Manage Learn to apply best practices and optimize your operations.

Spyware and malware not always caught by tools

Antispyware and antimalware tools help identify suspicious elements on PCs, but they also leave unanswered questions. Here's what to do.

Freeware or commercial antispyware tools often tag elements as suspicious, malign or unidentifiable. Sometimes they label items as "tracking cookies." Although there's often little doubt that cleanup and removal is warranted for identifiable malware, things get interesting when you must decide what to do about the other stuff that's not known to be malicious but might not be safe.

If you find you are debating whether to keep or remove questionable items that are tagged by antispyware software, follow the basic guidelines of "Just say no" or "When in doubt, throw it out." And be sure to follow these steps:

  1. Identify the potential (or actual) culprit. Invariably, antispyware programs or forensic tools such as HijackThis will provide the name of a cookie, an executable file, a DLL or some other specific file or data object on your PC. Record that name in an accessible place, perhaps by cutting it from a spyware report and pasting it into a small text file.

  2. If you use antispyware software to pick up these names, look for a hyperlink somewhere in the information page or window pane associated with individual items. Though placement and terminology differ from tool to tool, you'll usually find a link to the vendor's Web site where you can glean information about the items a tool can detect from the company's spyware and malware databases.

  3. Visit your favorite search engine and use that name to look for more information about the item of concern. Often this will lead you directly to technical descriptions or threat assessments; sometimes it will lead you to cleanup and removal instructions.

  4. If you use a forensic tool such as HijackThis, be sure to work through the log analysis programs and consult free tools such as Help2Go Detective or HijackThis Analysis to help you determine what's been found on any given PC. These tools also provide pointers to places where you can go for more information about suspect items as well.

  5. Uniblue System's WinTasks Pro is a neat tool. Even more impressive is the maker's online database, the WinTasks Process Library. This database contains a comprehensive and up-to-date collection of known Windows process names, along with threat ratings for each one. This is quite useful when trying to determine if running processes could pose potential problems.

  6. Other good sources of general spyware information and assistance may be found at and The latter's HijackThis Area also includes some great forums and tutorials, as well as a good spyware tools listing.

It's OK to stop your research (unless you're just plain curious) as soon as you feel you have enough information for a thumbs-up or thumbs-down evaluation. The next step, of course, is removal and cleanup (which is also covered in some detail in Check IT List: How to detect spyware on PCs. It's a real learning adventure to figure out what's lurking on your users' PCs. But as troubling as it can be to observe how pervasive and tenacious spyware is, it's also satisfying to make it go away.

Ed Tittel is a full-time freelance writer and trainer based in Austin, Texas, who specializes in markup languages, information security and IT certifications.

Dig Deeper on Small-business IT strategy

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.