Spybot Search & Destroy is used to detect and remove different kinds of malware, adware and spyware from your computer. It offers free updates and lets you immunise your Internet browser against future infection by known malware.
Version used in this guide
Level: 1: Beginner, 2: Average, 3: Intermediate, 4: Experienced, 5: Advanced
Time required to start using this tool: 20 minutes
What you will get in return:
GNU Linux, Mac OS and other Microsoft Windows Compatible Programs:
Operating systems like GNU Linux and Mac OS are, at present, virtually free of malware (spyware, viruses, etc.). To protect yourself, we recommend that you: 1) regularly update your operating system, and all the programs installed upon it; 2) use anti-virus program listed in Avast chapter; 3) use firewall program listed in Comodo; 4) use a secure browser like Firefox with the NoScript add-on that prevents any scripts downloaded along with the web pages from starting up. These preventive measures will keep your GNU Linux or Mac OS computer well protected.
The security situation for computers running Microsoft Windows is very different. There are thousands of new malware being created every day. Attack methods are becoming increasingly sophisticated. The preventive measures outlined in the previous paragraph are mandatory for computers running Microsoft Windows. In addition, we strongly recommend the usage of Spybot as described in this chapter.
However, if your computer gets infected despite these precautions, and you find yourself requiring additional tools, we recommend the following:
Spybot S&D is a popular free program used to detect and remove different kinds of adware, malware and spyware from your computer system. It also lets you immunise your system against adware, malware and spyware, preventing them from infecting your computer once Spybot is installed.
Adware is any software which displays advertising material on your computer. Certain kinds of adware function remarkably like spyware and can be invasive of your privacy and security.
Malware (e.g. trojans and worms) is any kind of program designed to harm or hijack the operation of your computer without your consent or knowledge.
Spyware is any kind of program that collects data, observes and records your private information and tracks your Internet habits. Like malware, it frequently runs on your computer secretly. As such, installing a program like Spybot will help you to protect your system and yourself.
Spybot also installs an additional application called TeaTimer. This will protect your computer from new malware infections.
Note: Windows Vista has its own built-in anti-spyware program called Windows Defender. However, Windows Vista seems to allow Spybot to work without any conflict.
List of sections on this page:
Step 1. Double click ; the Open File - Security Warning dialog box may appear. If it does, click to activate the following screen:
Figure 1: The Select Setup Language screen
Step 2. Click to activate the Setup - Spybot Password Safe – Welcome to the Spybot - Search & Destroy Setup Wizard screen.
Step 3. Click to activate the License Agreement screen. Please read the License Agreement before proceeding with the rest of the installation process.
Step 4. Check the I accept the agreement option to enable the Next button, and then click to activate the Select Destination Location screen.
Step 5. Click to activate the following screen:
Figure 2: The Select Components screen
Step 6. Check the appropriate components so that your screen resembles figure 2 above, and then click to activate the Select Start Menu Folder
Step 7. Click to accept the default folder path, and activate the Select Additional Tasks screen.
Step 8. Click to activate the Ready to Install screen, and then click to activate the Installing screen.
Step 9. Click to complete the installation process and launch Spybot - Search & Destroy.
There are basically two steps involved in using Spybot effectively:
Updating the Detection Rules and Immunization databases with the most recent and relevant updates from Spybot.
Running Spybot. This involves immunising your system with the detection rules and immunisation databases or updates you have previously downloaded, then checking your system for spyware infestations and removing them.
Note: For a brief overview of key advanced options, please refer to section 3.0 Advanced Options.
After you have completed the installation and set-up process, Spybot will automatically launch itself and display the Legal stuff screen as follows:
Figure 3: The Legal stuff screen
Note: To launch Spybot the next time, either double click or select Start > All Programs > Spybot - Search & Destroy > Spybot - Search & Destroy.
Step 1. Click to activate both the Spybot - Search & Destroy (figure 8) and the Create registry backup screens as follows:
Figure 4: The Spybot-S&D Wizard Create registry backup screen
Note: You are strongly advised to create a backup of the registry. For an overview of the Windows Registry, please refer to CCleaner for more information.
Step 2. Click in figure 4 to to create and save a back up copy of your system registry.
Step 3. Click to activate the Spybot - Search for Updates screen. If you are connected to the Internet, perform the following step:
Step 4. Click to activate the Search for Updates window, and continue directly to section 2.3 How to Update the Spybot Detection Rules and Immunization Databases.
Step 5. Click to activate the Immunize this system window, and begin immunising your system as follows:
Figure 5: The immunization progress status bar
Note: If you have left your browser open for some reason, the following screen will appear before you begin the immunisation process:
Figure 6: The Open Browser Detected screen
Step 6. Close any open browsers and then click to begin immunising your system.
Step 7. Click and then click to return to the Spybot - Search & Destroy console in Immunize mode.
Figure 8: The Spybot - Search & Destroy console
Important: It is absolutely vital that you keep Spybot up to date with the latest definitions.
Step 1. Click in the Spybot-S&D left menu sidebar to activate the Spybot-S&D Updater window displaying a list of sites from which to download updates.
Step 2. Choose the location nearest your country of residence, then right click it, and select Set this server as the preferred download location as shown in figure 9.
If you have recently updated your detection rules, a pop-up screen appears, advising you that No newer updates are available.
If you have not updated your detection rules, the Spybot-S&D Updater screen appears, listing a number of servers from which to download the updates as follows:
Figure 9: The Spybot-S&D Updater window
Step 3. Click to activate the Spybot-S&D Updater - Please select the updates to download here window.
Step 4. Check all the options presented, then click to begin downloading these updates.
Figure 10: The Spybot-S&DUpdater screen displaying detection rules, help files and immunization databases
Note: If an error occurs while downloading these updates, Spybot will offer you an opportunity to re-try it. After performing a successful download, you will be prompted to immunise your system and check for problems as follows:
Figure 11: The Information screen
Step 6. Click , and then click .
You will return to the Spybot - Search & Destroy main screen
Note: You can run the Spybot update process at any time: Select Start > All Programs > Spybot - Search&Destroy > Update Spybot -S&D.
Spybot helps shield your computer from known spyware by "immunising" it. This is like receiving a vaccination against infectious new diseases.
To immunise your computer system, follow these steps:
Step 1. Click in the Spybot-S&D sidebar or to automatically begin the immunisation process as shown in figure 6 above.
You may need to maximise your window to view all the different protections applied in the Immunize pane.
Note: You can reverse or undo the immunisation process if you suspect that immunising your system has negatively affected the overall performance of your computer. You may click to reverse the immunisation process and restore your system to its previous state.
Reminder: Before you begin checking for potential threats, please update the Spybot Detection rules and Immunization databases.
To check for problems and threats, follow these steps:
Step 1. Click to activate the Spybot Search and Destroy pane.
Step 2. Click to begin scanning your system for threats (if you have a lot of data, files, programmes etc. this could take 20 minutes to an hour). The Spybot prompt screen may appear as follows:
Figure 12: The Spybot - Search & Destroy program checking for problems
Step 3. Click to begin checking for problems with your system as follows:
Figure 13: The Spybot - Search & Destroy program checking for problems
After the scan has been completed, the number and kinds of problems will be listed in the pane as follows:
Figure 14: The Spybot - Search & Destroy screen displaying possible problems or threats
Step 4. Check only the items that you want to delete. Some of the found items may be marketing software that you would like to keep (for whatever reason).
Tip: Any item displayed in red lettering is generally treated as a problem or threat. Any item displayed in green lettering is keeping track of your Internet usage. To keep a particular item, un-check the check box associated with it, and it will not be deleted.
Important: Before you either delete or ignore the malware you have found, it is strongly recommended that you look up each item's behaviour and origins.
Step 5. Click in the right-hand side of the Spybot results window to reveal more information about that item. If nothing is displayed, you can also research it on the Internet. Find out how it operates, and how it may compromise your system's integrity and security. Better knowledge and information about problems and threats leads to more privacy and security for you.
Figure 15: The Spybot-S&D Show more information pane
Step 6. Click to activate malware deletion.
A confirmation dialogue box appears asking you if you would like to delete all the problems which have been found.
Step 7. Click the Yes button if you would like to delete them.
Note: It is generally a good idea to scan your system for problems every week.
The Resident TeaTimer is a Spybot program that is constantly running in the background (that is, even when you are not actively using Spybot). It constantly monitors important system processes to ensure that any possible threats are not changing critical system configurations or settings. TeaTimer alerts users whenever it detects a known malicious or suspicious process, and lets you either Allow or Deny that process (should it prove to be a malicious one). An example of such a pop-up screen appears as follows:
Figure 16: The Spybot - Search & Destroy Resident TeaTimer alert, displaying the Allow / Deny change screen
Given that many programmes (both necessary and malicious) require access to the system's internal processes, TeaTimer will frequently query you to Allow or Deny changes. In this example, Skype is being deleted from the Windows Start menu. This will usually happen when you have uninstalled a program (and this doesn't necessarily occur at startup time only). In this case, this is a valid request to change a small system setting and you can allow it.
Tip: If you are unsure about what you are being asked to do in a TeaTimer window, click for more information as follows:
Figure 17: The Spybot - Search & Destroy Startup screen
It is safer to deny a request if you are not sure of its effects. However, if you are sure that the request is valid, check the Remember this decision box and Spybot will not display this alert again.
Note: You will often see the TeaTimer activated when you install a new program and it tries to add itself to the startup process. The same will happen when you uninstall a program.
Tip: It is strongly recommended that you update TeaTimer whenever an update is available.
The Recovery tool allows you to recover or retrieve any previously deleted or repaired item. This can happen because Spybot will create a backup for every item it has previously deleted. If a deleted piece of malware causes your computer to malfunction, it is possible to restore it using the Recovery tool.
To recover a previously deleted item, perform the following steps:
Step 1. Click to activate the Recovery screen as follows:
Figure 18: The Spybot Search & Destroy - Recovery screen
Step 2. Check the items you would like to recover from the list of previously deleted items, and then click .
A confirmation dialog box is activated as follows:
Figure 19: The Confirmation dialog box
Step 3. Click to recover the selected items.
Step 4. Alternatively, click to remove all checked files completely. However, be aware that purged items are not recoverable.
Spybot operates in both Default and Advanced modes. The Advanced mode lets you access program settings and additional tools.
To activate Spybot in Advanced mode, perform the following steps:
Step 1. Select Mode > Advanced mode from the menu bar as follows:
Figure 1: The Mode menu options
This will activate the following screen:
Figure 2: The Warning prompt screen
Step 2. Click to confirm this mode.
In Advanced mode, the sidebar in the Spybot console appears with more options:
Figure 3: The Spybot - Search & Destroy - Advanced mode Settings screen
Step 3. Double click Settings to view descriptions of various items and options in a display pane as follows:
Figure 4: The Settings screen
Step 4. Double click Tools to view tools that will help you identify spyware not detected by normal scanning processes, and rescan your system.
Figure 5: The Tools screen
Step 5. Double click Info & License to display general and licensing information about Spybot 1.6.2.
Advanced users will appreciate the following advanced options provided by Spybot: IE tweaks, Shredder, System Internals and System Startup.
The IE tweaks option is used for Internet Explorer configuration. It lets you set a couple of important Internet Explorer security settings, especially in situations where more than one person is using a system.
Figure 6: The IE tweaks screen
You should leave the first option checked, as shown in the example above.
This is an excellent option for permanently deleting (wiping) temporary Windows and Internet browser files. For more information about wiping and temporary files, please refer to How-to Booklet chapter 6. How to Destroy Sensitive Information.
Step 1. Click to activate the following screen:
Figure 7: The Temporary drop-down list in the Secure Shredder screen
Step 2. Click the Templates menu to activate a drop-down menu of program temporary files as shown in figure 7, and then select an item from that list to populate the Spybot-S&D Secure Shredder window as follows:
Figure 8: The Spybot-S&Ds Secure Shredder screen
Step 3. Select a file for deletion.
Step 4. Set the number of times that file is to be shredded as follows:
Figure 9: The Secure Shredder slider
Step 5. Click once you have set the number of times this document will be shredded.
Spybot will permanently delete these unnecessary temporary files from your computer.
You may also use the Secure Shredder to delete and wipe other files too. To do so, perform the following steps:
Step 1. Select > Add file(s) to the list... to activate the following screen:
Figure 10: The Select File(s) to shred navigation window
Step 2. Select the file you would like to shred.
Step 3. Click to display the file in figure 8 and then click to delete and wipe the file.
The System Internals tool will search for inconsistent and incorrectly named files within the Windows Registry. For an overview of the Windows Registry, please refer to CCleaner for more information.
Figure 11: The System Internals screen
Step 1. Click to begin searching for problems in the Windows Registry.
Step 2. After the scan is completed, click to correct all problems found during the scan.
The System Startup tool displays in sequence all programs loaded by Windows upon starting up your computer. It lets you decide which are necessary and which are not essential.
Tip: Removing unnecessary items from this list means that Windows will start up faster.
Figure 12: The System Startup screen
Step 1. Click to activate the information pane.
In this information pane, each highlighted item has its behaviour and function described. Read these descriptions carefully before you decide whether an item needs to be loaded when starting up Windows.
Portable Spybot - Search & Destroy is used to detect and remove different kinds of adware, malware and spyware from your computer. It offers free updates and lets you immunise your Internet browser against future infection by known malware.
Given that portable tools are not installed on a local computer, their existence and use may remain undetected. However, keep in mind that your external device or USB memory stick, and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses.
There are no other differences between Portable Spybot and the version designed to be installed on a local computer.
Note: Please review the very useful portable rescue tools for removing the viruses, adware, malware and spyware in the Advanced Virus Removal Methods section of How to Scan for and Deal with Viruses Using avast! in the Hands-on Guide.
To begin downloading and extracting Portable Spybot - Search & Destroy, perform the following steps:
Step 1. Click http://portableapps.com/apps/security/spybot_portable to be directed to the appropriate download site.
Step 2. Click to activate its associated Source Forge download page;
Step 3. Click to save the installation file to your computer, and then navigate to it.
Step 4. Double click ; the Open File - Security Warning dialog box may appear; if it does, click to activate the following screen:
Figure 1: The Language Installer window
Step 5. Click to activate the following screen:
Figure 3: The Spybot - Search & Destroy, Portable Edition | Portableapps.com Installer window
Step 6. Click to activate the License Agreement window.
Step 7. Click to enable the option after you have read the License Agreement, and then click to activate the following screen:
Figure 4: The Choose Install Location window
Step 8. Click to activate a screen resembling the following:
Figure 5: The Browse for Folder window
Step 9. Navigate to your destination external drive or USB memory stick, as shown in Figure 5 above, then click to confirm the location of the Spybot - Search & Destroy Portable file, and return to the Choose Install Location window.
Step 10. Click to begin installing the Spybot - Search & Destroy Portable program, then click to complete the installation process, and then navigate to the removable drive or USB memory stick which the Portable Spybot - Search & Destroy program was saved.
Figure 7: The newly installed Portable Spybot - Search & Destroy program with its folder highlighted in blue
Step 11. Open the Portable Spybot - Search & Destroy folder, and then double click to begin launch Portable Spybot - Search & Destroy.
After you have successfully extracted Portable Spybot - Search & Destroy, please refer to the Spybot - Search & Destroy chapter to begin using it.
Both Elena and Nikolai find Spybot to be a comprehensive and easy-to-use program. Its critical function - keeping a computer free from spyware - is performed automatically. Although they are a little nervous about allowing or denying changes in response to different TeaTimer queries, they both feel that they will learn to distinguish real processes from malicious ones as they gain experience.
Q: What happens to the spyware programs Spybot has found in past searches if I uninstall the program? Do they remain on my computer in 'quarantine', or have they actually been removed?
A: When you uninstall Spybot, it will delete all items held in quarantine as well.
Q: Nikolai, I keep losing some cookies and trackers I find useful. How can I prevent them from being fixed or removed?
A: Don't worry. There are a couple of ways to protect useful cookies and trackers. First, after Spybot has scanned your system, it will list all the problems and threats it has detected there. Click on each one to reveal more information about each item, and to help you decide what you want to either delete or keep. Alternatively, open Spybot and then select Mode > Advanced > Settings. Here, you can specify with greater accuracy which items you would like to omit from your search and destroy missions.
Q: Is Spybot difficult to uninstall?
A: Actually, it's pretty easy. Simply Select > Start > All Programs > Spybot - Search & Destroy > Uninstall Spybot-S&D.
Q: I have a slow Internet connection. How can I optimize the download speed for the detection rules and immunization database?
A: Make sure you select the database updates that correspond to your area or region of the world where you live. No point updating a database located on a server based in Asia when you're living in Europe, if you cannot spare the bandwidth. The regions are clearly marked by flags, and so you should be able to identify the server nearest to you quite easily.
Q: How come Spybot doesn't automatically update its detection rules and immunization databases when I open it?
A: Automatic updates happen on the network and professional versions of Spybot. Given that you are using a free version, some features are unavailable. Still, manually updating the Spybot detection rules and immunisation databases is relatively easy. Here is a handy Flash animation to show you how to update your system manually: www.safer-networking.org