct a search of the Internet if you are uncertain, and if in doubt, do not uninstall until you have received further advice.
? Next, conduct a search of the Internet for any information about any free software that you have installed on your computer. Search for its name together with the word "spyware" and then complete another search, this time using the word "adware." Some free software installs adware or spyware on your computer as a way of earning income for the freeware's author. Often such installs are declared in the EULA (End User Licence Agreement) that is displayed during an installation, but few people read the sometimes lengthy text. If you are lucky any foistware (adware or spyware included with freeware) may be removed simply by uninstalling the freeware.
? Run CWShredder. Fix anything that it finds.
? Run AdAwareSE:
1.
Select "use custom scanning options" then select "customize". Make sure the following options are enabled: "scan within archives," "scan active processes," "scan registry," "deep scan registry," "scan my IE favorites for banned URLs," "scan my Hosts file."
2.
Select the "tweak" option. Under "scanning engine," make sure "unload recognized processes and modules during scan" is enabled. Enable "scan registry for all users instead of current users."
3.
Under "cleaning engine" turn on "always try to unload modules?," "during removal unload explorer and IE if necessary," "let windows remove files in use at next restart," and "delete quarantined items after restoring."
4.
Use the "select drives and folders to scan" option to ensure that your entire hard drive is scanned (if you have more than one hard drive, scan all of them (of course, do not include floppy and CD/DVD).
5.
Let AdAware complete its scan. Sometimes AdAware will be unable to remove everything that it finds and will prompt to be allowed to try again after restarting. If that happens, when the scan finishes restart immediately and allow the scan to finish.
? Run Spybot Search and Destroy. Fix anything marked red.
? If you're comfortable using beta software and have decided to install the Microsoft Windows AntiSpyware (Beta), you can now run a scan with this software to catch spyware that may not have been caught by the others. You can also use Microsoft Windows AntiSpyware (Beta) to set system restore points for your computer and browser restore points for Internet Explorer so that if spyware tries to change many of these settings in the future, you will be advised and given a chance to stop it from happening.
? Restart into Windows as per normal. Repeat the CWShredder, AdAware, and Spybot scans. If your computer is reported as clean by the anti-spyware software, we can stop here for now. But, if the repeat scans revealed further infection, or your problems continue, proceed to Part 2 below.
Part 2 - Re-infection after cleaning
If you have completed all the scans above and cleaned your computer, but your problems continue, or after restarting the infection returned:
Restart into Safe Mode without trying to clean the system again. To do this you need to hold down the F8 key while the computer is booting (when the computer is displaying a black screen with white text). When the boot menu appears, use your keyboard arrows to select "Safe Mode."
Safe Mode can look quite ugly. The color may look bad, and all of your desktop icons will be very large. This is normal.
Complete full system scans with AdAware, Spybot and, if you have installed it, Microsoft Windows AntiSpyware (Beta). Some experienced advisers are recommending that users run the Microsoft Windows AntiSpyware (Beta) twice while in safe mode - it certainly won't do any harm.
Part 3 - A final check
Boot back into Windows after you have completed the second Safe Mode scan. Repeat all the scans one last time. If your system is still infected, then there is nothing more we can do without extra assistance and it is time to go further afield. There are several forums that are dedicated to providing assistance with removing spyware that I have found very helpful, a couple of my favorites are aumha.org and spywareinfo. Either of these forums will be happy to provide the personalized assistance required to remove the worst spyware.
If you are unable to access the Internet after removing spyware you will need to run LSPfix or Winsockxpfix (as appropriate). If you are using Windows XP Service Pack 2 (SP2) and are unable to access the Internet after removing spyware, there is a command that may fix the problem, removing the need to run Winsockxpfix. It works by resetting the winsock catalogue. Click on Start, then Run and type CMD in the dialogue box that appears. Click OK. Type "netsh winsock reset" into the DOS window that appears.
The last steps
If you are running Windows XP or Windows ME, and your computer has been successfully cleaned of spyware, there is one more thing that needs to be done.
Delete any old restore points and then create a new restore one. The old ones may, of course, be infected with the spyware and cannot be used.
First, start and then stop the Restore Service. This is done differently depending on what operating system you are running.
Windows XP:
1. Click Start, and then click Control Panel.
2. Click Performance and Maintenance, click System, and then click on the System Restore tab.
3. Select the Turn Off System Restore check box, click Apply, then restart your computer.
4. Return to the System Restore Tab and turn System Restore back on.
Windows ME:
1. Click Start, click Control Panel, click System.
2. Click Performance, click File System, and then click Troubleshooting.
3. Enable the option Disable System Restore, click Apply then restart your computer.
4. Return to the Troubleshooting tab and turn System Restore back on.
To set a manual restore point complete the following steps:
1. Click the Start button.
2. Point to Programs, then navigate to Accessories, then System Tools, then click System Restore.
3. Choose Create a restore point, and then click Next.
4. In the Restore point description box, type a name for your restore point, and then click Next.
5. Click OK.
Now that your computer is clean, you should take steps to prevent problems from recurring in the future. Anybody running Windows XP should update to Windows XP SP2. Also, Microsoft has released information about how to avoid spyware.
The Authour: Yomi Faith is a Computer Engineer/ Analyst, and also a Software developer and also working with Microsoft. This Article is going to teach you on how to prevent your computer against Spyware.
Labels: best_adware, computer_spyware, free_adware, free_anti_spyware, free_spyware_program