Michael Horowitz: Removing Spyware
July 2009 Revision
This page was originally created in August 2004, then wasn't seriously updated from 2006 until July 2009 when this was written. The world has changed much since this page was first created. For a more recent look at the same subject, I wrote a series of articles at eSecurity Planet.
The basic premise is that malware can be very good at defending itself, so the best way to remove it, is not to let it run in the first place. You can do this by booting an infected machine from a CD and running an operating system off the CD that treats the C disk as a data disk. You can then run anti-malware software either from the bootable CD (I like The Ultimate Boot CD for Windows) or from another machine on the network.
It turns out that this is a good first step, but is not sufficient as the only step (see Part 3). There is great news ahead however. Both MalwareBytes and SUPERAntiSpyware are working on being able to mount the registry as a registry, even when running outside the infected Operating System. This will be a big improvement and go further to making my scan-from-the-outside approach even better.
The Best Way to Remove Viruses, Spyware and other Malware (Part 1) May 19, 2009:
http://www.esecurityplanet.com/features/article.php/3821001/The-Best-Way-to-Remove-Viruses-Spyware-and-other-Malware-Part-1.htm
How to Remove Malware: Booting from a CD (Part 2) June 16, 2009:
http://www.esecurityplanet.com/features/article.php/3825291/How-to-Remove-Malware-part-2-Booting-from-a-CD.htm
The Best Way to Remove Viruses and Malware: The Clean-Up (Part 3) July 20, 2009:
http://www.esecurityplanet.com/features/article.php/3830676
My first writing on this topic, which went more into other approaches to malware removal, was my April 16, 2009 Computerworld blog posting Different approaches to removing malware:
http://blogs.computerworld.com/different_approaches_to_removing_malware
Original Page Follows
Topics Below
1. Overview
2. Preparation
3. Backup
4. Stop Malware
5. Other Errors
6. Repair, Delete and Re-build
7. Prevention
8. Symptoms of Infection
Click the URL above to read the full article
Votes:31