If the OS ia all the machine has installed then a format and reinstall is a solution but it takes a while and some effort and then you will still have to downlaod all the updates issued since the date your CD was made.

I would just:
1) Run windows update
2) Install and run any good virus/spyware solution . I use Panda - get the 30 day trial for now here:

http://www.pandasoftware.com/home/particulares/default

Panda used to be good, but now it really sucks.

Created many problems on several of my machines that all disappeared after I switched to Trend Micro.

Depending on what spyware has infected the computer, a clean format and fresh install is the best course of action. I spent over 5 hours cleaning up my niece’s computer and I still couldn’t get one flash based popup to stop. Her computer was so bad that it was unusable. I had to boot it into safe mode just be able to uninstall some of this stuff. I used SpyBot and AdAware and they removed all but one popup. Then I put ZoneAlarm Free and AVG Free on the PC for her.

I can’t figure out where this last popup is coming from. That’s why I say, just reformat the PC. For me, it would have been a lot faster.

~jr

Reformatting would be your best option.

Then have the client install XP and the updates. After that have him create a crippled user account with a lot of permissions that the administrator account normally has - DISABLED, but just enough to function normally (browsing, etc). If anything further needs to be done the client can always log back on as an administrator to do it then re-log on as a crippled user account once again. That way if hacked, the hacker will not have access to the sensitive information they seek.

Secondly, you need to determine how much effort the client is willing to put in to keep the computer safe. Some people are lazy in this respect so automatic anti-virus software is worth the performance hit to them just so they don't have to do anything. If that is the case then the least intrusive yet most effective anti-virus software has consistently been Eset's Nod32 as mentioned above.

If the client is willing to do some work there are free antivirus software available that can be run on demand, but the client has to remember to update it and run it occasionally. The most reliable of these is AntiVir Personal Edition and AVG Anti Virus. I would choose the option NOT to install the Virus Guard if performance is an issue, but the client must check for daily updates and run the scanner once a week. As long as you don't have a virus guard installed (or only ONE ) it is possible to install two antivirus software on the computer as long as you only run ONE AT A TIME and don't try to update them simultaneously.

In terms of the windows firewall it should be customized for programs and services to ASK permission each time to access the internet. Unlike windows 98, Windows XP is a real dog when it comes to this because it demands that multiple services be given permission to the OS to access the internet in order to properly function. Despite the hype to the contrary most people grant nearly unlimited permissions when using Windows XP so they don't have to be bothered each time granting it. In that respect it ends up MORE vulnerable than a PROPERLY configured Windows 98SE computer. Thank Microsoft for that.

If you decide to use Zone Alarm, the most reliable versions have been 5.5.094 and 5.5.062. They can co-exist with the Windows Firewall because when you install Zone Alarm it disables the Windows Firewall (Zone Alarm 5.5 or higher) then re-enables it if you uninstall it.

John

Jr, check the java run library for any programs that are not required.

I just removed a bunch of spyware off my wife's cousin's computer. Before I did, I told him "I'll bet you have 300 spyware programs running". I was wrong. He had almost 400! I use both Adaware and Spybot. Usually one gets what the other one misses.

Listening to Leo LaPorte, TV and Radio personality who specializes in computers, talking on a radio talk show, is now suggesting using a free firewall called Kerio instead of Zone Alarm. Much less intrusive and not likely to be hacked as Zone Alarm is these days. He still recommends the XP firewall (for those with XP) above those. I haven't tried it (Kerio) yet.

very important proceedure in formating the disk:
(and that is your ONLY alternative - take my word for it) is to place the disk in another computer with the jumpers moved to "slave" position - Format completetly - put it back into the original computer with the jumpers back to "Master" and re-install XP . This is because the pesky a#¤^%%&¤#")(( who make some of these adwares etc hide in the sector Windows allocate for the system files etc- and will remain there even through a format.

//Garo

garo... can't you boot from the windows CD and format the hard drive that way?

This combination worked on a massively effected computer.

IMPORTANT for XP: turn OFF & ERASE your XP system restore – spy ware can reside there even after running spyware sweep and re-infect your computer.

1. Mentioned in an above post – SpyBot and AdAware – FREE
2. http://www.pctools.com/spyware-doctor/ FREE SCAN ONLY
But it will get what the two above sometimes miss or only temporality gets rid of.
3. McAfee – NOT FREE (way better then Norton)

Short of a full reformat you can try a few free tools -
McAfee's AVERT page is a good start. if you make a boot floppy or burn a boot CD you can use the free dos/command line virus scan from these pages.

SpyBot: Search & Destroy is free and works well at detecting ads and the like and once you get the reg set up and clean this will monitor and notify you of all changes that could be of issue.

if you do have to reformat you can try the free version of Active@ Kill Disk. You can try this before you do a full reformat as well however if the data has not been erased it won't get rid of it. if the data has been erased this can help any sort of little utlity that tries to recover the virus or spyware.

After using Norton and McAfee extensively and having serious problems with both I now use and recommend:

AVG
Spybot Search and Destroy
AdAware-(Pay version on workstation, Free version on laptop)
Windows Firewall

Some viruses write system keys into your ini file and you have to just do a reformat. I reformat from a XP CD and have no probs, but you may want to take Garo's advice. One time I used the XP CD and just had it reload the Windows System Files only and it worked. But sometimes they cling to various files throughout your drive and you have to do a complete reformat. I've learned my lesson, I now put my data files on a separate hard drive.

Thanks all for the top-notch advice. The people on these forums are the best!
I think I'll try SpyBot since several of you recommend it. If it kills all the SpyAxe -like popups I think I can find something to get rid of sober.dam
Even though Stinger found the virus, it was unable to get rid of it.

The lack of restore points (it was turned off) is maddening. I thought I could just revert to a clean system and get rid of the bad files manually. I'll try reinstalling the XP system files since one of those is affected by sober.dam

Worst case, I'll backup to an external drive, do a format and reinstall XP, then do all the security updates and make sure there is some kind of firewall and inbound spycatcher working before I turn it back over to my somewhat naive client.

Thanks again.

On an infected system i wouldn't trust restore points. It's not inconceivable that a virus would infect the restore points as well as the currently active system. I haven't heard of such a case, but it certainly seems possible.

My standard procedure when setting up new systems has been to copy the entire Windows install CD to a directory on the freshly formatted hard drive first and then install from that. The advantage is that if users need to add other Windows features later then they don't have to go searching for the CD. However, i may have to change this practice. I've started seeing some viruses that infect the install directory i've created, so any reinstalls from this directory will already be infected.

The only completely safe way to recover is to wipe the drive and start over.

*sigh* If i could have gotten my professional rate for all the friends and co-worker's computers i've cleaned i could probably retire to a tropical island by now. Hmmm, there's an idea ... maybe i should go into business disinfecting computers. The problem is, if i actually charged a professional rate, no one would pay. It would almost be cheaper for them to buy new computers instead.