How to beat spyware and viruses, 2008 edition

Wed Apr 2, 2008 11:46AM EDT

See Comments (169)

The last time I wrote a piece on how to remove spyware from your computer was in 2006. Time for an update, I think. Here's my perennial "How to Beat Spyware" howto, revised and updated for 2008 (and combined into a single file instead of two parts).

Here's what to do if you suspect an infection on your Windows PC. (Please note these steps apply to both Windows XP and Vista.)

1) Are you sure it's spyware or a virus? Windows pop-ups and alerts can often seem invasive enough to be viruses, especially with Vista. Try searching the web for the exact text you see on the screen to make sure you aren't dealing with an aggressive Windows message. (Many of these can be turned off, so try whatever instructions you find.) On the other hand, some viruses masquerade as Windows alerts, so tread lightly.

2) Boot in safe mode. If you have a virus, first step is to try booting in safe mode. You can get to safe mode (a simplified version of Windows that disables a lot of extra gunk, possibly including some spyware apps) by restarting your PC and tapping F8 during boot. Soon you'll get a menu of options. Select "Safe Mode" (it's at the top of the menu) and wait for the machine to fully boot. The system will look funny (with a black background and larger icons, probably), but don't worry about it. This is only temporary. (Also note that many spyware applications can disable safe mode, so if you find this doesn't work, just boot normally.)

3) Run your antivirus application. This is of course assuming you have an antivirus application. (Need one? Check here.) You're in safe mode now, so run a full scan of your PC at maximum security levels (include the option to scan within compressed files, for example). This will probably take an hour or more, so be patient. Fix any problems the virus scan turns up. Then reboot into safe mode again using the procedure in step 2.

4) Run one or two anti-spyware applications. I used to recommend running multiple anti-spyware apps, but virtually all antivirus apps now do a pretty good job at getting rid of spyware too, so you don't need an army of additional applications just for spyware. Also, I now recommend starting with AdAware (which is free) and moving on to Spyware Doctor (free as part of the Google Pack) if you feel you need additional help. (Please note that recent versions of Spyware Doctor and Norton Antivirus have some trouble with each other.) You can try other apps too, but the once-recommended SpyBot Search & Destroy is no longer very effective, sadly. (Neither is Microsoft's own Windows Defender.) Of course, fix anything and everything these apps find.

5) Reboot normally. (Not in safe mode.) Now take stock. Still got spyware? It's time to move along to my more advanced techniques for removing the nasties.

6) Run HijackThis. HijackThis is a free software tool that scans your computer to find malware that other apps might miss. Scroll down to "Official downloads" to download the tool. Next, simply open the ZIP file you downloaded, extract the application, and run the tool (you don't need to install it). Click the "Do a system scan and save a logfile" button. You'll receive a large text file as well as a dialog box which gives you a list of active software processes, which you can then choose to delete. Unfortunately, this list includes both helpful and unhelpful software, so don't just start deleting items. Continue in step 7 to figure out how to fix your spyware infection.

7) Post your log file online. Visit this page, which offers a list of forums staffed by volunteers who can help you interpret your HijackThis log. The SWI Forums are especially busy, but most of the forums on the list are equally apt. Go to SWI and visit the "Malware Removal" forum which has over 50,000 topics listed: Those are all people like you who are seeking help getting rid of spyware. Register for an account, read the FAQ, then visit that Malware Removal forum, and post a new topic. Paste the content of the text file you created in step 5 into this topic and (politely) ask for help. You will get a response from a volunteer helper, typically within 3 days. You'll be given specific advice on what entries to remove with the HijackThis tool, and you might be pointed to additional software to run to help remove common spyware infections. Follow all the instructions and keep working with the forum helpers until either you or they give up. (And no, don't send your log file to me or post it here. I am not nearly the spyware removal expert that these guys are.)

7a) Alternately: Paste your log file into an automated tool. Don't have three days? Try simply pasting your HijackThis log file into this form. It does a pretty good job at auto-analyzing what's wrong with your machine, with no waiting. As well, if that doesn't work, you can search for the items you find in the HijackThis log by name to see what they are and how to remove them, if they're spyware. This can be quite time consuming, though.

8) Try System Restore. If that doesn't work, you might try running Windows System Restore to roll back your OS to a time before the infection happened. This isn't foolproof: You might not have System Restore turned on, or the spyware might have shut System Restore off, as well. But it's worth a shot. With either XP or Vista, System Restore can be found under Start > All Programs > Accessories > System Tools > System Restore.

9) Give up and wipe your hard drive. At this point, you've exhausted all the options I know of. You might try again at steps 6/7 to make sure you've done everything you can to salvage the PC. Forum helpers will often work with you for weeks to help fight a spyware infection, but there are tens of thousands of possible variants out there, with new ones cropping up every day. It's just not possible to clean them all, every time. Sometimes the only thing you can do is call it quits, reformat your hard drive, and reinstall your OS. Again, make sure you have your backups ready and verified. Once you're up and running, reinstall your antivirus and anti-spyware applications, and stay vigilant against infection. Good luck.

Comments on How to beat spyware and viruses, 2008 edition

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 46 Posted by joe_in_az on Thu Sep 3, 2009 4:38PM EDT Report Abuse

    What I would recommend is to use BOTH Linux and Windows. Use Linux (Ubuntu is good) to surf the Web and for email. OpenOffice or IBM's Lotus Symphony are good free replacements for MS Office and the combination of Mozilla Thunderbird and Mozilla Lightning work well in place of Outlook. Ubuntu can be installed in a dual boot mode or through free virtualization software such as VMware or Virtual Box. If you use a Virtual solution I would recommend at least 1GB of RAM with 2GB being preferable. Windows is useful for games and other applications such as Quicken which are specific to Windows. Just don't get on the internet in Windows.

  • 47 Posted by golfsifu on Thu Sep 3, 2009 4:11PM EDT Report Abuse

    After 15 yrs of PC's I bought a Mac and can not believe I ever put up with letting Microsoft waist so much of my time... Take the plunge !!! you will thank me for it.

  • 48 Posted by akhtarkh on Thu Sep 3, 2009 2:48PM EDT Report Abuse

    Make two user accounts, one for every day use with limited accessibility which wont allow for any installation, and the second account an administrative one. use this account ony when you want to download some thing from a trusted site. This is the same way computers are set up in schools and public places, and they dont get any viruses. Only download any software when you badly need one.

  • 50 Posted by aznbaby4eva123 on Thu Sep 3, 2009 3:00PM EDT Report Abuse

    i don't want to hurt anybodys feelings, but i think this was a waste of time. people who have viruses and spyware, is because they bought really cheap computers or don't have good virus protection. Most people on the web can avoid spyware by stop going on to porn sites and stop downloading music from LIMEWIRE.

  • 51 Posted by susanmur223 on Thu Sep 3, 2009 9:50PM EDT Report Abuse

    System restore is not a viable option when it comes to getting rid of malware. Sure, there's a small chance that it might work and so its worth trying if nothing else works, but more likely than not all the system restore files have been infected so no matter how far back you go you're still going to have the virus on your PC. The best way to get rid of viruses is to never get them. Use a good antivirus and antispyware program (one that has some sort of active defense, not just one that requires you to constantly scan your PC since a lot of malware can be difficult to remove once its settled in). Don't visit shaddy websites like hacker sites, free porn sites, or download off of P2P networks. Don't open up every email attachment you get even if its from a family member or close friend unless you were expecting it. Exercise safe internet habits and common sense and you'll avoid 99% of the crap out there.

  • 52 Posted by oc_davo on Thu Sep 3, 2009 7:43PM EDT Report Abuse

    Buy a mac. I've own a imac since 2000 and never had a virus. I now own a 20" duo core imac and still no viruses.

  • 53 Posted by niklaus.wirth on Thu Sep 3, 2009 7:38PM EDT Report Abuse

    People touting Mac OS as being secure, please check the following link: http://www.theregister.co.uk/2008/03/29/ubuntu_left_standing/ "a MacBook Pro running a fully patched version of Leopard was the first to drop out" a contest to prove which of Windows Vista, Mac OS and Ubuntu is more or less secure. The Mac was the first to go in the last year contest as well, so does anybody else see a trend here? Windows Vista fell the second. Ubuntu won. If you are REALLY concerned about security, you can use OpenBSD, SELinux or some distribution specifically geared towards security (such as TrinityOS, or other secured distribution - check http://lwn.net/Distributions/ for a comprehensive list). Plain Ubuntu (or Kubuntu) seems to be the optimal combination between ease of installation, ease of use, design, default package choices and - yes - security.

  • 54 Posted by conraddeel on Thu Sep 3, 2009 3:29PM EDT Report Abuse

    Get a Mac. They don't have viruses or spyware.

  • 55 Posted by tanatiehea on Thu Sep 3, 2009 9:55PM EDT Report Abuse

    What is this thing called a virus!? Oh, I don't have Windows. Really when I look at this stuff, I am just so happy I use a Mac!

  • 56 Posted by jjohnson_mcp on Thu Sep 3, 2009 4:35PM EDT Report Abuse

    The first four recommendations were fine, but after that they became very dangerous. Unless you're very technically savy, you should not be running hijack this, or any of the rest of the recommendations. Seek a professional!

  • 57 Posted by jmahoney3321 on Thu Sep 3, 2009 4:36PM EDT Report Abuse

    You've missed one of the most important steps and that is getting rid of the temporary and temporary internet files BEFORE rebooting back into normal Windows mode. After running the anti-virus and anti-spyware tools, you will need to delete all temporary and temporary internet files (these files are commonly hidden). The reason these need deleted is because after you have cleaned the PC with the anti-virus and anti-spyware, alot of virus and spyware applications place files in the temporary folders and will execute upon startup of various applications, in result, it puts the virus or spyware back on your system after you just removed it. This is essential and I cannot begin to give you an estimate of how many people fail to do this and wonder why they can't get rid of something that has infected their computer. Reason isn't because they can't remove it, it's because they keep reinfecting themselves my leaving these files in their temporary folders.

  • 58 Posted by jbsmith64 on Thu Sep 3, 2009 4:30PM EDT Report Abuse

    Get Linux.... the days of having to be an egghead to use Linux operating systems are over. I suggest Ubuntu 7.10. It comes with tons of applications and it doesn't make you jump through hoops to install a printer or download photos and lots of other things. Most of these functions come with the OS. And here's the kicker... it's free. And when I say free... I mean leave your credit card in your billfold. And forget about buying antivirus/spyware software. You won't need it. Linux is such an efficient system I think it takes up about half the space on the hard drive as windows (somebody correct me on that if I'm off) It does Adobe, Java, and other popular apps. Did I mention that it is free....Bill Gates can bite me.

  • 59 Posted by lydicfamily on Thu Sep 3, 2009 7:01PM EDT Report Abuse

    So now I am confused as H*** because I tried the steps in the article and my computer wouldnt let me go into safe mode and connect with the internet, so I went back to the normal setting. I dont have pop ups and ads all the time but system is running a bit slower. I do have Norton 360 and says that it's fine. Is this true? After reading all the answers on here I am a bit more confused as to what is right and wrong. I dont have the option to reset the whole computer as some of the programs I have on here are not replaceable. So I guess my question is that if I dont have popups does this mean I am just running out of space on my hard drive?

  • 60 Posted by aghardie on Thu Sep 3, 2009 2:47PM EDT Report Abuse

    By the way, Mac OS X is also affected by trojans and viruses. There are several unpatched vulnerabilities in OS X. See http://secunia.com/product/96/?task=advisories Oh and by the way 91% of the world uses windows-based pcs (2008 report), and only 7.7% uses Macs, not 20% like some of you are claiming. See http://en.wikipedia.org/wiki/Comparison_of_operating_systems In the 5 years that I have owned a pc I never got a trojan or virus. Its so easy to avoid. Use free AVG antivirus, free Lavasoft Ad-aware and free Comodo firewall. Don't open e-mails if you don't know who they're from. Don't visit illegal download websites or pornographic sites or hacking sites.

  • 61 Posted by benreaders on Thu Sep 3, 2009 3:05PM EDT Report Abuse

    Well I have been working with computers build them, repair them, fix the software since the start of PC wold. This is what I believe. I believe that for an average user who does not know much about computers and how to fix them Antivirus programs and anitspyware programs might benefit him/her to some extent but not a lot. But for a more advanced user who naturally installs more programs on his/her computer my recommendation is to uninstall all these antiwhatever programs. You do not need them. They stop you from running your computer normally. Sometimes you struggle for hours to see why your newly installed program is not working as it should and then you find out all you have to do is to uninstall some antiwhatever program on your computer. They interfere with the normal operation of the computers no matter what they say. Do not forget the people who write viruses are more intelligent than that. Do you think a simple restart in safe mode and scan can get rid of their programs? So what is the best way to get rid of those malicious programs? The simple answer is there is no simple answer. You have deal with every one of them case by case. I am sure the more advanced user are already doing what I am recommending. Most advanced user can just feel the presence of a malicious program even if they can%

  • 62 Posted by tommydmbfan on Thu Sep 3, 2009 10:15PM EDT Report Abuse

    besides endorsing Superantispyware (free or pro), I recommend using a hosts file. This prevents blacklisted websites from even loading on your machine. I use the MVPS hosts file (its free): http://www.mvps.org/winhelp2002/hosts.htm

  • 63 Posted by bryan.holliday on Thu Sep 3, 2009 3:14PM EDT Report Abuse

    I recently got a virus that not only shut down my system restore but shut down a lot of my safety measures I took such as firewalls and anti-virus protections. I recently lost my router and I was connected directly to the internet. I have already tried everything on this list as well as running 5(!!) different virus/ad detection programs. None seemed to fix the problems I was having. Since my PC is usable I moved all my pics, music etc to my 2nd hard drive until I have time to do a complete wipe. What's odd though is my PC won't let the WinXP install CD install the "upgrade" or a new install. So i figured the system is too compromised which leads me to do the wipe.

  • 64 Posted by brian.longo on Thu Sep 3, 2009 3:13PM EDT Report Abuse

    Oh yes, let's all get a Mac or run Linux. That would solve all of the problems. A Mac isn't perfect and Linux still isn't to the point where a layperson can use it. Besides, some of the "pretty software" available on Windows that some end users like to use isn't available on Mac or Linux platforms. I work with many Windows-based computers every day. I see quite a few infected computers on a monthly basis, none of which that couldn't be cleaned. Most people are more willing to "scan and clean" than "wipe and reload" 99% of the time. And for those of you who tout yourself as some kind of genius when it comes to using a computer by saying "I don't get viruses" or whatever, were you always that good, or did you make mistakes on the way? Last I checked there was no leap from "n00b" to "uber-geek", so I'm sure you fell upon a virus or two along the way. I stand by what I posted earlier; be wary of where you go and don't be click-happy. Exercise a little bit of common sense and you should remain relatively safe. What the author outlined is sufficient, though I wouldn't have mentioned HiJackThis. That's not a tool for everyone to use. The thing I would've mentioned first is "backup your data if you haven't already done so!" And I like this: "people who have viruses and spyware, is because they bought really cheap computers or don't have good virus protection. Most people on the web can avoid spyware by stop going on to porn sites and stop downloading music from LIMEWIRE." Part one is about an ignorant a statement as I ever heard. What the heck does having a cheap computer have to do with a virus? Part two sounds like experience from the poster. ;)

  • 65 Posted by joemadden420 on Thu Sep 3, 2009 4:38PM EDT Report Abuse

    What about Ad-ware? How does one deal with that? I keep getting advertising pop ups even though my pop-up blocker is on, and my anti-virus/spyware/adware program is always on and running.

More Posts: First Prev 2 3 4 5 6 Next Last

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.