Having trouble with Spyware, Adware, Malware?

Some Symptoms:
Computer running slower than normal & takes longer to boot up and shut down.

Messages from your firewall that an unfamiliar program is trying to access the internet, or a familar program trying to access the internet much more than usual (assuming you have a firewall).

Unfamiliar processes in your Windows Task Manager (the window that comes up when you hit Ctrl+Alt+Del)

An increase in pop-up ads or ads that pop up on sites that you're fairly sure don't have them.  Check the corners of the popup windows, if a common logo or name appears, then, congratulations! You have one of the more common types of adware.

Treatment

This may not work in all situations, but does in most, so try this first.

Step 1: Install Spybot, Ad-Aware, and an antivirus program.

Download and install the following programs:

Ad-Aware - Anti-spyware program. Get rid of those malicious pop-ups.

Spy-bot - Another anti-spyware, use in tandem with Ad-Aware. Can also "immunize" your system to prevent future attacks by certain malware.

Check for updates in both programs before continuing.

If you don't have antivirus software installed, get one now.  You can find several listed  In this post.  Update it or a previously installed virus checker while you're at it.

Step 2: Update Windows

If you are using Windows, get the newest security updates which can be found AT THIS PAGE.  These will help prevent you from being reinfected after you get rid of the spyware.

Step 3: Disconnect from the Internet

A fresh install of Windows XP, when first put online, can be infected within 3 minutes.  If you don't disconnect from the internet while you're removing adware and spyware, there are no guarantees that everything will be removed.  Unplug any cables, or, in the case of wireless, disable your wireless connection in the Network Connections section of the Control Panel.

Step 4: Turn off System Restore

Look below for a detailed explanation on how to do this. System restore can be the bane of your existance if you don't turn this off first.  A virus or spyware program can take over system restore (and usually does) and restores the virus or spyware in question after you've removed it.

Step 5: Booting into safemode

Restart your computer and tap F8 during the bootup process.  Select "Safe Mode" from the list of boot options.

Step 6: Run Ad-Aware and Spybot

Run Ad-Aware in a full system scan and fix anything it finds.

Run Spybot and fix anything it finds (and choose to immunize while you're at it).

While you're in safe mode, run your antivirus software of choice (no one said this would be quick).  After everything has been run, restart your computer.  That will have fixed the majority of spyware/adware infections.

How do I edit the Windows Registry?

First of all, you shouldn't do this unless you've exhausted all other options (Spybot, Ad-aware, antivirus, asking for help here, etc.).  Messing with your registry can fuck your computer up beyond repair (unless you've got a backup, and even then success is not guaranteed).

Second, this is a Windows XP-based guide.  If you're trying to edit the registry in another version of Windows you may need to look elsewhere for help.

Also, it's highly recommended that if you're going to edit the registry, particularly if you're trying to squelch a bit of spyware or a trojan horse, to do so from safe mode.  To boot into safe mode, press the F8 key while your computer is booting up (before you see the Windows load screen).

To edit the registry, you're going to use a program called RegEdit.  It's built right into Windows and you can run it by clicking Start, Run and then typing regedit into the box and clicking OK.

A note about backing up your registry:  Use the File -> Export option to save a backup of your registry to a safe location (i.e. a different hard drive, flash drive, etc.) before you change anything.  Make sure you choose the "All" option to back up the entire registry.

On the left, you'll see a list of folders.  These are the registry keys.  Registry keys are similar to the folders you're used to in Windows.  In addition to having values, each key can contain subkeys, just like a folder can contain a subfolder.

On the right hand pane, you'll see the actual values.  Think of these like the files within your folders in Windows.  These are the actual bits of information that tell your computer what to do when a key is referenced.

If you're looking for a specific registry key or value, use the find (ctrl-F) function.  If the first result that comes up is not the key or value you're looking for, press F3 to jump to the next result.

Don't delete keys.  This is a general rule.  Most of the time, you'll be deleting values from within keys.  Deleting entire keys, unless instructed to by the guide you're reading, is never recommended.  To use a regular Windows analogy, if you want to delete an MP3 file, you don't delete the folder the file is in, right?  You delete the file itself.

Also, again, since it bears repeating: don't fuck with the registry unless you're absolutely sure it's necessary and you trust the guide you're reading.  Situations in which it may be necessary: removing a trojan, browser hijack object, or a particularly pesky virus.  If you don't believe that editing the registry is necessary for solving your problem, or you aren't sure that a guide you're reading is trustworthy, check out some more answers on Google, or start a thread here.

How do I control what programs start when Windows boots?

Often times, programs get installed on your computer that decide without telling you that they're going to boot with Windows (Winamp, Yahoo Messenger, whatever).  Other times, you would just prefer that stuff like your printer's monitoring software doesn't load when your computer boots.  Depending on how long it's been since you cleaned house, the amount of programs that load on startup can slow your boot process to what seems like a halt.  One of the best ways to deal with these programs is to tell them to knock it the fuck off, and there are several ways to do this.

1.) The first and best way is to open the program in question and search through its options to find any checkboxes or options that say "Start with Windows", "Start on Boot", "Boot with Windows" or anything like that, and uncheck or deselect those options.  Likewise, if you'd like something to boot with Windows, finding this option and enabling it is the best way to make it do so.

2.) The second is to remove the program from the Windows Startup folder.

In XP, there are multiple Startup folders (one for each Username, and a global one for All Users) They can be found at:

C:\Documents and Settings\Username\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

In Vista, there are also mutliple folders:

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup (hidden by default)
C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Simply delete the shortcut to the program you want to keep from booting with Windows.

Note that you can also add programs to this list if you want them to start with Windows but they don't have an option to do so (just drag a shortcut into the Startup folder).  Keep in mind, however, that placing a program in the Startup folder in the All Users directory will cause that program to load on startup for all users on the computer.  Unless everyone on the computer needs that program to load when they sign in, put it in the folder for your profile.

3.) The third tool is msconfig.  Use this only if you're having problems figuring out how to disable a program from starting with Windows using the methods above.

Start -> Run -> msconfig.  This opens the System Configuration Utility, which gives you all sorts of options for Startup.  To keep a program from booting on Startup, navigate to the Startup tab and uncheck the box next to the program you wish to remove from the Startup process.  Note that you can sometimes find malicious services (spyware, adware, etc.) in this list and disable them from loading with Windows.  This is sometimes necessary to remove particularly pesky programs.  If you'd like to optimize your Startup speed, you can find lists online of what is safe to disable and what is not.

Note that if you make changes using msconfig, you will get a pop up message the next time you start Windows saying "You have use the System Configuration Utility to make changes to the way Windows starts, yadda yadda yadda".  If you truly did make a change and would care to not be reminded of that fact every time you start your computer there is a check box to disable the notification.

4.) The most powerful tool known to man for disabling things on Startup is AutoRuns.  This is basically msconfig on crack.  This lists everything in the Startup folder, Run, RunOnce, Registry keys, and can even be configured to show any toolbars, shell extensions, browser helper objects, Winlogon notifications, services, basically everything that starts with your computer.  Worth looking at if none of the steps above solves your problem.