Most people have likely had a run-in with spyware by now. Either at home, or at work, or had a conversation with a coworker who had it happen. Figuring out exactly how it got in is always a difficult task. Usually all we can say is it’s just from a little too much random internet browsing. But for preventing the spyware, or removing the spyware, there are some very well-made tools that do the trick.
First, let’s discuss prevention. All the big Anti-Virus companies claim they block spyware now too, but I’ve noticed they rarely do a complete job of it. They often miss the really nasty stuff. The best line of defense is Gateway protection. Firewall manufacturers like SonicWALL and Watchguard have security service subscriptions for their devices that can block most spyware, viruses, and other intrusions before they ever get inside the network. While still not foolproof, they still do a far better job then most Anti-Virus programs. The other main defense is just education and experience. People on the internet needs to understand the risks and make good common sense judgements on their browsing behavior. Of course, if all else fails, adminstrations could always start restricting website browsing to only approved locations.
For removing spyware, there are many great tools available and all of them are free. Don’t pay money for anti-spyware removal programs. Probably the two most well-known free spyware removal tools are Ad-Aware and Spybot Search & Destroy. Both have been around a long time and do a decent job at removing spyware. Often times you have to run both to really get rid of everything. Lately I’ve been using a newer program called Malwarebytes Anti-Malware that has been doing a more complete job
in a single run. Easily my favorite for the time being. Another quick way to get a computer behaving correctly again is to use the System Restore feature built into Windows. The downside is you may lose other settings or valid program installations in the process.
A lot of the more complicated spyware have started inserting blocks for all the popular anti-spyware programs. If you run across one of these scenarios, where either the websites to download the anti-spyware software are blocked, or the installations for these programs always fail, then you need to move up ComboFix. ComboFix is a very robust script that seems to find and remove even the toughest of spyware. It gives very specific instructions to follow, removes rootkits, resets a lot of security and registry settings, and gives very detailed logs of what it’s done. It’s advised to only use it after other avenues have been foiled as it can potentially mess with some settings. But if a computer is really stuck, this should get it to a point where other anti-spyware can be used to finish the job, or a System Restore becomes possible again. Always follow-up a ComboFix with another scan, like Malwarebytes Anti-Malware.
Also, when downloading ComboFix, always rename the file during the save process. (e.g. Combo-Fix.exe or FixCombo.exe) This will let the program bypass any blocks that spyware may have in place.