Advanced Virus and Spyware Removal (cont.)
Now that you know how to deal with viruses and spyware embedded as startup entries and Windows services, it's time to focus on fixing some of the more traditional spyware (since technically the majority of the threats found in msconfig and services.msc will be viruses, not spyware).
- Browser Hijacking and Pop-up Ads
If a computer has a lot of pop-ups or is displaying a lot of strange search results - especially if the search results indicate that they know something about you - your browser is likely "hijacked." This can be much more serious than a bad virus because something other than your computer might be at stake.
To start with, run a traditional spyware removal program such as Ad-Aware SE or Spybot Search and Destroy, as we mentioned before. If things are bad enough, problems will likely persist after the scans are done. The next program to use is CWShredder. This will remove a number of browser hijacks known as Cool Web Search.
Use a router for improved security - How much?
After CWShredder, HijackThis should be run. HijackThis is more difficult to explain, and you will have to figure out some of it on your own. Read the descriptions of the items it collects and figure out whether or not they are potential threats. If you have something like an Adobe Acrobat plug-in showing up, it's fine. If you have some sort of registry entry that redirects searches to a certain site, that's something that ought to be removed. Unfortunately, this is a skill you must pick up, and no guide can help you. If you find yourself in a situation with HijackThis, feel free to save a log and post on our forums.
- Other Spyware
Some spyware is less evasive, but more trojan-like. You might install a program, and it may even have a function. However, it might also give you ads, track your web browsing, or even use your personal information. Many popular programs are low-risk spyware - a few examples include the old Kazaa, Weatherbug, and WildTangent.
Guess how you remove these? Go to Start > Settings > Control Panel > Add/Remove Programs. Find the program and uninstall it. Another place user-installed spyware is often located is %systemroot%\Downloaded program files (which will likely be C:\Windows\Downloaded program files or C:\WINNT\Downloaded program files). If you find something suspicious looking in there, feel free to uninstall it.
- Drastic Measures
If a computer doesn't have anything worth saving and you think fixing it will be too time consuming, it can be better to simply reformat it and reinstall Windows. I did this once when one of my friends had over 130 processes running in task manager.
Also, if the computer contains extremely important information, it might be best to just back it up and reformat. Removing viruses is never a sure thing unless the hard drive is completely reformatted, so it may not be worth the risk in mission-critical situations. If you simply can't fix a computer, reformat it.