Home Office: More Spyware Prevention and Removal

The good news this week: I'm going to finish up with spyware and show you how to remove most of the run-of-the-mill stuff. But as I move along, you'll learn the bad news (and the source of my frustration): Some spyware is complex and miserably difficult to remove. As each situation is unique, I'll provide you with advice from two of my guru friends and a few sites to help you extract yourself from a spyware mess.

First, get yourself up to speed by reading last week's column, if you haven't already.

You're Not Alone

Two of my drinking buddies, Rod Ream and George Siegel, both professional computer consultants, could turn into spyware specialists if they wanted to: They're both spending an enormous time removing this junk from client machines.

George recently told me: "I'm finding a steady--and substantial--increase in the amount of spyware I have to deal with. Worse, I'm finding that the 'tools' available are less thorough at removing the stuff. I have to use more programs and make multiple passes and do more manual removal. PITA. [Note to Editor: an abbreviation for pain in the, uh, derriere.] Time consuming. Unhappy clients."

Rod chimed in with: "I see a lot of spyware, too, particularly on new referral clients. Like George, I find that where there's a lot of spyware, there are probably a few viruses, Trojan horses, and worms that are also active. Typical time for cleaning out trash, removing all the bugs, and installing OS updates is usually in the neighborhood of 2 to 3 hours."

I'm telling you this to validate your experience if you've faced the hassle of removing spyware--and to emphasize the importance of paying attention when you surf the Web. We'll hear more from Rod and George later.

Dig This: Do you enjoy spouting statistics to your friends? Here's a strange and unusual site with both witty--and grim--numbers, statistically speaking. [Thanks to cousin Judy.]

Examine, Verify, and Trust No One

Prevention is one essential means of keeping spyware from turning your day into computing hell. Here's an example.

Occasionally I'll bump into a program trying to load itself onto my machine or run when I boot. It's usually an executable file, with the .exe extension. Most times it will have an unusual name--ctfmon.exe, say, or flashksk.exe.

It could be spyware, or perhaps something benign, and I take steps to figure out just what it is--right away, not after it's done some damage or thoroughly trashed my PC.

First, I use WinPatrol--it's loaded in my system tray--because it provides an early warning. If a new executable is trying to load, WinPatrol spots it and gives me a heads-up. When I click WinPatrol's Info button, it gives me a rundown on what the executable is doing. WinPatrol also lets me stop any bad guys from loading.

For instance, based on what you learned in last week's column, if you conclude the executable is spyware, WinPatrol lets you delete the file from your drive. That very cool feature is included in the free version. Just highlight the file, right-click, and select Delete File on Reboot.

BTW, if you haven't guessed, WinPatrol is a favorite of mine that's a permanent resident on my PC. It contains no spyware or adware; and there's a newly released free version. My recommendation is to pop for the $20 version and get even more detailed info about things loading in the night. Read more about it in Laura Blackwell's "Guard Your PC and IM With a Gem."

Dig This: Security isn't something just for computers and spyware. I found an ingenious security ploy for your hot new car. [300KB video]

Who's That Knocking at My Door?

If the executable isn't loading, but instead trying to send data onto the Internet, my firewall sends up a warning flag. ZoneAlarm tells me what the program is and what it's doing. But unfortunately, ZoneAlarm isn't nearly as clear and detailed about the products it's blocking as I'd like. You can get a copy of the freebie from our Downloads site, but you may want to consider upgrading to the paid version for more protection.

Besides WinPatrol and ZoneAlarm, there are other good tools I recommend you use to determine an application's intent. The first is Uniblue Systems' Process Library. It provides tons of info about most every common process that occurs in the background, and it's where I found details about flashksk.exe and ctfmon.exe. The other one I like is Windows Startup Online.

Next up: More prevention. Download, install, and run SpywareBlaster. This tool reduces the chances of getting spyware on your PC. It's good--and I use it.

By now you may feel discouraged and exasperated. Between what I suggested last week and the checking I just mentioned, you're probably about to give up with this spyware detection process. I know it's yet another PITA [Note to Editor: Please check previous note to you.], but until Microsoft incorporates a spyware sniffer and remover into its operating system, we have to take these extra steps.

Removal Tools and Techniques

My other recommendation is to run a spyware detection and removal program weekly, more often if you haunt risky sites (and don't kid me, you know what I'm talking about). But in my opinion, you need to run two such programs just to be on the safe side.

I have two favorites I recommend all the time; I want to make sure you have both on your machine. The first is Lavasoft's Ad-Aware SE; the second is Spybot Search & Destroy. (BTW, you might enjoy reading an interview we did with the author of Spybot, Patrick Kolla.)

Unfortunately, just having those two programs on your PC isn't enough. And a two-month old version of Spybot or Ad-Aware isn't worth a hoot. You have to update these products before you scan. And even at that, Rod and George recommend occasional sweeps with other scanners as insurance. You'll then have to spend some time comparing the results, checking the file names at the sites I mentioned earlier.

One spyware scanner all three of us like and use is SpywareGuide's X-Cleaner; it's Web-based, so you can run it right from your browser. The site also has a spyware database.

For even more options, take a look at PC World's collection of anti-spyware tools.

For Tough Cases

If you get nailed with spyware that the usual products can't remove, read "Removing Spyware," Michael Horowitz's excellent and comprehensive tutorial. (Michael teaches a Defensive Computing class at Hunter College in New York).

You can't have too much knowledge, so look over The Parasite Fight page; then read "Removing Pests from Windows, Part 1" and "Removing Pests from Windows, Part 2."

For a few more tips, browse "Spyware Help Center," PC World's roundup of news, tips, and tools in the fight against spyware and adware.

Okay, that's enough ranting for this week--and certainly enough about spyware for a while. But don't worry, I have more things to complain about: pop-ups, Web advertising, and spam. Stay tuned.

In addition to writing PC World's Home Office column, Steve Bass is the author of "PC Annoyances." Sign up to have Steve Bass's Home Office Newsletter e-mailed to you each week. Comments or questions? Send Steve e-mail.
To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon