We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
2,862 Tutorials

How to rid your PC of spyware and rootkits

Security Advisor: step-by-step guide

Manual analysis

One of these three programs should detect and remove any spyware on your PC. In the unlikely event that you have picked up a brand-new specimen that isn't yet included in the antispyware databases, you'll have to do some cyber-investigating to find and eject the interloper.

First, examine every process running on your machine to determine whether any of them is a piece of spyware.

Window's Task Manager isn't up to this job because many spyware apps specifically hide themselves from it. Fortunately, they are less skillful at hiding from the many Task Manager alternatives. Two of our favourites are Process Explorer (which is free) and Security Task Manager (which comes in free and paid versions).

Currently, only Process Explorer, which is now owned by Microsoft, is compatible with Windows Vista.

A Vista-compatible version of Security Task Manager is coming, according to its producer, A&M Neuber Software. Either of these programs will show you everything that's running on your PC, and will help you determine whether a particular application should be there.

Warning: stopping system processes and applications in this manner is risky. In some cases, if you kill the wrong program, Windows will shut down and reboot as a safety measure. While you probably won't render your system unworkable, you should back up all important documents and set a System Restore point (click Start, All Programs, Accessories, System Tools, System Restore, and follow the onscreen instructions).

Start one of the alternative Task Managers mentioned above, and closely examine the list of running applications on your PC. You're looking for something that's either out of place or behaving oddly.

If you're using Process Explorer, unzip the archive you downloaded and double-click the ProcExp.exe program. Click ok after you read the initial dialog, and you'll be presented with a colour-coded list of everything that's running.

Programs highlighted in pink are Windows services; those in gray-blue are applications. Right-click the bar with the column names (it's just above the list of programs), and choose Select Columns. Check the Command Line box and click ok. A new column will appear, showing you the full path to each running app.

If you're using Security Task Manager, double-click the installer and step through the dialog boxes to complete the installation. The first time you run the program, it will take a moment to scan your PC.

Unlike Process Explorer, Security Task Manager doesn't list Windows' own system processes (other than Explorer.exe) on this initial page. If you want to see those, click the Windows Processes button on the toolbar. The higher the utility's rating for a program, the more suspect it is.

As you click the entries, the program tells you why it rated the selected application as it did. However, many legitimate programs engage in activities that Security Task Manager views suspiciously, so don't just assume that anything with a rating above 50 is dangerous; instead, use the rating as an indicator of what to look at first.

IDG UK Sites

Acer Aspire R11 review: Hands-on with the 360 laptop and tablet convertible

IDG UK Sites

Apple Watch release day: Twitter reacts

IDG UK Sites

See how Framestore created a shape-shifting, oil and metal based creature for Shell

IDG UK Sites

Apple Watch buying guide, price list & where to buy today: Which Apple Watch model, size, material,?......