Documentation in this section covers adware, spyware, virus, and other malware removal. When removing hostile programs, there are two basic types of removal methods which are.

* Automatic Malware Removal
* Manual Malware Removal

Whether you remove the malware automatically or manually, caution is strongly advised and you should follow a set procedure in doing this.
Cautions and Recommended Malware Removal Procedure

It is wise to be cautious when removing malware because many times malware may modify your system so when you remove it, your system will be crippled. Not being careful could result in the necessary re-installation of your operating system. The following phases for the removal process are recommended.

1. Identification phase – During this phase, you only want to identify any malware or hostile software that may be running on your computer. You can run your anti-virus program, anti-spyware, anti-adware, or whatever product you choose to identify any infection on your computer. You must be sure to set the product to only identify malware on your system and not to remove, delete, or quaranteen it. You can also look through your process list to locate possible hostile malware. See the article called Processes to learn how to do this.
2. Information gathering phase – Gather information about any hostile software running on your computer. Determine whether the uninstall tool for that software may work (some adware or spyware is removable and written by somewhat reputable companies). Find out how the software changes your system. Does it change file associations or make your system require the software to run some executable programs? You can usually find information about processes running on your computer by doing one or more of the following:
* Search Gigablast or your favorite search engine for the name of the process, product name, or company that made the program
* Search your anti-virus manufacturer or anti-spyware manufacturer website to find more information about malware you have and possibly find removal instructions.
* Search your hard drive for the name of the file required to run the process and look at that file\’s properties to see who created it or to determine whether you should be more suspicious.
3. Removal phase – Based on information found in the last phase decide whether it is safe to remove the software manually or automatically.

Automatic Removal
If you choose automatic removal, it is reasonably easy. Just allow your removal program to do the work, but be sure your system is not dependant on the malware program you are removing.

Manual Removal
Follow any the removal instructions that you may have found during the information gathering phase. You may need to edit your system registry, rename files (Initial renaming is recommended in case you need to restore a file to get your system to boot), or manually kill processes. You may need to get an IT professional to do this depending on your level of expertise.

Processes
This page explains what computer processes are and how you can determine what processes are running on your computer. This skill can help you deternine whether you have malware operating on your system.

What is a Process?

A process is a computer program running on a computer. A computer program in simple terms is an executable set of commands for the computer to perform. A process is an actively running program which may or may not be running in the background. A program running in the background is one that the computer user may not be aware of, but it may be providing useful services such as an ability to connect to other computers.

Processes are usually associated with your operating system or a program that is installed on your computer.
Identifying Processes

It is useful to identify processes running on your computer to determine whether your system has any malware or other undesired processes running on it. Also some processes use up valuable resources and can be shut down.

Your operating system task manager is used to identify processes running on your computer for Windows 2000 or Windows XP systems. It can be actived using one of the below two methods:

* Press the combination of keys, CTRL-ALT-DEL, at the same time, then select the “Task Manager” button.
* Right click on an open area of your task bar at the bottom of your screen, then select “Task Manager”.

After the task manager is open, select the Processes tab. This provides a list of processes running on your computer.

In the process list, the ones called “System” or “System Idle Process” are of no concern since they are a normal part of the system. Processes should be associated with one or more.

* Your computer system such as a Microsoft operating system process.
* An application you installed such as your anti-virus software, your file editor, printer software, and other programs.
* An application that was installed without your knowledge (this is where trouble usually comes from).

Processes on the list that you do not recognize can be found using several methods:

* Use one of the following websites to look up the process to determine what kind of process it is.
o Task List Processes
o Windows Process Library
o Do Something about computer crashes
* Search your favorite search engine such as Gigablast to get some clues about what the process is. You can do a web search or a groups search on google and sometimes find discussions that may answer the question about the origin of the process.
* Use the search function on your computer to search for the process name on your hard drive. This may identify the folder the process executable file is in which may give you additional clues.
Once found, navigate to the folder the file is in.

Right click on the file you are checking to open the properties window for the file. Click on the “Version” tab.