Accurately detect spyware on your computer

Preface

You should have had such an experience that your computer is infected with spyware or adware. In this case, the key to solving the problem is to find out where your spyware is located on your hard drive, memory or Windows registry. I recently researched several machines in my main network to find information about spyware and adware infections. I personally recommend that it is best to use such effective commercial software and free software to conduct such checks frequently.

Here are some steps:

1. Clean up the machine as much as possible before using a commercial or free software tool. Run an anti-virus or anti-spyware scan and immediately remove some unusual items. There is a lot of content on this topic on the web. It is important to note that before moving on to the next step, experts strongly recommend using and running more than one anti-virus and anti-spyware scan to achieve thorough cleanup.

2. Create a checkpoint or make a backup of the system. If you're using Windows XP, it's so convenient, so you can quickly create a system recovery point (in turn: Start menu - Help and Support - Use System Restore to restore your changes to the system, then click Create a button to restore points). Of course, there are other ways (the only way for those who use other Windows operating systems) is to create a complete system backup, including system status information (if other methods are not feasible, you can use NTBackup. Exe file; he contains information about all new versions of Windows). In this case, if you make a mistake in the next step, you can restore your system to the previous correct state.

3. Close all unnecessary applications. Some anti-spyware software looks for signs of abnormality from all threads and the registry running on the computer, so it can save a lot of time by exiting all applications and then launching the anti-spyware run check.

4. Run the anti-spyware program. In this step, I used the Hijack This software. Extract the downloaded Zip file to the directory you want, then double-click the HijackThis.exe executable file, and a window with the prompt "Do a system scan and save a logfile." will pop up. By default, the log file is saved in My Documents. I found it useful to include date and time information in the saved log file name. In this case, a file named hijackthis.log is renamed hijackthis-yymmdd. :hh.mm.log (hh.mm is a few points of the 24-hour system). In this case, you will run Hijack This again at any time in the future (it will automatically clear the previous log once it starts running), and you don't have to worry about losing the previous log. Therefore, time stamping is a good method, which is very useful for future analysis of your log files.

5. View the scan results displayed in the Hijack This results window. This result is the same as the information written to the log file, and you will find a checkbox to the left of each item. If you have selected certain items, press the “Fix Checked” button and Hijack This will completely remove them. You will find a lot of files that look secret, and you can quickly scan them to decide what to do at this time. In fact, the real problem is to identify which files have potential threats, which ones are necessary, and which ones are irrelevant. At this point, the analysis tool can help us a lot. Remember, don't close Hijack This's search results window now, and you don't need to check it, because we will return this window in the next steps.

Specific Method

6. Run your log file with Hijack This log analyzer. You can use one of the two analysis tools, Help2Go Detective or Hijack This Analysis. If both software are available, I personally prefer Help2Go Detective, but both are worth a try. In the Hijack This log, you will find special information about each intrusion (thread) and related processing suggestions, including which ones can be retained, which ones can be deleted (but are harmless), and which are suspicious files (maybe deleted, but Further analysis is needed, and what must be removed (because it is determined to be a malicious virus). At this point, you are suspicious of checking all options that are identified as malicious, or options related to known spyware and adware.

7. Check for suspicious items (including optional activation items). Sometimes you can check the registry name or related file and directory information to check for items that are not recognized even through the analysis program (which is clearly discovered using Hijack This), which may be part of a program you intentionally install or use. These projects are often left alone. If the checker and yours don't find these items, the security option will back them up and delete them (however, if you take this step, save this situation by storing only one backup file or returning to the previous recovery state) If you want to know what file you are viewing, go to the next additional step and search for the project name with google or another search tool. In 99% of cases, I can make a decision on whether to approve or not in two minutes or less. Only a small number of projects, the most notable is that the dll file does not only need to be retained by the search verification of the file name.

8. In the Hijack This results window, select the harmful files and the unquestionable suspicious items, then press the "Fix checked" button. You can also scroll through the items in the results window and highlight individual items by clicking them, then get additional information about these items by clicking on "Info on selected item....". It's more appropriate to look at this information than to look at it in the previous step, because the analysis tools are faster and object-oriented.

9. Restart the system to check the operation. If the system is not operating properly, such as the application does not work or becomes abnormal, or the system does not look right, you need to decide whether you need to return to the recovery state or backup state. If Windows cannot complete the boot, press the F8 key at the beginning of the system boot until the boot into the secure boot menu and select the last correct configuration. There is no problem with this startup. After the system starts, you need to go back to the recovery point or restore to the state of the second step backup. If you accept this option, you don't need to save the changes, you can go directly to step 10.

10. Finally run Hijack This scan in sequence: Repeat step 4, but you need to pay attention to changing the date label of the saved log file. You can scan the results to make sure that the moved project has been completely erased, or just save a snapshot of your computer's state and quickly clear it (this will produce a meaningful reference state for the next operation).