Subscribe to Malware Help RSS Feed RSS Feed - Subscribe to Malware Help. Org on Twitter Follow on Twitter - Malware Help YouTube Channel YouTube Channel - Subscribe to Malware Help by Email Subscribe by Email

How to cure Malware infection Part 2 – Using Anti-spyware software

by Shanmuga| Tweet This | Google +1 | Facebook | Stumble It | Reddit | Digg |

How to Proceed?

Once the Anti-virus scans are completed, it's preferable to eliminate the possibility of infection by known variants of two of the most difficult to remove Malware, root kit infiltration and CoolWebsearch (CWS).

Step 4 – Rootkits

Detection and removal of modern Rootkits are increasingly becoming frustrating as each time a detection/removal tool is updated, the rootkit authors also update their malware to avoid detection. A case in point is Hacker Defender offering anti detection service for a fee Hacker Defender – NT Rootkit – Anti-detection service and for proof a video of how it defeats the detection tools is available for viewing at their site.

According to Russ Cooper, who founded and moderates the NTBugtraq newsletter, "only a person with very little knowledge would try to remove a rootkit," adding that the one certain cure is to wipe the hard disk and reinstall the OS. Mikko Hypponen, F-Secure's director of antivirus research, mostly concurs with Cooper, but points out that Blacklight can address situations where no known good backup is available.

To scan your system for rootkits download F-Secure Blacklight, Sysinternals Freeware – RootkitRevealer and Windows Malicious Software Removal Tool. All three are light weight tools and generally completes the scan in seconds. If any suspicious files, services or registry keys found, immediately head to a security forum and ask for help. Recommended Online Forums for Malware Help

Step 5 – CoolWebSearch (CWS)


CoolWebSearch is one of the most difficult, persistent Malware/Spyware infections to hit those online in recent times, since 2003 to be exact. It comes in nearly countless variants, earlier ones are well documented by Merijn – the original developer of CWShredder – in CoolWebSearch Chronicles. The variations of CWS hijacks your browser to the Website called, which pays affiliates whenever they direct a user to their Website.

The many variants of "CoolWebSearch installs dozens of bookmarks mostly to porn Web sites on your desktop, changes your home page without asking, and continually changes it back if you attempt to correct it. Furthermore, it significantly slows down the performance of your PC, and introduces modifications which cause Microsoft Windows to freeze, crash or randomly reboot". They also normally escape most Anti-Spyware products. However, most known variants of CoolWebsearch can be detected and cleaned by CWShredder.

Check out this page for How to effectively remove CoolWebSearch (CWS) Infection using Trend Micro CWShredder

What Other Anti-Spyware Programs to use for cleaning of Malware?

The most respected free spyware removal programs for automated spyware detection and removal are Ad-Aware, Spybot S&D and the recently introduced Microsoft Anti-Spyware, currently "free for download and use" without any strings attached. Using one or all of these utilities is by far the easiest and safest way to remove spyware and adware from your computer.

Though there are many good commercial malware removal software available for spyware/adware cleaning like Spy sweeper, CounterSpy, and Pest patrol, for the purpose of this post only freeware removal tools are discussed.

Ad-aware, Spybot S&D and Microsoft Anti-Spyware first scan your computer and provide you with a report that indicates what pests you have. You can remove them all or have the option to remove only some. These programs are pattern-based, adaptive programs that scan systems to find and remove Trojans, key loggers, dialers, adware and tracking cookies. If one type of spyware remover failed to remove your pests, then try another one. Spyware removers usually complement each other – what one cannot remove might be removed by another. These programs are very similar to Anti-Virus software which, unfortunately, currently does not offer full protection from adware or spyware.

Is it necessary to run all the three programs?

Two, definitely yes. Three, probably necessary to give you the best chance of finding and eliminating the pests. If Malware is already present on your system, it makes sense to use multiple anti-spyware sofware, because each use different rulesets, definitions and algorithms to detect Malware. A single program will not, as a rule, catch all of it.

In What order to run them?

There is no particular order, it's a matter of personal preference. I personally prefer running Spybot S&D first to clean as much as possible. Then run MS Anti-Spyware, and remove whatever it finds. Finally, run Ad-Aware SE Personal in "full system scan mode" to mop up the left overs.

Step 6 – Scan your system using Spybot S & D

Image of Spybot S & D banner-spyware removal

Spybot – Search & Destroy can detect and remove spyware of different kinds from your computer. Spybot-S&D can also clean usage tracks, an interesting function if you share your computer with other users and don't want them to see what you worked on and for professional users, it allows to fix some registry inconsistencies and extended reports. This wonderful program has many features, and is great at keeping spyware out of the systems.

Check out the following step-by-step "Visual Guides" (Tutorials) for more on using Spybot S & D.

Step 7 – Scan your system using MS Anti-Spyware

Image of MS Anti Spyware logo malware removal

The Microsoft Anti-Spyware spyware scanning engine scans your entire computer using a regularly updated database of over fifty thousand known spyware signatures. Due to the ever changing environment, spyware signatures are updated consistently through SpyNet to provide you with ongoing, accurate protection. Spyware scanning is used on a manual basis (on-demand scanning) as well as a scheduled basis using the spyware scheduler to perform full system sweeps to locate and remove unwanted spyware threats. Spyware scans perform in-depth scans of your computer's hard drives, memory, process, registry and cookies to seek out and remove any and all known spyware threats.

With real-time protection from Security Agents, Microsoft Anti-Spyware protects your computer, privacy, and personal information from hidden threats before they can run, stopping most spyware threats before they have the chance to be installed. Internet, System, and Application Agents monitor over 50 security checkpoints to verifying any unknown activity with the global SpyNet community.

Check out the following step-by-step "Visual Guides" (Tutorials) for more on using MS Anti-Spyware

Step 8 – Scan your system using Ad-Aware SE Personal

Image of Adaware SE Logo spyware removal

Ad-Aware SE is a multi-trackware detection and removal utility that will comprehensively scan your system's memory, registry, hard, removable and optical drives for known Malware. It works in all flavours of Windows from Windows 98 to Windows Terminal Services.

Check out the following step-by-step "Visual Guides" (Tutorials) for more on using Ad-Aware SE Personal

{ 0 comments… add one now }

Leave a Comment