|
The intent of this website is to give you a process for not only
removing spyware from an infected PC, but also to keep your system well
maintained. The website is split into two areas, the first
is a stripped down version with links and the order in which you should do
things. The second gives some more detailed
information about what to do for each step. All software listed here is free for personal
use, I do not plan on ever listing software that you would have to pay
for. Please keep in mind that this
guide mainly refers to Windows 2000 and Windows XP users; if you are still
using Windows 95/98/ME, you should consider upgrading.
Before you perform the instructions here, it is a good idea to backup
your
important files, including your Registry.
One other thing to note, I've removed version numbers from the
software listings as it was becoming a hassle to keep updating this page.
The links point to the software author's download section for that specific
software, so you should always see the latest version when using the links.
Updated 02/16/2006
A.
To scan and clean a machine
1.
CWShredder by InterMute
2.
Ad-Aware SE Personal
3.
Spybot Search
& Destroy
4.
Microsoft Windows Defender (was MS AntiSpyware) (MajorGeeks.com)
5.
ewido anti-malware
6.
Microsoft Windows Live
Safety Center (BETA)
7. Advanced users
only (due to effect on the Registry and other important system files)
a. 'Start-Run-msconfig'
b. HijackThis!
B.
Take some preventative measures
1. Spyware Guide Registry Modification
2.
Spyware Blaster
3. Run Windows Update
4. If you are a cable modem or dsl user,
purchase firewall software or a hardware router.
5. Consider switching to an alternative internet
browser to Internet Explorer.
C.
Run an anti-virus program
1.
AVG 7.0 Free Edition
OR
2. avast
4.x Free Edition
D. Perform some
general system maintenance
1. Run the Windows Cleanup! utility
2. Run check disk
(2000
XP) on your system
3. Defragment your hard
drive(s)
E. System still
is having issues (advanced)
1. Run the System File Checker
(info: 2000
XP)
2. Run the System Restore
(info: XP
only)
3. If that doesn't work, you probably need to
reinstall
your OS over your existing installation
4. If all else fails, it's time to start over
completely (THIS
WILL DESTROY ALL OF YOUR DATA ON THIS PARTITION, you have been warned)
The same information with more
detail
A.
To scan and clean a machine
1.
CWShredder by InterMute
What to do: Download, install and run the scan. For better results,
run in Safe Mode (hit F8 before Windows loads). If this program
refuses to run, you may need to download and install PepiMK's CoolWWWSearch.SmartKiller removal tool
first.
2.
Ad-Aware SE Personal
What to do: Download, install and let it automatically update and
scan. For better results, run in Safe Mode.
3.
Spybot Search
and Destroy
What to do: Download, install (it's up to you if you want Tea Timer
or SD Helper at time of install - I personally would NOT install them), update, re-run the program, and scan. For better results, run in Safe
Mode.
4.
Microsoft Windows Defender (was MS AntiSpyware) (MajorGeeks.com)
What to do: Download, install.
It runs as a service now, so normally it will not show up on your taskbar (if it
does, it will appear like a castle wall). If you do not want real time
protection turned on, you need to go into Tools - General Settings and uncheck
the box(es) for it.
There seems to be an issue with
Windows 2000 SP4 (receive a GDI+ error during the install, then installation
fails). You may be able to fix it by downloading
this. Put the 'gdiplus.dll' file into C:\WINNT\SYSTEM32 and try to run
the installation again.
Please note: Windows Defender (Beta 2)
does not run on the Microsoft Windows Me, Microsoft Windows 98, or
Microsoft Windows NT operating systems.
5.
ewido anti-malware
What to do: Download, install, update, and run a full system scan.
Remove anything that is found. I'll leave it up to you if you want to
leave it running (like MS AntiSpyware), though I don't suggest running both
simultaneously (no reason to waste the system resources).
From their website (in regards to someone possibly believing the use of
this software isn't "free" as I promised would only be on the site):
"This setup contains the free as well as the plus-version
of the ewido security suite. After the installation, a free 14-day test
version containing all the extensions of the plus-version will be activated.
At the end of the test phase, the extensions of the plus version are
deactivated and the freeware version can be used unlimited times. The
purchased license code of the plus version can be entered at any time."
6.
Microsoft Windows Live
Safety Center (BETA) What to do: Go to the website
and click the 'Full Service Scan' button and do a 'Complete scan.' This
takes quite a bit of time, and keep in mind this is still in beta.
7. Advanced users
only (due to effect on the Registry and other important system files)
a. Use 'Start-Run-msconfig' to see
what programs are loading at startup, and removing ones you know to be
spyware. This file/program doesn't come with Windows 2000, but you can
download it here.
b. You can use HijackThis!
to scan your Registry and use it to remove offending entries.
B.
Take some preventative measures
1. Spyware Guide Registry Modification
What to do: Download and install.
2. Spyware
Blaster
What to do: Download, install and let it run. Check for updates and
then Enable All Protection. Close the program (this is how it works).
3. Run Windows Update
What to do: Download and install all critical updates. Download and
install other updates as you deem necessary. You should also consider turning on Automatic Updates (located in the Start/Settings/Control
Panel) so that this is done automatically for you in the future.
4. If you are a cable modem or dsl user, purchase firewall software or a hardware router.
What to do: Though this may not have an impact on spyware directly, it will
help to protect your machine from other types of attacks. Because of the
many options available, I think it best that I leave it at that - do some
research to find the best option for you and your price range.
5. Consider switching to an alternative internet
browser to Internet Explorer.
What to do: I would suggest downloading and using Firefox.
C.
Run an anti-virus program
1. AVG 7.0 Free Edition
What to do: Download, install, update the definitions,
and let it do a complete scan. If you have Norton/Symantec
anti-virus or McAfee (or
something else...), make sure you update your virus definitions
and then do a complete scan.
2. avast 4.x Free Edition
I do not personally have any experience with this
software, but I assume the setup process is fairly straight-forward.
I hear this is as good, if not better, than AVG.
DO NOT run both AVG and avast at the same
time.
D. Perform some
general system maintenance
1. Run the Windows Cleanup! utility
What to do: Download and installation instructions can be found here.
Please keep in mind that this utility will empty your Recycle Bin. If you are running Windows XP and do not want to download this software, this
website details how to use the built-in Disk Clean-Up Utility.
2. Run check disk (2000
XP) on your system
3. Defragment your hard drive(s)
What to do: On Windows 2000/XP: Right-click your My Computer
icon on your Desktop and left-click Manage. Left-click on DiskDefragmenter on the left. Left-click on your drive and then click the Defragment
button. Tip: this will go much
faster if done in Safe Mode then a normal boot
E. System still
is having issues (advanced)
1. Run the System File Checker (info: 2000
XP)
2. Run System Restore (info: XP
only)
3. If that doesn't work, you probably need to reinstall
your OS over your existing installation
What to do: Boot from your Windows CD and reinstall Windows. It is highly
likely that you will need to reinstall your programs and do all of the Windows
updates again, but your files (like Word docs, etc.) should stay intact.
4. If all else fails, it's time to start over
completely (THIS
WILL DESTROY ALL OF YOUR DATA ON THIS PARTITION, you have been warned)
a. Boot from your Windows 2000 or XP CD and delete the partition
containing Windows, and recreate the partition. Then reinstall
Windows to this partition. You will have to download and install
all of the Windows
updates again and install all of your programs. If you made backups of
your data (I hope you did!), they can be copied back over at this time.
You should also repeat the steps in B,
C and D.
b. Another option if you have a computer that came with its own Restore CD,
you can probably use it in place of booting from the Windows 2000 or XP CD.
Normally those CDs will wipe out your system entirely and put the computer back
into the state it was in when you bought it. You shouldn't have to do
anything with the partitions if using a disk like this. You will
have to download and install all of the Windows
updates again and install all of your programs. If you made backups of
your data (I hope you did!), they can be copied back over at this time.
You should also repeat the steps in B,
C and D.
-Thanks to JoshB, Chas!, and topsoill at the http://www.arstechnica.com
forums for their additional input.
|
