How to beat spyware and viruses, 2008 edition

The last time I wrote a piece on how to remove spyware from your computer was in 2006. Time for an update, I think. Here's my perennial "How to Beat Spyware" howto, revised and updated for 2008 (and combined into a single file instead of two parts).

Here's what to do if you suspect an infection on your Windows PC. (Please note these steps apply to both Windows XP and Vista.)

1) Are you sure it's spyware or a virus? Windows pop-ups and alerts can often seem invasive enough to be viruses, especially with Vista. Try searching the web for the exact text you see on the screen to make sure you aren't dealing with an aggressive Windows message. (Many of these can be turned off, so try whatever instructions you find.) On the other hand, some viruses masquerade as Windows alerts, so tread lightly.

2) Boot in safe mode. If you have a virus, first step is to try booting in safe mode. You can get to safe mode (a simplified version of Windows that disables a lot of extra gunk, possibly including some spyware apps) by restarting your PC and tapping F8 during boot. Soon you'll get a menu of options. Select "Safe Mode" (it's at the top of the menu) and wait for the machine to fully boot. The system will look funny (with a black background and larger icons, probably), but don't worry about it. This is only temporary. (Also note that many spyware applications can disable safe mode, so if you find this doesn't work, just boot normally.)

3) Run your antivirus application. This is of course assuming you have an antivirus application. (Need one? Check here.) You're in safe mode now, so run a full scan of your PC at maximum security levels (include the option to scan within compressed files, for example). This will probably take an hour or more, so be patient. Fix any problems the virus scan turns up. Then reboot into safe mode again using the procedure in step 2.

4) Run one or two anti-spyware applications. I used to recommend running multiple anti-spyware apps, but virtually all antivirus apps now do a pretty good job at getting rid of spyware too, so you don't need an army of additional applications just for spyware. Also, I now recommend starting with AdAware (which is free) and moving on to Spyware Doctor (free as part of the Google Pack) if you feel you need additional help. (Please note that recent versions of Spyware Doctor and Norton Antivirus have some trouble with each other.) You can try other apps too, but the once-recommended SpyBot Search & Destroy is no longer very effective, sadly. (Neither is Microsoft's own Windows Defender.) Of course, fix anything and everything these apps find.

5) Reboot normally. (Not in safe mode.) Now take stock. Still got spyware? It's time to move along to my more advanced techniques for removing the nasties.

6) Run HijackThis. HijackThis is a free software tool that scans your computer to find malware that other apps might miss. Scroll down to "Official downloads" to download the tool. Next, simply open the ZIP file you downloaded, extract the application, and run the tool (you don't need to install it). Click the "Do a system scan and save a logfile" button. You'll receive a large text file as well as a dialog box which gives you a list of active software processes, which you can then choose to delete. Unfortunately, this list includes both helpful and unhelpful software, so don't just start deleting items. Continue in step 7 to figure out how to fix your spyware infection.

7) Post your log file online. Visit this page, which offers a list of forums staffed by volunteers who can help you interpret your HijackThis log. The SWI Forums are especially busy, but most of the forums on the list are equally apt. Go to SWI and visit the "Malware Removal" forum which has over 50,000 topics listed: Those are all people like you who are seeking help getting rid of spyware. Register for an account, read the FAQ, then visit that Malware Removal forum, and post a new topic. Paste the content of the text file you created in step 5 into this topic and (politely) ask for help. You will get a response from a volunteer helper, typically within 3 days. You'll be given specific advice on what entries to remove with the HijackThis tool, and you might be pointed to additional software to run to help remove common spyware infections. Follow all the instructions and keep working with the forum helpers until either you or they give up. (And no, don't send your log file to me or post it here. I am not nearly the spyware removal expert that these guys are.)

7a) Alternately: Paste your log file into an automated tool. Don't have three days? Try simply pasting your HijackThis log file into this form. It does a pretty good job at auto-analyzing what's wrong with your machine, with no waiting. As well, if that doesn't work, you can search for the items you find in the HijackThis log by name to see what they are and how to remove them, if they're spyware. This can be quite time consuming, though.

8) Try System Restore. If that doesn't work, you might try running Windows System Restore to roll back your OS to a time before the infection happened. This isn't foolproof: You might not have System Restore turned on, or the spyware might have shut System Restore off, as well. But it's worth a shot. With either XP or Vista, System Restore can be found under Start > All Programs > Accessories > System Tools > System Restore.

9) Give up and wipe your hard drive. At this point, you've exhausted all the options I know of. You might try again at steps 6/7 to make sure you've done everything you can to salvage the PC. Forum helpers will often work with you for weeks to help fight a spyware infection, but there are tens of thousands of possible variants out there, with new ones cropping up every day. It's just not possible to clean them all, every time. Sometimes the only thing you can do is call it quits, reformat your hard drive, and reinstall your OS. Again, make sure you have your backups ready and verified. Once you're up and running, reinstall your antivirus and anti-spyware applications, and stay vigilant against infection. Good luck.