How to beat spyware and viruses, 2008 edition

Wed Apr 2, 2008 11:46AM EDT

See Comments (169)

The last time I wrote a piece on how to remove spyware from your computer was in 2006. Time for an update, I think. Here's my perennial "How to Beat Spyware" howto, revised and updated for 2008 (and combined into a single file instead of two parts).

Here's what to do if you suspect an infection on your Windows PC. (Please note these steps apply to both Windows XP and Vista.)

1) Are you sure it's spyware or a virus? Windows pop-ups and alerts can often seem invasive enough to be viruses, especially with Vista. Try searching the web for the exact text you see on the screen to make sure you aren't dealing with an aggressive Windows message. (Many of these can be turned off, so try whatever instructions you find.) On the other hand, some viruses masquerade as Windows alerts, so tread lightly.

2) Boot in safe mode. If you have a virus, first step is to try booting in safe mode. You can get to safe mode (a simplified version of Windows that disables a lot of extra gunk, possibly including some spyware apps) by restarting your PC and tapping F8 during boot. Soon you'll get a menu of options. Select "Safe Mode" (it's at the top of the menu) and wait for the machine to fully boot. The system will look funny (with a black background and larger icons, probably), but don't worry about it. This is only temporary. (Also note that many spyware applications can disable safe mode, so if you find this doesn't work, just boot normally.)

3) Run your antivirus application. This is of course assuming you have an antivirus application. (Need one? Check here.) You're in safe mode now, so run a full scan of your PC at maximum security levels (include the option to scan within compressed files, for example). This will probably take an hour or more, so be patient. Fix any problems the virus scan turns up. Then reboot into safe mode again using the procedure in step 2.

4) Run one or two anti-spyware applications. I used to recommend running multiple anti-spyware apps, but virtually all antivirus apps now do a pretty good job at getting rid of spyware too, so you don't need an army of additional applications just for spyware. Also, I now recommend starting with AdAware (which is free) and moving on to Spyware Doctor (free as part of the Google Pack) if you feel you need additional help. (Please note that recent versions of Spyware Doctor and Norton Antivirus have some trouble with each other.) You can try other apps too, but the once-recommended SpyBot Search & Destroy is no longer very effective, sadly. (Neither is Microsoft's own Windows Defender.) Of course, fix anything and everything these apps find.

5) Reboot normally. (Not in safe mode.) Now take stock. Still got spyware? It's time to move along to my more advanced techniques for removing the nasties.

6) Run HijackThis. HijackThis is a free software tool that scans your computer to find malware that other apps might miss. Scroll down to "Official downloads" to download the tool. Next, simply open the ZIP file you downloaded, extract the application, and run the tool (you don't need to install it). Click the "Do a system scan and save a logfile" button. You'll receive a large text file as well as a dialog box which gives you a list of active software processes, which you can then choose to delete. Unfortunately, this list includes both helpful and unhelpful software, so don't just start deleting items. Continue in step 7 to figure out how to fix your spyware infection.

7) Post your log file online. Visit this page, which offers a list of forums staffed by volunteers who can help you interpret your HijackThis log. The SWI Forums are especially busy, but most of the forums on the list are equally apt. Go to SWI and visit the "Malware Removal" forum which has over 50,000 topics listed: Those are all people like you who are seeking help getting rid of spyware. Register for an account, read the FAQ, then visit that Malware Removal forum, and post a new topic. Paste the content of the text file you created in step 5 into this topic and (politely) ask for help. You will get a response from a volunteer helper, typically within 3 days. You'll be given specific advice on what entries to remove with the HijackThis tool, and you might be pointed to additional software to run to help remove common spyware infections. Follow all the instructions and keep working with the forum helpers until either you or they give up. (And no, don't send your log file to me or post it here. I am not nearly the spyware removal expert that these guys are.)

7a) Alternately: Paste your log file into an automated tool. Don't have three days? Try simply pasting your HijackThis log file into this form. It does a pretty good job at auto-analyzing what's wrong with your machine, with no waiting. As well, if that doesn't work, you can search for the items you find in the HijackThis log by name to see what they are and how to remove them, if they're spyware. This can be quite time consuming, though.

8) Try System Restore. If that doesn't work, you might try running Windows System Restore to roll back your OS to a time before the infection happened. This isn't foolproof: You might not have System Restore turned on, or the spyware might have shut System Restore off, as well. But it's worth a shot. With either XP or Vista, System Restore can be found under Start > All Programs > Accessories > System Tools > System Restore.

9) Give up and wipe your hard drive. At this point, you've exhausted all the options I know of. You might try again at steps 6/7 to make sure you've done everything you can to salvage the PC. Forum helpers will often work with you for weeks to help fight a spyware infection, but there are tens of thousands of possible variants out there, with new ones cropping up every day. It's just not possible to clean them all, every time. Sometimes the only thing you can do is call it quits, reformat your hard drive, and reinstall your OS. Again, make sure you have your backups ready and verified. Once you're up and running, reinstall your antivirus and anti-spyware applications, and stay vigilant against infection. Good luck.

Comments on How to beat spyware and viruses, 2008 edition

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 66 Posted by jeremiah_griz on Thu Sep 3, 2009 4:33PM EDT Report Abuse

    You can take this for what it's worth. Have had computer(s) for 15+ years. Am presently running Vista HP. Have had to reformat the HD 3 times in less than a year. Got sick of Windows firewall, windows defender, and I was running AVG professional. Blew them all off, and went with webroots' firewall, spysweeper+antivirus, and windows washer! Easy to use, and does not cost an arm and a leg. After 4 months I have had no problems that I know of. I think it is their shields that does the trick! You can get these products at Webroot.com.

  • 67 Posted by kim.banco on Thu Sep 3, 2009 4:51PM EDT Report Abuse

    I am a real novice at all of this. I read the article and decided to try noadware. I ran it and it found quite a few files that were "Dangerous" and "Severe". In order to remove the files, I had to register for a charge of $37. (Thought this was supposed to be free, per the article.) I registered and then tried to delete the files and received the message "Registry editing has been disabled by your administrator." Anybody know what I should do now?

  • 69 Posted by jeremiah_griz on Thu Sep 3, 2009 4:33PM EDT Report Abuse

    Wanted to add something there at my post #68, I do not work for Webroot. I've used them all, AVG, ADAWARE, Norton, McAfee, you name it! This outfit Webroot, WORKS!

  • 70 Posted by jpbrady308 on Thu Sep 3, 2009 4:42PM EDT Report Abuse

    Christopher, I am in the business of helping people that have become victimized by spyware and virus issues. We actually provide a wide variety of Internet based Remote Support, but our PC Tune Up is the most popular and it is designed to address these problems. Let me say that I thought your article was geared for a user with above average skills to follow. The steps you laid out were logical, and reasonably complete. I would add a few details and some caution to this advice though. First, most people do not understand just how long it can take to complete what you have laid out here. I would suggest that it is my experience that it often takes on average, between 3 and 4 hours to clean a machine of persistent problems. That is operating at system speed, as we have a well defined sequence of tasks. Second, I would caution against having any average user run a tool like HijackThis. The potential to do more harm than good, is very real. Third, I think that your advice in step 9 to just wipe the drive is irresponsible. Do you not believe that there is any value in professional assistance? Do you think that because you have exhausted your suggestions that there is no hope at all of someone else being able to fix a sick PC? Step 9 should read, before you throw the towel in - call a support company that has the professional training and experience to help. FoxRiverNetworks.com provides this type of help & guarantees "it's fixed or it's free!" Regards, John Brady President - Fox River Networks

  • 71 Posted by sj_strauss on Thu Sep 3, 2009 9:25PM EDT Report Abuse

    Is it me or is this article written either for someone that's had their head in the technological sand for the last ten years, or has the attention span of an eggplant? Other than mentioning Adaware (which is admittedly decent), the recommendations are the equivelant of hiding under your bed from the scaaaarrrryy spyware. If you are trying to provide a public service, please go ahead and so so. Perform research if necessary. Otherwise, keep your simple thoughts to yourself. Thanks for trying.

  • 72 Posted by jeremiah_griz on Thu Sep 3, 2009 4:33PM EDT Report Abuse

    To post #69 kim.banco, if you somehow got into your registry and was editing, I hope the H_ you knew what you were doing. If not, your best bet is to reformat and reinstall! Then go to Webroot.com

  • 74 Posted by jake_lee2006 on Thu Sep 3, 2009 4:27PM EDT Report Abuse

    The best way to keep a clean machine is to shred your temporary internet files, shred your cookies, always use Windows XP Pro, and as to virus protection that is the best bar none, use Eset Nod32. It has the smallest footprint of any of the antivirus programs, works fantanstic, and will not slow you down on the internet.

  • 75 Posted by rb_tech on Thu Sep 3, 2009 8:31PM EDT Report Abuse

    I read this guy's bio and I can't believe his background is accurate after reading number 9. Any PC technician knows there are at least a dozen other things to look at. If this is all he knows then I am not surprised he has moved on to journalism. I could write real articles for Yahoo but they would kill the business for lots of PC repair guys. At least with this guy's advice people will still have PCs that need help.

  • 76 Posted by mauz70 on Thu Sep 3, 2009 7:12PM EDT Report Abuse

    I recommend autoruns instead of hijack this, Much more interactive and it has a feature to look up the running process on the net for those that might be questionable. Not sure offhand, but I believe it was created by a microsoft software designer as well.

  • 77 Posted by ashnoelle86 on Thu Sep 3, 2009 2:58PM EDT Report Abuse

    or, 10) buy a Mac and never have to worry about it again.

  • 78 Posted by mikewendel on Thu Sep 3, 2009 7:20PM EDT Report Abuse

    I'm sure it's been said here already, but I'll say it again: Get a Mac. There are those that say macs can still get viruses, but since owning a mac for nearly three years now, never have I had any problems of the kind. Yah, they do cost more. However, if you figure in all that extra software you need to keep your PC running smoothly, and the lack of headaches with a mac, it's probably a wash. Once you go Mac, you won't go back.

  • 79 Posted by jrbutte on Thu Sep 3, 2009 4:42PM EDT Report Abuse

    Buy a freakin Mac kids. Jeez I am shocked that you all are putting up with such a ridiculous way of life. I found this article to be the most humorous thing I've seen in years. It was the "Are you freakin kidding me?" moment of my year. Get a life. Get a Mac. It's not the dark side. And I don't work for them. I spent untold hours and anguish with a PC for four years after college. Now I freely surf, store, write, create, record, publish and honestly hadn't thought of a virus or spyware in the 3 years since I've had my Imac. Worst problem my Mac has given me? A clogged fan which made my internal CPU temperature rise forcing early shutdowns. Now I brush my cat. Much better than fending off hackers. Mac + Cat + Brush = Productivity, Peace, and the end of Spyware ruling your existence. OK I'm going to bed. I'll pet the cat for ya.

  • 80 Posted by ioerr on Thu Sep 3, 2009 4:24PM EDT Report Abuse

    I agree with mauz70, Autoruns is a great program. So is RootkitRevealer, DelInvFile, RegDelNull and "The Avenger"... I think a lot of people would end up breaking their Windows OS trying to use them though. A lot of people don't bother to learn much about PCs really. Just reinstall Windows I tell them. I get to use these things all the time on the PCs at work. They are used by many people, who manage to get them infected with spyware once or twice a month. Getting rid of spyware is quite interesting. It's often very devilish; designed to repair itself, designed to indetectable, designed to be undeleteable, infecting the system restore files, etc.

  • 81 Posted by devilishgranny on Thu Sep 3, 2009 3:42PM EDT Report Abuse

    Wow ok i have all these trojans and crapp i clean often but what about the reg ?? Its a mess.What is a good cleaner and or fixer????

  • 82 Posted by bleiknes on Thu Sep 3, 2009 3:09PM EDT Report Abuse

    The Haute Secure software prevents spyware access. Ever since I installed this free software (www.hautesecure.com) my Spybot periodic checks report "Congratulations" as no spyware is found.

  • 83 Posted by alan_headrick on Thu Sep 3, 2009 2:49PM EDT Report Abuse

    The answer should have been use Linux. The good thing with windoze is it keeps a lot of people employed. Its a whole industry by itself. Oh well I feel sorry for windoze users.

  • 84 Posted by tstonich on Thu Sep 3, 2009 10:23PM EDT Report Abuse

    I used to religiously use AdAware SE, but it has now been replaced with AdAware 2007,a disaster which runs in the background, increases you boot time to minutes from seconds and all around is a poor product.

  • 85 Posted by cobra1412003 on Thu Sep 3, 2009 3:28PM EDT Report Abuse

    I've received both viruses and spyware. Usually the method that helps a lot is just doing a plain system restore. From there, pick a date that you thought was the last time your computer was virus/spyware free. It will automatically restore the contents from that day, without the virus/spyware. Then again, thats just me.

More Posts: First Prev 3 4 5 6 7 Next Last

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.