How to Troubleshoot Problems with Unwanted Software
A spyware infection is rarely a single application; most successful malware infections automatically install several, even dozens, of additional applications. Some of those applications might be straightforward to remove. However, if even a single malicious application remains, that remaining malware application might continue to install other malware applications.
If you detect a problem related to spyware and other potentially unwanted software, follow these steps to troubleshoot it:
- Perform a quick scan and remove any potentially unwanted applications. Then, immediately perform a full scan and remove any additional potentially malicious software. The full scan can take many hours to run. Windows Defender will probably need to restart Windows.
- If the software has made changes to Internet Explorer, such as adding unwanted addons or changing the home page.
- Run antivirus scans on your computer, such as that available from http://safety.live.com. Often, spyware might install software that is classified as a virus, or the vulnerability exploited by spyware might also be exploited by a virus. Windows Defender does not detect or remove viruses. Remove any viruses installed on the computer.
- If you still see signs of malware, install an additional antispyware and antivirus application from a known and trusted vendor. With complicated infections, a single antimalware tool might not be able to remove the infection completely. Your chances of removing all traces of malware increase by using multiple applications, but you should not configure multiple applications to provide real-time protection.
- If problems persist, shut down the computer and use the Startup Repair tool to perform a System Restore. Restore the computer to a date prior to the malware infection. System Restore will typically remove any startup settings that cause malware applications to run, but it will not remove the executable files themselves. Use this only as a last resort: Although System Restore will not remove a user's personal files, it can cause problems with recently installed or configured applications.
These steps will resolve the vast majority of malware problems. However, when malware has run on a computer, you can never be certain that the software is removed completely. In particular, malware known as rootkits can install themselves in such a way that they are difficult to detect on a computer. In these circumstances, if you cannot find a way to confidently remove the rootkit, you might be forced to reformat the hard disk, reinstall Windows, and then restore user files using a backup created prior to the infection.
In this tutorial:
- Windows 7 Client Protection
- Understanding the Risk of Malware
- User Account Control in Windows 7
- UAC for Standard Users
- UAC for Administrators
- UAC User Interface
- Secure Desktop
- How Windows Determines Whether an Application Needs Administrative Privileges
- How to Control UAC Using Application Properties
- How UAC Examines the Application Manifest
- UAC Heuristics
- UAC Virtualization
- UAC and Startup Programs
- Compatibility Problems with UAC
- How to Configure UAC
- Group Policy Settings
- Control Panel
- Msconfig.exe
- How to Configure Auditing for Privilege Elevation
- Other UAC Event Logs
- Best Practices for Using UAC
- AppLocker
- AppLocker Rule Types
- Auditing AppLocker Rules
- DLL Rules
- Custom Error Messages
- Using AppLocker with Windows PowerShell
- Using Windows 7 Defender
- Understanding Windows Defender
- Automatic Scanning
- Real-Time Protection
- Windows Defender Alert Levels
- Understanding Microsoft SpyNet
- Configuring Windows Defender Group Policy
- Configuring Windows Defender on a Single Computer
- How to Determine Whether a Computer Is Infected with Spyware
- Best Practices for Using Windows Defender
- How to Troubleshoot Problems with Unwanted Software
- Network Access Protection
- Forefront