Another Road to Success
The tenth program in our tests, Merijn.org's HijackThis, is not a traditional scanner. HijackThis provides a report of all active processes, startup Registry keys, Startup folder contents, BHOs, and services found on the system. With this program's log, you can locate suspicious or unwanted startup items and remove them. Though identifying the suspicious entries in the log requires an experienced and confident user, the program is easy enough for even a novice to run. Less-experienced users can post their logs to various forums on the Internet for assistance in identifying undesirable processes. (For guidance on using HijackThis, see "Kill Really Stubborn Spyware With This Tool" by PC World's privacy columnist, Andrew Brandt.)
We used HijackThis along with the Add or Remove Programs feature in Windows XP's Control Panel. We were surprised to find that nearly all of the 45 adware/spyware apps on our infected system had a corresponding uninstaller in Add or Remove Programs. (To use these uninstallers effectively requires that you know which programs they belong to; it's not always easy to tell.) By using the uninstallers and following up with HijackThis--which identified and deleted active components not removed by the uninstallers--we obtained our best score yet, killing off 100 percent of all active components of the adware and spyware infecting our machine. We obtained the same result when we followed a CounterSpy scan with HijackThis. No other combination gave us 100 percent--the WinTools processes that the other scanners left in place thwarted our cleanup efforts, and HijackThis was unable to stop the processes on its own.
By the Numbers
We saw a significant difference among scan speeds. The most effective scanner--CounterSpy--was also the fastest, taking only a minute to perform a complete scan of a system with 2.7GB of data. Also fast were Spybot and Spy Sweeper, which scanned our test system in just over 2 minutes. Conversely, Spyware Eliminator was inconsistent and slowest at scanning, taking anywhere from 10 minutes to an hour (we performed multiple scans). The remainder of the scanners took between 4 and 5 minutes.
The spyware scanners reported infections very differently, too. For example, when we installed the WhenUSearch toolbar on our system, CounterSpy saw it as two separate adware objects, WhenUSearch and SaveNow. Ad-Aware, in contrast, detected the same toolbar as a total of 73 objects. And after we allowed CounterSpy to remove all active components of WhenUSearch, Ad-Aware continued to report 5 "critical" objects--these turned out to be 3 empty Registry keys and 2 empty folders. Such alerts can be unnecessarily alarming, and can cause the spyware problem to seem more severe than it is.