Vectors & Interfaces
The networking specialist
 About Vectors & Interfaces Network support services Useful resources PC News Contact The support specialist Support Guide

Removing persistent spyware that stays in your system


There is a risk in downloading those free software that offer scanning of your computer for spywares. Most actually requires you to download some plug-ins in order function via the web browser.

These plug-ins actually allows them control of your browser and computer settings.

Instead of cleaning your computer of spywares, it these software actually embedded itself into your system, hijacking it and demand that you pay them to clean your system.

Behaviours of such spyware-like software included;

  • Claiming that there is spyware on your machine even though there isn’t.
  • Installing many strange add-ons to the initial software you downloaded and set up.
  • Constantly prompting you for purchase.
  • Generally provides poor user interface, typical of spyware programs that do not want to give you any control of your OWN computer.

Some of the spyware cannot be removed using just Spybot Search and Destroy, Microsoft's Anti-spyware or Ad-Aware.

These type of spyware normally requires you to go through several routine to terminate its processes in memory before they can be eliminated. If the processes are not terminated, they will just keep adding itself to the registry immediately after you attempt to remove it.

To stop the spyware processes, click Ctrl-Alt-Del, select your Task Manager, and in the list look for suspicious looking Image Name that is not part of the operating system. Common OS related processes that cannot be terminated are LSASS, SPOOLSV, WINLOGON, smss and services.

If there is any suspicious looking programs that cannot be terminated and does not comes up with a message, "The operation could not be completed. Access is denied" but restarts itself, chances are that it is a malware that is embedded into your Windows' startup as a system process.

You may need to look into Control Panel, Administrative Tools, Services and stop the services from there.

Once that is done, you will also need to remove its registry entries located at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services and remove the appropriate folder/s.

You can also remove suspicious DLL files by following the instruction here.

Run your anti-spyware program after going through the above routines, eithier in Safe Mode or Normal Mode.

If you're having problem removing RPCSS_PL program, then you're probably dealing with a very persistent parasiteware. Removal process for RPCSS_PL can be found here.

For a reliable commercial spyware removal tool, you can consider getting Pest Patrol from Computer Associates.

Pest Patrol is renowned for its effectiveness in removing malwares, spywares and trojans.

Pest Patrol not only cleans up your spyware and Trojan problems but remains updated on the latest tricks these spywares are using.

Remember also to fully update your Windows operating system, disable browser extension like toolbars and constantly scan for spywares with Pest Patrol.

Don't go for unknown products and if you must, then do a search for review from popular spyware forums like spywarewarrior.com before deciding.
Don't pay the anti-spyware programs to 'remove' what they install into your system.