Spybot Search & Destroy is used to detect and remove different kinds of malware, adware and spyware from your computer. It offers free updates and lets you immunise your Internet browser against future infection by known malware.
Version used in this guide
Last revision of this chapter
What you will get in return:
GNU Linux, Mac OS and other Microsoft Windows Compatible Programs:
To protect operating systems like GNU Linux and Mac OS, we recommend that you: 1) regularly update your operating system, and all the programs installed upon it; 2) use anti-virus program listed in Avast chapter; 3) use firewall program listed in Comodo chapter; 4) use a secure browser like Firefox with the NoScript add-on that prevents any scripts downloaded along with the web pages from starting up. These preventive measures are important to keep your GNU Linux or Mac OS computer protected.
The spyware and malware protection for computers running Microsoft Windows is a very important issue. There are thousands of new malware being created every day. Attack methods are becoming increasingly sophisticated. The preventive measures outlined in the previous paragraph are mandatory for all computers running Microsoft Windows. In addition, we strongly recommend the usage of Spybot as described in this chapter.
However, if your computer gets infected despite these precautions, and you find yourself requiring additional tools, we recommend the following:
Spybot S&D is a popular free program used to detect and remove different kinds of adware, malware and spyware from your computer system. It also lets you immunise your system against adware, malware and spyware, preventing them from infecting your computer once Spybot is installed.
Spybot S&D is not an anti-virus tool. It can however run along side anti-virus software to enhance security of your PC.
Adware is any software which displays advertising material on your computer. Certain kinds of adware function remarkably like spyware and can be invasive of your privacy and security.
Malware (e.g. trojans and worms) is any kind of program designed to harm or hijack the operation of your computer without your consent or knowledge.
Spyware is any kind of program that collects data, observes and records your private information and tracks your Internet habits. Like malware, it frequently runs on your computer secretly. As such, installing a program like Spybot will help you to protect your system and yourself.
Note: Windows Vista, 7 and 8 have a built-in anti-spyware program called Windows Defender. However, it seems to allow Spybot to work without any conflict.
List of sections on this page:
Step 1. Double click ; the Open File - Security Warning dialog box may appear. If it does, click to activate the following screen:
Figure 1: The Select Setup Language screen
Step 2. Click to activate the Setup - Spybot Password Safe – Welcome to the Spybot - Search & Destroy Setup Wizard screen.
Step 3. Click at the Donations Welcome screen choosing the default option I am installing Spybot for personal use, and will decide later
Step 4. Click at the Installation and Usage Mode screen choosing the default option I want to be protected without having to attend it myself
Step 5. Click at the License Agreement screen. Please read the License Agreement before proceeding with the rest of the installation process.
Step 6. Click at the Ready to Install screen to begin the installation
Figure 2: Installing
Step 7. Click to complete the installation process and launch Spybot - Search & Destroy.
Figure 3: Completing the Spybot - Search & Destroy Setup Wizard
By default, the Check for new malware signatures is selected as shown above. Note - If an Internet connection is not available during the install, untick this box and review the Section 2.3
Figure 4: Update (Spybot - Search & Destroy 2.4)
Step 8. Click to activate the screen below.
Figure 5: Checking for Antispyware updates
Figure 6: Antispyware updates completed
There are basically two steps involved in using Spybot effectively:
Updating the Detection Rules and Immunization databases with the most recent and relevant updates from Spybot.
Running Spybot. This involves immunising your system with the detection rules and immunisation databases or updates you have previously downloaded, then checking your system for spyware infestations and removing them.
Note: For a brief overview of key advanced options, please refer to section 3.0 Advanced Options.
After you have completed the installation and set-up process, Spybot will automatically launch itself to the Start Center
Figure 7: Start Center
Alternatively, Spybot Start Center can be launched either from Start > All Programs > Spybot - Search & Destroy 2 > Spybot S&D Start Center or double click the Spybot Desktop icon
Before you begin, it is strongly advised that you create a backup of the registry. For an overview of the Windows Registry, please refer to CCleaner for more information.
Follow the steps below to create a backup of your computers registry
Step 1. click to display the Advanced Tools option.
Figure 8: Advanced Tools
Step 2. Click .
Step 3. Click in the Startup Tools window
Step 4. Click as shown below
Figure 9: Startup Tools
Step 5. Select a location and file name as shown in figure 10 below at the Folder to save to window
Step 6. Click
Figure 10: Folder to save to
Important: It is absolutely vital that you keep Spybot up to date with the latest definitions. The automated update feature is not available in the free version of Spybot so you must run this updated manually following the steps below:
Step 1. Click in the Start Center to activate the Updater
Step 2. Click to activate as shown below
Figure 11: Updater window
Click Show Details to view a list of successfully downloaded updates
Figure 12: Download and install updates
Spybot helps shield your computer from known spyware by "immunising" it. This is like receiving a vaccination against infectious new diseases.
To immunise your computer system, follow these steps:
Step 1. Click from the Start Center to activate the Immunization window below:
Figure 13: Immunization window
Note: If you have left your browser open for some reason, the following screen will appear before you begin the immunisation process:
Figure 14: The Open Browser Detected
Step 2. Click to begin checking for immunized files (if you have not yet immunized your system, few or no immunized files will be found)
Figure 15: Immunization check finished
Step 3. Click to begin immunising your system.
Immunization make take several minutes to run.
Figure 16: Immunizing your system now...
Step 4. Click Show Details to view detail as shown below
Figure 17: Apply Passive Protection
Note: You can reverse or undo the immunisation process if you suspect that immunising your system has negatively affected the overall performance of your computer. You may click to reverse the immunisation process and restore your system to its previous state.
Reminder: Before you begin checking for potential threats, please run the Spybot Updater.
To check for potential threats, follow these steps:
Step 1. Click to launch the Spybot Start Center
Step 2. Click to activate the screen below:
Figure 18: System Scan (Spybot - Search & Destroy)
Step 3. Click to begin scanning your system. Note - If you have a lot of data, files, programmes etc. this could take 20 minutes to an hour
Figure 19: System Scan (Spybot - Search & Destroy)
After the scan has been completed, the number and kinds of potential malware found will be listed as shown below:
Figure 20: Scan for malware displaying potential malware
Step 4. Select the file and review the Details box on the left of the screen for each potential threat found to determine if the malware is a genuine threat.
Remember - a false positive means that a harmless file, folder, program or registry key could be categorised as malware. Deleting such could cause an issue an issue to another program.
Figure 21: Scan for malware - Details
Tip: The Threat Level is displayed by a colour indicator bar. An Estimated Danger rating of Marginal or Very Low will display as green. As the Threat Level moves from Medium to High, the colour indicator will change from orange to red. At a glance, it will be easy to gauge the potential threat. For example, most Browsers used Tracking Cookies when you visit a website. If the information they store is not excessive, the Estimated Danger rating my be Marginal or Very Low. You may choose to keep the cookies for certain websites for convenience.
Step 5. If you choose to delete a file or files select the file and click
You can also choose to to scan individual files and folders using the File Scan option in the Start Center - the process is similar to the System Scan described above.
Note: It is generally a good idea to scan your system for problems every week.
A tracking Cookie is a small file saved on your computer by an Internet browser when you visit a website. A cookie can store information that can identify you to a particular website. This can include information such as username, password, personal data used to fill online forms, browsing habits etc. While Cookies provide convenience when browsing, this poses a risk to your anonymity online.
Spybot Search & Destroy allows you to disable tracking cookies in all installed browsers from one central location.
Disable tracking cookies using the following steps:
Step 1. Click to launch the following screen:
Figure 22: The Spybot Search & Destroy - Tracking Cookies
Step 2. Click to display the browser profiles on your computer as shown below. Note - there may be other browser profiles on your computer
Figure 23: The Spybot Search & Destroy - Blocking Third Party Cookies
Step 3. Select the profile and click
Figure 24 : The Spybot Search & Destroy - Tracking Cookies Disabled
To re-enable Tracking Cookies, click on the drop-down arrow beside and select
The Quarantine tool allows you to recover or retrieve any previously deleted or repaired item. This is possible because Spybot will create a backup for every item it has previously deleted. If a deleted file causes your computer to malfunction, it is possible to restore it using the Quarantine tool.
To recover a previously deleted item, perform the following steps:
Step 1. Click from the Start Center to launch the screen below :
Figure 25: Quarantine (Spybot - Search & Destroy)
Step 2. Check the items you would like to recover from the list of previously deleted items, and then click .
Step 3. Alternatively, click to remove checked files completely. However, be aware that purged items are not recoverable.
Spybot has Default and Advanced sections. The Advanced Mode lets you configure settings and perform additional task.
Click in the Start Center window to display the Advanced Tools and Professional Tools options.
Figure 1: Advanced Tools
The free version of Spybot lets you use only some of the options available in the Advanced Tools and Professional Tools sections:
Report Creator can be used to assist Spybot Technical Support teams in the event that you need help with Spybot software. The level of support available will usually depend on the version of software you are running - paid verse free for example. While support forums are a useful source of knowledge to help decide if a file is harmful or not, we do recommend caution before submitting any files or logs from your computer if anonymity is a concern for you.
Settings section lets you configure Language, Scope of scanning, Browsers Spybot-S&D will scan, etc.
Startup Tools section lets you review in details processes active on your computer, programs that are run when your computer is starting, your system scheduled tasks, plugins, system services, installed programs, etc.
Rootkit Scan section checks your computer operating system for presence of rootkits, malicious programs that hide at the system level, which makes them undetectable by standard anti-malware tools
The Rootkit Scan can be used to flag suspicious files and registry entries for further analysis or for removing them. The steps below will show how to perform a Rootkit Scan.
Step 1. Click from the Advanced Tools pane to activate the window below. Note Quick scan test results.
Figure 5: Rootkit Scan
Step 2. Click
Step 3. Select the drives and registry entries you wish to scan. We recommend selecting all of the items available. Click . Note this scan can take long time (perhaps about an hour) to complete.
Figure 6: Rootkit Scan - select drives
Figure 7: Rootkit Scan in progress
When the scan has completed, Search for rootkits will display any suspicious files found. You can then review the findings and options to determine if the file is legitimate.
Figure 7: Search for rootkits
Step 4. Right click any found items to display the options:
Figure 8: rootkits scan options
Step 5. Select Show properties to display details.
Step 6. Select Scan file for malware if this option is available. This will activate the File Scan window. The result of the scan will be shown as below.
Figure 9: File Scan - clean file
Note Items with rootkit properties detected are not necessarily malware. Deleting such could cause an issue to another program. Refer to section 2.5 How to Scan for Threats and 2.6 How to Restore a File when dealing with files found during the Rootkit Scan
Step 7. When you sure that the item found is suspicious you may Delete it from your system.
If you are not sure about the found items, you may ask for ‘help’ in Spybot RootAlyzer Forum before you delete anything. The deletion is final and can not be recovered through the Quarantine. If you still want to remove the found items it is strongly recommended to create a system restore point before doing that.
Portable Spybot - Search & Destroy is used to detect and remove different kinds of adware, malware and spyware from your computer. It offers free updates and lets you immunise your Internet browser against future infection by known malware.
Given that portable tools are not installed on a local computer, their existence and use may remain undetected. However, keep in mind that your external device or USB memory stick, and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses.
There are no other differences between Portable Spybot and the version designed to be installed on a local computer.
Note: Please review the portable rescue tools for removing the viruses, adware, malware and spyware in the avast! Hands-on Guide chapter page Advanced Virus Removal Methods section of How to Scan for and Deal with Viruses Using avast!.
To begin downloading and extracting Portable Spybot - Search & Destroy, perform the following steps:
Step 1. Click http://portableapps.com/apps/security/spybot_portable to be directed to the appropriate download site.
Step 2. Click to activate its associated Source Forge download page;
Step 3. Click to save the installation file to your computer, and then navigate to it.
Step 4. Double click ; the Open File - Security Warning dialog box may appear; if it does, click to activate the following screen:
Figure 1: The Language Installer window
Step 5. Click to activate the following screen:
Figure 2: The Spybot - Search & Destroy, Portable Edition | Portableapps.com Installer window
Step 6. Click to activate the License Agreement window.
Step 7. Click after you have read the License Agreement to activate the following screen:
Figure 3: The Choose Install Location window
Step 8. Click to activate a screen resembling the following:
Figure 4: The Browse for Folder window
Step 9. Navigate to your destination external drive or USB memory stick, as shown in Figure 4 above, then click to confirm the location of the Spybot - Search & Destroy Portable file, and return to the Choose Install Location window.
Step 10. Click to begin installing the Spybot - Search & Destroy Portable program, then click to complete the installation process, and then navigate to the removable drive or USB memory stick which the Portable Spybot - Search & Destroy program was saved.
Figure 5: The newly installed Portable Spybot - Search & Destroy program with its folder highlighted in blue
Step 11. Open the Portable Spybot - Search & Destroy folder, and then double click to begin launch Portable Spybot - Search & Destroy.
After you have successfully extracted Portable Spybot - Search & Destroy, please refer to the Spybot - Search & Destroy chapter to begin using it.
Q: What happens to the spyware programs Spybot has found in past searches if I uninstall the program? Do they remain on my computer in 'quarantine', or have they actually been removed?
A: When you uninstall Spybot, it will delete all items held in quarantine as well.
Q: Can I prevent cookies and trackers from being fixed or removed?
A: There are a couple of ways to protect useful cookies and trackers. After Spybot has scanned your system, it will list any suspicious files or potential threats detected. Click on each item to reveal more information, and to help you decide what you want to either delete or keep. Alternatively, open Spybot Start Center and select > Advanced User Mode > Settings. Here, you can specify with greater accuracy which items you would like to omit from your search and destroy missions.
Q: Is Spybot difficult to uninstall?
A: Actually, it's pretty easy. Simply Select > Start > All Programs > Spybot - Search & Destroy 2 > Uninstall Spybot-S&D.
Q: How come Spybot doesn't automatically update its detection rules and immunization databases when I open it?
A: Automatic updates happen in professional version of Spybot. Given that you are using a free version, some features are unavailable. Still, manually updating the Spybot detection rules and immunisation databases is relatively easy.