Malware Removal: Antispyware Scanners

From CastleCopsWiki

Jump to: navigation, search

Please complete at least one of the following spyware/adware scans:

Note: Image:Vista-Icon.png This icon denotes a Vista compatible scanner

Contents

[edit] Ad-Aware 2007 Free

Image:Vista-Icon.png Download and install Ad-Aware 2007:
http://www.lavasoftusa.com/products/ad_aware_free.php

Supported Operating Systems
Windows Vista (32-bit), Windows XP (Home and Pro), Windows Server 2003, Windows 2000 (Pro and Server)


Important Notes:

  1. If you already Ad-aware 2007, please configure it per instructions below.
  2. If you have a previous version of Ad-Aware installed - such as Ad-Aware SE, please uninstall it, because as of January 1, 2008 - Lavasoft has withdrawn support for all versions released prior to Ad-Aware 2007.

When you are prompted to enter registration details, just press the Cancel button (since you are using the freeware version), and Ad-Aware 2007 Free will open.

There are four major functions available within Ad-Aware that are listed on the left side of the screen that we will be referring to:

  1. Status
  2. Scan
  3. Web Update
  4. Settings


Update Ad-Aware Definitions

  1. It is important for you to update Ad-Aware with the latest threat definitions by clicking on the Web Update section, and then selecting the Update button.
  2. Click the Yes button to download any program or definition updates that Ad-Aware locates.


Suggested Scanner Setup

  1. Click the Settings option and then choose the Scanning tab.
  2. Check the following scanning options:
  • Unload malicious processes and modules
  • Remove malicious LSPs
  • Scan Alternate Data Streams (ADS)
  • Scan Tracking Cookies
  • Deep Archive Scan
  • Unload Modules
  • Unload browsers while scanning
  • Let Windows remove files at startup
  • Deactivate Ad-watch
  • Re-analyze scan result

Set the "Ignore infection with TAI lower than:" to 3.
Select the Save button to retain these settings.


Scanning your computer
Ad-Aware scans memory, the registry and the file system for threats

  1. Select the Scan option
  2. Select the Full Scan
  3. Press the Scan button in the lower right hand corner of the screen to begin scanning.


Scan Results

  1. Select Quarantine for the action to be performed on all threats that were detected
  2. Select the Privacy Objects tab, then select and remove "privacy risk items".
  3. Click the Finish button to proceed to the Scan Summary which lists all threats found and specifies the action that was taken for each threat.
  4. Reboot your Computer


If additional assistance is needed, help is available from the CastleCops Ad-Aware Support Forum

[edit] Spybot Search & Destroy

Image:Vista-Icon.png Supported Operating Systems

  • All Versions of Windows including Vista
  • Can be integrated into Vista Security Center - Monitors if Spybot-S&D is up-to-date and whether the permanent protection (TeaTimer) is running or not).


Download Spybot Search & Destroy and install it.

  1. Run Spybot and allow it to create a backup of your registry when prompted.
  2. Click on "Search for Updates".
  3. If any updates are found, place a check mark next to each one.
  4. Click on "Download Updates".
  5. Do not choose the option to install/activate TeaTimer.
  6. Click on "Immunize" [When it detects what has or has not been blocked, block all remaining items].
  7. Do this by clicking the green plus sign next to immunize at the top.
  8. Click on "Check for Problems" and if any problems are found, click on "Fix Selected Problems".
  9. Reboot your computer.


Safer Networking's Spybot Tutorial

Bleeping Computer's Setup & Configuration Instructions

Is Spybot compatible with other programs installed on your computer? Check the Application Compatibility List

Questions or problems with Spybot S&D can be posted at The CastleCops Spybot Search & Destroy Forum

[edit] Windows Defender

Windows XP and Windows Server 2003 users can find information and download links for Windows Defender

Please note: The Microsoft download site will require you to validate your copy of Windows before allowing you to download this program. Only systems that are fully updated with all service packs will be allowed to download.

Image:Vista-Icon.png Supported Operating Systems

  • Windows Server 2003 Service Pack 1
  • Windows XP Service Pack 2
  • Vista (it comes installed with the Operating System so you don't need to download it)
  1. Download and install the Windows Defender by checking the use recommended settings option.
  2. When the installation has finished, allow the program to automatically update the definitions and perform a quick scan. This will only take a few minutes, but it is not enough to ensure you have a clean system.
  3. Following the completion of the quick scan, click the white down arrow next to Scan, and then click Full Scan. The Full Scan option will allow Windows Defender to perform an in depth scan of your entire system which is necessary to detect any hidden spyware/adware threats.
  4. When the full scan is complete, you will be presented with your spyware scan results.
  5. Take the default action suggested by Windows Defender to deal with all threats found.
  6. Once you have selected an action for all threats found in the spyware scan results, you will need to reboot your computer.

For more detailed instructions consult Beyond the Basics Help and How Tos and the Windows Defender FAQ
Please direct any questions you may have to The CastleCops Microsoft AntiSpyware / Windows Defender Forum

Note: Windows Defender will remove the rootkit portion of the Sony XCP DRM software.

[edit] Prevx2

Please note: Prevx2 provides the cleanup option only for 30 days of free use, thereafter it will only detect and not cleanup infections.

Supported Operating Systems

  • Windows 2000, Windows 2003 and Windows XP - a Beta version is available for Vista (32 and 64 bit)


  1. Download and install Prevx2 by clicking the Download Now button.
  2. When the installation has finished click on the Start Trial to activate and then reboot your system.
  3. Allow the installation scan to complete after the reboot.
  4. If malware is already running then the Process Scan will detect and launch the Cleanup routine.
  5. Follow the directions on the screen.


Please direct any questions you may have to The CastleCops Prevx2 Forum

[edit] SUPERAntiSpyware

SUPERAntiSypware (SAS) is free to home users

Image:Vista-Icon.png Supported Operating Systems

  • Windows 98, ME, 2000, XP, 2003, Vista

System Requirements

  • 400Mhz or faster Processor with atleast 256MB RAM

Download and install SUPERAntiSypwareusing the default settings

  1. Double-click the SUPERAntiSpyware desktop icon to launch the program.
  2. When you are asked to update the program definitions, click Yes.
Only if you are not prompted to update the definitions or already have SAS, select Check for Updates before scanning.

Program Setup

Select Preferences | Scanning Control

Check the following Scanner Options:
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.

Click the Close button to leave the control center screen.

Image:SAS-icon.png Scanning

  1. On the main SAS screen, under Scan for Harmful Software select Scan your Computer.
  2. On the left, make sure your primary drive (normally C:\Fixed Drive) is selected, plus any other hard drives that are connected to your system.
  3. On the right, under Complete Scan, choose Perform Complete Scan.
  4. Click Next to start the scan.
  5. After the scan is complete, a Scan Summary box will appear listing potential threats that were detected. Click OK.
  6. Check all detected threats, then click "Next".
  7. A notification will appear that "Quarantine and Removal is Complete". Click OK and then click the Finish to return to the main menu.
  8. Reboot your computer

Retrieving the scan report

  • Relaunch SUPERAntispyware
  • Click Preferences | Statistics/Logs
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, select the most recent and press View log. The SAS scan log will be displayed in your default text editor.
  • If you are posting a HJT log, and any threats (excuding cookies) were found - copy and paste the SAS Scan Log results in your HJT topic - along with your HJT log.
  • Click Close to exit the program.

If you have questions or need help, please refer the SUPERAntiSpyware Frequently Asked Questions.

Now go ahead and perform an antiviral scan.

This article is part of the Malware Removal and Prevention series
The series was developed as the key deliverable of the
Cleaning Malware Project.
Malware Removal and Prevention Overview
Malware Prevention
edit this template
Retrieved from "http://wiki.castlecops.com/Malware_Removal:_Antispyware_Scanners"
Personal tools