Program: Spyware Doctor
Author: PC Tools
Platform: Windows XP, Me, 98, 95 and 2000
License: $29.95

I am usually wary of trying out new antispyware programs. Many of them turn out to be rip-offs of existing antispyware programs, licensed clones or just plain rogues. Usually, I won't even look at a program until I've seen people who I consider to be experts say good things about it.

For a few months now, I've been hearing some very good things about Spyware Doctor from people whose opinions I trust. My partner bullied me into testing it out recently, so I downloaded a copy and set it loose on my virtual test computer. After playing with it for awhile, I consider Spyware Doctor to be a very good program. On a scale from 1 to 10, I would give this program a 9 1/2.

Spyware Doctor is a very nice and very polished antispyware protection program. The interface is uncluttered and easy to navigate. A system scan is initiated with the click of a single button. The same goes for updating the program. You could give a copy of this program to your grandmother for her first computer and she would have no trouble running it with the default settings.

I only have two concerns about this program. When the first scan is run, immediately after it is installed, it does not suggest using the update feature first. Antispyware and antivirus programs always should be updated before a scan is performed. The second concern is that it was not immediately obvious how to put an item onto the ignore list, although I did figure it out after a minute.

You may remember my marathon spyware killing experiment from 2005. I still have a copy of that infected virtual machine. On my "infected" test system, Spyware Doctor found a staggering 2,400+ infection items, kicked several processes out of memory and blocked 19 malicious start up entries. Every item found was organized by the name of the malware and included a short description, as well as a detailed listing of every file and registry entry it believed to be associated with it. Every item is labeled with a "threat level", showing how serious PC Tools considers that particular piece of software to be.

While removing malicious items, it unloaded Explorer.exe (the Windows desktop environment) several times in order to delete files. It informed me that there still were files it could not remove and automatically set itself up to run a scan after a restart. It then asked permission to reboot the machine. When the machine restarted, Spyware Doctor suppressed Explorer while it ran another full system scan and removed everything it couldn't delete the first time around.

There is one other good thing about the program that I feel is worth mentioning. It did not report a single false positive. Not one. This is the first time I have ever tested an antispyware or antivirus program that did not have at least one false positive. It did find one file which I could have sworn was installed by VMWare but, as it turns out, I was wrong and the program was right. False positives are the bane of malware scanning programs and it was good finally to test a program that didn't have one.

Of course, it did not detect and remove every single piece of malware on the infected machine. Sadly, I know of no single program capable of removing all of the toughest malware out there. It did, however, clobber roughly 98% of the malware and disabled all of the rest. The pop-up ads stopped. The highly annoying "alerts" from Virtual Bouncer ceased. All of the weird toolbars attached to Internet Explorer disappeared. The computer stopped crashing randomly and stopped taking 10 minutes to reboot. The CPU was no longer pegged at 100% and the memory usage dropped to less than half of what it was using while infected. Although it didn't remove everything, it certainly stopped the hijacks and disabled the ability of everything left to do any harm or to cause any annoyance. In short, my machine was back to normal.

During installation, it asks if you want to load protection when Windows starts. After installation, it runs a full system scan, then asks if you want to activate the "OnGuard" real-time protection.

In the settings, it offers "Quick Scan", "Full System Scan" and "Custom Scan". "Quick Scan" will search those areas most likely to reveal an infection, while "Full Scan" will search the entire system. "Custom Scan" lets you decide which parts of the registry it will scan, whether or not it scans the HOSTS file, memory and other locations. It also lets you decide which drives and folders will be searched.

OnGuard, the real-time protection module, protects against several methods used by browser hijackers and other malware. All of these components optionally will pop up an alert if something is detected. Note: Internet Explorer is the only web browser installed on my test machine, so I don't know if any of these protections apply to other browsers.

1) Startup Guard
Watches for malware being set to load when Windows starts up. Also monitors the Windows task scheduler.

2) Browser Guard
Watches for changes made to Internet Explorer's home page and for new Browser Helper Objects (BHOs). Also it keeps an eye on other browser extensions, such as buttons and toolbars.

3) Immunizer
Sets a registry "kill bit" for certain CLSID identifiers known to be used by malicious ActiveX programs. This prevents those ActiveX programs from being loaded by Internet Explorer.

4) Keylogger Guard
Watches for running programs which seem to be logging keystrokes and blocks them.

5) Network Guard
Detects changes made to the HOSTS file, restricts the Messenger service exploited by spammers and detects changes made to the LSP settings (a Windows networking component altered by many malwares).

6) Popup Blocker
Blocks pop-ups from being opened in Internet Explorer. It includes a whitelist and lets you decide whether it shows an alert, plays a sound or does nothing at all when a pop-up is blocked.

7) Process Guard
Watches for known malware being loaded and forcibly removes them from memory if one is loaded.

8) Scheduler
Allows you to set up automated scans, both full and quick scans, as well as automatic program updates.

9) Site Guard
This blocks access to certain web sites which are known to cause trouble. The options are to block suspected phishing web sites, block downloads from suspicious sites and to block access to suspected spyware web sites.

This is a good program and well worth the discounted price for Spywareinfo readers. Spyware Doctor has our recommendation - it is that good.