Spyware Removal Banner

How to delete spyware manually

 

You can locate and manually delete spyware from your system. The reason for this section is so that you have a better understanding of where the spyware hides so you can find most of them to delete them. Also because removing the source files (.exe) is a sure way to stop most spyware programs from running again. There may be ones that are able to restore themselves but you will need to see the Windows Registry section of this guide for that..

Quite often, spyware scanners do not remove the .exe, .dll files. They may remove the instructions to run them, so the they lay dormant but I personally prefer to get rid of as many as I can, even if they're not doing anything. Many of the folders will also remain and I prefer to delete

   
them for organisational purposes. Fewer folders also means that I can find newly created folders more easily in the future as there's less clutter and I would be able to spot suspicious items more easily, as I would be more aware of what should and should not be there.

It is like when you clean a cluttered room. Once you have organised everything, you are able to find things more easily. After cleaning it, you will also be more aware of exactly what is in the room. While cleaning, if you come across an object that you had previously forgotten about, you will know that it is there. If an new object is placed in the tidy room, you will be more likely to notice it.

 

Exit programs and end processes

First, exit all non-essential running processes and programs. Begin with the programs in the System Tray.

 

remove spyware exit try programs

Exit all the programs by Right-Clicking on the icons and and clicking Exit. Programs here are normally not very important and can be closed without problems.

 

remove spyware end processes

The next step is to end non-essential processes running in the background. This means you will close down all or most of the spyware that is running. Hold Ctrl and Alt, and press Delete once on your keyboard (Ctrl + Alt + Delete). If it doesn't take you straight to the Task Manager, select Task Manager from the choices.

Select the Processes tab. Select the suspicious processes and then click End Process for each suspicious process to close them. You can also end non-essential programs. i.e. RealPlayer, printer software, etc. Spyware processes may come back after you've ended them. If this happens, try a few times but leave it if you can't end it completely. In the example above, I have deemed the following as suspicious.

  1. TheMatrixHasYou.exe [Obvious one'
  2. paytime.exe
  3. kl1.exe
  4. 0mcamcap.exe
  5. HbtSrv.exe
  6. paytime.exe
  7. HbtOEAddOn.exe
  8. HbtWeatherOnTray.exe

Leave processes like svchost.exe as this could shut down your computer.

 

Add/Remove Programs

The easiest way to start removing spyware is by uninstalling them from the Add/Remove Programs utiltity located in the Control Panel. I advise you to perform this step before manually deleting files described in the next steps. Do it for the ones that are listed and let you remove them. Some may not let you remove them and may throw error messages. See below.

Start > Control Panel > Add/Remove Programs

remove spyware add remove programs

Look for suspicious programs. In the example above, the following could be deemed as suspcious.

  1. Hotbar Browser, Weather and Wowpapers Tools
  2. Hotbar Outlook Tools

After scrolling down, the programs listed below are deemed suspicious.

  1. Search Plugin
  2. Shopper Reports
  3. Spy Sheriff
  4. WinAntiVirus Pro 2008 2.0.220.0
  5. WinFixer 2008 1.2.125.3

The 'Search Plugin' is suspicous because selecting it does not display any information about the software vendor.

You are likely to encounter different spyware programs to the ones shown in the example above. You will need to determine for yourself whether the programs in your Add/Remove Programs list are trustworthy or dodgy. Be suspicious of the following:

  • Toolbars (or anything with the word 'Bar' in it)
  • "Bargain", "Shopping", etc. search tools
  • Spyware scanners from unknown makers
  • Software you don't remember installing
  • Fun software
  • Sceensavers
  • Weather reporting programs
  • Clock sync programs
  • etc.

If unsure, run a search in a search engine for the program and include the word "spyware" in your search criteria.

 

Deleting spyware manually

This section will cover how you can delete spyware manually by locating them in the folders. Only do this once you've tried using Add/Remove Programs if they are there.

The window above popped up as soon as Windows loaded. That is a clear sign of something fishy going on. Not only that, my Home Page was also changed to the page shown above. It display my actual IP address (I checked). The whole point of the page above, which resembles the Windows BSOD (Blue Screen of Death), is to try to scare me into buying some security software. The security software is probably something the author of the page above created, or is affiliated with and earns a commission for each sale. The security software would probably be more spyware so do not buy it if you're ever presented with something similar to the above. Notice there's also a yellow Toolbar with a search bar.

 

The first time you open certain directories, i.e. C:\, C:\WINDOWS, C:\Program Files, etc, the files will not be visible until you tell Windows to show the contents of the directory.

The secure32.html file is shown in the image above. This file comes back every time it is deleted. It is a part of a browser hijack. The image above shows the C drive (C:\). There are many .exe files and they should not be there and should be deleted.

Native Windows files in C:\ that you can/should leave:

  • AUTOTEXEC.BAT
  • boot.ini
  • BOOTLOG.TXT
  • CONFIG.SYS
  • IO.SYS
  • MSDOS.SYS
  • NTDETECT.COM
  • ntldr
  • pagefile.sys

If unsure about a file, search the Internet for it to confirm that it is genuine or not. Sometimes .exe files can have the names of genuine Windows programs. Check what directory they are. For example, explorer.exe should be in C:\WINNT\ or C:\WINDOWS. If you find it in C:\ or C:\WINDOWS\System32, etc, then it is most likely a virus.

 

<< Back

 

1. Introduction

2. Do you have spyware?

3. Preparing to remove spyware

4. Software downloads

5. Use spyware removal tools

6. Manually Delete spyware > > Page 1 2

7. The Windows Registry

8. Start from fresh

9. Restore your settings

10. How to prevent spyware

11. Glossary

 
 

Access your computer from anywhere

Home Links Sitemap Disclaimer Contact

Copyright © 2008 - www.TheSpywareRemovalGuide.com Spyware Removal Guide

 

ad2.googlesyndication.com/pagead/show_ads.js">

Access your computer from anywhere

Home Links Sitemap Disclaimer Contact

Copyright © 2008 - www.TheSpywareRemovalGuide.com Spyware Removal Guide