SEARCH

How-To Geek

Exterminate Malware Efficiently with Spybot Search & Destroy

First we showed you how easily your computer can become infected with spyware, crapware, and other unwanted software—and today we’ll show you how to clean your system with Spybot Search & Destroy.

Important Parts of the Installation

As you are installing Spybot Search & Destroy, there are two windows that you should pay special attention to.

Here you can see the Components Selection Window. It is recommended to make certain that “Download updates immediately” and “Security Center integration” are selected.

Note: After installation, there may still be a few minor updates that can be downloaded.

spybot-01

In the Additional Tasks Window, it is definitely recommended to make certain that “Use Internet Explorer protection (SDHelper)” and “Use system settings protection (Tea Timer)” are both selected. This will help give you extra protection for your system.

spybot-02

Scanning for Malware

Once you have finished installing Spybot Search & Destroy and start it for the first time, you will be asked if you would like to make a “Registry Backup” before scanning with the software. It is recommended to make the backup…after all, backups are always a good thing.

As you can see in the following screenshot, Spybot Search & Destroy was already hard at work catching malware while still in the initial setup process right after startup (very wonderful!). Knowing that both of these were malware, we chose to have both processes shut down and deleted.

spybot-03

Once the initial setup process is complete, you will see the main Home Window. From here you can choose which action you would like to perform. For our example, we decided to “Search for Updates” just in case anything else was available (recommended).

spybot-04

As you can see, there were extra updates available for the Immunization database, the Tea Timer service selected during the install process, and an English language descriptions file. Once you have finished downloading any available updates, click on “Exit” to close the Updates Window.

spybot-05

Once the Updates Window has closed, you will be returned to the main Home Window. Now is a good time to go ahead and Immunize your system. Here you can see the amount of Immunization that is available to be applied (Unprotected versus Protected). Click on the “Green Plus Sign Immunize Button” to apply the Immunization. This not only helps your installed browsers, but also boosts your Hosts File as well.

spybot-06

After the Immunization is complete, you can see the shift in numbers from “Unprotected” to “Protected”. Now it is time to start scanning for malware. Click on the “Search & Destroy Button” on the left side of the window.

spybot-07

To start scanning, click on the “Check for problems Button”.

spybot-08

Once scanning has started, you will be able to easily track the progress using the color bar and numerical counter at the very bottom of the window. You will also be able to see which type of malware Spybot Search & Destroy is searching for at any given moment beside the numerical counter.

While scanning our example system, you can see that Spybot Search & Destroy was building a list of the malware (amount and type) that it had already found.

Note: Spybot Search & Destroy will take a while to complete the scan, so be patient. The wait is well worth it!

spybot-09

Once Scanning is Complete

After Spybot Search & Destroy has finished scanning for malware, it will list the number of problems found in the lower left corner of the window. In the main part of the window, you can see the compiled list of what has been found.

spybot-10

Clicking on the “Plus Sign” beside each entry will allow you to see information about each item found (i.e. Registry value, File, Location). The great thing about the compiled list is that you can go through to check for false positives (if any) and deselect those particular entries. You can be very specific in what is or is not removed (very nice!).

spybot-11

Removing the Malware

Once you have checked over the compiled list, click on “Fix selected problems”. You will then see a confirmation window asking if you want to continue. Select “Yes” to start removing the malware.

spybot-12

There will be a large green checkmark beside the entry for each item of malware on the compiled list that was successfully removed. If some of the malware discovered is in active use at the moment, you can choose to have those items removed when you restart your computer. Select “Yes” to activate this option.

spybot-13

Once you have clicked through the confirmation window shown above, you will see the following message window providing details about the number of problems fixed. If there are problems that will be fixed during a reboot, those will be shown as well and you will be asked to restart your computer. Select “OK” to restart.

spybot-14

Malware Removal During a Reboot

If you have malware that is being removed during a reboot, Spybot Search & Destroy will also conduct a whole new scan as well during the process in case any malware tries to reestablish itself during restart. Your system will not finish restarting completely until the scan is complete, so you can expect to see a black screen.

Note: This scan will likely take longer than the regular scan to complete, so if you have something else to work on or a book to read while waiting, feel free to do so. Spybot Search & Destroy will let you know when it is finished.

spybot-15

As you can see from our example, part of the malware did try to reestablish itself during the restart but was easily caught by Spybot Search & Destroy. To remove any malware problems found, select “Fix selected problems”. Once you have clicked “Fix selected problems”, your system will then finish restarting.

On our example system, the processes caught trying to reestablish themselves had startup entries that created repeating momentary popup windows with messages showing that they were failing to load. So it is recommended to go ahead and do another restart at that point. Once your system has restarted, sit back and enjoy how clean your system has just become!

spybot-16

Conclusion

While Spybot Search & Destroy is not the fastest anti-malware software, it is very meticulous and efficient in eliminating malware from a computer system. So this is definitely a recommended anti-malware app to have around.

Download Spybot Search & Destroy (version 1.6.2)

Next Up: Cleaning Spyware with Ad-Aware

We’ve already shown you how easily you can infect your system, and then clean it with Spybot, but stay tuned because tomorrow we’ll show you how to remove spyware with Ad-Aware, and then later this week we’ll run through the same thing with MalwareBytes.

Akemi Iwaya (Asian Angel) is our very own Firefox Fangirl who enjoys working with multiple browsers and loves 'old school' role-playing games. Visit her on Twitter and .

  • Published 08/4/09

Comments (19)

  1. thesun

    haha very nice
    thanks for this
    did it catch 100% of the viruses or did some leak through

  2. RottNKorpse

    I do like Spybot but you said it is definently recommended to turn on the SDHelper and TeaTimer…however I have to question that because if SDHelper is protection for IE and the user doesn’t even use IE doesn’t that make SDHelper unnecessary?

    As for TeaTimer that is basically a firewall for spyware so if that is the only protection a computer has I would see it as needed but if a computer has multiple antispyware programs, a firewall (windows or 3rd party) and an antivirus having background processes running for each would cause a massive decrease in speed.

    Essentially I am asking are you recommending to have SDHelper and TeaTimer activated regardless or just if a users uses IE and TeaTimer if they don’t have any other protection?

  3. Broni

    I’m sorry, but Spybot is really some tool of the past.
    Kudos to it for being one of the first antimalware tools on the market.
    I was using it for a long time, but right now, it’s well behind its better competitors: Malwarebytes, and Superantispyware.
    On a top of it, TeaTimer is known for hogging computers, and some other problems.

  4. Asian Angel

    @RottNKorpse – With so many people continuing to use Internet Explorer for various reasons (still nearly 60%), I do think that it is a good idea to use the SDHelper. So that is why I recommend it. ^__^

    I keep SDHelper (for occasional Internet Explorer use) and TeaTimer both running on my system all the time. As I am writing this both combined together are using less than 6 MB of memory.

    Personally, I think the idea of having a “real-time protection” type of service (app/company of choice) for malware running with anti-virus protection and a good firewall is a good idea. ^__^ Each can compliment the other two in providing a good “blanket” of protection for people’s computers.

  5. Asian Angel

    @Broni – The recent versions of TeaTimer have been gentle on system resources with my computers. ^__^ I have had absolutely no problems with TeaTimer running full-time. ^__^

  6. LEICA

    Seems to be malware/malicious in itself.
    My webroot supscription has expired and i thought i would give it a go.
    With it installed webroot was forever poping up windows blocking access to malicious websites
    and my whole pc slowed to a crawl.
    Once i removed it everything was peachy again.

  7. Harry Lykes

    Since I am using Mc Afee{from AOL} will these conflict??

  8. Kathryn Merkel

    I’ve been using Spybot for about a year on a primary computer at work. It has done a great job of blocking viruses, but now it’s created a problem I can’t seem to fix.

    After approving Spybot to run at start-up to fix a problem that it wasn’t able to fix immediately after completing a scan, I’ve not been able to stop it from running in the middle of reboot everyday. I’ve already removed it from the startup program list & disabled Teatimer in the registry & it worked for a few days, but has started back up again & since it’s not listed in either place as active, I can’t figure out how to make it stop. This computer has some very large database files on it, so it takes more than an hour for Spybot to complete it’s run & let the computer finish booting. How do I get control of the computer back?

  9. Asian Angel

    @Kathryn Merkel – My recommendation would be to do a complete uninstall of Spybot and then reinstall to see if that solves the problem.

    If that does not work, then the Spybot forums would be the best place to see if anyone else has had the same problem:

    http://forums.spybot.info/

    Hope you get your Spybot install all settled down! ^__^

  10. Sandra M

    I have used Spybot for a long time now, I still use it for customer pc’s loaded with viruses and it still works fine. I only ran into one issue with a computer that had 64 bit processor, that particular motherboard just did not like Spybot. I contacted Spybot for assistance with details and they went out of their way to answer back. It was a known issue at that time. So that ONE computer had to have it removed. Not one customer otherwise has been upset over Spybot. I have kept many computers, both with and without passwords safe with Spybot Search and Destroy. I am a devotee and will remain so unless they create a bad product…which I doubt. Thanks Asian Angel for writing about it! And the Teatime is a must for anyone that is unknowledgeable with their computer! Without it enabled, they get hit time after time with viruses and trojans. Then the come asking why? :-) When they allow me to turn on that feature, I do not get calls saying they are hit…

  11. Jhn326

    In order to download spybot, does all other virus protection have to be removed from your computer? When I try i get as far as saving the file then it just cancels the download…help please

  12. Asian Angel

    @Jhn326 – Which anti-virus do you have installed on your computer? Some of the anti-virus companies are not friendly towards Spybot even though it is such a good software.

  13. Half Asian

    Hi Asian Angel–I have read all your helpful and encouraging posts about Spybot. I am interested in using Spybot along with my antivirus. I currently use free MSE, free Malwarebytes version, and free Superantispyware version. Do you see any problems with incorporating Spybot with my cocktail of programs. Malwarebytes and Superantispyware are not active protection but are scanning programs. I want to include an active program which is why I am thinking about Spybot. Also, what settings do you recommend to use in Spybot? Thank you.

  14. Asian Angel

    @Half Asian – Microsoft Security Essentials in and of its’ own does an excellent job of protecting your computer. But if you are wanting an extra layer for active protection (using Spybot Search & Destroy), then I would recommend having the SDHelper (for occasional Internet Explorer use if needed) and TeaTimer services both active. ^_^

    Having different on demand scanners is definitely a great idea…what one might miss for some reason the others can catch. ^_^

  15. JustVon

    Hi Asian Angel! I know this is an old post, but I am hoping you still monitor this thread! I’m almost TOTALLY computer illiterate, since they weren’t around in my younger years, so please answer me as if I’m an idiot, because I am! I have Toshiba laptop/32 bit/ Vista Prem. (Old, but serves my purpose!).I have Norton 360 (ver. that comes w/comcast ISP), free MalwareBytes, Anti-Malware, (which I use often), Do freq. virus scans after long surfing, plus sched.,Windows firewall on. I DO NOT use auto-update MS (had to use rec. discs & lost things important to me after some MS updates) I tried using Windows auto update after suggested on this site, but it crashed my computer, probably because I had ALL auto updates disabled. (old desktop XP still has prob. w/DLL, MS support no help, gave up). I don’t know enough to choose which critical & important updates I should download, since Critical update is what happen to desktop. My question to THIS thread is: How will I know what is a ‘false possitive’ so I don’t delete something important? I wanted to go take a computer class, but as I am disabled, this presented too many problems. Can you help me? I haven’t done any of this Spybot-Search & Destroy yet, but I need to. I keep getting ‘cross-site scripting attempts’ that my sec. is preveting,had the BSOD a month ago, which I got through by reading on this site from another computer. have a 12 yr old on his laptop (acct not admin), on wireless home network. he plays games & his computer gets a lot of crap, which I scan for often! Any info &/or advice would be greatly appreciated! Sorry I’m old & ignorant! I’m trying to learn as much as I can & have been for 6 yrs, but I don’t even understand the words used very often & have XP, Vista & Windows 7, sometimes what I need for 1 is not what I need for another, so I stay confused. Please help!

  16. Asian Angel

    @JustVon – For the Vista laptop it sounds like a total system reinstall is what you need. The best way to do that is to save all of your important files by burning them to a CD, DVD, or transferring them to an external drive such as a flash disk. Afterwards reinstalling your system and letting it apply all of the available updates from Microsoft is definitely recommended. For a good security software you should install Microsoft Security Essentials.

    Download Microsoft Security Essentials

    http://www.microsoft.com/en-us/security_essentials/default.aspx

    As for the 12 year old it may be time to limit or withdraw computer privileges if they continue to fill the laptop they are using with crapware and/or malware related items. Computer security is nothing to play around about and that laptop sounds like a constant source of trouble. :( One thing that might help in that instance is to go ahead and install Microsoft Security Essentials on that laptop and see what it can do to clean it up, keep it more secure, and then see how things go from there.

  17. Trln

    Persorally I don’1 TrUst Microsoft. I reeommend Avast-&Iobit’s Advanced system care FreeIt’s a muchbetter combo, and safer! I never Trust arything That miCrOsoft publishes.

  18. Trln

    Case in point I have 2 computers IdentieaLi did fresh installs of win 7; 1 had Avast on it & the other had Microsoft security EssentiaLs on itRan botn for 1 month hurd usage on both. within 1 week The computer running MsE had neen affecte with 150 viruses. I continued myTesting for1 month. The MSE Compvter ended up needing to be reinstalled again as severa, viruses wouldn’t clean. final virus count Was 1700. the second rUnning auast antiuirus had none!

  19. Trln

    the computers had on1y an antivirus program on them. &same sites were visitedon both evers thing done was identical on both

Enter Your Email Here to Get Access for Free:

Go check your email!