Security

Be prepared for your next Spyware battle with a removal checklist

For many users, spyware has become an even bigger problem than viruses. Infected systems have become the bane of many systems administrators, consultants and support professionals. Following the steps in our TechRepublic checklist can go a long way toward eliminating common infections and repairing the collateral damage.

Regardless of size, everyone from small businesses to enterprise organizations must battle the associated Spyware risks that include key trackers, Web page redirectors, persistent pop-up advertisements, inoperable network connections, unwanted tracking applications, and other nefarious programs that slow and even render systems and programs nonoperational.

To help you combat these risks and mitigate the damage that they may cause, TechRepublic and IT Consultant Erik Eckel have compiled a Spyware Removal Checklist in the form of a TechRepublic Download.

While not every infected system can be saved, following the steps in this TechRepublic checklist can go a long way toward eliminating common infections and repairing the collateral damage.

The checklist consists of four sections:

  1. Scan the Infected Drive Using a Second System
  2. Perform Cleanup Tasks
  3. Repair Collateral Damage
  4. Final Steps

Don't get caught without a plan of action when it comes to Spyware, download the TechRepublic Spyware Removal Checklist and keep it on hand for the next time spyware becomes a problem on one of your systems.

About

Erik Eckel owns and operates two technology companies. As a managing partner with Louisville Geek, he works daily as an IT consultant to assist small businesses in overcoming technology challenges and maximizing IT investments. He is also president o...

20 comments
golferguy1
golferguy1

good article, but i must add: Combofix Bughunter Smitfraudfix MultiVirusCleaner IPMS Spybot (I can post back with links) I see you push valid licenses which is fine, but being one of the heads of the alt.comp.freeware and wildersecurity forums, there ARE indeed very quality, very effective, FREE apps out there, six I mentioned above are exceptional, I run them first and everything is gone, have used these on over 10,000 of my customers machines, without problem or fault of the program scanners not finding the "bugs".

don4mare
don4mare

A second and better spyware program is "SpywareDoctor" available from the "Google Software Pack" package. I just spent 5 long days and nites to remove the nastiest spyware, and needed the additional program to be successful.

BALTHOR
BALTHOR

Each BIOS section of all of the devices in the computer has a Red Page recorded in it.Without these virus you could stripe each platter in your drives separately.(TR I have to log in each time I submit.)

BALTHOR
BALTHOR

X or close it out.The Red Page looks different.It does not look like a standard Windows page.Its borders are thinner.This is a virus page.You will not see the virus or any images on this page.These are very high frequency virus and they each are big files and there are thousands of them.You can not see the virus because they are at a different clock speed.The exe looks like a command exe but it has rounded corners at the top.(The home stretch.)

BALTHOR
BALTHOR

This is usually an anti virus program complete with virus.The hacker system uses this method to see how far you are at removing virus from your computer.I never send information to Microsoft after a freeze or crash.An MS prompt pops up and a scan of your computer is made.When you get far into virus removal you'll see the bugs crawling on your screen.

BALTHOR
BALTHOR

When studying virus you might see a United Nation permission to route Earth phone lines file,or an AT&T "WE accept" phone line re-routing or even a US Government "We surrender" file!

BALTHOR
BALTHOR

If you're studying hackers and virus then you have to think like a computer!

Mark W. Kaelin
Mark W. Kaelin

Is spyware, adware, and malware still giving your problems? How do you combat it? What is your favorite tool?

Erik Eckel
Erik Eckel

Several of the free cleaning tools (usually those developed and maintained by an independent programmer) are effective utilities, no doubt. I list several (in the repair collateral damage section, including Combofix and Spybot as you mention). Please do post links to the others. I'll test them out and see how they do! Thanks much!

Erik Eckel
Erik Eckel

Spyware Doctor is a product I resell fairly often. However, I routinely find cases where CounterSpy spots and removes troublesome infections Spyware Doctor missed.

john
john

I'd have to say that Windowsdefender is a poor anti-spyware measure and Spyware Doctor is much better and quicker program.

boxfiddler
boxfiddler

to have that winning ticket handy as they come 'round the final bend. ;)

sadsaf
sadsaf

Thanks for the laugh!

binarypc
binarypc

I have had multiple cases of walking into a customer site, with Spybot S&D and its current updates on a USB memory stick, I disconnect their network connection, run the install, immunize IE and start with the scans. If the scan can't clean it all that first time, I set it to run and clean on reboot. Usually by then, we are at a point where we can reconnect the network and get the rest of the updates for the antivirus to start protecting their system again.

dreagin
dreagin

One option not mentioned is to repartition and reinstall your Operating System from scratch. This is most sure fire way to make sure that your PC is completely free of Spyware/Adware programs. ; )

Erik Eckel
Erik Eckel

I don't recommend Windows Defender as a standalone solution. I state that it's not as effective as other options right within the checklist - "While not as effective as many other independent programs, IT professionals should at least load [Defender]for minimal protection against known, widespread threats." Minimal protection is the key statement there. Defender is better than nothing, but I don't recommend it as the only solution, certainly.

Erik Eckel
Erik Eckel

I've been really pleased with the updates made to Spybot S&D. The new (1.5.2) version is very nice. Indeed, it goes a long way in detecting and knocking out many forms of malware. In higher-risk environments, though, I've found the active-blocking components in such programs as CounterSpy necessary to keep a system more fully protected. Has anyone else had the same experience?

Erik Eckel
Erik Eckel

Fdisk'ing and reinstalling the OS is an option, actually, but (in repairing and maintaining hundreds of PCs annually at 50 different companies), I've found most systems can be effectively cleaned without a reinstall. It all depends on the number and nature of infections present. Increasingly there are a number of tools available that help eradicate the most persistent of infections; it's just a matter of determining the effective mix to deploy. But I agree. FDISK'ing and reinstalling the OS offers the best method of improving performance and ensuring a threat is eliminated. The only trouble is so many of my clients have complex applications and configurations that the time required to reinstall the applications and restore data isn't cost-efficient.

Kruton
Kruton

I'm surprised nobody has suggested a UBCD4Win CD. It's loaded with every free anti-virus and anti-spyware app available and the option to add a few commercial ones if you own them. It should save you from having to yank out somebodies hard drive. Doing that is just ridiculous.

drewy19
drewy19

lately I've been installing the free trial of malwarebytes, running it, then, combofix by attribune, if infected with vundo, run smitfraudfix (in safe mode). download a fresh copy of the anti-virus to desktop, uninstall the old one, install the clean, copy. uninstall malwarebytes, combofix, then, depending on the geekiness of the user, for morons, I isntall Superantispyware (really simple user interface), for the geekier, spybot search and destroy. Then spywareblaster. Uninstall all java versions, turn off system restore, reboot, turn restore back on, run atf cleaner by attribune, install the latest java, and I've got a clean machine (barring a root-kit). All the programs are free.

Editor's Picks