Removing Spyware, Viruses, and Other Forms of Malware

Malware — a combination of the terms "malicious" and "software" — is a catchall word used to describe threats such as viruses, worms, Trojan horses, spyware, adware, and software installed by hackers.

For nonprofit staffers who use computers all day, system glitches can bring important work to a grinding halt. While performing routine maintenance chores — such as defragmenting hard drives — can help keep your organization's machines running smoothly, sometimes trouble finds you in the form of malware, software designed to damage a computer system and compromise a user's privacy.

Malware — a combination of the terms "malicious" and "software" — is a catchall word used to describe threats such as viruses, worms, Trojan horses, spyware, adware, and software installed by hackers.

Viruses and worms (a type of self-replicating virus) usually spread very quickly and can cause a number of problems, including repeated computer crashes or the deletion of important files. Unlike traditional viruses, Trojan horses cannot spread on their own, but they are just as dangerous, tricking users into installing them by masquerading as a legitimate or useful program. Once it has infected your computer, a Trojan horse can even allow hackers to access your computer or force it to attack other networks.

At a bare minimum, adware will merely annoy you by occasionally (or frequently) subjecting you to pop-up ads. However, malignant forms of spyware can have more serious consequences. For example, a nasty piece of spyware could redirect your home page against your will or hog so much memory that your computer slows to a crawl. The worst spyware variants can even steal your personal data by installing a keylogger, a component that records every keystroke you make and sends a log back to a cyberthief.

Fortunately, you can take preventative measures to keep this junk from infecting your computer. For starters, install antivirus software, making sure to frequently update its definitions file. If you'd like more information on antiviral software and how it works, read TechSoup's article Secure Computing: The Key Ingredients.

You will also want to equip each machine on your organization's network with a firewall, as well as with the latest Windows security patches. Training your staff to practice smart downloading and safe Web surfing will also help minimize encounters with malware. For a list of specific steps you can take to stay out of malware's way, read TechSoup's article Ten Tips for Avoiding Spyware.

Still, despite your best efforts, it's likely that some computer at your organization will contract a virus or someone will inadvertently install spyware. There's no point in crying over spilled milk once the damage has been done; instead, it's time to remove the malware as quickly as possible so that work can once again resume.

Remove Adware and Spyware Manually

Some pieces of adware or spyware have their own built-in uninstaller (though most won't advertise this fact), allowing you to eliminate them in the same way you'd remove any other program. Since this is by far this easiest way to get rid of adware and spyware, you'll want to check for an uninstallation wizard before you take a more time-consuming approach.

First, navigate to Windows' Start Menu and select Settings > Control Panel > Add or Remove Programs. A pop-up screen will appear, listing all programs installed on your computer. If you know the name of the pest you're dealing with, look for it in the list; if you find an entry for it, hit the Remove button. If you're not sure of your enemy's name, browse the list for any unfamiliar programs. Before you remove any suspected piece of adware or spyware, type its name into Google or another search engine to make sure you're not deleting a useful or necessary program. Spyware Encyclopedia from Computer Associates is also an excellent resource to tap when researching adware and spyware.

If the aforementioned method fails, continue your search for an uninstaller by heading to Windows' Start Menu and selecting Programs, which will also list programs on your computer. Again, search for the adware or spyware component by name, keeping an eye out for programs that you don't remember installing. When you have located a suspect, mouse over its name to see if it includes an uninstaller (some programs will make you access a drop-down menu to see all of your options).

Finally, you'll want to check for an uninstaller that may be buried from plain sight on your hard drive. In Windows Explorer, browse to your computer's C drive, and then open the Program Files folder. If you know the name of the adware or spyware application you want to eliminate, look for a similarly named folder. If you don't have any idea what the application is called, sort the folders by date (right-click Arrange Icons By > Modified) and look for recent additions.

If you happen locate a suspicious folder, open it and look for a file named something like "uninstall.exe". This file will usually remove the offending program, but before you click it, do some online research to make sure you're not uninstalling a crucial system component.

After you've uninstalled the potential offender, restart your computer and check for suspicious behavior such as multiple pop-up ads or redirected search engine results. If your computer still has issues, it's time to scan your machine for viruses, Trojans, or spyware using a specialized piece of software.

Use Anti-Malware Software to Wipe out Problems

Because the spread of malware has reached epidemic proportions, the market is literally overflowing with software designed to detect and remove harmful applications from your computer. Although there is some overlap between antiviral utilities and anti-spyware applications (for instance, both remove certain types of Trojans) they are generally considered to be separate types of software.

Antiviral Software

Many antiviral programs constantly monitor your system for potential threats and will automatically quarantine any suspected virus before it gets into your system and begins its destructive work. Usually, an antivirus program will notify the user when it has prevented a threat from accessing the system.

In other cases, removing a virus can be as simple as updating the virus definitions in your antivirus software and then performing a complete system scan. Other times, you must follow specific removal instructions or reinstall your antivirus software.

If your current antiviral solution can't stop a particular culprit, you might choose to download and try an additional antivirus utility. Because some of these programs can conflict with one another, you might have to uninstall one antiviral application before you can use another.

At any rate, if software can't solve your computer's virus riddle, take a deep breath and proceed to the Advanced Tips and Tools section of this article.

Anti-Spyware Software

Anti-spyware programs (which also remove many forms of adware) generally work by scanning the contents of your computer and comparing files and programs against a database of known spyware and adware. They will then allow the user to remove all detected entries or just specific items.

Because each anti-spyware program uses its own set of criteria to determine what application it flags as "threats," a single application might not be able to resolve all of your problems, particularly because many spyware developers constantly change their programs to avoid detection. To optimize your level of protection, it's probably in your best interest to equip yourself with a handful of free anti-spyware programs; you might even choose to augment your arsenal with a for-pay application should you find that the free ones can't fully resolve your problems.

Organizations on a tight budget will probably want to start by downloading a few free anti-spyware programs such as Ad-Aware, Spybot Search and Destroy, Tenebril Spy Catcher Express, and Microsoft Windows Defender. All of these applications will scan your computer for malware and remove offenders, though the latter two also provide a so-called "real-time protection" module that alerts you whenever a program is attempting to install itself on your computer. Real-time protection can stop spyware from invading your machine in the first place and can help combat "drive-bys," covert malware installations that initiate without user action.

After you've installed several anti-spyware applications, launch one and scan your machine — preferably using the most thorough mode — for problems. Remove any programs identified as definite threats. Repeat the scanning and spyware-removal process using each program you've installed. Write down the names of any adware or spyware components the software detects, as they might come in handy later. When the anti-spyware applications have finished their work, restart your machine and see if it's operating normally.

If your computer is still a mess, you might want to download a trial version of a for-pay anti-spyware program; popular choices include Webroot SpySweeper and Sunbelt Software CounterSpy. Follow the same steps you did when scanning your computer using the free programs. If the problems persist after a restart, move on to the following section.

Advanced Tips and Tools for Exterminating Persistent Malware

The most stubborn forms of malware may resist your attempts to remove them, reappearing like magic. You may not even be able to figure out where the program is hiding or what files and applications to remove. In such cases, you will likely have to do a little extra research and work to vanquish your foes.

Conduct Internet Research

If your computer is infected with persistent pieces of malware that reappear after you try to remove them, you have likely figured out what names they go by. The good news is that you're probably not the first person to run into this problem, and someone else may have identified the perfect solution.

Plug the names of the offending programs, along with the word "remove" or "removal," into Google or another search engine. This may return tips for remove the malignant intruders, though you will likely have to spend a bit of time to find information that's relevant to your situation. You might also want to post a detailed account of your problem in Spyware Warrior's forums or TechSoup's Virus Vaccination and Computer Security forum.

Kill Running Processes

A process is a computer program that is actively running. Using a built-in Windows utility called the Task Manager, it's easy to view and kill any process, including the one that might be causing your problems.

To access the Task Manager, right-click the taskbar and choose Task Manager from the menu that appears. (If you're running a newer version of Windows, you can also pull up the Task Manager by pressing Ctrl+Alt+Delete.) Next, click on the Processes tab to view the list of running processes, and hit the Image Name header to sort the list alphabetically. Plug the name of each process that you do not recognize into Google. Compile a list of processes that you know (or suspect) are related to your malware problem, then shut them down by hitting the End Process button.

In the case of an extreme malware infection, you may not be able to kill the offending program with the Task Manager and instead might get an "Access denied" error or a similar message. In a case like this, a free program called Pskill.exe might be able to cure your computer's ailment.

After you download the program, open its .zip archive (using WinZip, StuffIt, or another compression utility), and drag the file called "pskill.exe" onto your computer's C drive. Next, go to the Start Menu > Run, type "cmd" in the pop-up box, and hit OK. In the command window and after the white text, type C:\pskill.exe and the name of the process you wish to kill, then press enter. For example, if you wanted to kill the process for Microsoft Word, you would type "C:\pskill.exe winword.exe". Pskill will then shut down the specified program and respond with a confirmation message.

Stop Malware from Returning at Reboot

Even if you were able to successfully stop the malware from running, stubborn forms might reappear the next time you start up your system. But where is the problematic program located? Is it in the registry? Is it in the Startup folder? It could be any of a number of places, and it's your job to find it.

If you're running Windows 2000 or XP, you can use Windows built-in tool for removing programs that launch when you start your system. First, go to Start Menu > Programs and look for a menu item called Startup. If you see the offending program listed under this menu item, right-click its name and choose Delete.

However, some sneakier forms of malware might hide their automatic-launch components quite well; in such cases, a free application called Autoruns can help you find them. Autoruns displays most of the places where a program can be automatically set to run in Windows, including the Registry and the Schedule Tasks folder.

If you find the malware after launching Autoruns, delete it by unchecking the box next to its name. Be careful not to delete a program just because it has a cryptic name. Conduct Web research to confirm that the file or registry entry is actually part of your problem, or you might accidentally end up removing a valid portion of your system.

Still Having Problems? Get HijackThis

Tenacious spyware can require advanced removal tools, like a free yet highly techical utility called HijackThis. This application examines Registry keys, as well as browser-helper objects that might be redirecting your home page, to help you spot deep-seated infections. Be warned, however, that HijackThis is an advanced program, so unless you have a large amount of technical knowledge and an understanding of the Windows Registry, you'll want to seek advice when interpreting its scan results.

After you launch HijackThis, select the option labeled "Do a system scan and save a log file." The program will then quickly scour the contents of your computer and display the results in a Notepad document. Next, head to an online spyware forum (Spyware Warrior's bulletin board has a dedicated HijackThis category), create a post explaining your problem, and copy and paste the HijackThis log into your post.

Oftentimes, security experts who frequent the forums will respond to your post and tell you which entries to remove. If you receive solid advice, run HijackThis again and remove the entries by checking the proper boxes and clicking the "Fix Checked" button.

If the Malware is no Longer Running…

If you've finally prevented the malware from running and you've stopped it from starting up again, the program is defeated — congratulations. To get rid of any traces that could still be lurking about, you may want to check your Registry for malware-related keys.

Be aware that editing your computer's Registry can be a dicey proposition; if you remove the wrong entry, you could damage your operating system. If you do decide to go down this route, first back up the Registry so you can restore it later in case of problems. To make a copy of your computer's Registry, click Start Menu > Run, type "regedit" in the box, and hit OK. Once the Registry Editor appears, go to the File menu item, hit Export, and give your registry back up a name. Save it in a place where you can easily access it later.

The most efficient way to search for malware-related components is to access the Registry's Edit > Find menu item and search on the name of the threat you have finally conquered. If you get a list of results, you may want to plug them into the Web before you delete them, just to be sure you're erasing malware-related keys.

If the Malware is Still Running…

Though you've engaged in a lengthy and valiant battle, if the malware is still running strong, it may be best to cut your losses and get rid of it for good by reformatting the computer's hard drive and reinstalling Windows. Though a reformat will return your computer to like-new condition, it will also wipe out all programs, files, and data on your hard drive.

Before you take this step, be sure that you back up the entire contents of your computer — preferably in more than one location. Also, since the process of wiping your hard drive and reinstalling Windows and all your other programs will take a good chunk of time, make sure that your organization can afford to be without that particular computer for at least a couple of days.

For advice on how to reformat your hard drive and reinstall Windows, consult PC World's article How to Reinstall Windows Without Losing Your Data or check out this Q&A at CNET.

Now that your war with malware is over, it's time for a little reflection. Consider what made your system vulnerable in the first place. Was it something you did? Was it something you didn't do? Identify your vulnerabilities so you can take corrective action to ensure your organization's future experiences with malware are limited.

Source : 

Creative Commons Logo, Some Rights Reserved Copyright ©2006 CompuMentor. This work is published under a Creative Commons Attribution-NonCommercial-NoDerivs 2.5 License.