Updated: How To Remove Spyware

Spyware, Adware, Malware, Badware....whatever you choose to call it, it's a problem. Chances are that you or someone you know has or will experience some sort of 'ware' infection on a computer and it can be frustrating.



What is spyware?
Spyware is malicious software that collects information about a user and is installed on a computer without the user's informed consent. Not to be confused with a virus.
There are many different types of spyware.

• Adware - is a type of spyware that collects information about a user in order to display targeted advertisments to the user.


• Browser Helper Objects (BHOs) - is a plug-in for Internet Explorer which helps developers customize and control the browser.


• Browser HiJacker - is when a malicious application adjusts your browser settings without your concent. For example: your homepage has changed to a search page, dangerous sites have been mysteriously added to your Favorites, questionable websites are added to Internet Explorer's list of Trusted Sites etc...


• Keyboard Logger - logs all the activity of your keyboard and reports this information back to a remote computer. This information can be used to steal passwords, bank information etc...


• Phone Dialer - AKA - Modem HiJacker - this type of application changes the phone number dialed when using a dial-up Internet connection so charges are incurred on the users phone bill.


• Remote Access Trojans (RATs) - malicious programs that run on a user's computer which permits an intruder remote access to that computer.

How do I know if my computer is infected? What are the signs of spyware?

• slower than normal computer? - Is your computer having trouble performing routine tasks? Has there been a sudden increase in the amount of times your computer crashes? Does your computer not start at all?


• homepage has changed by itself? - Has your homepage been hijacked? Does it open to a search page that you did not specify?


• pop-ups driving you crazy? - Do they appear as soon as you turn on your computer? Are they for adult websites? Some spyware will bombard you with popups that aren't even related to the website you are visiting.


• browser settings have changed and you can't change them back? - When you open up Internet Explorer does it open to a search page that you did not specify?


• new browser toolbars installed - but not by you? - Is there a mysterious toolbar installed on your browser?


• phone bill sky-rocketed - Do you see charges on your phone bill for adult websites or 1-900 numbers?


• unexpected new or new icons in your system tray? - Are there applications running on your computer that you did not install?

Now that you know a bit about what spyware is and how to tell if a computer is infected, let's get down to the removal process. First things first - backup your personal data! You should be doing this regularly anyway. Using Windows XP - Click Start >> All Programs >> Accessories >> System Tools, and then click Backup to start the wizard.



To remove spyware/adware you need two programs (maybe three). The two I recommend are SpyBot Search & Destroy and AdAware. SpyBot Search & Destroy can be found here www.safer-networking.org. AdAware can be found at this address www.lavasoftusa.com. The Third is an application called HiJackThis (which can be found here www.spywareinfo.com). Be warned, HiJackThis is for advanced user, the is a powerful tool! Consult the program's documentation before deleting any files, you could cause serious system damage if you do not know what you are doing.



Download, install and update the programs. Then restart the computer and tap the
F8 key on your keyboard as the computer begins to start - this will give you the
option of starting in 'Safe Mode'. You will see a few other options here as well.
For this particular job select 'Safe Mode'.

What is Safe Mode? Safe Mode is an alternate way of starting a computer using only the bare minimum of resources. It's a troubleshooting tool built into indows based operating systems.



If a computer is running in Safe Mode you should see that the screen resolution looks 'off', which is perfectly normal, and you should see the words 'Safe Mode' in the corners of the screen.

Run full system scans with both programs. They should be able to find the problems and remove them. To learn how to remove a particular item using SpyBot and/or AdAware consult each program's 'Help' documentation.



Next, restart the computer in "normal mode" and see what happens. If you are still experiencing problems start the computer in Safe Mode again and run the spyware scans once more. Make sure that the spyware definitions are up-to-date for each program before using Safe Mode. This will give you the maximum advantage when trying to detect and remove malware.



There is another tool built into Windows called MSCONFIG which I use quite often when troubleshooting spyware.

What is MSCONFIG? MSCONFIG is a special tool built into the Windows operating system (not included with Windows 95 and 2000) called “Microsoft System Configuration Utility” or “MSCONFIG”. MSCONFIG is designed to help you troubleshoot problems with your computer such it being slow, frequent crashes, as well as to remove spyware and viruses. As you may already know, running many programs at once will cause your computer performance to slow down. Don't forget, Windows also runs many programs in the background that you never see, you can use MSCONFIG to prevent some of programs from loading at startup which can greatly increase the speed at which your computer runs.

To access MSCONFIG Click Start, then click Run and type “MSCONFIG” or "msconfig"
(without the quotes), in the window that opens. Once MSCONFIG opens you will see
6 to 8 tabs (depending on which operating system you are using) which provide
access to various parts and processes that Windows uses. The tab you are interested
in is on the far right, it s called “Startup”. It controls which processes start
automatically when Windows loads. If this is the first time you are running MSCONFIG
you may notice that the list of start up items is quite long. You will see four
columns: the first is a column of check boxes, the second is the name of start
up item, the third is where the item is located on the hard drive and the fourth
is the registry location.



To remove an item from the start up menu remove the check mark from the corisponding check box. To instruct a process to run on start up put a check mark in the box.



By now you might be asking, "Which processes are safe to remove?" This is where it gets tricky. An easy way to determine whether a startup item is needed or not is to do a Google search for the process name and see you if you can safely remove the item from the start up menu. Many autostart entries are crucial part of Windows XP, for example: Userinit.exe and Explorer.exe, so don't remove these.



Once the computer is clean you should follow these tips to keep spyware and adware off your machine.

• Install anti-spyware software before you get infected


• Install a software firewall - a firewall acts as a barrier between your computer and the Interent, you can find many free for personal use - software firewalls. ZoneAlarm is a great free choice and can be found here www.zonelabs.com.


• Keep Microsoft Windows Up-To-Date - with Windows Update. Microsoft often releases software patches which you can download and install to help prevent malicious software from being installed on your PC.


• Stay away from questionable Websites! - you know what I am talking about!


• Use a secure Web Browser - such as Mozilla Firefox

When troubleshooting a computer with spyware problems the most important thing is to remain patient. I have personally removed over 30,000 infected files from computers over the past two years. I have had a 100% success rate thus far using the methods described above!



Good Luck!

Author: Michael McKennedy - http://www.MalwareSolutions.com



Resources:

http://www.malwaresolutions.com/what_is_spyware.html

http://www.malwaresolutions.com/tools_spyware.html

http://www.malwaresolutions.com/how_to_remove_spyware.html

http://www.malwaresolutions.com/how_to_use_msconfig.html

http://www.malwaresolutions.com/how_to_backup_files.html

Free Anti-Spyware Software

Free Anti-Virus Software

Search Malware Solutions

Spyware Problems? Search For The Solution

Virus Problems? Seach For The Solution

MalwareSolutions.com

The new website has gone live. It's been completely rebuilt again. I am getting great results with the new format and layout. Seems like people are having a much easier time locating the free anti-virus/spyware removal software and advice.

If you are looking for a way to remove viruses for free go here for free anti-virus software

Trying to get rid of spyware? - click here for free spyware removal tools

Sunday, June 25, 2006

I have been focusing most of my attention on websites. This is one that I have been actively working on www.creativequestvt.org

My own site is coming along as well. I have been focusing on gathering as much information about virus removal and free anti-virus software as I can find. The goal is to enable users to help themselves in removing viruses and spyware from their infected computers. Another focus is to look at the preventative side of things. Not only do I want people to be able to repair their computers for free that's why we offer free virus repair plus many links to free resources about removing viruses from an infected PC. The goal is to educate about viruses and spyware that's why we have added a few new pages What is a virus? and What is spyware?

You can now search our site for free virus removal tools - search by virus name.


I have been getting a lot of feedback lately from people who have found all of this free information useful. Therefore, here is a sitemap of VPC Solutions.com.

home

    what is spyware?

    what is a virus?

    services

        repair

        installations

        web design

        security

        existing clients

                client projects

        contact information

        legal information

        privacy statement

    shopping for software

    free downloadable tools

        free antivirus software

        free virus removal tools

        free firewalls

        free microsoft tools

        free misc tools

        free spyware removal tools

        free web browsers

        contact information

        legal information

    free Windows resources

        forums

        networking information

        spyware information

        anitivirus information

        Windows information

        contact information

        legal mumbojumbo

    VPC Solutions blog

    VPC Solutions forum

    search

    news archives

        2005 News Archives

Monday, April 11, 2006

Busy, busy, busy - too busy to blog! Over the past few months I have been keeping busy with websites. I completely overhauled this site The Spirit of Ethan Allen III. I did some more work on this site Welcome Kitchen Catering. I started a new site for the Creative Quest Summer Arts Day Camp and I got a call over the weekend about building a site for Onion River Chiropractic.

I worked on one computer (another Dell) where the client suspected spyware, or possibly a worm. The only sign of anything wrong (according to the client) was that the computer was running slowly. I picked up the machine, brought it to my shop and began the usual process of checking for problems (check startup menu, scan for viruses, spyware and adware etc..). As usual there were a few spyware findings but nothing critical - just tracking cookies. The end result was $50 in RAM (giving the machine a total of 512 MB) and two hours of my time and the machine is running perfectly.

I worked on another Windows 98 machine. This one had some problems, nothing major, just some spyware. The complaint was that the machine was spitting out errors when attempting to run some kids games. I don't mean graphics intense games or anything that is demanding of resources. The machine wasn't even going to have Internet access. I cleaned the machine removing five or so spyware applications and then I was tasked with installing about eight kids games -easy money! I picked that one up on a Sunday evening and dropped it back off on Tuesday. The clients were quite happy.

I was supposed to pick another computer up yesterday. I got a call over the weekend from a woman who didn't know what the problems were. I asked her if she could tell me what operating system she was using and she didn't know. When I asked what kind of problems she was experiencing she said that it was slow and the cd drive would not open. I was scheduled to pick it up yesterday at 3:00 but early in the morning I got a call from her husband who left me a message stating that he did not want to waste a "few hundred bucks" on a machine that is obsolete (about three years old!) so he went out and bought a new one. He said, "I am just going to throw the other one away!" I hope that he really didn't mean what he was saying. I hope her recycles the thing!

Also yesterday, I went to a house to troubleshoot a problem with a game "The Battle For Middle Earth II". The problem is that when the game is run it crashes and reports that there is a problem with game.dat. Upon investigation (Google) I realized that this computer is not alone! There are many users experiencing the same problem. It looks like the solution is going to be a video card driver update. The computer is lacking access to the Internet so I was not able to update the driver but I was told that they would be getting Internet access soon. The sad part is that this poor kid saved up $50 to buy the game and he has not been able to play it!

Monday, January 16, 2006

I created the VPC NewsLetter this weekend. The first mailing went out yesterday. You can sign up for it by clicking here.