Removing Spyware, Viruses, and Other Forms of Malware

For nonprofit staffers who use computers all day, system glitches can bring important work to a grinding halt. While performing routine maintenance chores — such as defragmenting hard drives — can help keep your organization's machines running smoothly, sometimes trouble finds you in the form of malware, software designed to damage a computer system and compromise a user's privacy.

Malware — a combination of the terms "malicious" and "software" — is a catchall word used to describe threats such as viruses, worms, Trojan horses, spyware, adware, and software installed by hackers.

Viruses and worms (a type of self-replicating virus) usually spread very quickly and can cause a number of problems, including repeated computer crashes or the deletion of important files. Unlike traditional viruses, Trojan horses cannot spread on their own, but they are just as dangerous, tricking users into installing them by masquerading as a legitimate or useful program. Once it has infected your computer, a Trojan horse can even allow hackers to access your computer or force it to attack other networks.

At a bare minimum, adware will merely annoy you by occasionally (or frequently) subjecting you to pop-up ads. However, malignant forms of spyware can have more serious consequences. For example, a nasty piece of spyware could redirect your home page against your will or hog so much memory that your computer slows to a crawl. The worst spyware variants can even steal your personal data by installing a keylogger, a component that records every keystroke you make and sends a log back to a cyberthief.

Fortunately, you can take preventative measures to keep this junk from infecting your computer. For starters, install antivirus software, making sure to frequently update its definitions file. If you'd like more information on antiviral software and how it works, read TechSoup's article Secure Computing: The Key Ingredients.

You will also want to equip each machine on your organization's network with a firewall, as well as with the latest Windows security patches. Training your staff to practice smart downloading and safe Web surfing will also help minimize encounters with malware.

Still, despite your best efforts, it's likely that some computer at your organization will contract a virus or someone will inadvertently install spyware. There's no point in crying over spilled milk once the damage has been done; instead, it's time to remove the malware as quickly as possible so that work can once again resume.

Use Anti-Malware Software to Wipe out Problems

Because the spread of malware has reached epidemic proportions, the market is literally overflowing with software designed to detect and remove harmful applications from your computer. Although there is some overlap between antiviral utilities and anti-spyware applications (for instance, both remove certain types of Trojans) they are generally considered to be separate types of software.

Antiviral Software

Many antiviral programs constantly monitor your system for potential threats and will automatically quarantine any suspected virus before it gets into your system and begins its destructive work. Usually, an antivirus program will notify the user when it has prevented a threat from accessing the system.

Most antiviral tools keep a record of known viruses and periodically receive updates over the Internet. Keeping the virus definitions up-to-date allows your antiviral program to recognize and stop new viruses. Some tools require an additional fee or subscription for new virus definitions.

Some antiviral programs employ a heuristic approach in addition to a virus definitions file. The heuristic approach lets the program recognize virus-like features in unknown files, allowing them to keep brand-new, undocumented viruses from infecting your computer.

Once a virus has infected your computer, removing it can be as simple as updating the virus definitions in your antivirus software and then performing a complete system scan. Other times, you must follow specific removal instructions or reinstall your antivirus software.

If your current antiviral solution can't stop a particular culprit, you might choose to download and try an additional antivirus utility. Because some of these programs can conflict with one another, you might have to uninstall one antiviral application before you can use another.

Several antivirus tools are available for donation through TechSoup Stock. Norton Antivirus stays updated with information about the latest virus threats for one year from the time of installation. Norton 360 2.0 includes an antivirus program as well as other computer maintenance tools. Norton Antivirus Corporate Edition and Symantec Endpoint Protection provide virus protection for organizations with large technology infrastructures.

If software can't solve your computer's virus riddle, then take a deep breath and proceed to the Advanced Tips and Tools section of this article.

Anti-Spyware Software

Anti-spyware programs (which also remove many forms of adware) generally work by scanning the contents of your computer and comparing files and programs against a database of known spyware and adware. They will then allow the user to remove all detected entries or just specific items.

Because each anti-spyware program uses its own set of criteria to determine what application it flags as "threats," a single application might not be able to resolve all of your problems, particularly because many spyware developers constantly change their programs to avoid detection. To optimize your level of protection, it's probably in your best interest to equip yourself with a handful of free anti-spyware programs; you might even choose to augment your arsenal with a for-pay application should you find that the free ones can't fully resolve your problems.

Organizations on a tight budget will probably want to start by downloading a few free anti-spyware programs such as , Spybot Search and Destroy, Tenebril Spy Catcher Express, and Microsoft Windows Defender. All of these applications will scan your computer for malware and remove offenders, though the latter two also provide a so-called "real-time protection" module that alerts you whenever a program is attempting to install itself on your computer. Real-time protection can stop spyware from invading your machine in the first place and can help combat "drive-bys," covert malware installations that initiate without user action.

After you've installed several anti-spyware applications, launch one and scan your machine — preferably using the most thorough mode — for problems. Remove any programs identified as definite threats. Repeat the scanning and spyware-removal process using each program you've installed. Write down the names of any adware or spyware components the software detects, as they might come in handy later. When the anti-spyware applications have finished their work, restart your machine and see if it's operating normally.

If your computer is still a mess, you might want to download a trial version of a for-pay anti-spyware program; popular choices include Webroot SpySweeper, ZoneAlarm Anti-Spyware and Sunbelt Software CounterSpy. Follow the same steps you did when scanning your computer using the free programs. If the problems persist after a restart, move on to the following section.

Like antiviral programs, anti-spyware programs keep lists of known spyware definitions on your computer, and it’s important to keep your spyware definitions up-to-date. When selecting anti-spyware programs, be sure to find out whether additional fees or subscriptions are necessary for definition updates.

Many software offerings claim to identify and remove both viruses and spyware. As with any technology acquisition, consult third-party reviews to make sure the product stacks up to its claims. One of the more popular virus and spyware solutions is Norton Internet Security 2008, available as a donation through TechSoup Stock. Another such program is AVG, available in both free and for-pay editions.

Advanced Tips and Tools for Exterminating Persistent Malware

The most stubborn forms of malware may resist your attempts to remove them, reappearing like magic. You may not even be able to figure out where the program is hiding or what files and applications to remove. In such cases, you will likely have to do a little extra research and work to vanquish your foes.

Conduct Internet Research

If your computer is infected with persistent pieces of malware that reappear after you try to remove them, you have likely figured out what names they go by. The good news is that you're probably not the first person to run into this problem, and someone else may have identified the perfect solution.

Plug the names of the offending programs, along with the word "remove" or "removal," into Google or another search engine. This may return tips for remove the malignant intruders, though you will likely have to spend a bit of time to find information that's relevant to your situation. You might also want to post a detailed account of your problem in Spyware Warrior's forums or TechSoup's Virus Vaccination and Computer Security forum.

Stop Malware from Returning at Reboot

Even if you were able to successfully stop the malware from running, stubborn forms might reappear the next time you start up your system. But where is the problematic program located? Is it in the registry? Is it in the Startup folder? It could be any of a number of places, and it's your job to find it.

If you're running Windows 2000 or XP, you can use Windows built-in tool for removing programs that launch when you start your system. First, go to Start Menu > Programs and look for a menu item called Startup. If you see the offending program listed under this menu item, right-click its name and choose Delete.

However, some sneakier forms of malware might hide their automatic-launch components quite well; in such cases, a free application called Autoruns can help you find them. Autoruns displays most of the places where a program can be automatically set to run in Windows, including the Registry and the Schedule Tasks folder.

If you find the malware after launching Autoruns, delete it by unchecking the box next to its name. Be careful not to delete a program just because it has a cryptic name. Conduct Web research to confirm that the file or registry entry is actually part of your problem, or you might accidentally end up removing a valid portion of your system.

Still Having Problems? Get HijackThis

Tenacious spyware can require advanced removal tools, like a free yet highly technical utility called HijackThis. This application examines Registry keys, as well as browser-helper objects that might be redirecting your home page, to help you spot deep-seated infections. Be warned, however, that HijackThis is an advanced program, so unless you have a large amount of technical knowledge and an understanding of the Windows Registry, you'll want to seek advice when interpreting its scan results.

After you launch HijackThis, select the option labeled "Do a system scan and save a log file." The program will then quickly scour the contents of your computer and display the results in a Notepad document. Next, head to an online spyware forum (Spyware Warrior's bulletin board has a dedicated HijackThis category), create a post explaining your problem, and copy and paste the HijackThis log into your post.

Security experts who frequent the forums will often respond to your post and tell you which entries to remove. If you receive solid advice, run HijackThis again and remove the entries by checking the proper boxes and clicking the "Fix Checked" button.

If the Malware is no Longer Running…

If you've finally prevented the malware from running and you've stopped it from starting up again, the program is defeated — congratulations. To get rid of any traces that could still be lurking about, you may want to check your Registry for malware-related keys.

Be aware that editing your computer's Registry can be a dicey proposition; if you remove the wrong entry, you could damage your operating system. If you do decide to go down this route, first back up the Registry so you can restore it later in case of problems. To make a copy of your computer's Registry, click Start Menu > Run, type "regedit" in the box, and hit OK. Once the Registry Editor appears, go to the File menu item, hit Export, and give your registry back up a name. Save it in a place where you can easily access it later.

The most efficient way to search for malware-related components is to access the Registry's Edit > Find menu item and search on the name of the threat you have finally conquered. If you get a list of results, you may want to plug them into the Web before you delete them, just to be sure you're erasing malware-related keys.

If the Malware is Still Running…

Though you've engaged in a lengthy and valiant battle, if the malware is still running strong, it may be best to cut your losses and get rid of it for good by reformatting the computer's hard drive and reinstalling Windows. Though a reformat will return your computer to like-new condition, it will also wipe out all programs, files, and data on your hard drive.

Before you take this step, be sure that you back up the entire contents of your computer — preferably in more than one location. Also, since the process of wiping your hard drive and reinstalling Windows and all your other programs will take a good chunk of time, make sure that your organization can afford to be without that particular computer for at least a couple of days.

For advice on how to reformat your hard drive and reinstall Windows, consult PC World's article How to Reinstall Windows Without Losing Your Data or check out this Q&A at CNET.

Now that your war with malware is over, it's time for a little reflection. Consider what made your system vulnerable in the first place. Was it something you did? Was it something you didn't do? Identify your vulnerabilities so you can take corrective action to ensure your organization's future experiences with malware are limited.