Removing Viruses and Spyware

You will need an Internet connection with a network cable, wireless will not work. If you use a wireless router, you will need to temporarily attach a network cable between the router and the computer. It is also possible to do this with dial-up connection but it will take quite longer.

Can you still access the Internet? If yes – continue to the next step. If not – you will need to fix it first.
To be able to do that, you will need to download several programs on another computer and burn them to a CD or use a flash drive to copy them to your computer. You will need:

Step one: Plug in the network cable and start the computer in “Safe Mode with Networking”.

To do that you will need to keep pressing the F8 key several seconds after you see the very first (logo) screen when starting the computer. If you have a BIOS password, start pressing the F8 key as soon as you enter it. If a “Select a boot device” screen appears, select the hard disk, press “Enter” and continue pressing F8. If the usual “Windows XP” screen appears, that means you’ve missed the moment. Wait for Windows to load, then restart it and try again. Eventually you will see the advanced startup screen of Windows (black screen with white text). Use the “Up” arrow key to go to “Safe Mode with Networking” and press “Enter”.

Log into your admin account (or your account if you have only one) and dismiss the warning that windows is running in safe mode by clicking “OK”.

Step two: Clean the Temporary Internet Files and Internet Explorer.

Go to Control Panel -> Internet Options, click “Delete Files…” on the “General” tab, then click “Settings…” just next to it, then “View Objects…” and delete all of them. Then click on “Connections” tab, then “Lan Settings…” and uncheck all three checkboxes there, then click “OK”. After that go to the “Programs” tab, click on “Manage Add-ons…” and disable all. Click “OK”, then “OK” again to close the “Internet Options” control panel.

Step three: Clean your temp folder.

Open “My Computer” and go to “Local Disk (C:) -> Documents and Settings -> [your account name]”, then on that window’s menu at the top go to “Tools -> Folder Options…” select the “View” tab and click “Show hidden files and folders” and uncheck “Hide extensions for known file types”. Then click “OK”. Now you should see a folder “Local Settings”. Open it, then right-click on the “Temp” folder and select “Delete”. Repeat this for the rest of your accounts if you have more that one. After that empty the trash.

Step four: Disable all startup items and non-windows services with msconfig.

Go to Windows’ Start button, then select “Run”, type “msconfig” and press “Enter”. This is Windows “System Configuration Utility”. Click on the last tab “Startup” then click on “Disable All”. After that click on the “Services” tab, then on the “Hide All Microsoft Services” checkbox, and then on “Disable All” again. Then Click “OK” and “Exit Without Restart” to return to the desktop. This will disable all startup items and non-windows services. You can enable the ones you need later, after cleaning all viruses and spyware.

Step five: There are quite a few free programs and tools that would help you clean viruses and spyware. My favourites (at the moment) are below. Download, install, update and run all programs in that order:

Trend Micro’s – download both and the latest virus pattern file. Then unzip them both in the same directory and double-click It scans all files and may take some time to complete.

BitDefender’s on-demand scanner – look for the free v. 8.0

a-squared free

AVG Anti-Spyware

Spybot – Search & Destroy


This is a more advanced tool that will let you look at some of the inner workings of Windows. After starting it select “Do a system scan only”. It is safe to check all checkboxes and select “Fix checked”, as the program makes backups and you can restore any needed settings later.


If HijackThis reports unknown “winsock providers”, use LSPFix to remove them. The default (Windows) ones are: Msafd.dll, Mswsock.dll, Mswsosp.dll, Rnr20.dll, Rsvpsp.dll and Winrnr.dll. If you have Novel Netware installed, you will have some of these: Nwws2nds.dll, Nwws2sap.dll and Nwws2slp.dll. If you see any other entries listed in LSPFix, remove them. Some antivirus programs have entries there too. You can remove these entries as you will have to either reinstall the antivirus or better switch to another, since your currently installed one has failed to protect your computer.

After you finish with HijackThis and LSPFix, restart your computer in normal mode. Uninstall your current antivirus and after restarting, either reinstall it back or switch to another one. You can also try one of the free antivirus programs. In the last two years I’ve been using AVG Free at home and never had any problems. If you are uninstalling Norton, you better run the Norton Removal Tool after restart.

After that get Firefox or Opera or get both if you want to try them. Both of these web browsers are a lot safer than Internet Explorer as almost all web based exploits work only in Explorer.

43 thoughts on “Removing Viruses and Spyware”

  1. In reponse to Louis Lopez: even if you update all of your software, you can still get infected by malware, trojans, and rootkits by clicking on and going to websites that install malware scripts onto your computer. Windows XP users are especially susceptible because the operating system is old and not updated anymore, and IE 8 is the latest browser version available for it.

    XP users need to use Firefox (or Chrome, which I do not like and is thought to have more security holes than IE) to keep their browsing experience as safe as possible. XP users should also consider upgrading to Windows 7 ASAP. If the computer is older than 4 or 5 years and has less than 1 or 2 Gigabytes of memory a new computer should be considered instead.

    The best protection against getting infected is common sense. I have been infected twice in all the years I have been using computers and both of those times I KNEW I was doing something risky. Do not click on strange links from emails, even if they are from friends or relatives – they could be infected and the virus could be sending out social engineering emails on their own. Learn about social engineering ( and how it can affect you.

    What about Facebook? It is generally safe but friend’s profiles can get infected and post links with text like “You can’t beat my high score” or “Check out how I lost 20 lbs on my latest diet” – things that are not personal to you or your friend. Do not click on stuff like that.

    I hope this helps someone from getting infected 🙂 Hope you have a safe browsing experience!


  2. Nowadays one antivirus or antispyware is not enough. You can’t have two antiviruses but for antispyware i use malwarebytes antimalware and superantispyware. Both are free and does their job very good.

  3. The Smothertech Document

    Doing your antivirus and Windows Updates is not enough
    “This document is what the anti-virus and computer companies don’t want you to know”

    This document gives you an overview on how to prevent computer hijackers from installing software on your computer. It does not stop all types of attacks; however is does stop the programs that are getting on your computer without your permission. These attacks are the most common and most prominent. This document helps you understand how and why these programs are getting on your computer. Anytime you install an application or add-on you are putting up a “wall” with potential holes in it. These “walls” allow the bugs in. Think of your antivirus software as the janitor. The janitor notices the attack coming through this “wall” and attempts to clean it up AFTER you are infected or it doesn’t even recognize it as a threat.

    These are the most common current attackable “walls” that have holes in them.
    These “walls” are applications that need updates and Add-ons to your browser that need updates

    Apple Quicktime Player (
    Java (look in control panel to update it)
    Windows Internet Explorer (
    Windows Media Player ( (or launch Windows Media Player and check for updates)
    Adobe Acrobat Reader ( (or launch Adobe Acrobat Reader and check for updates)
    Adobe Flash player (
    Microsoft Office (
    Microsoft Windows (

    Other “walls” include ANY program you installed that could potentially be a “wall” with a hole in it, including your antivirus software. Even if you do not even use the software at all, it is a potential way for bugs to get into your computer. As a general rule, if you don’t use it, remove or uninstall it.

    The following is EXTREMELY IMPORTANT information we don’t think about. If you never use one of the above programs listed and it is installed, then the bad guy can get his software on your computer without your permission by using one of these programs. This is how. You are on the internet. You search for something on the internet and happen to click a web site thinking it contains the information you are searching for and that site contains a malicious software. The web site that you visit does not ask you any questions. It simply opens your Windows

  4. simple, steps i do when repairing computer,,,,download latest version of malwarebytes [just search google] turn-off system restore, then run ‘full-scan’ 99.9% removes all viruses…..

  5. Commenting on mal’s note:
    Well i have a very simple solution, but it requires some preparation.
    Trick is to partition your drives:
    1. Have c:\ drive with 20 gb space
    2. Create other drives or leave the rest of the space for d:\ drive
    3. Install OS of c:\ drive. and All other data files should be on d:\
    4. Now even if you have virus or spam your files are safe, and you can re-install ur OS anytime to clean up

  6. I don’t think that there is one program / software that can remove all spywares you need to use many techincs and sometimes only the manual method help

    check this hubs about spywares

  7. Good step by step instruction.
    There is another solution for removing viruses and spywares which I experienced is using online scanning. The service also provide for free of charge. It is good for user who have faster internet connection and do not want to install any antivirus and anti-spyware program in their computer. The user can directly scan from web browser.

  8. Spyware and malware, apart from recording from recording your personal information, slow down your system; keyloggers are used to steal passwords, credit card numbers and the like, and hijacker software are used to take control of your computer. If threats like these are left unattended, they can cause havoc in your life (imagine your credit card information getting stolen; imagine someone grabbing your Yahoo mail password and then sending out malicious mails to all your contacts – the whole scenario is frightening!)

    Great Information….

  9. Of course you have to… And many anty-spayware programs (if not all) will do it automatically in the background, exactly like all anti-virus programs. Also, these programs are getting better and better and if you’re careful (not using IE and not installing “unconfirmed” programs downloaded from Internet), you are 99% safe.

  10. it seems that you constantly have to update any spyware program that we buy. this is never ending and quite burdensome. just a quick note.

Leave a Reply

Your email address will not be published.