How To Clean Spyware Off An Infected PC

Every day in your workplace, the curses get louder. Unwanted pop-up ads, slow computers, PCs that crash all the time. Despite the network firewall and the anti-virus software installed on the server and every computer, your office is infested with spyware.

You've read the news stories. You know that spyware is not only annoying, it's dangerous. It's certainly affecting productivity, and it could also be recording the keystrokes of everyone in your office right now, discovering logins, passwords, company secrets. Long story short, you need to get rid of it. Now.

Diagnosis
Most of us have come to believe that as long as we keep our anti-virus libraries up to date, our PC population is fairly safe, but obviously the old protections aren't adequate against spyware. 'Once you start to investigate an infection, the first step is to try to discover just what's crept into the affected computers. If you're running Windows 2000 or XP, a quick way to do this is to see what processes are running, particularly if the computer you're investigating seems to be running all too slowly.

Bring up the Windows Task Manager by hitting Ctrl-Alt-Delete and selecting the Processes tab. Click the CPU column twice and you're likely to see a few processes hogging as much as 90% of the CPU. The Image Name column may or may not give you a clue as to just what application is running, but you might see such bad guys as QuickBrowser Update, TSA, or other processes at the top of the list.

To make sure these are not valid Windows processes, do an online search for the names that appear in the Image Name column using Google or your favorite search engine -- you'll get immediate feedback. If the processes are spies, simply click the End Process button for each of them. Of course this will only terminate them temporarily. Any self-respecting spyware will reinitiate itself when you reboot the PC, if not sooner.

While you still have the search on-screen, click through to one of the explanations and "fixes." You'll probably see two things. The first is a very long list of manual steps including Windows registry changes, file deletions and amazingly long file location strings. Once you read through the list, you'll decide that the manual approach isn't really a viable solution, especially if you're trying to clean up multiple PCs. The second thing you're likely to see is an offer to download a fix. Don't do it. The download may or may not fix the problem, but it will almost certainly replace what it fixed with its own little surprise package.

Riddance
The good news is that some good fixes do exist. The bad news is that because there are very intelligent and dedicated programmers being paid good money to create very complex and ingenious spyware every day, spyware changes all the time. Only anti-spyware with as much activity devoted to discovering and dealing with the problem has any chance of keeping up. So the first thing you should to do is download a spyware application you know to be legitimate.

There are several reputable and serious companies that track and actually fix spyware infestations. Lavasoft's Ad-Aware, Spybot Search & Destroy, and Hijack-This are probably the most familiar names to date for dealing with spyware. These programs are widely used and your results may vary with each one.

It seems that every removal tool catches different spies, so until (or if) there is a single reliable solution, you'll want to download at least two of these tools and run them sequentially. The fact that one tool finds a higher number of infection points than another doesn't necessarily mean the tool is better, since different programs report infections differently. It's more important that the combination of tools you use detects and removes all instances of all the spies on your infected computers.

More sophisticated programs like the ones listed above rely on a library of known problems and programs to check each file, memory location, and registry entry against. Some also look for particular kinds of program code within files and flag suspicious files.

Two other companies have products that are worth looking at. The first is AluriaSoftware's Spyware Eliminator, which is the software behind AOL's anti-spyware efforts. The software is already running on millions of AOL users' computer systems, and that gives the company a track record as well as resources to continue updating its product.

The second is Giant Company Software. Its Giant AntiSpyware is the best solution I've found to date. Giant takes a lesson from the open-source community and uses the combined activity of its users to keep itself and its definitions library current. When AntiSpyware scans your PC, it connects to its SpyNet online community to check for recent library entries and then to report any new activity it found during its scan of your computer. This takes the reporting out of the hands of users who may or may not even understand what to report.

Giant Company Software was just purchased by Microsoft. Its Web site is on hold until the software's conversion is completed, but keep an eye out. Rumor has it that Microsoft could debut an anti-spyware product based on Giant's technology as early as this Thursday, January 6. Back To Work
Sadly, even with the latest spyware detection and removal tools, you're likely not to be completely successful in ridding your users' computers of spyware. The best defense at the moment seems to be the twofold strategy of educating users and installing, updating, and regularly running anti-spyware software.