Spybot Anti Spyware

Spybot - anti-spyware

Spybot Search & Destroy is used to detect and remove different kinds of malware, adware and spyware from your

computer. It offers free updates and lets you immunise your Internet browser against future infection by known malware.

Homepage

www.safer-networking.org/en

Computer Requirements

All Windows Versions

Version used in this guide

1.6.0

License

Freeware

Installing Spybot

Follow any program-specific directions in theGuideIf there are none, simply click the link belowand choose a location to save the installerFind the installer on your computer anddouble-click it

Spybot:

Required Reading

How-to Booklet chapter 1. Protecting your Computer from Viruses, Malware and Hackers

Level: 1: Beginner, 2: Average, 3: Intermediate, 4: Experienced, 5: Advanced

Time required to start using this tool: 20 minutes

What you will get in return:

The ability to remove different kinds of malware and/or spyware

The ability to immunise your computer system before it becomes infected with malicious problems and threats

1.1 Things you should know about this tool before you start

Spybot S&D is a popular free program used to detect and remove different kinds of adware, malware and spyware from

your computer system. It also lets you immunise your system against adware, malware and spyware, preventing them

from infecting your computer once Spybot is installed.

Adware is any software which displays advertising material on your computer. Certain kinds of adware function

remarkably like spyware and can be invasive of your privacy and security.

Malware (e.g. trojans and worms) is any kind of program designed to harm or hijack the operation of your computer

without your consent or knowledge.

Spyware is any kind of program that collects data, observes and records your private information and tracks your

Internet habits. Like malware, it frequently runs on your computer secretly. As such, installing a program like Spybot will

help you to protect your system and yourself.

Spybot also installs an additional application called TeaTimer. This will protect your computer from new malware

infections.

Note: Windows Vista has its own built-in anti-spyware program called Windows Defender. However, Windows Vista

seems to allow Spybot to work without any conflict.

Getting Started

There are basically two steps involved in using Spybot effectively:

Updating the Detection Rules and Immunization databases with the most recent and relevant updates fromSpybot.

Running Spybot. This involves immunising your system with the detection rules and immunisation databases or

updates you have previously downloaded, then checking your system for spyware infestations and removing

them.

Note: For a brief overview of key advanced options, please refer to section 3.0 Advanced Options.

Spybot - anti-spyware 06/03/2009 01:18

http://en.security.ngoinabox.org/book/export/html/158 1 of 17

2.1 How to Use Spybot for the First Time

After you have completed the installation and set-up process, Spybot will automatically launch itself and display theLegal stuff screen as follows:

Figure 1: The Legal stuff screen

Note: To launch Spybot the next time, either double-click the desktop icon or select Start: All Programs >

Spybot - Search & Destroy > Spybot - Search & Destroy.

Step 1. Click the OK button to activate the Spybot Wizard and the Create registry backup screen as follows:

Figure 2: The Spybot-S&D Wizard Create registry backup screen

Note: You are strongly advised to create a backup of the registry. The Windows Registry is explained in the CCleaner

guide, in the section called 'The Windows Registry' .

Step 2. Click:

Step 3. Click the Next button to activate the Spybot - Search for Updates screen.

Step 4. If you are connected to the Internet, click: and go to section 2.2

How to Update the Spybot Detection Rules and Immunization Databases. Otherwise, click the Next button.

Step 5. Click the Next button in the Immunize this system screen that appears, then click:

in the screen that follows.

You have now completed the initialisation process and Spybot automatically launches itself as follows:



Figure 3: The Spybot - Search & Destroy main screen

2.2 How to Update the Spybot Detection Rules and Immunization Databases

Important: It is absolutely vital that you keep Spybot up to date with the latest definitions.

Step 1. Click: in the left-hand menu bar.

Step 2. Click: when the Spybot - S&D Updater screen is active to begin updating Spybot with the latestdetection rules and immunisation databases.

If you have recently updated your detection rules, a pop-up screen appears, advising you that No newer updates

are available.

If you have not updated your detection rules, the Spybot-S&D Updater screen appears, listing a number ofservers from which to download the updates as follows:



Figure 4: The Spybot-S&D Updater screen

Step 3. Select the location nearest to your country of residence, then right-click on it and choose Set this server asthe preferred download location.

Step 4. Click the Continue button.

Figure 5: The Spybot-S&DUpdater screen displaying detection rules, help files and immunization databases

Step 5. Check all the options presented, then click: to begin downloading these updates.

Note: If an error occurs while downloading these updates, Spybot will offer you an opportunity to re-try it. After

performing a successful download, you will be prompted to immunise your system and check for problems.

Step 6. Click: after the files have been downloaded successfully.

You will return to the Spybot - Search & Destroy main screen



Note: You can also run the Spybot update process at any time by Selecting: Start > All Programs > Spybot - Search

& Destroy > Update Spybot -S&D.

2.3 How to Immunise Your System

Spybot helps shield your computer from known spyware by ‘immunising’ it. This is like receiving a vaccination against

infectious new diseases.

To immunise your computer system, follow these steps:

Step 1. Click: in the Spybot-S&D sidebar to automatically begin the immunisation process and

activate the following screen:

Figure 6: The Spybot - Search & Destroy screen with the immunisation process in progress

Note: You may need to maximise your window to view all options on this screen.

Step 2. Click: and wait until the program finishes the process.

Your system is now immunised against all known new threats.

Note: You can reverse or undo the immunisation process if you suspect that immunising your system has negatively

affected the overall performance of your computer.

Step 3. Click: to reverse the immunisation process and restore your system to its previous state.

2.4 How to Check for Problems

Reminder: Before you begin checking for potential threats, please update the Spybot Detection rules and Immunizationdatabases.



To check for problems and threats, follow these steps:

Step 1. Click:

Step 2. Click: to begin scanning your system for threats (if you have a lot of data, files,

programmes etc. this could take 20 minutes to an hour).

Figure 7: The Spybot - S&D program checking for problems

After the scan has been completed, the number and kinds of problems will be listed in the pane as follows:



Figure 8: The Spybot - S&D screen displaying possible problems or threats

Step 3. Check only the items that you want to delete. Some of the found items may be marketing software that you

would like to keep (for whatever reason).

Tip: Any item displayed in red lettering is generally treated as a problem or threat. Any item displayed in green lettering

is keeping track of your Internet usage. To keep a particular item, un-check the check box associated with it, and it will

not be deleted.

Important: Before you either delete or ignore the malware you have found, it is strongly recommended that you look up

each item's behaviour and origins.

Step 4. Click: in the right-hand side of the Spybot results window to reveal more information about that item. If

nothing is displayed, you can also research it on the Internet. Find out how it operates, and how it may compromise your

system's integrity and security. Better knowledge and information about problems and threats leads to more privacy and

security for you.



Figure 9: The Spybot - S&D Show more information pane

Step 5. Click: to activate malware deletion.

A confirmation dialogue box appears asking you if you would like to delete all the problems which have been found.

Step 6. Click the Yes button if you would like to delete them.

Note: It is generally a good idea to scan your system for problems every week.

2.5 Resident TeaTimer

The Resident TeaTimer is a Spybot program that is constantly running in the background (that is, even when you are

not actively using Spybot). It constantly monitors important system processes to ensure that any possible threats are

not changing critical system configurations or settings. TeaTimer alerts users whenever it detects a known malicious or

suspicious process, and lets you either Allow or Deny that process (should it prove to be a malicious one). An exampleof such a pop-up screen appears as follows:

Figure 10: The Spybot - S&D Resident TeaTimer alert, displaying the Allow / Deny change screen

Given that many programmes (both necessary and malicious) require access to the system's internal processes,

TeaTimer will frequently query you to Allow or Deny changes. In this example, Skype is being deleted from the Windows



Start menu. This will usually happen when you have uninstalled a program (and this doesn't necessarily occur at startup

time only). In this case, this is a valid request to change a small system setting and you can allow it.

Tip: If you are unsure about what you are being asked to do in a TeaTimer window, Click the Info button for moreinformation.

Figure 11: The Spybot - S&D Resident information screen

It is safer to deny a request if you are not sure of its effects. However, if you are sure that the request is valid, check

the Remember this decision box and Spybot will not display this alert again.

Note: You will often see the TeaTimer activated when you install a new program and it tries to add itself to the startup

process. The same will happen when you uninstall a program.

Tip: It is strongly recommended that you update TeaTimer whenever an update is available.

2.6 How to Use the Recovery tool

The Recovery tool allows you to recover or retrieve any previously deleted or repaired item. This can happen becauseSpybot will create a backup for every item it has previously deleted. If a deleted piece of malware causes your

computer to malfunction, it is possible to restore it using the Recovery tool.

To recover a previously deleted item, perform the following steps:

Step 1. Click: to activate the Recovery screen as follows:



Figure 12: The Spybot Search & Destroy - Recovery screen

Step 2. From the list of previously deleted items, check the items you would like to recover, then click:

A confirmation dialog box is activated as follows:

Figure 13: The Confirmation dialog box

Step 3. Click the Yes button to recover the selected items.

Step 4. Alternatively, click: to remove all checked files completely. However, be aware that

purged items are not recoverable.

Advanced Mode

Spybot operates in both Default and Advanced modes. The Advanced mode lets you access program settings andadditional tools.

Step 1. To activate Spybot in Advanced mode, select the Mode > Advanced mode option from the menu bar as

follows:

Figure 14: The Mode menu options

Step 2. Click the Yes button to confirm this mode.



In Advanced mode, the sidebar in the Spybot main screen appears with more options:

Figure 15: The Spybot Search & Destroy - Advanced mode screen

Step 1. Double-click Settings to view descriptions of various items and options in a display pane as follows:

Figure 16: The Settings screen

Step 2. Double-click Tools to view tools that will help you identify spyware not detected in normal scanning processes,and rescan your system.



Figure 17: The Tools screen

Step 3. Double-click Info & License to display general and licensing information about Spybot 1.5.2.

3.1 Advanced Mode Tools

Advanced users will appreciate the following advanced options provided by Spybot: IE tweaks, Shredder, SystemInternals and System Startup.

3.1.1 IE tweaks

The IE tweaks option is used for Internet Explorer configuration. It lets you set a couple of important Internet Explorersecurity settings, especially in situations where more than one person is using a system.



Figure 18: The IE tweaks screen

You should leave the first option checked, as shown in the example above.

3.1.2 Secure Shredder

This is an excellent option for permanently deleting (wiping) temporary Windows and Internet browser files. For more

information about wiping and temporary files, please see Booklet Chapter 9, How to Destroy Sensitive Information.

Figure 19: The Secure Shredder screen

Step 1. Click the little black triangle next to the button, to activate a drop-down list of temporary file

locations as follows:

Figure 20: The Temporary drop-down list in the Secure Shredder screen

Step 2. Select an option from the list to activate that program's temporary file list.



Figure 21: The Secure Shredder screen

Now you need to set the number of 'shreds' in the deletion process.

Step 3. Use the option at the bottom of the window to set a number (between 2 and 5).

Step 4. Click: once you have set the number of times this document will be shredded.

Spybot will permanently delete these unnecessary temporary files from your computer.

3.1.3 System Internals (Advanced Users Only!)

The System Internals tool will search for inconsistent and incorrectly named files within the Windows Registry. The

Windows Registry is explained in the CCleaner guide section, 'The Windows Registry.



Figure 22: The System Internals screen

Step 1. Click: to begin searching for problems in the Windows Registry.

Step 2. After the scan is completed, click: to correct all problems found during the scan.

3.1.4 System Startup (Advanced Users Only!)

The System Startup tool displays in sequence all programs loaded by Windows upon starting up your computer. It lets

you decide which are necessary and which are not essential.

Tip: Removing unnecessary items from this list means that Windows will start up faster.



Figure 23: The System Startup screen

Step 1. Click: to activate the information pane.

In this information pane, each highlighted item has its behaviour and function described. Read these descriptions

carefully before you decide whether an item needs to be loaded when starting up Windows.

FAQ and Review

Both Elena and Nikolai find Spybot to be a comprehensive and easy-to-use program. Its critical function--keeping a

computer free from spyware--is performed automatically. Although they are a little nervous about allowing or denying

changes in response to different TeaTimer queries, they both feel that they will learn to distinguish real processes from

malicious ones as they gain experience.

Q: What happens to the spyware programs Spybot has found in past searches if I uninstall the program? Do they remainon my computer in 'quarantine', or have they actually been removed?

A: When you uninstall Spybot, it will delete all items held in quarantine as well.

Q: Nikolai, I keep losing some cookies and trackers I find useful. How can I prevent them from being fixed or removed?

A: Don’t worry. There are a couple of ways to protect useful cookies and trackers. First, after Spybot has scanned yoursystem, it will list all the problems and threats it has detected there. Click on each one to reveal more information abouteach item, and to help you decide what you want to either delete or keep. Alternatively, launch Spybot and then selectMode > Advanced > Settings. Here, you can specify with greater accuracy which items you would like to omit fromyour search and destroy missions.

Q: Is Spybot difficult to uninstall?

A: Actually, it’s pretty easy. Simply Select > Start > All Programs > Spybot – Search & Destroy > Uninstall Spybot

S&D.

Q: I have a slow Internet connection. How can I optimize the download speed for the detection rules and immunizationdatabase?

A: Make sure you select the database updates that correspond to your area or region of the world where you live. No



point updating a database located on a server based in Asia when you’re living in Europe, if you cannot spare thebandwidth. The regions are clearly marked by flags, and so you should be able to identify the server nearest to you quiteeasily.

Q: How come Spybot doesn’t automatically update its detection rules and immunization databases when I open it?

A: Automatic updates happen on the network and professional versions of Spybot. Given that you are using a freeversion, some features are unavailable. Still, manually updating Spybot's detection rules and immunisation databases isrelatively easy. Here is a handy Flash animation to show you how to update your system manually: http://www.safer-networking.org/en/howto/update.hs.html

4.1 Questions with which to test yourself after completing the guide

What is malware and how can it infect your computer?1.

What is the purpose of TeaTimer?2.

When you delete something with Spybot, is it possible to recover it later?3.

Apart from looking for and destroying malware, what are Spybot's other functions?4.



Documents

Spybot Anti Spyware