Spyware Removal guide
For those that don’t know, spyware is bad, spyware is really bad. It also has many different names. Like adware, malware, badware, trojans, worms, downloaders, junkware, etc. Whatever you call it it’s bad and you need to know how to get rid of it. The most common method people use to remove spyware is to download some software from Download.com and run that to remove the spyware. This method works ok most of the time but it usually takes much longer than I would ever want to spend on a computer. This spyware removal guide presents a much faster more effective way.
To understand how to deal with spyware you first have to understand how it works. It gets on a computer by attaching itself to, or disguising itself as, some useful piece of software. Kazaa is the classic example of that It is a useful piece of Peer to Peer software but it is packed full of spyware. The first thing that spyware does when it is on a computer is add itself to various parts window’s registry so that it will be loaded when windows starts up. So the first thing you need to do is removed these various registry entries so that you can then remove the spyware.
To do this you will need to use some cool software. The first cool software you should use is called msconfig. It is installed standard on Windows XP, Windows ME and Windows 98. It is not included with Windows 2000. Don’t ask me why. I always run this right off before I do anything else. To access it all you have to do is click the Start button. Then click on Run and type in “msconfig” and click “ok”. You are greeted with the System Configuration Utility. You can disable most
start up items by clicking on “Selective Startup” and uncheck “Load Startup Items”. If you do this most of the stuff that normally starts up will not start up when you reboot your computer. Then go to the Services tab and Disable all non-Microsoft services. Don’t be timid in disabling anything in this utility. There is nothing you can do that will permanently damage Windows because you can always come back to this utility and undo your changes.
After you have ran msconfig I would reboot the computer into safe mode. You can do this by pressing “F8” while windows is starting up. Sometimes it hard to know when to do this. It’s after your computer goes out of the bios and boots off the hard drive you should press F8. If in doubt repeatedly press F8 while the computer is starting up. The advantage of being in safe mode is that none but the cleverest Spyware is loaded in Safe Mode. In safe mode it is time to try the powerful program known asHijackThis. HiJackThis functions like msconfig but it is much more thorough at finding possible spyware problems. The rule to follow when using HiJackthis is, “If you don’t know what it is get rid of it.” When you run a scan with HiJackThis you will be presented with a list of possible spyware found in the registry. Keep in mid that it is possible spyware, just because it is there it doesn’t mean it is bad. Most of the stuff listed here will be extensions to Internet explorer and stuff like that. Everything listed is optional. Your computer will work perfectly fine even if you removed everything listed. Once you check those things that you want to remove and you click “Fix Checked”, restart your computer in normal mode and you should have about 90% of your spyware removed.
To find out if you have successfully removed all the spyware, start HiJackThis again and do a scan. If you find anything listed that you had previously removed that means that the spyware is still on your computer somewhere and has come back to plague your existence. At this point it is hard to give you an exact procedure on how to remove the remaining spyware. Probably the easiest thing to do is download a good spyware scanner and run that. You can see a list of the ones I recommend at the Spyware Scanners page. If the spyware scanners still fail to remove the spyware than you’ll have to find a more involved procedure. A sure fire method of removing a known spyware file is by booting into an entirely different operating system and manually deleting it.
When you ran HiJackThis you probably noticed a file name associated with. This is most likely the file that is run when windows starts up that activates the evil spyware process. If you thought, “I’ll just delete this file.” It would be a great idea but if you tried to do so you probably came across the error, “Access Denied, file may be in use” or something like that. Don’t ask me why but Windows is unable to delete a file if it is in use. There is absolutely no reason why this has to be the case. I have no problems deleting executables of running processes in Linux. Anyway, to delete this file you need to boot the computer from a different medium, the most convenient is probably a CD. The best type of bootable CD for spyware removal purposes is probably Bart’s PE. You can find information on how to build a bootable CD with windows XP and spyware removal tools here.
If you took a look at that you probably noticed that it was a rather complicated procedure. It is quite possible that you already have a boot CD that will do what you need to do. If you have a windows Installation CD you could boot from it and then press ‘r’ to enter the recovery console. Sometimes it will ask you for your administrator password. If you don’t know it try just pressing enter. If that doesn’t work see Windows Password Recovery Guide for information on how to reset administrator passwords. Once you are presented with a prompt you can issue DOS commands like, “del /Path/to/file/filename.exe” to remove the offending file that you found with HiJackThis.exe (you did wright that file name down, right?).
Hopefully this spyware removal guide has helped you get your computer working as good as the day you purchased it. Of course this all would have been avoided if you had just used Linux. Don’t forget to check out Spyware prevention once you get all the spyware removed.