Disinfecting a spyware-riddled PC

Handy steps on how to disinfect your computer.

What do I do if I suspect someone is controlling my PC? When my IP address has been changed without my knowledge? My boot-up process is getting harder unless I unplug the Ethernet cable and the CPU is at 100 per cent every time I open any program. There is also a new connection to the Internet that is between my connection and the net I know was not there a month ago. When I try to register my e-mail address the programs say it's invalid and does not match whatever it has to compare it to. -- Teresa Hurst.

It sounds like some spyware or other unwelcome software has gotten installed on your computer. You need to do some process of elimination to see where the problem is. I would recommend that you start the computer without the Ethernet cable being connected and to start up the operating system on your computer in "safe" mode to minimize what is getting automatically started.

If you are comfortable with using a network sniffer such as Wireshark or one of the commercially available packages, try putting a hub (not switch) between the infected computer and your internet connection and let Wireshark tell you what it is finding. This could help in identifying the exact cause of the problem and serve as a good learning experience in terms of doing some detective work on finding the cause of a problem.

On a different computer, download several different anti-spyware utilities such as Spybot and Ad-Aware. There are several very good packages out there to choose from. The main thing is to run at least two different packages, preferably three, because no single app will remove all the spyware in the wild these days.

Burn these apps onto a CD and then install them onto the computer you have booted into safe mode. Since you are running without a network connection for the time being, you will also way to download any signature or other updates and install those before running the software for the first time. After you have run each of the spyware detection programs each once, run them at least one more time apiece until you have a clean report from each. This may sound like extra work, but I have seen where one spyware removal program will remove a particular package allowing the same or different spyware removal package to see another piece of spyware/adware that went previously undetected.

Once you have done this, do the same thing with anti-virus software. McAfee offers a basic detection/removal package that will go after the nastier viruses out there that is free for downloading. ClamAv, an open source virus detection/prevention package, is another one that I would suggest trying as well. Once you have received a clean report from the different packages you have tried, you should be able to connect the ethernet cable back to the computer, reboot it and be back to fairly normal operation.

Once you are back to normal, I would suggest periodically running the spyware/adware detection programs. Make sure you have the latest signature/program updates installed so that you have the best chance of catching/preventing problems. You should also run a software firewall, but not the Windows Firewall that comes with XP/Vista - It can still let some bad things happen. I would suggest using either ZoneAlarm or Comodo Firewall Pro as these can alert you to outbound access that doesn't appear to be normal and they go one step further and that is to learn what is "normal" for your computer.

While you are trying to identify the cause of the problem, I would also suggest looking at www.spywarewarrior.com. I have used this Web site in the past for good information. Depending on what you find, you may be referred to additional utilities as Hijack This, which I have used in the past to find/eliminate additional problems not found by some of the other tools that I have mentioned here.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ron Nutter

Network World
Show Comments


James Cook University - Master of Data Science Online Course

Learn more >


Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?