Protect against spyware and adware with Spybot

Learn how to stop spyware with Spybot.

By simply visiting a Web site, or installing shareware, you may be installing other software, cookies, or applications that are able to monitor and log your Internet activity. This category of software is generally referred to as spyware. Adware is normally associated with shareware that generates popup ads, or displays banner ads.

Spybot is a freeware tool to detect and remove spyware and adware from your system, and it performs this job remarkably well. Here's how you can install and configure Spybot to protect your privacy.

Installing Spybot
Spybot is donation-ware from Spybot S&D. That means that you don't have to pay for it, but that the organization does take donations to support future development. You can obtain the latest version of Spybot from the Spybot Web site. Download the installation file, currently Spybotsd12.exe, to a temporary directory on your hard drive and you're ready to go.

To install Spybot, double-click on the self-extracting archive, and follow the prompts in the Setup Wizard. Spybot installs like every other Windows program you've ever used, with no confusing prompts or gotchas during the wizard. Once the installation is complete, you’re ready to start running Spybot.

Running Spybot
To start Spybot, double-click on the desktop icon. The first action to take when Spybot runs is to check for updates by clicking the Search For Updates button. This will ensure that the spyware signatures used by Spybot, and the program itself, are up to date. If there are any updates, click the Download Updates button and let them download and install.

The default for Spybot is to run in Easy Mode. In this mode, Spybot searches for problems using a predefined configuration. Easy Mode is a good way to run Spybot if you want to run a quick check for cookies and other items that can identify you and report your Internet activity to a third party, but running Spybot in Advanced Mode provides more configuration options. To run Spybot in Advanced Mode, use the following procedure:
  1. Right-click on the desktop icon for Spybot.
  2. In the menu, left-click on properties.
  3. The target executable for Spybot will be:
    "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /easymode
  4. Change the executable target to:
    "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
  5. Double-click on the icon to run Spybot in Advanced Mode.

All configuration changes are made through the menus contained in the Settings tab. There are five menus available under the Settings tab:
  • Language
  • File sets
  • Settings
  • Directories
  • Skins

Setting the Language
To set the language used with Spybot, left-click on the language menu. When the list of available languages appears, just click on the language you want to use.

Main Settings
  • Save all settings: This allows Spybot to be used with the same configuration for every scan.
  • Create backups of fixed spyware problems: Some programs associated with Spyware will not function after the spyware component is removed. If you must use a program with a spyware component, the ability to recover the spyware will eliminate the need to reinstall the entire program.
  • Create backups of removed usage tracks: Creating a backup of usage trackers allows you to view these trackers, and examine which Web sites are trying to monitor your activity.
  • Create backups of fixed system internals: Any registry inconsistencies fixed by Spybot may cause problems for your system. Using this options the registry to be restored to the state it was in before the Spybot scan.
  • Ignore if single detections in include files need a new program version: Activate this option.
  • Display confirmation changes before doing critical changes: Using this option will ensure you are aware that changes are about to be made and prompt you for confirmation.
  • Scan priority: Most users will normal scan priority.

Automation settings
Spybot has the ability to run whenever the system is booted and to detect and fix any problems automatically. Enable the following settings under the Automation section of the Settings tab:
  • Run Check On Program Start
  • Fix All Programs On Program Start
  • Rerun Checks After Fixing Problems
  • Immunize On Program If Program Has Been Updated.
  • Search The Web For New Versions At Each Program Start
  • Download Updated Included Files If Available Online

Expert Settings
The Expert Settings menu activates the Secure Shredder to run automatically when Spybot removes files. Because the Secure Shredder permanently deletes removed files, this tool should not be used automatically.

Selecting File Sets
To make it easier to select file sets, go to the Settings tab. Under the Expert Settings menu, enable the following settings:
  • Show Expert Buttons In Results List
  • Show Expert Buttons In Recovery List

These settings activate a drop-down list in the Search & Destroy screen. This list contains an easy to understand description of the types of scans available.

The Directories tab
The Directories tab is used to specify where downloaded files are stored. Spybot will then scan this directory whenever a check is run. The software in the specified directory will be scanned to see if any spyware or Trojans will be installed with the downloaded software.

To add a directory to the list, right-click in the blank under the Download Directory heading and select Add A Directory To This List. Browse for the folder you want to add to the list. At the bottom of the screen, select the Check Also Subdirectories Of The Above checkbox. Repeat the procedure for any additional folders you want checked by Spybot.

Running a Spybot scan
After configuring Spybot with the options you want, the next step is to run the scan of your system. To run a Spybot scan, click on the Spybot-S&D tab and click Search And Destroy.

Next, click on the File Sets button and select the type of scan to run. For this example, a Minimal Spyware Check was run. Click Check For Problems.

When the scan is complete, Spybot will display the results. Problems are divided into three categories. Red entries indicate spyware. Spyware problems are always selected to be fixed by Spybot. Green entries indicate usage trackers. You probably won’t cause any problems by removing these from your system. Black entries are system internals. Make sure you know exactly what areas of your system will be affected before removing any of these entries.

Spybot automatically selects spyware problems to be fixed, so the next step is to click on the button marked Fix Selected Problems. If there are any problems that cannot be fixed because a program is in use, Spybot will attempt to correct the program automatically the next time the system is rebooted, before the spyware program is started.

Next, click on the File Sets button, and select Usage Tracks Check Only for the next scan. Click on Check For Problems and Spybot will run a check for Internet usage trackers.

To remove individual trackers from your system, click on the checkbox next to the tracker in the results, then click on the Fix Selected Problems button. Spybot will remove the selected trackers from your system. To remove all usage trackers, click Select All Items, then click on Fix Selected Problems.

The same procedure applies when Spybot runs a check on your system internals. This check is looking for registry inconsistencies, broken desktop links, and bad paths to executables. When a check on system internals is run, make sure you understand the output. Removing reported registry problems, and other entries related to system performance, can cause problems for your system.

Other Spybot tools
The Tools menu controls several tools associated with Internet Explorer and services run at startup. One of the programs you'll notice here is the Resident tool. The Resident tool is a continuously running security program. Presently, the Resident tool section provides a browser application for Internet Explorer that prevents downloads of known malicious software, such as spyware installers. To activate the Resident tool program, click on the Install button at the top of the screen.

The Active X menu displays a list of Active X controls currently installed on your system. Active X controls are categorized by color. Green entries are legitimate Active X controls. Red entries mark controls related to spyware. Black entries are not known to the Spybot database.

The BHOs tab displays information about Browser Helper Objects (BHOs). BHOs are small programs—often Active X controls—that extend Internet Explorer’s capabilities. Because they are integrated with your browser, BHOs have access to each Web site you visit. Green entries are legitimate BHOs. Red entries are associated with spyware. Black entries are unknown to Spybot.

If you have any concerns about a BHO in this list, you can easily disable it. Click on the BHO to be disabled. At the top of the BHO window, click on the toggle button. Disabled BHOs will then appear grayed out in the BHO list.

On the Brower Pages tab, Spybot also provides protection against browser-hijacking agents that can reset the start or search page in Internet Explorer. If your browser start page or search page is changed and cannot be reset through IE, the new URL will probably show up in this list.

To reset the offending URL, and ensure the URL is added to the next Spybot update, click on the URL your browser has been redirected to. At the top of the screen, click on the Change button. Enter the new URL. After changing the URL, mail the offending address to The URL will be added to the list of known bad URLs.

Spybot comes with its own hosts file that contains an extensive list of Web sites known for spyware that you can view on the Hosts File tab. When this file is installed, no content from any of the sites in it will be displayed. To install the Spybot hosts file, click on the Hosts File tab.

At the top of the Hosts File screen, click on Add Spybot-S&D Hosts List. The Spybot Hosts File will now be used instead of your default Hosts File. To remove the Spybot Hosts File, click on Remove Spybot-S&D Hosts List.

Author's Note
Using the Spybot Hosts File can cause decreased performance. Read the FAQ included with Spybot to correct these problems for your version of Windows.

The Process List tab displays all processes running on your system. Although any process may be killed (stopped) through this menu, it is intended primarily as information for Technical support, and to be included in a system report.

To kill a process in this list, select the process you want to kill from the list. At the top of the Process list window, click on the button marked Kill. Spybot will then stop the process.

System Startup
The System Startup menu lists all programs that are started when Windows is started. This menu allows the user to change the path to a Startup program, or change the command used to execute the program. You can also delete any program from Startup or insert a program to be started with Windows.

To view any item in the System Startup list, select the item, and click on the info button at the top of the System Startup screen. To disable a program run at startup, or to allow a disabled program in this list to start with Windows, select the program and click on the Toggle button at the top of the screen. To change the path to a program run at startup, or to change the command options run with the program, select the program from the System Startup list, and click on the Change button at the top of the screen.

One good feature of this menu is the ability to add and configure new startup programs. To add a new program to the Startup list, click on the Insert button at the top of the screen. Make the program available to All Users On Startup, or only to the Present User. Select how the program will be run. There are three selections available:
  • Run the program as a normal program
  • Run the program as a service
  • Create an autostart group link

Provide a name for the registry entry and select the path to the executable file. A new entry with the value you enter will be added to the list of programs run at System Startup.

View Report
The View Report menu is used to generate a report of your system configuration, including the configuration used for Spybot. The results from a Spybot scan can also be included with this report.

Using Spybot Immunization
The Spybot Immunization Function is controlled through the Spybot-S&D tab. It provides four very useful functions:
  • Permanently immunizing Internet Explorer from spyware
  • Preventing Internet Explorer from downloading known spyware installers
  • Preventing spyware from making changes to Internet Explorer configuration
  • Locking the Hosts File

To provide immunity for your browser and Hosts File, click on the icon labeled Immunize under the Spybot-S&D tab. In the first configuration panel, titled Permanent Internet Explorer Immunity, click on the Immunize button to immunize Internet Explorer. The next panel is labeled Percent Running Bad Download Blocker For Internet Explorer. In the drop-down list, select Block All Bad Pages Silently. Click on Install.

In the third panel, labeled Recommended Miscellaneous Protections, click in each of the three checkboxes available to lock the Hosts File and to prevent spyware from reconfiguring Internet Explorer when immunization is activated. Spybot blocks all entries that are in its database.

Stop spyware in its tracks
The growth of spyware, adware, and other methods of tracking and reporting your Internet habits makes privacy and security more of a problem than most Internet users are aware. Spybot is great tool to start using if you’re concerned about your privacy. In this article, I covered the basics of using Spybot to remove software than can intrude on your privacy and affect your system performance. Spybot should be one of the first programs you install on any computer connected to the Internet.

Editor's Picks