Malicious software goes by many names: Spyware, worms, viruses, Trojans, Adware, keystroke loggers, pests, and more. "Spyware" often is used to mean all malicious software other than viruses. I prefer the term "malware" as it's a bit more descriptive.
The symptoms of a malware infection vary.
- Your web browsing speed may be slow. Your computer, in general, may be slower that it was and may take much longer to start up than it used to.
- It is likely Internet Explorer is modified. You homepage and/or search page may be changed, new favorites that you didn't create may appear, a new toolbar may appear or you may end up at unknown web sites when you try to do a search.
- To prevent you from undoing the browser modifications made by a malware program, some of them remove or disable the Internet Options from the Tools Menu and from the Control Panel. If you try to reset your home page and can't, it's likely due to malware. If you can't get to anti-virus or security web sites, but can get to other web sites, it's likely due to malware.
- Adware will bombard you with pop-up ads. More malicious programs serve up a constant barrage of ads for pornographic web sites. That's on top of the pop-ups from the web sites you're viewing. If you see pop-up ads even when you are offline, it's due to malware.
- Actual Spyware (as opposed to other malware) has to phone home to report what it found. If your firewall provides outbound protection you may see the 'phone call' and be able to stop it.
- Malicious software may also shut down or disable your anti-virus program or your firewall program. It may prevent the normal activity of your anti-Spyware software. It may prevent you from accessing Task Manager or msconfig or regedit.
- Adware programs may create new icons on the Windows desktop, task bar, or system tray. They may also create popup windows that you are unable to close. If your computer mysteriously dials the phone on its own, it may be infected with a porn dialing program.
Depending on the circumstances, the correct approach might be to wipe the hard disk clean and re-install or recover Windows. A clean install is the only 100% guaranteed way to return the computer to a fully functioning state. If the computer is used for anything judged to be important, a clean install is probably called for. Likewise, it it's used for home banking a clean install may be the best approach. Also, a clean install takes only so much time. The procedure described below can drag on and on ...
The two big downsides to a clean install are losing the installed applications and all user data files. Trying to backup data files before wiping the hard disk clean is an accident waiting to happen, you're bound to overlook some.
A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. Typically, a hacker installs a rootkit on a computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking a password. Once the rootkit is installed, it allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network.
A rootkit will hook into Windows itself and hide itself from the operating system. This make them particularly difficult to remove while Windows is running.
Once the malware has been removed, there is the matter of damage control. The ability to change settings, go to Internet sites, etc. may have been changed by the malware.