Run Malware Scans
Module 2 - Scan for Malware with Spybot

spybot search & destroySpybot Search & Destroy is a spyware and adware removal computer program compatible with Microsoft Windows. It scans the computer hard disk and/or RAM for malicious software. Spybot also can clean program and Web-usage tracks from your system, which is especially useful if you share your computer. In addition to spyware and adware detection and disinfection, Spybot-S&D can repair the registry, winsock LSPs, ActiveX objects, browser hijackers and BHOs, PUPS, computer cookies, trackerware, heavy duty, homepage hijackers, keyloggers, LSP, tracks, trojans, spybots, revision, and other kinds of malware. Spybot – Search & Destroy is released as freeware for personal users

For best results, view the VIDEO above in “Full Screen”.

Back to Top

Back to “Run Malware Scans”

Once you have started Spybot – Search & Destroy, you can immediately start scanning.

  • Having started the program, you will already see the scan screen. If not, please select Search & Destroy in the Spybot-S&D section in the toolbar to the left.
  • The search screen contains a toolbar with the most important options. Let us start a scan: please press the Check for problems button.
  • You will see the scan progress in the status bar at the bottom of the window, and can stop the progress at any point by pressing the Stop check button that has just appeared (it will vanish again once the check has finished).

If the scan has found something, the list will show it. There are two basic kinds of results:

  • Red entries indicate spyware problems that should be fixed to avoid security and/or privacy problems. This is the only kind of problem that is preselected to be fixed.
  • Green entries indicate usage tracks. It can do no harm to remove these.

For most of the problems there is more information available. On the right side of the window you will find a grey button. By clicking it a window will open and show you some information about the item selected (if there is none selected, you can simply click on it and the information will be displayed).

You can now select the problems you want to fix, by clicking the checkbox in front of it, or by selecting all using the button Select all problems (this button will only be available after enabling the expert button setting in advanced mode). More selection options are available if you look into the context menu (by right-clicking a problem). The context menu will also allow you to exclude single problems or whole products from further scans (you may later change the exclude settings in the settings section/Ignore…). Another option the context menu offers is to copy or export the results list or a full report.

  • Once you are sure you have selected what you want to be removed from your computer, press the Fix selected problems button. You will see the fixing progress at the bottom status bar.
  • If some problems cannot be fixed right now (because they are still loaded and can’t be terminated, for example), Spybot-S&D offers an option to run on next system start, so you can check and fix again.
  • Should you notice at any later point that you have removed more spyware than you wanted, you can always restore it from the Recovery in the Spybot-S&D-section.
  • You can also fine-tune your scan options by selecting special File sets and changing some Settings.


Spybot-S&D allows you to immunize your computer against some spyware. It currently offers three different immunities:

Permanent Internet Explorer immunity

The permanent immunity works on some Internet Explorer control options that are partly visible in the Internet Explorer interface, partly hidden in the registry only. It adds domains known to contain bad contents into the Restricted Zone, thus blocking installation of executable code from those pages; it also adds block options for bad executable code by its ID, and it sets known tracking cookies not to be accepted by Internet Explorer.

To cut it short: it modifies Internet Explorer, through official ways, to block a lot of the bad stuff known to Spybot.

Permanently running bad download blocker for Internet Explorer

This is a second layer of protection for IE. While the Permanent Immunity blocks installers by their ActiveX ID, this one blocks anything that should come through by different aspects.
You can view a log of blocked installers in the Tools / Resident section.

Permanent Opera immunity

This list shows all Opera profiles, and how many of the plugins that Spybot knows as bad are already blocked in each profile. To set the complete protection, just tick the checkbox in front of the profile you want to protect. To remove the protection, uncheck the checkbox.

Not many browser plugins are currently working for Opera, but the attempt to install some may crash Opera, and ActiveX support for Opera is available in third-party beta software, so use this function as a precaution against future misuse of Opera through spyware.

This feature will (certainly) only be displayed if you have Opera installed on your system!


The recovery section is available by selecting Recovery from the Spybot-S&D section in the toolbar to the left.

If you have fixed some spyware problems in the past, this list will show it. Here you can select one or more problems (see also the context menu for extended selection options) and either recover or finally purge them from your system.

In addition to the Recovery feature, Windows ME, XP and Vista users have the possibility to enable the creation of System Restore Points for each fix. This option can be set in the Main Settings part of the Settings section.
When going back to a System Restore Point, the Resident TeaTimer needs to be shut down: With TeaTimer running, it will take note of the changes and ask to either Allow or Deny them. However, in the process of restoring Windows will restart too fast to allow the changes.

Back to Top

Back to “Run Malware Scans”