Posted: January 21, 2006
Written by: Dan "Tweak Monkey" Kennedy

Let Me Guess...

So let me guess - you're reading this article because your computer is running slow, you've got pop-up ads, or you're receiving errors you haven't seen before. Perhaps your web browser is littered with toolbars and your homepage has been hijacked. If your PC is showing any of these symptoms it's probably infected with spyware, malware, or adware. All of these programs are different from viruses (which usually cause your PC not to function) and from each other, but they all do pretty much the same thing. Fortunately, the fix is relatively easy and once you understand the technique it takes around 15-30 minutes to complete the process. This process is designed for Windows XP and 2000 but works well on Windows ME and 98 machines as well.

Believe me; I've seen much worse.

Most repair shops charge between $100 and $300 to remove spyware from your PC. This article will show you how to do it for free.

Before you begin you should make a backup of your registry (Start, Run, regedit then choose File, Export, (type name) Save). Use these tips at your own risk.

Step 1 - Add/Remove Programs

Before you run any scans or delete any files, uninstall any adware programs that have an uninstall feature. First check the Start menu under All Programs for offending programs that have an Uninstall shortcut. After that, open up the Control Panel (Start, Control Panel) and go to Add/Remove Programs. Search through the list and remove anything with suspicious keywords like:

- Best, Ultimate, Smileys, Offers, Bargains, Deals, Tools
- Gator, NewDotNet, New.Net Domains, Dialer, Freeaccess, Save
- P2P, Bulls Eye, File Sharing, Kazaa, IMesh, Grokster
- Toolbars, WinTools, WSUP, Ad Support, Adware, Spyware

Some of the uninstallers will require you to type characters in to verify you really want to get rid of them. Many may not work at all. This is only the first step. It's okay if these don't all work and some uninstallations may require you to reboot.

Now open Internet Explorer. At the top, right click where the toolbars are at and uncheck the boxes for toolbars you want to remove.

Yeah... this needs to go.

Then choose Tools, Manage Add-ons... at the top (if the option's available). You can see which toolbars and BHO (browser helper objects) are enabled and manually disable them here.

Ever used HiJackThis?

Step 2 - Install Tools And Updates

Now you want to remove the programs that caused the ads or toolbars in the first place. The number of tools you'll need to clean the crap off your PC varies, but I recommend at least the following be downloaded now:
- Microsoft Antispyware
- Ad-Aware
- Spybot Search and Destroy
- HiJackThis
- CCleaner (CrapCleaner)
- WinSock Fix (only required if the PC won't go online)

Download and install all the programs on the list. Do not run HiJackThis or WinSock Fix yet.

Run Ad-Aware (Start, All Programs, Ad-Aware SE Personal) and update the definitions. Click Check for Updates Now in the program.

Run Spybot S&D (Start, All Programs, Spybot - Search & Destroy) and update the definitions. Click Search for Updates, check the box that says Detection Rules then click Download Updates.

If you own Webroot Spy Sweeper (an excellent program) update it as well.

Now that your tools are up to date, REBOOT YOUR PC TO SAFE MODE. This step is essential if you really want to clean this stuff up. Before you do so, remove any extra User Accounts (Start, Control Panel, User Accounts) that you do not plan to use in the future to aid the removal process.

Choose Start, Turn Off Computer, then Restart. [ Print this guide for use offline ]

To enter Safe Mode, you must hit the F8 key on your keyboard immediately after it powers on. If you see the Windows loading screen before you see a text prompt asking to select your option, you need to power off the PC and try again. Alternatively choose Safe Mode With Networking and you can update software and use Internet access while the PC is scanning in Safe Mode.

Scan From Safe Mode

Follow this process for best results from safe mode, closing programs as they finish:
1) Run CCleaner (Start, Programs, CCleaner). Click Run Cleaner.
2) Run Ad-Aware. Click Scan Now. The first option works OK. Click Next. The scan will take at least a few minutes so clean up your Start menu. Hover over any program you don't want a shortcut for and either Uninstall it or delete it (Right click, Delete). Click Next in Ad-Aware once it's finished then right click on the junk it found and choose Select All then Next, OK.
3) Run Spybot and click Check for Problems. After it's scanned choose Fix Selected Problems, Yes.
4) Run HiJackThis, choose Scan. Check all the items to remove that look bad based on the criteria from earlier (BHOs are OK to remove 100% of the time), choose Fix checked.
5) If the computer had any issues getting online, run the WinSock Fix and Reboot.

This program is the most effective of all of them.

Scan From Regular Mode

Run Microsoft Antispyware (Start, All Programs, Microsoft AntiSpyware) and perform a Full System Scan (you may need to select this in Scan Options). After it has removed everything tell it to restore your browser, Click Advanced Tools and Browser Restore. Now check Internet Explorer. If you have any more toolbars or pop-ups, repeat the process above. Otherwise read on to page 3.

If you need to repeat the process, you may want to hit CTRL-ALT-DELETE and End Process (or right click and End Process Tree) on any programs you can including iexplore.exe and explorer.exe once the scans have started in Safe Mode. Pay extra attention when you run HiJackThis.

Final Tips and Security

Install Service Pack 2. It has much better spyware protection and a pop-up blocker for IE. To check to see if you've got Service Pack 2 hit the Windows key and Pause Break key at the same time. If you don't have it, download it from Windows update (Tools, Windows Update from Internet Explorer).

Install all critical updates. These will protect you from spyware, viruses, and worms. Again this is done from Windows Update.

Once you've cleaned the computer you need some kind of protection if you had this problem before. Keep Microsoft Antispyware at least. Run a virus scan every now and then. Some free scanners are Trend HouseCall and Norton Antivirus 2005 (6 months free as part of the Google Pack).

Try FireFox for a different web browser if you keep getting into trouble. At least try the Google Toolbar which stops pop-ups. Or you can turn off web plugins in Internet Explorer. (Tools, Internet Options, Advanced, uncheck Enable third party browser extensions)

Check's Anti-Spyware Guide for additional tips and information.

The End is Near

There is light at the end of the tunnel and it's in sight. Spyware's reign of terror is nearing an end. The signs may not be there to some, but as new programs and security software are released, as well as patches to operating systems, the problems are becoming less severe by the day.

Thanks for reading!

Want to return to the normal guide? Click here!

All Content Copyright ©Dan Kennedy; 1998-2005