There was an error in this gadget
There was an error in this gadget

Friday, July 31, 2009

How to remove spyware from your PC

Stop spyware from slowing down your system with these tips.


These days it may seem as though the short list of unavoidable perils ought to be expanded to include death, taxes and spyware. But if you ever do get infected with some nasty piece of malware, all you need to get rid of it are the right free tools, some time and a little know-how.

A couple of warnings first: removing spyware is as much art as it is science. The rogues who create spyware make removing their malicious programs as difficult as they can. In addition, some types of spyware download and install additional components, often hiding pieces of code from Windows to make removal even harder. The instructions below will wipe out most forms of spyware, but your machine's infestation may resist these measures. If so, you may have to consult a professional PC repair person. Or you can start afresh by reformatting your hard drive and then reloading Windows, your apps and your data files.
Note too that, if you perform certain removal steps improperly, your PC could become inoperable. Our instructions call out these danger spots, but if you don't feel confident about performing them, ask for help from a knowledgeable friend or from the experts on a spyware-removal web forum such as TomCoyote, Geeks to Go or SpywareInfo.


Make sure it's an infection
How do you know whether your PC has an active spyware infestation? Slower-than-normal performance is the most common symptom people report, but such behaviour can also be due to any number of factors unrelated to spyware, such as running too many applications with too little system memory, having a full or very fragmented hard drive, or running buggy software that fails to free up the memory it uses after you close the application. Your first task is to determine whether you have a spyware-related problem or just a slow machine.
Download the latest versions of these tools:

  • Microsoft's Malicious Software Removal Tool. This program is updated monthly, so always download the latest version before you use it.
  • Microsoft's Windows Defender. Windows Vista has Defender built-in, but if you suspect that you have spyware on your PC, update the program so it can find the newest bad stuff.
  • Avira Antivir PersonalEdition Classic, a free antivirus program--if you don't already have up-to-date antivirus software.

Since some spyware applications prevent you from downloading these tools, or from visiting the websites that host them, download the programs to another PC that you know is free of spyware. Then copy the installers to a portable USB drive, and plug that drive into the machine you suspect is infected.
Start by running the Malicious Software Removal Tool. This program is designed to search for and destroy only a small fraction of malware, but the ones it finds are the most serious strains of spyware and virus you can get. (For more PC tips, check out 35 things every PC user should know.)
If that program doesn't find anything, run the installer for Windows Defender (if it isn't already installed on your PC) and make sure that the program downloads its updates. Then click the downward-pointing arrow to the right of the word 'Scan' at the top of the Defender window and choose Full Scan. If Defender finds malware, follow the on-screen instructions to delete the harmful files. This may require one or more reboots, because some spyware won't let you uninstall it while Windows is running.
If Defender fails to find anything, or if it finds spyware that it can't delete, it's time for a full antivirus scan. If you're using an antivirus program that is already loaded on your system, make sure that it's updated. If you're using AntiVir, run the installer, and then reboot. When AntiVir is running, you'll see an icon in your system tray showing an open umbrella inside a red square. Right-click the icon and choose Start AntiVir. Click the Start Update link in AntiVir's program window and, when the update is complete, click the Scanner tab, choose the Local Drives option in the lower pane, and press the <F3> key to begin scanning your hard drive. If it finds anything, AntiVir will pop up a dialog box. Select either Quarantine or Delete to remove the suspect files that it identifies.

Manual analysis
One of these three programs should detect and remove any spyware on your PC. In the unlikely event that you have picked up a brand-new specimen that isn't yet included in the anti-spyware databases, you'll have to do some cyber-investigating to find and eject the interloper.
First, examine every process running on your machine to determine whether any of them is a piece of spyware. Window's Task Manager isn't up to this job because many spyware apps specifically hide themselves from it. Fortunately, they are less skilful at hiding from the many Task Manager alternatives. Two of my favourites are Process Explorer (which is free) and Security Task Manager (which comes in free and paid versions). Currently, only Process Explorer, which is now owned by Microsoft, is compatible with Windows Vista. A Vista-compatible version of Security Task Manager is coming, according to its producer, A M Neuber Software. Either of these programs will show you everything that's running on your PC, and will help you determine whether a particular application should be there.
Warning: stopping system processes and applications in this manner is risky. In some cases, if you kill the wrong program, Windows will shut down and reboot as a safety measure. While you probably won't render your system unworkable, you should back up all important documents and set a System Restore point (click Start, All Programs, Accessories, System Tools, System Restore, and follow the on-screen instructions).
Start one of the alternative Task Managers mentioned above, and closely examine the list of running applications on your PC. You're looking for something that's either out of place or behaving oddly. If you're using Process Explorer, unzip the archive you downloaded and double-click the ProcExp.exe program. Click OK after you read the initial dialog, and you'll be presented with a colour-coded list of everything that's running: programs highlighted in pink are Windows services; those in grey-blue are applications. Right-click the bar with the column names (it's just above the list of programs), and choose Select Columns. Check the Command Line box and click OK. A new column will appear, showing you the full path to each running app.
If you're using Security Task Manager, double-click the installer and step through the dialog boxes to complete the installation. The first time you run the program, it will take a moment to scan your PC. Unlike Process Explorer, Security Task Manager doesn't list Windows's own system processes (other than Explorer.exe) on this initial page. If you want to see those, click the Windows Processes button on the toolbar. The higher the utility's rating for a program, the more suspect it is. As you click the entries, the program tells you why it rated the selected application as it did. However, many legitimate programs engage in activities that Security Task Manager views suspiciously, so don't just assume that anything with a rating above 50 is dangerous. Instead, use the rating as an indicator of what to look at first.
Here's where it gets tedious: if you don't know what a particular program is, what it does or where it's supposed to live on your hard drive, you'll have to do some research. Check out the list of processes that are known to be either benign or malevolent at Uniblue Systems's WinTasks Process Library. Alternatively, you can enter the filename in a search engine and look through the results for a description of the process. Some legitimate processes get a bad rap as spyware, so it's important to corroborate any negative reports you discover.

No comments:

Post a Comment

There was an error in this gadget
There was an error in this gadget