How to accurately detect spyware on your computer

You should have had this experience, that is, the computer is infected with spyware or advertising software. In this case, the key to solving the problem is to find the spyware in your hard disk, memory, or Windows registry. I recently studied several machines in my main network to find infection information about spyware and advertising software. I personally suggest using some valid commercial software and free software to perform such checks on a regular basis.

The following describes the procedure:

1. Clean up the machine as much as possible before using a tool for commercial or free software. Run the anti-virus software or anti-spyware scan and immediately clear any abnormal items. There are many contents related to this topic on the Internet. Before proceeding to the next step, experts strongly recommend that you use and run more than one anti-virus and anti-spyware scan for thorough cleaning.

2. Create a checkpoint or back up the system. If you are using Windows XP, it is no longer convenient. In this way, you can quickly create a system recovery point (to enable it in turn: start Menu-Help and Support-use system restoration to restore your changes to the system, and then click Create Restore Point ). Secret file, which contains information about all new versions of Windows ). In this case, if an error occurs in the next step, you can restore your system to the correct status.

3. Close all unnecessary applications. Some anti-spyware finds abnormal signs from all threads running on the computer and the Registry. Therefore, it can save a lot of time to exit all applications and start the anti-spyware program to check.

4. Run the anti-spyware program. In This step, I use the Hijack This software. Decompress the downloaded ZIP file to the desired directory. Then, double-click the hijackthis.exe execution file, and a window with the prompt "Do a system scan and save a logfile." appears. By default, the log file is saved in "My Documents". I found it useful to add date and time information to the name of the saved log file. In this case, the name is hijackthis. the log file is renamed hijackthis-yymmdd: hh. mm. log (hh. mm is the hour in the 24-hour format ). In This way, you can run Hijack This again at any time (once it starts running, it will automatically clear the previous logs) without worrying about losing the previous logs. Therefore, the time mark is a good method, which will be very useful for your log file analysis in the future.

5. view the scan results displayed in the Hijack This result window. This result is the same as the information written into the log file, and you will find a check box on the left of each project. If you have Checked some items, press the "Fix Checked" button and Hijack This will be able to completely clear them. You will find that there are a lot of seemingly secret files there, and you can quickly scan them to decide what action to take at this time. In fact, the real problem is to identify which files have potential threats, which are necessary, and which are irrelevant. At this time, the analysis tool can help us a lot. Remember, do not close the Hijack This search result window or perform the kernel selection operation, because we will return This window in the next step.

6. Run your log file using Hijack This log analysis. You can use one of the two Analysis tools Help2Go Detective or Hijack This Analysis. If both software are available, I personally prefer Help2Go Detective, but both are worth a try. In the Hijack This log, you will find special information about each intrusion (thread) and related processing suggestions, including which can be retained and which can be deleted (but harmless ), which are suspicious files (which may be deleted, but further analysis is required) and which must be deleted (because it is determined to be a malicious virus ). In this case, you may be suspicious of all options identified as malware, or related to known spyware and advertising software.

7. Check for suspicious items (including optional activation items ). Sometimes you can view the Registry name or related files and directory information to check the items that are not identified even through the analysis program (which is obviously discovered using Hijack This, this may be part of the program you intentionally installed or used. These projects are often left behind by others. If you do not find any of these items, the security options will back up and delete them (however, if you take this step, to save this situation, you only need to store a backup file or return it to the previous recovery state .) If you want to know what file you are viewing, go to the next additional step and search for the project name using google or other search tools. In 99% cases, I can decide whether to approve or not within two minutes or less. There are only a small number of projects. The most significant difference is that the dll file not only needs to be saved by file name search verification.

8. Select harmful files and uncertain suspicious items in the Hijack This result window, and then press the "Fix checked" button. You can also scroll through the results window to view the project, highlight and select a separate project by clicking, and then click "Info on selected item .... "(Information of the selected project ......) To obtain additional information about these projects. In this case, it is more appropriate to view this information than to view the information in the previous step, because the analysis tool is faster and more object-oriented.

9. restart the system to check the running status. If the system is not running normally, such as the application is not working or becomes abnormal, or the system does not seem too busy, you need to decide whether to return to the recovery or backup status. If Windows cannot be started, press F8 at the beginning of the system startup until the safe Start Menu is started and the last correct configuration is selected. In this way, there will be no problem with the startup. After the system is started, you need to return to the recovery point, or restore to the backup status in step 2. If you receive this option, you do not need to save the changes. You can directly go beyond step 1.

10. Run Hijack This scan in sequence: Repeat Step 4, but note that you need to change the date tag of the log file. You can scan the results to confirm that the mobile project has been completely cleared, Or you only need to save the snapshot of your computer status, clear it quickly (this will produce a meaningful reference state for the next operation ).