How to delete spyware manually
You can locate and manually delete spyware from your system. The reason for this section is so
that you have a better understanding of where the spyware hides so you can find most of them to delete them.
Also because removing the source files (.exe) is a sure way to stop
most spyware programs from running again. There may be ones that are
able to restore themselves but you will need to see the Windows Registry section of this guide for that..
Quite often, spyware scanners do not
remove the .exe, .dll files. They may remove the
instructions to run them, so the they lay dormant but I personally
prefer to get rid of as many as I can, even if they're not doing
anything. Many of the folders will also remain and I prefer to delete
them for organisational purposes. Fewer folders also means
that I can find newly created folders more easily in the future as
there's less clutter and I would be able to spot suspicious items
more easily, as I would be more aware of what should and should not
It is like when you clean a cluttered room. Once you have
organised everything, you are able to find things more easily. After
cleaning it, you will also be more aware of exactly what is in the
room. While cleaning, if you come across an object that you had
previously forgotten about, you will know that it is there. If an
new object is placed in the tidy room, you will be more likely to
Exit programs and end processes
First, exit all non-essential running processes and programs. Begin with the programs in the System Tray.
Exit all the programs by Right-Clicking on the icons and and clicking Exit. Programs here are normally not very important and can be closed without problems.
The next step is to end non-essential processes running in the background. This means you will close down all or most of the spyware that is running. Hold Ctrl and Alt, and press Delete once on your keyboard (Ctrl + Alt + Delete). If it doesn't take you straight to the Task Manager, select Task Manager from the choices.
Select the Processes tab. Select the suspicious processes and then click End Process for each suspicious process to close them. You can also end non-essential programs. i.e. RealPlayer, printer software, etc. Spyware processes may come back after you've ended them. If this happens, try a few times but leave it if you can't end it completely. In the example above, I have deemed the following as suspicious.
- TheMatrixHasYou.exe [Obvious one'
Leave processes like svchost.exe as this could shut down your computer.
The easiest way to start removing spyware is by uninstalling them from the Add/Remove Programs utiltity located in the Control Panel. I advise you to perform this step before manually deleting files described in the next steps. Do it for the ones that are listed and let you remove them. Some may not let you remove them and may throw error messages. See below.
Start > Control Panel > Add/Remove Programs
Look for suspicious programs. In the example above, the following could be deemed as suspcious.
- Hotbar Browser, Weather and Wowpapers Tools
- Hotbar Outlook Tools
After scrolling down, the programs listed below are deemed suspicious.
- Search Plugin
- Shopper Reports
- Spy Sheriff
- WinAntiVirus Pro 2008 18.104.22.168
- WinFixer 2008 22.214.171.124
The 'Search Plugin' is suspicous because selecting it does not display any information about the software vendor.
You are likely to encounter different spyware programs to the ones shown in the example above. You will need to determine for yourself whether the programs in your Add/Remove Programs list are trustworthy or dodgy. Be suspicious of the following:
- Toolbars (or anything with the word 'Bar' in it)
- "Bargain", "Shopping", etc. search tools
- Spyware scanners from unknown makers
- Software you don't remember installing
- Fun software
- Weather reporting programs
- Clock sync programs
If unsure, run a search in a search engine for the program and include the word "spyware" in your search criteria.
Deleting spyware manually
This section will cover how you can delete spyware manually by locating them in the folders. Only do this once you've tried using Add/Remove Programs if they are there.
The window above popped up as soon as Windows loaded. That is a clear sign of something fishy going on. Not only that, my Home Page was also changed to the page shown above. It display my actual IP address (I checked). The whole point of the page above, which resembles the Windows BSOD (Blue Screen of Death), is to try to scare me into buying some security software. The security software is probably something the author of the page above created, or is affiliated with and earns a commission for each sale. The security software would probably be more spyware so do not buy it if you're ever presented with something similar to the above. Notice there's also a yellow Toolbar with a search bar.
The first time you open certain directories, i.e. C:\, C:\WINDOWS, C:\Program Files, etc, the files will not be visible until you tell Windows to show the contents of the directory.
The secure32.html file is shown in the image above. This file comes back every time it is deleted. It is a part of a browser hijack. The image above shows the C drive (C:\). There are many .exe files and they should not be there and should be deleted.
Native Windows files in C:\ that you can/should leave:
If unsure about a file, search the Internet for it to confirm that it is genuine or not. Sometimes .exe files can have the names of genuine Windows programs. Check what directory they are. For example, explorer.exe should be in C:\WINNT\ or C:\WINDOWS. If you find it in C:\ or C:\WINDOWS\System32, etc, then it is most likely a virus.