Has your computer suddenly started complaining that it's infected?

No (legitimate) windows process or software gives you a warning message and then tries pushing you into whipping out your credit card and buying a specific product.

Usually what happens is the malware gets onto your PC (there are many routes) and displays fake warnings that suggest you use a certain spyware remover to deal with the problem. On going to the spyware remover site, it runs an "online scan" (an animated popup that actually does nothing), or allows you to download a trial version. In either case, it finds a malware problem (surprise!) and asks you to pay for a full version of the software to deal with it.

The recommended products are either useless fakes (the best you can hope for) or just install further malware and advertisements - but the money they try and get from you is very real.

Even if the recommended sofware did what it claimed, would you trust bozos who are prepared to stoop to fake alerts (installed by their very own malware) with your credit card details?

So, the malware installs itself on your PC, nags you with fake warnings to buy a worthless piece of software that does nothing or further compromises the security of your PC (for example, some of this malware reduces the security of Internet Explorer by changing the settings and disables the windows task manager, so you can't shut down rogue processes).

Unfortunately, the malware that generates these intrusive warnings is very persistent and difficult to get rid of. In some cases, it will produce a fake Blue Screen Of Death (usually a screensaver) or change the desktop background to a big, ugly warning and then disable Desktop Settings, so you can't remove the warning. So what should you do?

I recommend you avoid any of the following programs as they are all associated with being promoted via malware -

• AdawareDelete
• AdwareBazooka
• AdwareSheriff
• AlfaCleaner
• Amaena
• Antivirus Pro
• BreakSpyware
• CurePcSolution
• DriveCleaner 2006
• ErrorSafe
• ExpertAntivirus
• PerfectCleaner
• SpyAway
• SpyCut
• SystemDoctor
• SystemStable
• WinAntiVirus
• Winfixer

This isn't an exhaustive list and please be careful as peddlers of fake spyware removers often choose names that are close to respected commercial products, in order to cause confusion.

The software that starts all the trouble is a trojan, usually called vundo or virtumonde by spyware researchers - it has many variants but other programs generate similar fake warnings as well (notably smitfraud).

Before trying to cut out this parasite there are a few preparations you should make...

Make sure you have enough time - the last thing you want to do is rush and do some real damage to your system. A system that won't boot is a nightmare for most PC users.

Backup your essential files first. In the real world, most of us aren't in the happy situation of having an up-to-date 100% backup that we can restore from at the touch of a button. The most important thing on the PC is your personal data - passwords, PINs, anything identity related, unique creative content, financial records etc. You can re-install drivers, system files, programs etc. (even though it's a time-consuming pain).

Make a copy of your registry. Use a program called ERUNT (it's excellent and free), to make a copy of your registry in case it becomes corrupted.

Download a program called LSPFix. Some malware aggressively resists removal. One way of doing this is to hook a piece of software into the networking code for windows. When the malware is removed, you lose internet access. Cute. If that should happen to you, LSPfix can repair the gaping hole left by the removal of the malware code and restore your internet connection.

Download a program called CCleaner. This lovely program will clear out all the digital effluent left over after the malware has been flushed away.

Download a (genuine) spyware scanner. Don't use any spyware scanner that is recommended in a warning popup or that pops up in a browser window and gives you an online scan - whether you want it or not. The scanner I recommend is Xoftspy SE (see below). It is not free (well, it is if you only want to scan and not remove) but it is excellent. Small, fast and extremely user friendly. It does one job and does it well. It gives you detailed info on suspect programs and you can look them up in an online database, so even a beginner won't remove important system files by mistake. If the scanner can't deal with a particular malware problem then their tech support will resolve the issue with you. The scanner has a built-in option to send log files to Paretologic's tech support, so you don't have to spend ages trying to explain what's going on in an email.

Update definition files for your anti-virus and spyware scanner and then clear your cookies. Now scan your machine (this may take some considerable time, depending on the speed of your PC and how much data you have stored on it - a fast, lightweight scanner is definitely a plus). Remove or quarantine suspect files as appropriate (quarantine is usually best, if you have that option).

When everything is done, reboot your machine - see if the old behaviour occurs again. If it does reboot into safe mode (press F8 after the bios startup screen and select boot into safe mode). Run the scanner again. Reboot when finished. If you still have a problem then you have new malware or malware that's being protected by a rootkit (stealth technology that hides the malware from the operating system of your machine). Time to get some tech support...

Assuming that all has gone well, it's now time to test your internet connection. If it isn't working, don't assume it's down to malware immediately. Check the obvious stuff like network cables, phone cables (for ADSL), your firewall isn't in lock mode and that there isn't a (scheduled) network outage. When you've eliminated other causes, fire up LSPfix and click finish to repair the networking software. Don't be tempted to play around with any options in LSPfix unless your an expert in Winsock 2 and Layered Service Providers.

Now you have your machine back, the first thing to do is clean it up. Run erunt again and make a registry backup that is now free of malware entries. Run CCleaner to get rid of all sorts of unwanted trash. The next thing to do is take steps to prevent the problem happening again. Firstly, if you have Sun Java installed, make sure you're JRE is up to date. It has been exploited quite heavily by this kind of malware. Then make sure you have applied Microsoft's critical windows updates. Make sure your browser is up to date with all the latest patches applied.

Yes, this is all time-consuming but not as time consuming as having to deal with another malware incident.

Oh, one more tip. If you still have problems with things like not be allowed to bring up Task Manager or changing desktop settings then download Fixpolicies (by Bill Castner). Run it, it will create a folder on your desktop, open that, then double-click fix_policies.cmd. A command window will open briefly. After that you should be good to go.

Hope this helps!

I recommend Xoftspy SE because it is fast, lightweight and user friendly. It has a built-in feature to send log files to Paretologic Tech Support, in order to resolve problems that can't be dealt with automatically (eg, brand new malware that isn't in the database yet).

You can use it to scan for free... if you don't like it then you don't have to pay anything and it uninstalls cleanly.