How to Detect and Remove Spyware

Spyware – The Modern Day Virus:

Since the birth of the internet there have always been many forms of invasive advertising. People engage in these practices for many reasons. The biggest reasons being to make money from sponsors or promote their company or products.

As the years have gone by these practices have become more and more annoying to the point where they have become malicious attacks on users systems. Modern day spyware is now so bad and damaging to a system that it can exhibit the same symptoms as if a computer were to get a virus.

There a numerous signs that can point towards a spyware infection. A couple symptoms are listed below:

01. Slow boot times, when a system used to be fast.
02. Overall performance slows down.
03. Getting popup ads even when you are not online.
04. Programs or shortcuts added to menus that you did not put on your system.
05. Programs that tell you they found spyware on your PC that you did not install.
06. Frequently getting disconnected from the internet.
07. Memory errors or BSODs [Blue Screen of Death]
08. Added toolbars in your internet browser that were not installed by you.
09. A changed wallpaper or homepage that you did not set.
10. Not being able to boot into Windows.

Those are just some of the most common symptoms caused by malicious spyware on a system.

Now that you can recognize some of the symptoms of spyware we are going to talk about the steps you can take to protect yourself and you system from these types of threats.

I Have Spyware!!! How Do I Remove It?..

So after reading the general symptoms above you have come to the conclusion that your machine is most likely infected with spyware. The first important rule is don’t panic.

Since we are going to be walking through a multi step process for cleaning up your system you will need to be calm and patient to make sure you follow this guide in its entirety to fix the problems with your system.

In most cases, almost all spyware infections can be cleaned and corrected without needing to do a complete reinstall of Windows. That is the one advantage of being infected with spyware over being infected with a virus.

The first thing we need to do to clean the system is install Anti Spyware programs. These are programs that are designed like Anti Virus programs except their main functions are to find and clean spyware off your system. I am going to recommend 4 main programs in this guide that we use in house when customers bring in infected machines. These programs do an excellent job of eliminating almost any threat on your system.

[NOTE: All the programs and links below are resources you can use FREE of charge. Some of the companies may ask for donations if you like their products but you are not required to pay for the use as they provide them as a benefit to the computer community. If you really like a program feel free to make a donation, if not they are still happy you like their software and hope you’ll recommend it to a friend.]

SpyBot Search & Destroy:

The first program we are going to download is called “SpyBot S&D”. The S&D in the program name stands for “Search and Destroy” which is exactly what this program does to malicious spyware. The SpyBot Homepage can be found at the following link:

http://www.spybot.com/

Once you are at their main page select your language and then it will take you to the homepage. After you are there select the “Download” link in the upper left corner of the menu. It will take you to a page that you can scroll down through to find the link:

Spybot – Search & Destroy 1.4 – product description
md5: C1A843913269018A8FC962407D7E5169

This is under their “Download” icon, and if you look to the right of that info you will see a “Download Here” button. Click on this button and it will take you to a page with multiple download locations. Any link you click on will take you to another site that hosts the SpyBot program. In this case I am going to click on the top link and it takes me to the “FileForum” website.

In the top right of my screen there is a “Download Now” link and when you click on this the page will change and a “Save File” window should now open. I recommend saving the program to your desktop so it is easy to find.

Once the download is complete you should see a file on your desktop named:

spybotsd14.exe

Double click on this file and follow the install wizard to setup the program on your system. Go with all the default options and it should install pretty quick on your system. Once it is complete click the “close” button to finish the installer.

You should now have a Window that says “Completing the SpyBot Search & Destroy SetupWizard“. Make sure the “Run Spybot.exe” option is check marked and click the “Finish” button to complete the install and run SpyBot for the first time.

The first time you run the program it is going to take you through a setup process. You can go with the default options for most of the questions. I would recommend clicking the button “Create Registry Backup” on step 3 of 7 so you have a restore point if the program takes off anything invasive that you actually need. When you select this option it will take a couple minutes to finish the operation.

Once you have done that click “Next” and do the “Search for Updates” option. When you click that button the program should go online and then show you a window with a list of all available updates. In the same window that you click Search for Updates you should now be able to choose “Download All Available Updates“. Do so at this time.

As it downloads the updates you should see each option in the window behind it gain a green checkmark beside it. This shows that the update was downloaded successfully. If one does not download completely let it finish and then click the “Search for Updates” button in the main window of the program once the small window is gone. [It will be the third button down on the list with the world icon.]

Now that you program is completely up to date lets do one thing before we scan for spyware. In the left hand menu you will see 5 icons. Select the middle icon that says “Immunize” This will take you to a new window that will do a check to see how vulnerable your computer is.

It will do a quick scan and then tell you “Warning” “xxxx bad products already blocked, xxx additional protections possible. Please immunize.” Go ahead and click the “OK” button. Now it will take you to the Immunize main screen. Select the “Immunize” icon in the top left hand portion of the main Window. It has a green + sign next to it.

When you click it, you will see a progress bar go across the screen and once it is complete it will give you a message “Immunization has finished” “9812 bad products are now blocked.” The number may vary depending on your system and the version of SpyBot, but sadly enough my system just got immunized for almost 10,000 products classified as spyware. [Now you see how bad the spyware trend really is]

Once we are done here, go back to the left menu with the 5 icons and select the one on the top that says “Search and Destroy“. Now that the system has been immunized we are ready to attempt to remove spyware.

When you click the top button it will take you to a new window with a “Check for Problems” button on the top left hand side of the main window. Click this button now. The button will now turn into a red X that says “Stop Check“. Let the program do a complete scan at this point.

You will see a progress bar at the bottom of the screen that shows you a percentage of how much longer is left on the spyware scan. I would recommend getting up now, and getting a drink or making a snack because the scan will take anywhere from 5-25 minutes depending on your system.

Once the scan is complete any malicious files that are found will appear in the window in red. You will also notice that they have a little box next to them with a check mark in it. The program flags all the files with the check mark by default so all you need to do is click the button at the top that says “Fix Selected Problems“. Once you click this button anything with a check mark next to it will be removed from your system.

When I did my scan it came back with one file found that you can get details on by clicking on the + sign next to the file name. This will show you extended details about the problem. In my case the file found was a “Tracking Cookie”. This is by far the most common form of spyware, and low on list of actual threats. In any case we want our system totally clean so once you check out any details [if you even want to] click the “Fix Selected Problems” button and the program will now clean off the spyware.

Once you click the button a window will popup that says “Confirmation” “You are about to remove these entries. Do you want to continue?

Go ahead and click the “Yes” button. You will now get a second “Confirmation” window that says “1 problem fixed” [or however many you had. In my case just the one tracking cookie.] Click the “OK” button.

The Window will now look like the spyware is still on the list, but don’t worry. You see the big green check mark by the name now? That means the spyware has been removed. If you have any doubts feel free to scan the system again to make sure it was completely removed. Otherwise go on to the next part of our guide.

[NOTE: Some spyware will reinstall itself on your system even after it is removed by Anti Spyware programs like SpyBot. If this happens it is not a failing of the Anti Spyware software. It means the spyware you have is very malicious and was written to propagate itself on the system. Continue with the guide and one of the following steps should correct the issue.]

We have now concluded how to setup, immunize and run SpyBot S&D to protect your system. This is the first step in cleaning off any threats that may exist on your computer. Go ahead and close down SpyBot and continue to the next part of our guide.

Downloading and Installing Lavasoft Ad-aware:

The next program we are going to use is called Ad-aware and was created by a company called Lavasoft. As the name implies it scans your system and makes you aware of any current threats, and once they are found it will remove them like SpyBot did. It’s good to run multiple anti spyware programs because one will usually pickup something another program missed. I have found that Ad-aware and SpyBot are a nice compliment to one another when you are trying to get all the spyware off your system

The first thing we need to do is go to the Lavasoft Homepage and download a current version of Ad-aware. The homepage can be reached at the following link:

http://www.lavasoft.de/software/adaware/

[NOTE: The above is actually the download page which is link #1 through Google when you do a search for Ad-aware. I don’t like to hotlink people but I want to ensure anyone reading this guide gets the correct version of the program. If you like their program and would like to show your appreciation please visit their homepage here:

http://www.lavasoft.de/

So they know people are getting good use out of their software. Thanks]

From the download link above it will take you to a page that has a red button on the top that says “Download Now“. When you click on this button it will take you to CNET’s Download.com page that is hosting the program download.

In the top left of the main window you should see a green button with arrows on it that says “Download Now“. Click on this button and it will take you to a second page and open a “Save As” window. Once again save the installer to your desktop so it is easy to find and click “OK“.

Once the download is complete go ahead and click on the “aawsepersonal.exe” file that should now be on your desktop. Once again go with all the default options on the installer Wizard and once it’s complete it will open to a window with 3 check boxes.

Make sure that these two options are checked:

Perform a full system scan now

Update definition file now

You can leave the last box unchecked which is the option for “Open the help file now” since our guide will help you through how to use this program and keep you on the fast track to cleaning up your system.

Go ahead and click finish and you will see a window that says “Performing Web Update“. Once the progress bar is complete the program will automatically begin scanning your system for problems.

In the top of the window you will see a “Current Operation” section. While the program is running you will see the “Objects scanned” number constantly changing. Down below this you will see the “Summary” portion of the window. Anything that shows up in Dark Red in the Summary window is spyware.

The program will show you spyware it finds with different classifications that are noted next to the number of spyware it finds. Once it’s done it should take you to a “Scanning Results” page. This is very similar to the SpyBot page expect Adaware does not automatically check mark the spyware for you. This can be frustrating if you have 100+ files that need to be removed but they added a good feature to the program that will allow you to check them all at once.

Once you have your list of infected files you can make sure they all get check marked by “right” clicking on one of the files and choosing the “Select All Objects” option from the popup menu. Once you have done this all the items should now have check marks next to them. When they are all checked click the “Next” button in the lower right hand corner.

A new window will popup that says “Ad-Aware SE” “28 objects will be removed. Continue?“. [The number will vary but my scan found 28 items. 27 were tracking cookies, and 1 was low threat spyware.] Go ahead and click “OK” and you will see a quick progress bar go by, and now Ad-aware has removed all the spyware it found on your system.

At this point you can close down Ad-aware and you have now completed the second section of the Spyware removal guide.

[NOTE: The next time you run Ad-aware on your system you will be given an option to do a “Smart Scan” or “Full System Scan”. If you have a really bad spyware infection you may want to choose the “Full System Scan” option which will take longer but is more thorough.]

Check Your System Status At This Point?

Ok, we have covered a lot of ground up to this point. You are now at a point where any minor threats should be taken care of and removed. Take a look at your system. Is it running better? Does it seem like the problems have been resolved? If not there are still 3 more steps you can take to ensure that your system is fully restored to its original state, short of formatting your hard drive.

If it still seems like you are having problems you may want to finish the next part of the guide to make sure everything is back in order.

One type of spyware that can linger around more than any other is known as “Hijacker” spyware. One of the most notorious types of this spyware is the “about.blank” homepage hijacker.

This is a very annoying piece of spyware that takes over you homepage and sets it to something new that you did not specify. It also does a good job of coming back once it has been removed. A good program I have found for taking care of this problem is called “Adware Away“.

[UPDATE: Adware Away is now a PAID program since so many people are using it. Unfortunately the company decided to no longer offer a free trial, but if you are sick and tired of dealing with the about.blank homepage hijacker or other Hijackers [and can't afford to format your hard drive] you might be interested in the following section. I think it’s unfortunate that they no longer offer a free version though.]

Downloading and Installing Adware Away: [LINK]

In an effort to offer a FREE alternative anti hijacker program to Adware Away I am recommending “Hijack This“.

Hijack This is a freeware scanner that checks for programs that exhibit the behavior of Hijacker Spyware.

First we need to get a hold of the program and install it onto the system. You can find it by doing a search for it through Google:

Hijack This

http://www.google.com/search?hl=en&q=hijack+this&btnG=Google+Search

The first link through the Google search at www.majorgeeks.com works good to download the program [refer to the Google search link above]. When you click on their site they will give you a list of mirror sites that you can download the program from. I went with the top link in Texas which downloaded the program quickly for me.

Once you click on the mirror link wait a couple seconds and your download should automatically start. You will see a “Save As” window, and once again lets save the program to the desktop.

You should now see a file on your desktop named:

HijackThis.exe

Go ahead a run the program and it will open a “Warning” window telling you that this program does not specifically look for Hijackers but any programs that exhibit Hijacker behavior. Because of this be careful what you remove. Software such as web toolbars and pay per click programs may stop working if you remove them from your system.

[Or something along those lines. It only displays the message the first time you run the program so I do not have the exact message]

Click “OK” and then it will take you to the main Window of the program. From here you will want to click on the top button that says “Do a system scan and save a log file“. It will do a very quick scan and then open a file in notepad named “hijackthis.log“.

Go ahead and close the notepad file and take a look at the scan results. The window has a warning at the top that says:

Below are the results of the scan. Be careful what you delete, HijackThis cannot determine what is bad and what is merely customized by you. The best thing to do is save a log file and show it to knowledgeable folks.

This is where the notepad file will come in handy. What you will want to do is post your HijackThis log file on a forum where experts can analyze it for you and tell you what the threat is on your system. One good resource for this is a forum that specializes in HijackThis log files which can be located here:

http://www.bleepingcomputer.com/forums/

and look for the section that says:

HijackThis Logs and Analysis

This way you can get help from people who are used to dealing with these types of spyware and hopefully get the Hijacker removed from your system.

I Have Tried All of the Listed Steps and My Computer Is Still Acting Strange:

At this point I would start to wonder if you problem is spyware related or if maybe it is a virus that is affecting the system. As mentioned in the beginning of the guide viruses can exhibit very similar behavior although they can be much harder to pin down, and remove.

If this is the case you have a couple options available to you. You can try the following:

01. Go to www.PCPitstop.com and check for bottlenecks on your system.
02. Run Anti Virus and Virus Protection Programs to Remove the Problem.
[LINK]
03. Attempt to do a Windows Repair / Recovery Installation
[LINK]
04. Do a Full Format and Clean Reinstall of Windows to Guarantee the Problem Gets Fixed.
[LINK]

If the first three links don’t help you the fourth is bound to work since a clean reinstall will fix any problems except hardware issues. Just make sure you have all your data backed up before hand since any information on your hard drive will be lost.

Overall I hope this guide helped in resolving any serious spyware issues or problems you are running into on your system. The methods mentioned above are good habits to get into for maintaining your system. If you keep your anti spyware programs up to date, and do scans on a regular basis you will notice improved performance and better overall stability on your system which will lead to you enjoying your system that much more! Good luck.


Bookmark and Share


You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Write a Review