Please note that this is a general question relating to no particular PC's Spyware situation. And I did read most of one recent EE thread relating to Spyware, namely "Spyware removal not working" at
www.experts-exchange.com/Security/Win_Security/Q_21318854.html which had some general info, especially if the links are followed. But I am still basically a beginner at removing Spyware/Adware.
I am in a situation where I am called upon 2 - 3 times a week to remove spyware from people's home PCs. As well as fix a variety of other PC problems. The first time I tried to remove Spyware, I noticed that with a PC that had what seems like a bad Spyware infectation, that using Add/Remove Programs (even in Safe Mode) to remove what is clearly Spyware, AND removing suspect spyware from the start-up list AND even deleting a few clear Spyware files (again in Safe mode) had very little effect on all the spyware symptoms which was quite disappointing. Basically I had failed.
So it appears I need a more automated approach. Based on info from a computer guru friend and things I've seen here and there on the internet, the two best programs are Spybot and Lavasoft's Ad-Aware. However, I have also recently learned that NAV 2005 has added Spyare/Adware removal to its product. And lots of people seem to use Hijack This logs to solve spyware problems. So that is 3 top automated programs and one powerful more manual approach, Hijack This, plus followup as directed by the log.
(1) So MY FIRST QUESTION IS for a PC that has lots of spyware pop-ups and unwanted toolbars and sidebars and even the normal screen background is replaced by a Spyware related background, what is the best approach? Preferably from the above 4 choices but if are sure you know something better, please tell me about it.
(2) MY SECOND QUESTION IS, once all Spyware symptoms are removed (and hopefully all or almost all Spyware), what is the best way to prevent Spyware from reentering the PC.
Now before you answer I want to briefly describe a converstation I had two days ago with a Symantec Customer Service person in India. I said I ran NAV 2005 Full Disk Scan in the above "failure" situation, and it did improve the Spyware symptoms and removed lots of Spyware/Adware but it also left 10 or so quaranatined virus's and about 100 spyware/adware files (after it removed a few hundred others ). This Indian fellow quickly told me, to rerun NAV 2005 Full Disk Scan in Safe mode. And most of the things left in my previous normal boot run would now be deleted. Because in normal mode, files being accessed by running SW can not be deleted. But in Safe mode, NAV 2005 Full Disk Scan is more powerful. The bad news is that it will take MUCH longer to run in Safe Mode (i.e 2-5 hours) and it is already time consuming in normal mode. Now here's the thing I noticed the most. He said that he had a side business fixing peoples PCs in India and he had a 100% success rate removing ALL Spyware Symptoms running NAV 2005 Full Disk Scan in Safe Mode and then, in some cases, running Ad-Aware after that (if certain files/symptoms are left).
I cannot ignore this advice because Symantec is the world's leading company in the PC security area (even though their past focus has been more on Virus's) and this fellow has real world experience, not just theory, not just what his company documentation says.
The reason I mention this NAV 2005 thing, is prior to this conversation, my impression was the general wisdom to remove already present Spyware was to run either Spybot or Ad-Aware after a normal boot. But this guy made me seriously considerer a different approach. First run NAV 2005 Full Disk Scan in Safe mode (even though it will take a long time) and then use Spybot or Ad-aware also in Safe mode if some symptoms persist.
WHAT IS YOUR OPINION? NAV 2005, Spybot, or Ad-Aware? And should your recommended choice be run in Normal mode or Safe mode?
Or do you feel the way to always proceed is "HiJack This" even though it appears to require knowledge of which entries to follow up on and is not automated.
NOW, assuming I have succeeded in removing the Spyware Symptoms (and hopefully all the Spyware), what do you recommend for PREVENTING SPYWARE FROM GETTING BACK ON THE PC? I know that Spybot has an Immunize button in the left column that addresses this in some way. And I assume Ad-aware has something similar. And NAV Auto-protect blocks new viruses from entering the PC; I do not know if it also blocks spyware and I did not ask the Indian fellow above that question. Or, if it does, how effective is it? Please respond with your recommendations here not necessarily limited to the above products.
Regards,
Mike
