>I was wondering if everybody could share their spyware removal procedures. I am looking at standardizing a set of procedures, and I am curious of other's procedures. I don't have mine readily available or complete yet, otherwise I would share mine. Thanks!
>
>MAC

Hi Mike,

Here are some general suggestions, to add to what else has been mentioned on this thread. For starters, I strongly recommend partitioning one's hard drive as a general practice, with Windows and installed applications on C:, and as much else as possible (i.e. data, backups, and "non-installed" or "weakly installed", non-critical apps) on one or more secondary partitions. Leave plenty of space on a secondary drive for frequently capturing snapshots (aka images) of the primary Windows drive. Try to keep your C: drive as lean as possible. Do not rely too heavily on Windows built-in System Restore, as this is not adequate (though it may occasionally save you some hassle). Nothing beats a true image backup/restore facility for repairing your primary Windows partition. My imaging tool of choice is Image for DOS (IFD) and its companion tools (e.g. IFW, BING) from TeraByte Unlimited (http://www.terabyteunlimited.com/). I used to use Norton Ghost, but got sick of that (TeraByte's stuff is vastly superior, IMO - simpler, cleaner, better documented, better supported, and much cheaper). Generally I create compressed images of my C: drive onto a secondary hard drive partition, with each image segmented into 700MB pieces, so these can easily be burned to CD-R at my leisure. Restoration can be done either from the image files on the secondary hard drive, or directly from CDs. If you don't have room on a secondary drive partition for storing images, they can be burned directly to CD-R as they are generated, but I prefer not to use that approach.

So much for basic hard drive management. More specifically for Spyware, the first tool I rely on is HijackThis, not so much for removal, but for assessing the situation as to the possibility of infection and obtaining details. What's nice about this tool is that there is essentially no installation procedure required, so it's the first thing I feel comfortable putting onto a possibly screwed-up machine. It is a very advanced tool, which seems to be what the real experts use. Although it has removal features, I seldom resort to them, because I don't know what the hell I'm doing. However, HijackThis runs very fast, and gives you a bunch of very informative diagnostic information. The recommended procedure is to take its output and post it on any of a number of security-related sites, where the real experts will then walk you through the proper sequence of cleanup steps. By searching these forums, you may well be able to figure it out for yourself.

Actually, there is another basic step that I take before anything else: take a look with Windows Explorer at the files in your Windows and Windows\System32 directory, Program Files, the root of drive C:, and various standard temp dirs. Order the files by timestamp, and especially by creation date. This is one of the best ways to see suspicious recent additions, or things that were created around the time of a suspected incident. I have found this procedure to be very revealing about the full extent and details of garbage associated with malware infections. HijackThis can then be helpful in removing some of the associated registry entries and stuff that you can't simply delete.

Needless to say, this is an extremely hairy subject, so you really will want to take steps to avoid getting infected in the first place. I've found SpyBot to be quite effective at protecting me from picking up malware, making use of its resident blocking facilities. It also does a pretty good job of cleaning up residual garbage. But it's pretty clear that no one tool does the whole job, so I'm crossing my fingers that I don't need to hassle with yet another such tool (like Adaware, etc). A good reference on the subject can be found here: http://spywarewarrior.com/asw-test-guide.htm.

Good luck in your efforts to compile an authoritative reference on all of this!

Mike