Spyware


Spyware has become the fastest growing concern among computer users today. It is uncommon to find a computer that has never been infected with some sort of a spyware application. Because of vulnerabilities discovered mostly in Internet Explorer and other software and the bundling of spyware with some common applications, spyware is often secretly installed on a user 's machine. The first time most users notice an indication of the presence of spyware on their system is when, out of nowhere, an advertisement pops up relevant to something they are or had been doing on their computer. In other instances, the spyware may just record what is happening on your computer, such as the websites you visit, and never give any clues to you that it is there.

Because spyware is often very difficult to detect for the average user, using utilities to detect and remove spyware may be necessary. Currently there are dozens of spyware removing utilities. Ironically, some of them are spyware themselves . It seems that everyone wants to make some money from the use of spyware. Thankfully, there are a few utilities that are both free and also happen to be the best utilities to remove spyware from your computer and protect it from getting infected in the future.

Similar to anti-virus software, spyware utilities detect spyware based on their database of known spyware. Each utility has a database that is updated at different times. This makes it necessary to use a combination of utilities to make sure your computer is clean of all spyware. The utilities are getting much better, but quite often, when I do a scan with Ad-Aware and then do a scan with Spybot Search & Destroy after my computer is supposedly cleaned of all Spyware, spybot sometimes finds more. The reverse is also true. It is not that either of the utilities is better than the other; it is a matter of different spyware information in their databases.

LavaSoft Ad-Aware

LavaSoft Ad-Aware SE Personal Edition is the free version of the popular Ad-Aware spyware removal utility that can be downloaded from http://www.lavasoftusa.com. Ad-Aware SE Personal Edition is a great utility to search for spyware and clean your computer of it. To get started using Ad-Aware, make sure that you have a copy of Ad-Aware SE Personal Edition downloaded and installed, and then follow this procedure:

1.
Launch Ad-Aware and start downloading the latest version of the definitions database. Once the definitions are downloaded and automatically installed, the main application screen will be displayed. Because the definitions are now up to date, it is time to do a full system scan. Click on the Scan Now button.

2.
Now you will see the different types of scans that can be done with Ad-Aware. If this is your first time, it is best to do a full system scan as shown in Figure 8.17. In the future, you can get away with doing a smart system scan, which only checks for spyware in the most common places instead of the entire hard drive. As you can imagine, that scanning method is much faster. But for now, select Perform full system scan and click Next to begin.

Figure 8.17. Ad-Aware SE Personal Edition full system scan.

3.
Once the scan is complete, click the Next button to view the results. The Critical Objects tab displays any spyware found. To remove it, click on each of the entries or right-click on the list and click Select All Objects . Then, click Next to remove the spyware.

4.
A confirmation screen will pop up asking whether you are sure if you want to delete the spyware. Click OK and you are finished.

It is recommended that you manually check for spyware at least once a week to make sure that your personal information is safe and your computer is clear. Also, before each scan, make sure to get the latest spyware definitions.

Tip

The Ad-Aware SE Personal Edition spyware definitions can be updated by clicking on the globe icon on the main screen. Once the Web Update window pops-up, just click on the Connect button for Check For and Download New Updates.


Spybot Search & Destroy

Spybot Search & Destroy, developed by Patrick Kolla, is another free and very popular spyware utility. Spybot operates in the same fashion of Ad-Aware but it also has the ability to configure Internet Explorer to automatically block some of the most well known spyware applications from ever getting a chance to tricking you into installing them.

Using Spybot is different than Ad-Aware but it just as easy. You can visit http://www.safernetworking.org to download and install a copy and then use the following procedure to scan and repair your computer with Spybot:

1.
Launch Spybot S&D Wizard from the Windows Start menu (or desktop icon). If this is the first use of Spybot Search & Destroy, the Spybot S&D Wizard will be loaded. The first screen gives you the option of creating a backup of your registry. This is very useful if, after you remove a spyware application, your computer stops working properly. In that situation, you can use the backup you made to restore any changes made to the registry. If you would like to create a backup, click Create registry backup . Otherwise, click Next to continue.

2.
On the next screen of the wizard, you have the option to check for updates before scanning your computer. Click Search for Updates to get the list of the latest program and definition updates available. If any updates are available, click the Download all available updates button.

3.
After the updates are installed, Spybot will restart itself and you will be shown the main screen (see Figure 8.18). Click Check for problems to begin scanning your computer.

Figure 8.18. Spybot Search & Destroy.

4.
When the search for spyware is completed, if anything is found, you will be shown a list of identified spyware. To remove all of the spyware on the list, click Fix Selected Problems . Spybot will first create a system restore point for backup and then will remove all instances of the spyware found. In certain situations, Spybot may not be able to remove all of the spyware files. Usually this occurs if the files are in use and Spybot cannot terminate the process that is making use of them. In these situations, Spybot will inform you that your computer needs to be restarted to remove the spyware. Once your computer restarts, right after you log on, Spybot S&D will launch again, automatically scan, and give you the option to fix all of the problems. However, this time, because it is the first application to run after the reboot and is holding up all startup items, no other processes, including spyware, will be able to start up, making it possible to remove any file needed.

Tip

Spybot Search & Destroy should always be updated before every scan to make sure that you will find the latest spyware infecting the computer. Launch the application and click the Search for Updates button to automatically get the latest spyware definitions.


Now that you have finished using Spybot Search & Destroy to remove all of the spyware from your computer, you can use its advanced features to secure Internet Explorer by preventing the installation of known spyware in the first place.

To enable these advanced features of Spybot, launch Spybot and then click on the Immunize button on the left menu of the application. There are more than 2,000 different spyware applications that can be automatically blocked in Internet Explorer. Just click on the Immunize button with the big plus sign on it to enable the protections .

If you ever experience any problems in the future, such as web pages that you normally visit not working properly in Internet Explorer, I suggest you try undoing the Immunization Spybot applied to Internet Explorer. This can be done by clicking on the Undo button within the Immunize section of Spybot Search & Destroy.

Microsoft Windows AntiSpyware

Microsoft Windows AntiSpyware is Microsoft's answer to battling the growing amount of spyware affecting Windows. Originally developed by Giant Software before Microsoft acquired the company in 2004, AntiSpyware is a comprehensive package, offered for free, that not only removes spyware, but actively protects against it similar to the way Norton AntiVirus uses its Auto Protect feature to actively protect users from viruses.

When you are running Microsoft Windows AntiSpyware and visit a web page that attempts to secretly install anything, you are notified by a pop-up message and given the option to allow or disable the action as shown in Figure 8.19. Similar notifications are also given when any application on your computer attempts to modify the startup programs and modify other Internet related settings. This has proven to be a very effective measure of instantly letting you know that your computer may be infected with spyware as well as preventing spyware from changing any settings on your computer.

Figure 8.19. Microsoft Windows AntiSpyware notification.


Installing Microsoft Windows AntiSpyware is very simple; just visit http://www.microsoft.com to download a copy. Once you have AntiSpyware installed, click on the desktop icon to start the utility and follow these steps to set up AntiSpyware:

1.
When you start Microsoft Windows AntiSpyware, the Setup Assistant will be loaded to guide you through the steps of configuring your spyware protection. Click Next to continue.

2.
Step 1 of 3 will ask you whether you want to enable AutoUpdate. AutoUpdate automatically downloads the latest spyware definitions for you on a regular basis, unlike the other utilities mentioned earlier. It is highly recommended that you enable this option and click Next .

3.
The next step gives you an opportunity to enable or disable the real-time protection agents I mentioned earlier that require a response from you before any Internet settings can be changed. This is one of the best features of Microsoft Windows AntiSpyware and should definitely be left enabled. Click Next to continue to the final step.

4.
The final step gives you the opportunity to participate in what they call SpyNet. SpyNet is basically a method that allows you to report the results of your personal spyware scan back to Microsoft so they can use the information to update their definitions database. In general, it is best when everyone uses this feature because then the definitions will be better; however, some people concerned about their privacy may want to disable this feature. Either way, click Finish to close the Setup Assistant.

5.
The next screen gives you the opportunity to run a full system scan. I suggest you click Run Scan Later and update the definitions first.

6.
Once the main interface loads, click on the File menu bar item and select Check for Updates . If any updates are available, they will be automatically installed. Click on Close to continue.

7.
Now you are ready to do a scan for Spyware. Click the Run Quick Scan Now button to start the scan.

8.
After the scan is over, if anything is found, a summary of the results will be shown. Click View Report to view the details and to remove any spyware found.

9.
On the Scan Results screen, you will see a list of every item found with a drop-down box for the recommended action to be taken (Ignore, Quarantine, Remove, or Always Ignore). By default, Microsoft AntiSpyware selects what it believes is the appropriate action for the severity of the spyware. However, you can always override that selection by selecting a new option in the dropdown menu for the item on the left. Once you have all of the items actions selected, click Continue and then Yes on the confirmation screen to execute the actions.

Figure 8.20. Microsoft Windows AntiSpyware.

Tip

Microsoft AntiSpyware has a lot of features that you would not expect to find in a spyware utility. Click on the Advanced Tools icon on the main program screen and explore the System and Privacy tools for some useful utilities.


Recovering from Browser Hijacks

For your convenience, spyware often automatically changes your home page in Internet Explorer as well as your default search page. This way, as soon as you open Internet Explorer or attempt to do a search, you are bombarded with even more opportunities to get spyware. While sometimes these incursions are innocuous , far too often they cross the line, motivating users to take control of their browsers again.

Recovering from a browser hijack caused by spyware is often a very annoying event. Quite often you run a spyware utility to clean the spyware off of your computer only to find it returns when you open up your web browser because the utility isn't necessarily capable of detecting hacks to your browser. Spyware designers are usually clever in their work, and they design software that doesn't always go away without a fight. Thankfully, with the help of Microsoft Windows AntiSpyware, it is very easy to reset all of Internet Explorer's settings back to the default settings, so you can reset everything that spyware may have modified. Of course, you may lose some of your own browser tweaks in the process.

The feature that can help you with this is buried within the application. Launch Microsoft Windows AntiSpyware and then click on the Advanced Tools icon in the upper-right corner of the screen and follow this procedure:

1.
Locate and click on the Browser Restore icon located under System Tools.

2.
Click on the Check all text button as shown in Figure 8.21.

Figure 8.21. Microsoft Windows AntiSpyware browser restore.

3.
Next, just click the Restore button and everything will be reset back to the factory default.

Now recovering from a browser hijack has never been easier.

What to Do When the Automated Utilities Fail

Spyware is constantly evolving to try to get ahead of the spyware removal utilities. One of the biggest problems with the spyware removal industry is that it relies very heavily on known definitions. While this passive approach can be effective and is far better than nothing, it means that new malware must cause damage for it to become known in the first place. To get rid of spyware that just wont go away, it may take someone who is very well experienced with removing spyware to help you out.

To help the countless spyware victims, various websites have dedicated support for fighting spyware. Most of these sites use the popular diagnosis software called HijackThis. HijackThis is a great little utility that examines various parts of the system configuration and Internet Explorer settings and displays their current values. The software allows a user to save a copy of the results, which can then be posted on one of the various websites dedicated to this utility. Dedicated individuals who volunteer their time are available at a variety of these sites to take a look at your log and help you figure out what entry is causing the problem. Then, using HijackThis again, you can easily check that entry and have it removed to solve your problem.

To get started, visit http://www.merijn.org to download the latest copy of HijackThis. Then, follow this procedure to generate your log:

1.
Once you have HijackThis downloaded, launch the application (it doesn't require an installation).

2.
Click on the Scan button to reveal your log (see Figure 8.22).

Figure 8.22. Generating the HijackThis log.

3.
Next, click the Save Log button to save a text file with the contents of the scan on your computer.

Now that you have your log generated, post it on one of these popular websites that are known for their dedicated HijackThis support:

  • http://forum.tweakxp.com

  • http://forums.spywareinfo.com

  • http://forums.tomcoyote.org

Once you have posted your HijackThis log on one or a few of the websites, you will most likely get a response within a day. When the culprit is identified, just open up HijackThis again and check the box next to the line you want to be removed and click Fix Checked . You will be asked to confirm the delete and then the operation will be completed. After a reboot, the problem should now be solved .




Upgrading and Repairing Microsoft Windows
Upgrading and Repairing Microsoft Windows (2nd Edition)
ISBN: 0789736950
EAN: 2147483647
Year: 2005
Pages: 128

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net