Here's what to do if you suspect an infection on your Windows PC. (Please note these steps apply to both Windows XP and Vista.)
1) Are you sure it's spyware or a virus? Windows pop-ups and alerts can often seem invasive enough to be viruses, especially with Vista. Try searching the web for the exact text you see on the screen to make sure you aren't dealing with an aggressive Windows message. (Many of these can be turned off, so try whatever instructions you find.) On the other hand, some viruses masquerade as Windows alerts, so tread lightly.
2) Boot in safe mode.
If you have a virus, first step is to try booting in safe mode. You can get to safe mode (a simplified version of Windows that disables
a lot of extra gunk, possibly including some spyware apps) by
restarting your PC and tapping F8 during boot. Soon you'll get a menu
of options. Select "Safe Mode" (it's at the top of the menu) and wait
for the machine to fully boot. The system will look funny (with a black
background and larger icons, probably), but don't worry about it. This
is only temporary. (Also note that many spyware applications
can disable safe mode, so if you find this doesn't work, just boot
normally.)
3) Run your antivirus application. This is of
course assuming you have an antivirus application. (Need one? Check here.) You're in safe mode
now, so run a full scan of your PC at maximum security levels (include
the option to scan within compressed files, for example). This will
probably take an hour or more, so be patient. Fix any problems the
virus scan turns up. Then reboot into safe mode again using the procedure in
step 2.
4) Run one or two anti-spyware applications. I used to recommend running multiple anti-spyware apps, but virtually all antivirus apps now do a pretty good job at getting rid of spyware too, so you don't need an army of additional applications just for spyware. Also, I now recommend starting with AdAware
(which is free) and moving on to Spyware Doctor (free as part of the Google Pack) if you feel you need additional help. (Please note that recent versions of Spyware Doctor and Norton Antivirus have some trouble with each other.) You can try other apps too, but the once-recommended SpyBot Search & Destroy is no longer very effective, sadly. (Neither is Microsoft's own Windows Defender.) Of course, fix anything and everything
these apps find.
5) Reboot normally. (Not in safe mode.) Now
take stock. Still got spyware? It's time to move along to my more
advanced techniques for removing the nasties.
6) Run HijackThis. HijackThis
is a free software tool that scans your computer to find malware that other apps might miss. Scroll down to "Official downloads" to download the
tool. Next, simply open the ZIP file you downloaded, extract the
application, and run the tool (you don't need to install it). Click the
"Do a system scan and save a logfile" button. You'll receive a large
text file as well as a dialog box which gives you a list of
active software processes, which you can then choose to delete.
Unfortunately, this list includes both helpful and unhelpful software,
so don't just start deleting items. Continue in step 7 to figure out
how to fix your spyware infection.
7) Post your log file online. Visit this page, which offers a list of forums staffed by volunteers who can help you interpret your HijackThis log. The SWI Forums are especially busy, but most of the forums on the list are equally
apt. Go to SWI and visit the "Malware Removal"
forum which has over 50,000 topics listed: Those are all people like
you who are seeking help getting rid of spyware. Register for an
account, read the FAQ, then visit that Malware Removal forum, and post
a new topic. Paste the content of the text file you created in step 5
into this topic and (politely) ask for help. You will get a response
from a volunteer helper, typically within 3 days. You'll be given
specific advice on what entries to remove with the HijackThis tool, and
you might be pointed to additional software to run to help remove
common spyware infections. Follow all the instructions and keep working
with the forum helpers until either you or they give up. (And no, don't
send your log file to me or post it here. I am not nearly the spyware
removal expert that these guys are.)
7a) Alternately: Paste your log file into an automated tool. Don't have three days? Try simply pasting your HijackThis log file into this form. It does a pretty good job at auto-analyzing what's wrong with your machine, with no waiting. As well, if that doesn't work, you can search for the items you find in the HijackThis log by name to see what they are and how to remove them, if they're spyware. This can be quite time consuming, though.
8) Try System Restore.
If that doesn't work, you might try running Windows System Restore to
roll back your OS to a time before the infection happened. This isn't
foolproof: You might not have System Restore turned on, or the spyware
might have shut System Restore off, as well. But it's worth a shot.
With either XP or Vista, System Restore can be found under Start > All Programs >
Accessories > System Tools > System Restore.
9) Give up and wipe your hard drive.
At this point, you've exhausted all the options I know of. You might
try again at steps 6/7 to make sure you've done everything you can to
salvage the PC. Forum helpers will often work with you for weeks to
help fight a spyware infection, but there are tens of thousands of
possible variants out there, with new ones cropping up every day. It's
just not possible to clean them all, every time. Sometimes the only
thing you can do is call it quits, reformat your hard drive, and
reinstall your OS. Again, make sure you have your backups ready and
verified. Once you're up and running, reinstall your antivirus and
anti-spyware applications, and stay vigilant against infection. Good
No comments:
Post a Comment