TrueColor Technical

Spyware Removal - A Simple Approach

There are very few complete solutions to virus and spyware issues. The removal of these pests generally takes a number of programs, some thought, and a little bit of luck. I am going to give you a brief (not thorough) overview of the process and methods I use to find, isolate, and remove unwanted applications, spyware and viruses.

As an onsite computer repair tech I sympathize with my customers concerns about spending money. Fortunately some of the best software for this purpose is completely free, but it does take a tremendous amount of work to identify malware and create the databases to fight it so if I use a program regularly I tend to donate to the cause.

If you computer is running slowly, takes forever to start up, you get lots of pop-ups, or generally have difficulty browsing web sites it’s a sign your computer could be riddled with malware. I would highly suggest running the following two programs. They are both free and work very well. Run them one after another not concurrently.

Spy-Bot Search and Destroy (http://www.safer-networking.org/en/download/index.html ) (FREE)

Adaware (http://lavasoft.com/products/ad_aware_free.php ) (FREE).

(Click Read More for the rest)

Be sure to check for definition updates before running the initial scan. After updating Spy-Bot run the immunization this will prevent common infections in the future by way of editing your hosts file to block known malicious web-sites. (As you will notice this is very extensive.) You can just follow the on screen instructions; it is rather straight forward for both of these programs.

After the scans have completed you will be prompted with any immediate threats that have been found. You can remove these safely (click fix selected problems), although some ad supported software may not function correctly if you remove their core parts. You may find sometimes when you go to remove an entry and it will tell you that it is not possible as the file is in use. This generally means there is a process running (or file in memory) that cannot be removed while it is active. Spy-Bot will give you an option of trying to run on the next system start-up, while this is a good idea it very rarely has ever worked for me.

You will notice that in the “found threat” window of Spy-Bot it gives you some information on where the file/cookie/registry entry is located. You can use this information to remove them later using a rescue disk, or other spyware removal tool (Such as in safe mode).

A great tool that is built into windows called msconfig. Click Start->Run and type in “msconfig” with no quotes. You will notice a window pops up with several tabs. We will be concentrating on Services and Startup. The Services tab lists all running services on the machine. We are not concerned with active Microsoft processes, just the ones that are not part of windows. You will notice a checkbox at the bottom of the window that says “Hide All Microsoft Services” check this box. Take a look at the results, you will notice some applications that belong (ones you installed or should start when windows boots) and some that you have no idea what they are. Malicious software writers tend to hide bots, Trojans, and malware as services using software such as Firedeamon (http://www.firedaemon.com/). It is difficult to tell from the task manager what servicers are attached to what process. Fortunately windows has another built in tool to do just this. Open up a DOS prompt (Start->Run cmd) and type in “tasklist /svc” this will return a list of process currently running, their process ID (PID) and the services attached to that particular executable.

Disable any services you believe you do not need. You have to be a little careful and think about what software you run on your computer. If you have Anti-Virus software do not disable it's services as it will cause functionality issues. Adaware will also install a service you can leave this as well.

Now let’s move onto Startup. If your computer takes forever to be usable after logging in or just starting up, and you task bar is cluttered with icons, this is where you can enable and disable which programs run on startup. Quite honestly there are very few programs that absolutely need to run on system start (unlike services). Use some judgement; you will notice a lot of things that really don’t need to be there.

After editing these setting windows will ask you to reboot for them to take effect. When the computer restarts you will be prompted with a window that says: “Windows has made changes to the way it starts up” you can just click the checkbox that says "Don't show this message or launch the System Configuration Utility when Windows starts." This is the easiest way to stop these services and programs from starting, although it does not remove the registry key associated with those programs.

Below are a couple Anti-virus solutions that I have found to be great at what they do. Avast is free. Nod32 is worth the purchase.

Nod32 Anti-Virus (http://www.betterantivirus.com/nod32-antivirus-trial/)

Avast Anti-Virus (http://www.avast.com/eng/download-avast-home.html) (FREE)

I would highly recommend having some sort of virus protection installed at all times.

Another great tool for removing unnecessary things from your computer is CCleaner; it is a freeware utility as well and can be obtained from: http://www.ccleaner.com/ . This is an awesome program that really gets rid of all sorts of garbage. Run it often. It also has the ability to scan the registry for errors and correct them (A large registry can cause system performance issues I would suggest running this often as well.)

Well this is just a basic overview that gives you some options and tools to remove moderate levels of malware. If your computer is seriously infected you will need a little more charisma but that is beyond the scope of this article. When all else fails you can always backup and re-install.