The first sign of a spyware infestation is the PC starts misbehaving - you can't shutdown certain programs, the machine is sending data over the internet even when you aren't browsing and programs that have never asked to access the internet before suddenly try to go online.

You believe spyware has got onto your machine.

The first step is to detect spyware and obviously the next step is to use spyware remover software to get rid of it.

The problem is spyware has evolved considerably over the last few years. It used to trick users into clicking "OK" on a dialog box before malicious code could be installed. Now it exploits security loopholes in browsers to install silently (often called a "drive-by" download) and worse yet, it uses rootkit technology to conceal its presence from both the operating system and the software used to remove spyware.

The plain truth is spyware tools haven't kept up with the state of the art in spyware technology that allows spyware, trojans and other malware to remain hidden on your PC. Spyware killers can't eliminate spyware that they can't find. Rootkits can hide even old spyware from the best spyware checker. There are a handful of tools such as rootkit revealer, process explorer, autoruns and hijackthis that allow a knowledgeable person to locate and remove spyware manually but they are definitely not for the beginner.
These programs will allow you to really mess up your computer, if you don't know exactly what you are doing.
Owning a scalpel doesn't make you a surgeon.

I'm not going to preach about taking precautions and backing up your machine and all the other sanctimonious stuff you've heard.

At this point I'm going to make several assumptions:-

* you have (or suspect you have) spyware on your machine.

* you don't have a complete backup that you can instantly restore to make the problem disappear

* you're a normal human being, not a technically-obsessed computer security freak

* you are using a windows PC, not mac or linux

Here is an outline of how to remove spyware in a safe and effective manner, without having to be an expert.



1) Update your datafiles for your antivirus and your spyware checker. (If you don't already have a spyware scanner, then my top recommendation is XoftSpySE - more on that later). The safest way to do this is to put your firewall (preferably something like ZoneAlarm) into LOCK mode and then give your scanner permission to bypass the lock. This allows you to retrieve the datafiles from the internet without spyware and adware phoning home. Don't overlook this step.

2) Scan for trouble and quarantine any suspicious files (antivirus first then anti-spyware). It's probably best if you clear your browser cookies first as some anti-spyware flags cookies as a threat. You don't want distractions.

3) Cold reboot. Turn the machine off and restart it later or choose 'restart' and then hit the reset button when the machine is out of windows.

4) Spyware still there? Boot the machine into SAFE mode (press F8 during startup sequence) and scan with the AV software and the spyware scanner again. Safe mode only loads essential system drivers, giving you the chance that some of the software used to conceal spyware, adware etc won't be loaded.

5) Reboot and see what happens. If the spyware is still there then you have one more shot at removing it before things get hairy. Run HijackThis and save a log file. Go online and paste the logfile into the automatic analysis tool at hijackthis.de. Remove any entries flagged as bad, making sure you keep backups.

6) If you still have spyware it's due to one of two things:

1. the spyware is being hidden by rootkit software
   • I will be posting a way to deal with rootkits in a reasonably safe manner, later


2. you have had the bad luck to come across new spyware that isn't yet recognised

Tools for beginners:

• A good firewall (like ZoneAlarm), so you can lock down malicious programs (unless they use other programs like your internet browser).


• An up to date virus scanner (almost any one will do, but one that isn't integrated into a huge suite of junk is preferable)


• A spyware scanner and remover. Experts can remove spyware manually with a few system tools. For beginners, I thoroughly recommend XoftSpySE. The scanner is fast and easy to use. You can look up any software in an online database, to see what it does, before you decide you want remove it (so you won't remove vital system files by mistake). The scanner's detection database is updated regularly. The software is convenient to use - and that's very important. Security software that's a pain to use doesn't get used regularly - and that's a problem. It also costs nothing to download and scan, so you can find out if it's for you - for free. (If you do find spyware and wish to remove it, then you'll have to register the software.) It's great spyware remover software.
  


• HijackThis - not really a beginner's tool but the fact an automated log analyzer is available has made it much easier to use and understand. This software allows you to see where bad software has hooked into your operating system, allowing it to hang around in your system and make your life miserable every time you boot up.

Expert Tools:

• Autoruns

Even better than HijackThis. Won't make any sense without some understanding of windows internals.


• Process Explorer

Windows task manager on steroids -- and then some!


• TcpView

View processes, ports, protocols and endpoints. Make sure you know what network activity is occurring on your machine.

(All the above programs are from SysInternals, now assimilated by the Redmond Collective, aka Micro$oft.)

• Rootkit Unhooker 3.20