My weekend project – adware & spyware removal

Scan ResultsAs long as we are on the safety subject, let me share a few moments from my life that closely relate to online safety. Earlier this week I discovered that my home computer is infected by adware/spyware. Fixing the problem set me back by roughly two evenings.

I am upset about the two ruined evenings but I learned a lot from this experience and this blog post is mostly for myself to sum up what I now know and what I am going to do next time when I find myself in trouble again. These instructions are good for Windows XP but most of them are of general nature and apply to any type of environment.

How do you know you have been infected?

Here are a few symptoms that can help:

  • Your browser starts and opens webpages by itself
  • You get pop-up ads even if you don’t click on anything
  • You computer starts longer than usual and/or is slow
  • You notice a toolbar on your browser that you didn’t install

In my case all the first three symptoms were at hand.

What should you do if you suspect infection?

Certain adware can be removed by simply uninstalling it. Go to “Settings->Control Panel”, click on “Add or remove programs” and look for anything you don’t recall installing. It usually comes your way bundled with other programs you install.

Download a few useful tools

To get rid of the majority of malware you will need to download and install a few useful and free tools. Don’t run them though, just install. Here they are:

  • CCleaner - cleans all sorts of temporary files where many spyware/adware programs hide
  • SpyBot - scans and cleans all sorts of spyware. I used this program a few times and it is one of the best out there
  • CounterSpy - one more antispyware tool. It is shareware but has a free 15 days trial period.

Run SpyBot and CounterSpy to bring their spyware definition dictionaries up to date but don’t scan your computer just yet.

Reboot Windows in Safe Mode

After you installed and updated the tools above, reboot your PC and when you see the black screen, keep clicking F8 to trigger the menu where you can choose Safe Mode as one of the options.

Once in Safe Mode, run CCleaner and do your file system cleaning with default settings. Be aware, this will remove all saved browser sessions and passwords as well. Next run SpyBot and clean every infection it finds. Do the same with CounterSpy.

If things haven’t gotten better

If things don’t improve after you reboot the PC then there is a chance that you have a virus. Bitdefender is an online tool that can help you find if this is the case. Beware! Default settings are set so that it will remove all infected files it cannot clean! I lost all my system files before I realized what is going on and ended up reinstalling Windows. Don’t repeat my mistake.

I strongly suggest a more sophisticated tool like Symantec Norton Antivirus if you find yourself at this step.

How to keep your computer clean

Here are a few basic rules that will help you prevent infecting by malware and viruses:

  • Keep your software up to date. Many viruses exploit Windows and browser vulnerabilities. A few pop-up ads the adware can cause will seem like peanuts compared to turning your computer into a bot and giving all your personal data away to a hacker, exactly what can happen if your software is not patched
  • Make sure you enable firewall. Your PC either has to be behind a firewall or your software firewall has to be enabled. I have a Linux server I use as a host which sends me daily network activity reports. Since the very first day it came online it has logged thousands of probing and brute force attack attempts daily! Don’t assume you are immune.
  • Be careful what you download and run. Your safety starts with you. Any software from an unknown source is a potential virus. Don’t open suspiciously looking attachments and only run executables you receive from a trusted source. Follow this guideline and instruct all your family members. The best option for small kids is to use a separate computer with restricted access to internet
  • Password protect your accounts. No firewall will save you if you don’t use passwords. A good practice is to use a restricted access user (vs. administrator type of account) for all your Internet browsing
  • Run periodic malware scans. To make things simple, some tools allow scheduled scans to run during night hours.

I am going to bookmark this page and use it as a reference because with the amount of Internet scouting I log it is unfortunately a matter of time when I pick up the next piece of malicious code.

See also:

11 Responses to “My weekend project – adware & spyware removal”

  1. 1 Doug Woodall Oct 20th, 2007 at 6:31 pm

    Sorry for your plight!
    Ive been using Bitdefender for about 2 years now and Ive been very pleased.
    Hope your puter stays clean.
    Take care.

  2. 2 Mike G. Oct 20th, 2007 at 10:59 pm

    Good post Yan. I’ve been down this road myself before, and it’s very frustrating.

    I can’t recall any specific site name, but there are forums out there that help people remove nagging spyware from their systems. It may take more time to get a response and a resolution, but if you are out of answers it might help.

  3. 3 Doug Woodall Oct 21st, 2007 at 9:28 am

    Hi Mike,
    I usually recommend the Major Geeks support Forum. They are good people there and after reviewing your Hijack This logs, they help to get your puter clean.

  4. 4 Mike G. Oct 21st, 2007 at 3:19 pm

    Thanks Doug! Hopefully I won’t have to visit anytime soon :)

  5. 5 Yan Oct 21st, 2007 at 9:59 pm

    I did spend a great deal of time browsing forums, including Major Geeks. They are often a useful source of information on malware. This information however is all spread out and what I needed is a summary (or a reference) kind of article. This is basically why I wrote this blog post.

  6. 6 Tommy L. Oct 25th, 2007 at 3:21 am

    Hi Everyone,

    I heard a thing and just wanted to say that maybe it would be safer and would bring less trouble using some anti-spyware tools that simply block malware, because some malicious programs may integrate deeply into the kernel of OS and damage it when you remove them. Do you know any of such bloking programs, are they worth using at all?

  7. 7 Mike G. Oct 25th, 2007 at 8:08 pm

    Tommy, I think some of the apps Yan mentioned in the post actively protect against malware.

  8. 8 Guy Oct 28th, 2007 at 4:49 am

    Now, I’m in no way a Mac zealot but this is what they’re all about: if you want to spend less time dicking around with your O/S and more time *doing* things then buy an Apple already.

  9. 9 Tommy L. Oct 30th, 2007 at 12:42 am

    You’re right Mike, but I also came across such information that besides an antivirus and a firewall, there should be a kind of specialized program running to keep a computer safe. I’ve found one, ‘anti-keylogger’,protects actively, I’m trying it right now, if it won’t cause any troubles further on I’m even thinking of buying it, seems to be ok.

  10. 10 Mike G. Oct 30th, 2007 at 12:53 am

    Tommy – OK I understand what you are saying. I’m not too worried about keyloggers since I generally visit the same sites, and do not download much.. Let me know how it works out.

  11. 11 Tommy L. Nov 5th, 2007 at 3:32 am

    Hi Mike,

    It worked out alright, I’ve tried Anti-keylogger for several days, it ran without causing any issues, I even tried to install several keyloggers on purpose, they didn’t capture anything, it blocked them. So finally I bought Anti-keylogger, thought it’s better to pay now less than to loose more some day, I hope it’s worth that)

Leave a Reply