Ban All Spies: Strong Spyware Defense in an Afternoon | Absolute Beginners Guide to Security, Spam, Spyware & Viruses

Here are a few techniques you can employ to make your system more resistant to spyware and safeguard it further.

Run a Full System Scan

Most anti-spyware programs offer both a quick scan feature and a full system scan feature (sometimes called a deep scan ). When you have more time, be sure to run a full system scan (see Figure 2.20). The program digs deeper into your system to look for less obvious spyware.

Figure 2.20. Microsoft AntiSpyware has a full system scan that should be run occasionally when you have time to check every nook and cranny of your computer for spyware.

Install a Second Anti-spyware Program

The anti-spyware program you choose will not stop and clean all spyware infections. There are so many kinds of spyware that many anti-spyware programs only capture a portion of them. So to be vigilant it's advisable to use two anti-spyware programs on your computer. I've had good luck with using both Microsoft AntiSpyware and Spybot Search & Destroy together (see Figure 2.21). I also like PestPatrol, a commercial anti-spyware product available from http://www. pestpatrol .com that is very effective at catching more spyware than the freebies. A third free anti-spyware tool is Ad-Aware SE Personal Edition available from http://www.lavasoft.de.

Figure 2.21. I recommended using two anti-spyware programs on your computer. Besides Microsoft AntiSpyware, I like to use Spybot Search & Destroy, another excellent free anti-spyware tool.

Inoculate Your System

Microsoft AntiSpyware comes with a feature called Real-time Protection (see Figure 2.22). This feature watches 100 key areas of your computer looking for spyware behavior. If a setting is changed or an Internet connection is made, it alerts you to the behavior with an information pop-up box. If the alert is deemed severe, it asks you for a decision.

Figure 2.22. Microsoft AntiSpyware has a feature called Real-time Protection that watches over 100 key entries points used by spyware to get onto a computer.

Spybot Search & Destroy also has a similar feature. It's called Immunize. It tweaks settings in Internet Explorer to block installation of known spyware.

Use Firefox

If anyone is to blame for the spyware problem, it's Microsoft. That's because the great big software company produced operating systems that are full of security holes. At particular fault is Microsoft's web browser Internet Explorer (IE). It has all kinds of functions that are exploited by spyware writers. These include software called Browser Helper Objects (BHOs) which are add-ons for the browser that can auto-install from the web. IE also uses something called ActiveX which allows mini-programs to self-install on a computer.

Many people quit using IE as their browser. Instead they install Firefox (see Figure 2.23), a really nice alternative from Mozilla.org that doesn't have the security holes that plagues IE. I recommend this as well.

Figure 2.23. Using Firefox as your primary web browser closes one door on spyware on your system because its mechanisms won't allow spyware to come onto your system automatically.

You can't totally abandon IE because some sites, including Microsoft's own Windows Update, won't work without it. However, installing and using Firefox most of the time is a good stopgap against getting your machine chuck full o' spyware.

Clean Cookies

If you'd like to clean browser cookies in the Internet Explorer web browser (see Figure 2.24), take the following steps:

1.	Open Internet Explorer.
2.	Click the Tools menu, and then click Internet Options.
3.	Click the Delete Cookies button on the General Tab in the Temporary Internet Files section.
4.	To selectively delete cookies, click the Settings button instead. Then click View Files.
5.	A box opens with a list of your cookies files and other temporary browser files. You can selectively delete them from here.

Figure 2.24. In Internet Explorer's Internet Options box you can clean all your cookies with one click.

If you'd like to clean your cookies in Firefox (see Figure 2.25), do the following:

1.	Start Firefox.
2.	Click the Tools menu, and then click Options.
3.	On the left menu, click the Privacy icon.
4.	Next to the cookies entry, click Clear. Or to selectively delete them, click the + sign next to Cookies and a submenu opens.
5.	Click View Cookies to look at the cookies in Firefox and delete the ones you don't want.

Figure 2.25. In the Firefox Options menu you can wipe out many temporary Internet files, including cookies.

Spyware Infection Found! How to Scrub Your System

Despite your best efforts, you might still get infected by spyware or adware. In fact, because of the pernicious nature of this kind of malware, it's almost a certainty . So this section will come in handy. Here's how to clean spyware and adware from your system.

Caution

If you clean your web browser's cookies, you could wipe away the good with the bad. Cookies can be used to remember user IDs, passwords, and other settings you use to log on to membership-based websites . So be aware that if you wipe your cookies clean, you'll have to re-enter this info the next time you visit a membership-based website such as your online bank.

Clean, Yes! Spyware, No!

I am going to show you how to use Microsoft AntiSpyware to remove threats. The process that most other anti-spyware software use is not that different.

First, you'll want to run a system scan to detect infections. When you do this, the software does the following:

It examines all the files on your computer looking for traces of spyware.
It scours your computer memory looking for active spyware.
It rakes through the Windows registry, which is a massive storehouse of settings and data used to run your computer.
It examines web browser and system settings as well as the startup areas of Windows.

Anti-spyware programs usually offer two kinds of scans :

Quick scan This kind of scan checks the likely hiding places that spyware set up camp in, but doesn't delve too deeply into the deep dark areas of your hard drive. A quick scan catches most active spyware on your system, but misses the ones that are dormant or that have cleverly obscured themselves . This is handy to run once a day or when you think your system might have recently been compromised.
Deep scan This looks at the same areas the quick scan looks at but also deeply combs the hard drive seeking any sign of spyware. It checks every nook and cranny, every bit and byte. As a result, it takes a while to complete. This should be done weekly.

Microsoft AntiSpyware has both modes. Let me take you through a deep scan. Before you start, check to see if there are any spyware signature updates.

1.	Make sure you are connected to the Internet either via your broadband connection (cable, DSL, or satellite) or dialup. (If you can check email or surf the Web, you are connected.)
2.	Start Microsoft AntiSpyware.
3.	Click the File menu.
4.	Choose Check for Updates.
5.	The program checks to see if there are any new updates on the Microsoft server and downloads and installs them.
6.	Now click Scan Options under the big Run Quick Scan Now button. You'll see two options: Run an Intelligent Quick Scan and Run a Full System Scan (see Figure 2.26).
7.	Choose the full system scan. When you do this the grayed out check boxes become active.
8.	You want to keep them all checked. If you want to target a second hard drive or removable storage device, you want to click Select and choose the drive or folder to scan (click the + sign to pick specific folders).
9.	After you've decided on the options, click the Run Scan Now button. As the scan runs, it starts to display the threats it finds and the number of files associated with the threat (see Figure 2.27).

Figure 2.26. Microsoft AntiSpyware can do either a quick scan that takes a few minutes or a thorough deep scan that takes a half hour or more, depending on the size of your hard drive.

Figure 2.27. Microsoft AntiSpyware alerts you as it finds threats during the scan.

When the scan is complete, Microsoft AntiSpyware lists all the threats it found and rates its severity as follows :

Severe Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.
High High-risk items have a large potential for harm (allowing someone to take control of the computer), and should be removed unless you knowingly installed them.
Elevated These programs have potential for harm and should be removed.
Moderate These items have some potential for harm, but may be needed to make a program run. Often adware that is part of a free program is rated this way.

Microsoft AntiSpyware also recommends an action to take when you click the Continue button to clean the threats from the system:

Always Ignore When selected, the threat will be permanently ignored by the program in all future scans.
Ignore The threat is ignored this time but will be detected next scan.
Quarantine This removes the program and places it in a safe area (called quarantine) where it can't do any harm. It can be removed from quarantine at a later date and restored.
Remove This removes every trace of the spyware or adware from the system so it is no longer a threat.

What to Do When an Infection Is Found

When Microsoft AntiSpyware finishes its scan, it gives you the option to remove it (see Figure 2.28). Click Continue. Hum merrilyspyware killing can be fun. Be sure to reboot your system after the removal process is done to stop spyware from regenerating. As long as it's in memory, some spyware and adware can re-install, self-repair, and download new infections from the Internet.

Figure 2.28. When a scan is done, Microsoft AntiSpyware rates the threat and makes a recommendation as to what you should do with it.

Look what I Found! Please Ignore it

If Microsoft AntiSpyware finds software from Claria, formerly Gator, on your computer (such as GotSmiley, Weatherscope, or DashBar) it recommends that you ignore these products (see Figure 2.29).

Figure 2.29. Microsoft recommends that you ignore programs from Claria, a company with a history for releasing software that snoops .

It's been a highly controversial issue. That's because Gator/Claria has been a notorious producer of spyware and adware even though it vehemently defends its practices.

Rumor has it that Microsoft has been sniffing around Claria looking at it as a possible acquisition. Rumors about a possible Microsoft acquisition of Claria began around the same time Microsoft began to recommend that Claria software be ignored when Microsoft AntiSpyware detected it.

It appears to be part of a larger picture as Microsoft downgraded some other adware company products, but the anti-Microsoft conspiracy theorists went bonkers when this happened .

To be fair, Claria has cleaned up its act a lot. When you install its free programs, it declares that its software collects information on you and pushes ads at you. However, it does give you an option to buy a version without these sneaky features.

If the Removal Routine Fails

If an anti-spyware program has a problem removing a threat, you may want to do a scan with it in Windows Safe Mode.

Safe Mode is a Windows troubleshooting mode that allows you to run Windows without loading anything unnecessary in memory. You can get into it by restarting your computer and hitting F8 repeatedly as the computer starts. This takes you to a menu where you choose Safe Mode and boot into Windows in a raw state. This is useful to remove spyware and viruses because in Safe Mode nothing extraneous is loaded into memory, except key Windows components. Since program components spyware uses are not in memory in this state, they can be easily removed. Think of it like this: You can't put a ladder in the garage if you're standing on it. And you can't delete a program if it's running.

Running a scan in Safe Mode increases your chances of successfully removing the threat completely. Before going into Safe Mode, don't forget to update your spyware signatures first, by using the Update button in the program (see the previous section).

How to Fix a Browser Hijack

The infections you'll have great difficulty removing is a category of spyware called browser hijackers .

As mentioned earlier in this chapter, it's a kind of malware that takes over your Internet Explorer home page and switches it to another web page. (A home page is the website that loads when a browser is first opened.) If you try to reset the home page, the browser hijack switches it back the next time you start your computer or open Internet Explorer again.

Booting in Windows Safe Mode causes Windows to start using only its most basic components (mouse, monitor, and keyboard drivers, for example). When in Safe Mode, Windows doesn't load a bevy of other drivers, startup applications, and the like, meaning any spyware lurking on your PC will be peacefully snoozing when you take the wood stake to it. Think of Safe Mode as Windows Unplugged, if you will. It's still Windows, just without all the frills. Here, you are better able to nix spyware. After you're done squishing spyware, reboot your computer in Normal Mode and enjoy your spyware-free computer.

Spybot Search & Destroy, Ad-Aware SE, and Microsoft AntiSpyware all have capabilities to cleanse some browser hijackers, but they are not always successful.

I highly recommend you run all three free anti-spyware programs first before resorting to the following procedures. Fixing a browser hijacker problem can be an extremely difficult task and you'll likely want to recruit some help.

Browser hijackers are very clever at making themselves difficult to remove. They insert themselves in obscure places deep inside your operating system and cling to your computer like an amorous dog on your leg. There are, however, a couple of tools that can help you rid yourself of the more insipid browser hijackers.

Hijacker Killers Worth Paying for

There are a few anti-spyware productswhich you have to pay forthat I recommend because they are easy to use, remove infections well, and have a high detection rate.

They are also good at removing many browser hijackers. I always suggest running two anti-spyware software programs on a computer. You'll do well to run one of these along with one of the free programs I recommend:

PestPatrol from Computer Associates (www.pestpatrol.com)
Webroot Spy Sweeper (www.webroot.com)
CounterSpy from Sunbelt Software (www.sunbeltsoftware.com)

HijackThis: An Introduction

One way to fix a browser hijack is with a diagnostic program called HijackThis (see Figure 2.30) written by a clever Dutch student called Merijn Bellekom. It's available free from his website at www.merijn.org.

Figure 2.30. Make sure you type Merijn.org correctly when you go to download HijackThis (the correct site is shown). Misspellings of the site address take you to adladen websites.

When you type www.merijn.org in your web browser, be sure you spell it right (see Figure 2.31). A slight misspelling can take you to an incorrect web page where there will be misleading links and lots of ads.

Figure 2.31. HijackThis is a good but complicated tool that helps you remove a browser hijacker from your computer.

That said, here's a piece of bad news. HijackThis is about as do-it-yourself as a 747 jet. It's not a tool that beginners should use on their own because you can really bung things up if you make a wrong move. Let me say that again:

You + HijackThis + cavalier attitude = computer goes BOOM!

HijackThis is like that pull catch in your car that opens the hood. Anyone can use it, but it exposes inner workings that can be intimidating, and if you blindly mess around in there, you can get a limb caught in the fan belt.

The program shows you the settings that relate to the guts of Internet Explorer, other web browsers, items that activate during the Windows start up, and other key system settings. It can also remove those settings. The problem here is finding the right items to remove and that takes a trained eye and a steady mouse finger.

So big neon caution here: Your best bet is to find an expert to help. But don't worry, I'll show you where those dastardly hijackers hide and how to lure them out into the sunlight.

How to Create a Restore Point

If you decide to work with HijackThis, you should set a system restore point first in case you make a nasty mistake.

This utility is only available if you have Windows Me or XP (see Figure 2.32). It allows you to reset the system to the way it was in the event that something goes horribly wrong after you start to tinker.

Figure 2.32. Before you start working with HijackThis, set a system restore point so you can undo everything if something goes horribly wrong.

You can set a System Restore Point as follows:

1.	Click Start, All Programs.
2.	Next click Accessories and choose System Tools.
3.	Now choose System Restore.
4.	Choose Create System Restore Point and click Next.
5.	Name the restore point with a description you will remember later, such as Before I Messed with the System.

If you run into problems and want to go back to the way things were, start up System Restore again, choose Restore My Computer to an Earlier Time, click Next, and find the Restore Point you set earlier. Click Next again and follow the wizard through until the system is restored. Note that it requires a reboot to finish the process.

Recruit a HijackThis Expert

Because HijackThis is a very advanced tool, a lot of eager experts on the Web are willing to help you diagnose a spyware problem with it. You just have to find one. Here's how to get an expert to help you.

Close Internet Explorer and any other browsers that are running. Start HijackThis, and follow these steps carefully :

1.	In the opening menu of HijackThis, you'll see an option called Do a System Scan and Save a Log File. Choose it. This scans places deep inside Windows where browser hijackers might have put entries. Then it creates a log of these in Notepad.
2.	Ask for help by posting your log on a web forum where HijackThis experts hang out. Be sure cut and paste it into your forum post with your request for help. There's a good list of web forums with experts that will help you diagnose your HijackThis log at www.merijn.org/forums.html. There's also a very good Malware Removal forum at Spywareinfo.com (see Figure 2.33).
3.	The expert diagnoses your log and walks you through procedures on how to fix the problem using HijackThis and other tools and techniques they'll explain.
4.	Ask for the expert's mailing address and send them a box of chocolate cookies. Geeks like cookies.

Figure 2.33. The Malware Removal discussion area in the forums at SpywareInfo. com is a good place to post your request for analysis of your HijackThis log.

Do It Yourself HijackThis

If you're the kind of person who likes to land the 747 yourselfand really, who doesn't?you're going to need a few days and an in-depth step-by-step do-ityourself process to learn HijackThis.

However, how about a quickie course that should both fix most ornery snags that Spybot and Ad-Aware can't fix and at the same time get your feet wet with HijackThis?

Check the Memory First

At the top of your HijackThis log you see a series of programs listed as Running Processes (see Figure 2.34). This is what is in your computer's memory at the time of the scan.

Figure 2.34. At the top of the HijackThis log is a list of processes running in your computer's memory.

You may see some obvious spyware program running. I helped out one guy who had a nasty spyware infection. Here are five of the 10 things that were running in his system's memory. Pop quiz! Can you guess which program is spyware?

 1. C:\WINDOWS\system32\winlogon.exe 2. C:\WINDOWS\system32\svchost.exe 3. C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe 4. C:\DOCUME~1\s1\LOCALS~1\Temp\nsu1C.tmp\ns1E.tmp 5. C:\Documents and Settings\s1\My Documents\Porn stars.exe

If you answered 4 and 5, you're right! Number 4 is a giveaway because it an obscure gobbledygook program name with a .tmp extension. Very suspicious! Sometimes spyware programs randomize the names of the program they launch to evade detection from anti-spyware programs.

Item 5 is pretty obvious, too. In this sample case, two of these with slight variations to their names were running in memory. Actually, these files had longer names that mentioned actual actors and described the act they were acting, so to speak. I cleansed it for you to keep this book out of the Human Sexuality section of the book store.

So check your HijackThis log for suspicious entries and then do what geeks call the three-finger salute: Hold down the Control and Alt keys and tap the Del key.

The Windows Task Manager opens (see Figure 2.35). If you click on the Processes tab, you'll see all the programs running in memory. Scroll through them and try to figure out which ones are spyware.

Figure 2.35. Open the Windows Task Manager and, in the Processes tab, look for programs that might be spyware.

To help, check out www.processlibrary.com. You can enter in names of the files you see on that site and it tells you whether it's a legitimate program or spyware. It won't have an answer for everything, though. What it's best for is to help you make a short list of the suspicious programs. Then you can investigate each one.

Use Google.com to help search for program names and be sure to enter them between sets of quotes if there are spaces in the name, as follows:

 "porn stars.exe"

This tells Google to search for the whole name as a phrase and not pieces of it.

Here Spyware, Spyware. It's Time to Die

With the memory cleansed, you can get down to the business of killing spyware in the system.

Open HijackThis, click the Scan button, and look at the list of entries (see Figure 2.36).

Figure 2.36. HijackThis generates a series of entries from the Windows Registry where spyware might be hiding.

There are lots of entries and they all look like they could be items on a Chinese food menu. But if you study them, you'll start to see stuff you recognize. Let's go through some notable entries you will likely encounter.

R0, R1, R2, R3IE Start and Search Page

These are addresses of the web pages Internet Explorer uses for the homepage and the default search page. If anything looks funky here and you see web addresses you don't recognize on the right side of each item, the entry is probably a hijack. Check off the boxes to the left of these and click the Fix Checked button. This wipes out the settings.

Congrats, you have just killed your first spyware with HijackThis. I think you are clever! But wait, we are not done.

F0, F1, F2, F3Autoloading Programs from INI Files

These are autoloading programs from old versions of Windows. F0 references are always bad. Nuke 'em.

F1 items are usually old programs. If you run old Windows programs, you will probably recognize these. Do research on these if you're unsure.

N1, N2, N3, N4Netscape/Mozilla Start and Search Page

These are Netscape and Mozilla (Firefox) web browser settings for their start and search pages. This look like the following:

[View full width]

  [View full width] 
 N1 - Netscape 4: user_pref("browser.startup.homepage", "  www.google.com  "); (C:\Program  Files\Netscape\Users\default\prefs.js)

These browser settings are usually OK. Malware called Lop.com hijacks these, though. If you don't recognized the web addresses, BBQ them.

O1HOSTS File Redirections

These are HOSTS file redirects. What that means is the web address on the right will be redirected to the numerical Internet address (called an IP address) on the left when you type it into your web browser. For example

 O1 - Hosts: 199.181.132.250  google.com

In this example, if you typed in Google.com into your web browser, it would be redirected to Disney.com (because that 199 number is an ABC/Disney- related IP address). Unless you put these in your HOSTS file yourself, these are bad. The only one that belongs there is

 127.0.0.1 localhost

O2Browser Helper Objects

These are called Browser Helper Objects or BHOs. They are programs that install into Internet Explorer that can add new features. They look like the following:

[View full width]

  [View full width] 
 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files  \Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

For example, you'll see the Google Toolbar here if you have it installed. Of course, BHOs can also be spyware.

If you see something that looks odd or unfamiliar, it could be spyware. Again, it's worth searching Google.com for entries to learn more about them before you nuke them.

O3IE Toolbars

These items reference Internet Explorer toolbars and look similar to this example:

[View full width]

  [View full width] 
 O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files  \Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll

If there's an odd toolbar at the top of IE that appears and wasn't there before, chances you'll find it listed as an O3 entry. Torch it.

O4Autoloading Programs from Registry or Startup Group

These entries reference programs that load automatically when Windows starts. They look like the following:

 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\ msnmsgr.exe " /background

This is where many spyware programs get started. Killing them off here stops them from loading when Windows restarts. Tread carefully here.

Besides these entries listed, there are loads more of esoteric entries that could hide spyware references. Learning them all requires a university course, time, and patience.

For a full compliment of entries and what they do, check out this really good reference page: www.bleepingcomputer.com/forums/tutorial42.html.

If you have the time and the inclination, you can learn tons more about the workings of HijackThis and can make a study of all the critical entries it finds.

I also recommend visiting these web pages to learn more about using HijackThis:

www.spywareinfo.com/articles/hijacked/
www.greyknight17.com/spy/hjt.htm

Decimate the Little Suckers with CWShredder

Another free program called CWShredder (see Figure 2.37) might also be able to help you with your browser hijack. It finds and destroys traces of CoolWebSearch, a name given to a wide range of browser hijackers. It's available for free from www.intermute.com/spysubtract/cwshredder_download.html.

Figure 2.37. CWShredder is a free program that helps defeat CoolWebSearch browser hijackers.

It's a small file so it won't take long to download. Before you run it, be sure to close Internet Explorer and Windows Media Player, if they are open.

Now run CWShredder. You'll see four buttons at the bottom of the initial window. Click Scan Only if you want to see if there are any CoolWebSearch hijacks on your system. Click Fix if you want to search for infections and clean them.

CWShredder was first written by Merijn Bellekom, author of HijackThis. He handed it over to Intermute, makers of the anti-spyware program SpySubtract PRO, in October 2004. The company, which was bought by Trend Micro in May 2005, is responsible for updating it and continues to make it freely available.

Microsoft Mimics HijackThis: System Explorers

Now if all this talk about HijackThis has made you queasy, you might want to take a step back and find a tool like HijackThis that doesn't require a grasp of advanced hamster science to use it.

While it's no HijackThis, Microsoft AntiSpyware does have a fabulous little function hidden in its advanced menus that could be termed HijackThis Lite. It's called System Explorers (see Figure 2.38). The feature exposes key Windows and browser settings like HijackThis does and identifies those that might be spyware-related. It's not as comprehensive as HijackThis, but it touches on the key settings that are frequently changed by spyware.

Figure 2.38. System Explorers is an advanced feature in Microsoft AntiSpyware that is like HijackThis but without the complexity.

To work with this feature, follow these steps:

Tip

Some spyware adds itself as Web content on your desktop background. To remove this, follow these steps:

1.	Right-click an empty space on the Windows desktop and select Properties.
2.	Select the Desktop tab and then the Customize Desktop button.
3.	Select the Web tab and delete any content listed that you don't want to be displayed.

1.	Start Microsoft AntiSpyware.
2.	Click Tools, Advanced Tools, System Explorers.
3.	When the System Explorers screen comes up, you see a list on the left that shows a list of key system and browser settings.
4.	Click on each one of these to explore them. The programmers have done a good job of explaining what each item does. Simply click on a setting to see a diagnosis of what it is (see Figure 2.39).
5.	For each type of setting, customized options help you deal with them, including the ability to disable or remove, if needed (see Figure 2.40).

Figure 2.39. Microsoft AntiSpyware's System Explorers feature can give you a good analysis of each of the Startup Programs that run when Windows XP boots up.

Figure 2.40. A problematic toolbar probably left over from a spyware installation is shown in the System Explorers feature in Microsoft AntiSpyware. Note that it can be blocked or removed with controls on the bottom right.

The Absolute Minimum

Spyware is software that installs secretly and snoops on you on your computer.
Adware is like spyware; it snoops, but it also pushes unwanted advertising at you.
You have to accept some adware if you want to run some free programs.
Other types of spyware include snoopware, Trojan horses, dialers, browser hijackers, key loggers, and cookies.
Not all cookies are bad. Some are needed for online shopping and remembering user settings and passwords when you return to a website.
All PC users are at risk of getting spyware. Spyware is almost non-existent on a Mac.
Most spyware comes from web pages, free software, and email attachments.
Spyware compromises your privacy and can put you at risk for identity theft. It can also slow down your computer by using up system resources.
Your first line of defense against spyware is an anti-spyware program. Three good ones are Microsoft AntiSpyware, Spybot Search & Destroy, and Ad-Aware SE.
Scan once a week and keep your spyware signatures up to date.
You should scan with at least two spyware programs because no single program catches all infections.
SP2 should be installed on your Windows XP computer to help defend against spyware.
HijackThis and CWShredder can be used to get rid of browser hijackers. HijackThis is an advanced tool, however, and you should seek help on the Web for using it.
If HijackThis scares you, look at Microsoft AntiSpyware's System Explorer feature.