Malicious software goes by many names: Spyware, worms, viruses, Trojans, Adware, keystroke loggers, pests, and more. "Spyware" often is used to mean all malicious software other than viruses. I prefer the term "malware" as it's a bit more descriptive. This page is for removing any type of malware.
The following is a blueprint for removing any and all malicious software from an infected Windows computer. This is not customized for a particular malware program, but applies to all malicious software. The intended audience here are computer nerds and, as such, some introductory details have been omitted. It's more a cheat-sheet than a tutorial. If you are not a computer nerd and think your computer may be infected (see Symptoms section below), tell your local techie about this page.
The goal described below is to remove the malware from Windows. This should not, however, be the goal in all instances.
Depending on the circumstances, the correct approach might be to wipe the hard disk clean and re-install or recover Windows. A clean install is the only 100% guaranteed way to return the computer to a fully functioning state. If the computer is used for anything judged to be important, a clean install is probably called for. Likewise, if it's used for home banking a clean install may be the best approach. Also, a clean install takes only so much time. The procedure described below can drag on and on ...
The two big downsides to a clean install are losing the installed applications and all user data files. Trying to backup data files before wiping the hard disk clean is an accident waiting to happen, you're bound to overlook some. One way to insure that all files are backed up is to make a disk image backup. In fact, it can't hurt to make an image backup, even when you opt to remove the malware rather than doing a clean install of Windows. From the new copy of Windows (or another computer altogether) you can cherry pick data files off the image backup at your leisure.
Even without disk image backups, it is possible to both do a clean install of Windows and also save the existing infested copy of Windows (not for the applications necessarily but to insure that you have all your data files). How? Hard disk partitions. You can keep the old copy of Windows in one partition and install the new, fresh, clean copy in a different partition.
When running the freshly minted copy of Windows, the old infested copy can either be visible to it or not. If it is visible, then data files can be copied from it to the new Windows instance as needed. And, you might use anti-virus and anti-Spyware software running in the new clean copy of Windows to remove the malware from the old copy. If you think you've cleaned out the old copy of Windows, then you may want to boot it to run your applications. If so, be sure to hide the new copy of Windows from the old copy - just in case there is still an infection.
- Shrink and hide the current infested partition, create a new visible and bootable partition, install the clean copy of Windows into this new partition. If you want to make the infested copy of Windows visible as a data-only, non-bootable partition, consider converting it from a primary to logical partition (Windows can't boot from a logical partition). From the infested copy of Windows, delete the paging file, hibernation file, IE cache and System Restore cache as they are no longer needed and occupy a lot of space.
- To me, the best location for the image backup is outside the infested computer, either on CDs, DVDs, an external hard disk or another computer on the LAN. Make the backup from outside Windows (that is, with it down) using the bootable DOS or Linux environment provided by the disk image product. If the image backup software has an option to verify the image backup, turn it on.
Then again, why bother at all? An article in The New York Times reported that some people are throwing away their infected computers and buying new ones rather than remove all the malicious software. See Corrupted PC's Find New Home in the Dumpster July 17, 2005
The steps below are designed for a computer brutally infested with malicious software.
The main phases of the cleanup are: backup, stop the malware from running, check for other errors, delete the malware, and finally, prevention from this sort of thing happening again. The reason for first preventing the malware from running is that some such programs are very well defended and may not be removable while they are executing.
