Spybot for Windows - anti-spyware

Updated7 December 2014

This guide is no longer being maintained

This content is currently unmaintained and may be significantly out of date. Please see the Tactics Guide on how to protect your device from malware and phishing attacks.

Spybot Search & Destroy is used to detect and remove different kinds of malware, adware and spyware from your computer. It offers free updates and lets you immunise your Internet browser against future infection by known malware.

Required reading

What you will get from this guide

  • The ability to remove different kinds of malware and/or spyware
  • The ability to immunise your computer system before it becomes infected with malicious problems and threats

1. Introduction to Spybot

1.0 Other tools like Spybot

To protect operating systems like GNU Linux and Mac OS, we recommend that you:

1) regularly update your operating system, and all the programs installed upon it; 2) use anti-virus program listed in the Avast guide; 3) use a firewall program listed in the Comodo guide;
4) use a secure browser like Firefox with the NoScript add-on to prevent downloaded scripts from starting up.

These preventive measures are important to keep your GNU Linux or Mac OS computer protected.

The spyware and malware protection for computers running Microsoft Windows is a very important issue. There are thousands of new malware being created every day. Attack methods are becoming increasingly sophisticated. The preventive measures outlined in the previous paragraph are mandatory for all computers running Microsoft Windows. In addition, we strongly recommend the usage of Spybot as described in this chapter.

However, if your computer gets infected despite these precautions, and you find yourself requiring additional Microsoft Windows tools, we recommend the following:

1.1 Things you should know about Spybot before you start

Spybot S&D is a popular free program used to detect and remove different kinds of adware, malware and spyware from your computer system. It also lets you immunise your system against adware, malware and spyware, preventing them from infecting your computer once Spybot is installed.

Spybot S&D is not an anti-virus tool. It can however run along side anti-virus software to enhance security of your PC.

Adware is any software which displays advertising material on your computer. Certain kinds of adware function remarkably like spyware and can be invasive of your privacy and security.

Malware (e.g. trojans and worms) is any kind of program designed to harm or hijack the operation of your computer without your consent or knowledge.

Spyware is any kind of program that collects data, observes and records your private information and tracks your Internet habits. Like malware, it frequently runs on your computer secretly. As such, installing a program like Spybot will help you to protect your system and yourself.

Note: Windows Vista, 7 and 8 have a built-in anti-spyware program called Windows Defender. However, it seems to allow Spybot to work without any conflict.

2. How to Install and Use Spybot

Once Spybot is installed, you can use it to identify and remove spyware by following three basic steps:

  1. Updating the Detection Rules and Immunization databases with the most recent updates from Spybot.
  2. Immunising your system based on up-to-date immunisation databases.
  3. Scanning for threats. This involves checking your system for spyware infestations, based on up-to-date detection rules, and removing them.

Note: For a brief overview of key advanced options, please refer to the Advanced Options section.

2.1 How to Install Spybot

Step 1. Double click ; the Open File - Security Warning dialog box may appear. If it does, click to activate the following screen:

Figure 1: The Select Setup Language screen

Step 2. Click to activate the Setup - Spybot Password Safe – Welcome to the Spybot - Search & Destroy Setup Wizard screen.

Step 3. Click at the Donations Welcome screen choosing the default option I am installing Spybot for personal use, and will decide later.

Step 4. Click at the Installation and Usage Mode screen choosing the default option I want to be protected without having to attend it myself.

Step 5. Click at the License Agreement screen. Please read the License Agreement before proceeding with the rest of the installation process.

Step 6. Click at the Ready to Install screen to begin the installation:

Figure 2: Installing

Step 7. Click to complete the installation process and launch Spybot - Search & Destroy.

Figure 3: Completing the Spybot - Search & Destroy Setup Wizard

By default, the Check for new malware signatures is selected as shown above. Note - If an Internet connection is not available during the install, untick this box and review the Section 2.3 .

Figure 4: Update (Spybot - Search & Destroy 2.4)

Step 8. Click to activate the screen below.

Figure 5: Checking for Antispyware updates

Figure 6: Antispyware updates completed

2.2 Use Spybot for the first time

After you have completed the installation and set-up process, Spybot will automatically launch itself to the Start Center

Figure 7: Start Center

Alternatively, Spybot Start Center can be launched either from Start > All Programs > Spybot - Search & Destroy 2 > Spybot S&D Start Center or double click the Spybot Desktop icon

Before you begin, it is strongly advised that you create a backup of the registry. For an overview of the Windows Registry, please refer to CCleaner for more information.

Follow the steps below to create a backup of your computers registry

Step 1. click to display the Advanced Tools option.

Figure 8: Advanced Tools

Step 2. Click .

Step 3. Click in the Startup Tools window

Step 4. Click as shown below

Figure 9: Startup Tools

Step 5. Select a location and file name as shown in figure 10 below at the Folder to save to window

Step 6. Click

Figure 10: Folder to save to

2.3 How to Update the Spybot Detection Rules and Immunization Databases

Important: It is absolutely vital that you keep Spybot up to date with the latest definitions. The automated update feature is not available in the free version of Spybot so you must run this updated manually following the steps below:

Step 1. Click in the Start Center to activate the Updater;

Step 2. Click to activate as shown below:

Figure 11: Updater window

Click Show Details to view a list of successfully downloaded updates.

Figure 12: Download and install updates

2.4 How to Immunise Your System

Spybot helps shield your computer from known spyware by "immunising" it. This is like receiving a vaccination against infectious new diseases.

To immunise your computer system, follow these steps:

Step 1. Click from the Start Center to activate the Immunization window below:

Figure 13: Immunization window

Note: If you have left your browser open for some reason, the following screen will appear before you begin the immunisation process:

Figure 14: The Open Browser Detected

Step 2. Click to begin checking for immunized files (if you have not yet immunized your system, few or no immunized files will be found) :

Figure 15: Immunization check finished

Step 3. Click to begin immunising your system. Immunization make take several minutes to run.

Figure 16: Immunizing your system now...

Step 4. Click Show Details to view detail as shown below:

Figure 17: Apply Passive Protection

Note: You can reverse or undo the immunisation process if you suspect that immunising your system has negatively affected the overall performance of your computer. You may click to reverse the immunisation process and restore your system to its previous state.

2.5 How to Scan for Threats

Reminder: Before you begin checking for potential threats, please run the Spybot Updater.

To check for potential threats, follow these steps:

Step 1. Click to launch the Spybot Start Center

Step 2. Click to activate the screen below:

Figure 18: System Scan (Spybot - Search & Destroy)

Step 3. Click to begin scanning your system. Note - If you have a lot of data, files, programmes etc. this could take 20 minutes to an hour

Figure 19: System Scan (Spybot - Search & Destroy)

After the scan has been completed, the number and kinds of potential malware found will be listed as shown below:

Figure 20: Scan for malware displaying potential malware

Step 4. Select the file and review the Details box on the left of the screen for each potential threat found to determine if the malware is a genuine threat.

Remember - a false positive means that a harmless file, folder, program or registry key could be categorised as malware. Deleting such could cause an issue an issue to another program.

Figure 21: Scan for malware - Details

Tip: The Threat Level is displayed by a colour indicator bar. An Estimated Danger rating of Marginal or Very Low will display as green. As the Threat Level moves from Medium to High, the colour indicator will change from orange to red. At a glance, it will be easy to gauge the potential threat. For example, most Browsers used Tracking Cookies when you visit a website. If the information they store is not excessive, the Estimated Danger rating my be Marginal or Very Low. You may choose to keep the cookies for certain websites for convenience.

Step 5. If you choose to delete a file or files select the file and click

You can also choose to to scan individual files and folders using the File Scan option in the Start Center - the process is similar to the System Scan described above.

Note: It is generally a good idea to scan your system for problems every week.

2.6 How to Disable Tracking Cookies

A tracking Cookie is a small file saved on your computer by an Internet browser when you visit a website. A cookie can store information that can identify you to a particular website. This can include information such as username, password, personal data used to fill online forms, browsing habits etc. While Cookies provide convenience when browsing, this poses a risk to your anonymity online.

Spybot Search & Destroy allows you to disable tracking cookies in all installed browsers from one central location.

Disable tracking cookies using the following steps:

Step 1. Click to launch the following screen:

Figure 22: The Spybot Search & Destroy - Tracking Cookies

Step 2. Click to display the browser profiles on your computer as shown below. Note - there may be other browser profiles on your computer.

Figure 23: The Spybot Search & Destroy - Blocking Third Party Cookies

Step 3. Select the profile and click :

Figure 24 : The Spybot Search & Destroy - Tracking Cookies Disabled

To re-enable Tracking Cookies, click on the drop-down arrow beside and select .

2.7 How to Use the Recovery tool

The Quarantine tool allows you to recover or retrieve any previously deleted or repaired item. This is possible because Spybot will create a backup for every item it has previously deleted. If a deleted file causes your computer to malfunction, it is possible to restore it using the Quarantine tool.

To recover a previously deleted item, perform the following steps:

Step 1. Click from the Start Center to launch the screen below :

Figure 25: Quarantine (Spybot - Search & Destroy)

Step 2. Check the items you would like to recover from the list of previously deleted items, and then click .

Step 3. Alternatively, click to remove checked files completely. However, be aware that purged items are not recoverable.

3. How to Use Spybot in Advanced Mode

Spybot has Default and Advanced sections. The Advanced Mode lets you configure settings and perform additional tasks.

3.1 How to Enable Advanced Mode

Click in the Start Center window to display the Advanced Tools and Professional Tools options.

Figure 1: Advanced Tools

The free version of Spybot only allows you to use some of the options available in the Advanced Tools and Professional Tools sections:

  • Report Creator can be used to assist Spybot Technical Support teams in the event that you need help with Spybot software. The level of support available will usually depend on the version of software you are running - paid verse free for example. While support forums are a useful source of knowledge to help decide if a file is harmful or not, we do recommend caution before submitting any files or logs from your computer if anonymity is a concern for you.

  • Settings section lets you configure Language, Scope of scanning, Browsers Spybot-S&D will scan, etc..

  • Startup Tools section lets you review in details processes active on your computer, programs that are run when your computer is starting, your system scheduled tasks, plugins, system services, installed programs, etc..

  • Rootkit Scan section checks your computer operating system for presence of rootkits, malicious programs that hide at the system level, which makes them undetectable by standard anti-malware tools.

3.2 Advanced Mode - Rootkit Scan

The Rootkit Scan can be used to flag suspicious files and registry entries for further analysis or for removing them. The steps below will show how to perform a Rootkit Scan.

Step 1. Click from the Advanced Tools pane to activate the window below. Note Quick scan test results.

Figure 5: Rootkit Scan

Step 2. Click .

Step 3. Select the drives and registry entries you wish to scan. We recommend selecting all of the items available. Click . Note this scan can take long time (perhaps about an hour) to complete.

Figure 6: Rootkit Scan - select drives

Figure 7: Rootkit Scan in progress

When the scan has completed, Search for rootkits will display any suspicious files found. You can then review the findings and options to determine if the file is legitimate.

Figure 7: Search for rootkits

Step 4. Right click any found items to display the options:

Figure 8: rootkits scan options

Step 5. Select Show properties to display details.

Step 6. Select Scan file for malware if this option is available. This will activate the File Scan window. The result of the scan will be shown as below.

Figure 9: File Scan - clean file

Note Items with rootkit properties detected are not necessarily malware. Deleting such could cause an issue to another program. Refer to section 2.5 How to Scan for Threats and 2.6 How to Restore a File when dealing with files found during the Rootkit Scan.

Step 7. When you sure that the item found is suspicious you may Delete it from your system.

If you are not sure about the found items, you may ask for ‘help’ in Spybot RootAlyzer Forum before you delete anything. The deletion is final and can not be recovered through the Quarantine. If you still want to remove the found items it is strongly recommended to create a system restore point before doing that.

4. Portable Spybot

Portable Spybot - Search & Destroy is used to detect and remove different kinds of adware, malware and spyware from your computer. It offers free updates and lets you immunise your Internet browser against future infection by known malware.

4.1 Differences between the Installed and Portable Versions of Spybot - Search & Destroy

Given that portable tools are not installed on a local computer, their existence and use may remain undetected. However, keep in mind that your external device or USB memory stick, and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses.

There are no other differences between Portable Spybot and the version designed to be installed on a local computer.

Note: Please review the portable rescue tools for removing the viruses, adware, malware and spyware in the avast! chapter in Advanced Virus Removal Methods section of How to Scan for and Deal with Viruses Using avast!.

4.2 How to Download and Extract Portable Spybot - Search & Destroy

To begin downloading and extracting Portable Spybot - Search & Destroy, perform the following steps:

Step 1. Click http://portableapps.com/apps/security/spybot_portable to be directed to the appropriate download site.

Step 2. Click to activate its associated Source Forge download page;

Step 3. Click to save the installation file to your computer, and then navigate to it.

Step 4. Double click ; the Open File - Security Warning dialog box may appear; if it does, click to activate the following screen:

Figure 1: The Language Installer window

Step 5. Click to activate the following screen:

Figure 2: The Spybot - Search & Destroy, Portable Edition | Portableapps.com Installer window

Step 6. Click to activate the License Agreement window.

Step 7. Click after you have read the License Agreement to activate the following screen:

Figure 3: The Choose Install Location window

Step 8. Click to activate a screen resembling the following:

Figure 4: The Browse for Folder window

Step 9. Navigate to your destination external drive or USB memory stick, as shown in Figure 4 above, then click to confirm the location of the Spybot - Search & Destroy Portable file, and return to the Choose Install Location window.

Step 10. Click to begin installing the Spybot - Search & Destroy Portable program, then click to complete the installation process, and then navigate to the removable drive or USB memory stick which the Portable Spybot - Search & Destroy program was saved.

Figure 5: The newly installed Portable Spybot - Search & Destroy program with its folder highlighted in blue

Step 11. Open the Portable Spybot - Search & Destroy folder, and then double click to begin launch Portable Spybot - Search & Destroy.

After you have successfully extracted Portable Spybot - Search & Destroy, please refer to the Spybot - Search & Destroy chapter to begin using it.


Q: What happens to the spyware programs Spybot has found in past searches if I uninstall the program? Do they remain on my computer in 'quarantine', or have they actually been removed?

A: When you uninstall Spybot, it will delete all items held in quarantine as well.

Q: Can I prevent cookies and trackers from being fixed or removed?

A: There are a couple of ways to protect useful cookies and trackers. After Spybot has scanned your system, it will list any suspicious files or potential threats detected. Click on each item to reveal more information, and to help you decide what you want to either delete or keep. Alternatively, open Spybot Start Center and select > Advanced User Mode > Settings. Here, you can specify with greater accuracy which items you would like to omit from your search and destroy missions.

Q: Is Spybot difficult to uninstall?

A: Actually, it's pretty easy. Simply Select > Start > All Programs > Spybot - Search & Destroy 2 > Uninstall Spybot-S&D.

Q: How come Spybot doesn't automatically update its detection rules and immunization databases when I open it?

A: Automatic updates happen in professional version of Spybot. Given that you are using a free version, some features are unavailable. Still, manually updating the Spybot detection rules and immunisation databases is relatively easy.