This document was created to help those in need when they have gotten spyware on their computer, causing problems with internet and computer operation in general. Hopefully it is written for the novice and is easy to understand. Questions can be directed to seccour at nebonet dot com.
Many definitions exist out there for spyware, however I will offer my own given my experience. Spyware is unsolicited software which is placed on a internet enabled computer without the knowledge or want by the user. This software's intent is to track the users movements on the computer including the internet in an attempt to farm information for their own purposes which include but not limited to, Marketing (ad targeting), phishing, keylogging, or just being annoying by slowing down the system.
In most cases the obvious symptom is that your computer is running extremely slow. You notice that your task manager has several new items in there (although you haven't added any new software recently ) and these tasks may be taking up a significant portion of your CPU processes. In almost all cases spyware only infects windows based computers. I do not consider cookies spyware because they are dormant and don't actively run on a users system, nor do they magically transmit information to a server across the internet somewhere. Cookies may contain sensitive information which can then be retrieved by a host server(s).
The Internet. Heh, rather any activity on the internet using unsecured or untrusted software and operating systems, on websites which aren't trusted that typically contain high demand content.
To break this down we need to understand a few things.
1. any activity on the internet : This means downloading, plain surfing the Internet, chat, web based games, but not limited to. Any activity on the internet can be exploited and used against you.
2. using unsecured or untrusted software and operating systems : This means the use of software which has problems with it that could allow someone to exploit you in ways that the internet wasn't necessarily designed to, like a loophole in software. Unfortunately for a huge chunk of the Internet population, this means them as they use the Popular Microsoft Internet Explorer, which *is* extremely insecure and filled with security bugs. Microsoft releases far too many security updates on a regular basis for it to be considered trusted (the authors opinion.) The operating system on which you run could also be your weak spot, and contain security holes which could compromise you.
3. on websites which aren't trusted that typically contain high demand content : This typically is reduced down to sites that are intended to mimic another, like a bogus banking site with a similar URL, sites which offer free content such as free music, free movies, free games, and of course....the P word. Pornography. Its important to understand marketing hype from a deal too good to be true. Often legitimate websites will offer you 5 free songs or downloads of a nature if you sign up with them. If its from a well reported site such as Rhapsody or Amazon.com or iTunes, then you have a good chance of being safe. If its from a site you have never heard of before, you might want to consider doing a bit of research first or you may be opening up yourself to being exploited.
So how does it actually get on your computer ? That is a very technical question which this document doesn't attempt to explain as each spyware/hijack/phishing/etc exploit has their own unique method. The easiest way to try and group this up together is to understand that software is written by humans (or chimpanzee's with a typewriter, Just kidding!) and can't possibly predict the type of data that could be sent to it. Its in these that we are able to locate and find exploitable security holes in which data is sent to a computer, because its requested, and that data is formed in such a way that it is to take advantage of that exploit. Think of it like a door with a lock. Your normal door is made of wood with a simple lock. The lock is designed in a way to prevent access without someone on the other side to open the door, or without someone with a key. But as we all know, the lock can be picked, or you can take a crowbar to the door and break it down. The solution is to buy a more robust door and lock mechanism.
So lets begin with some of the most basic of weak points that your computer has.
Topic 1: Internet Explorer.
Microsoft has done many wonderful things for the PC industry, including providing many free software packages and utilities with their popular Operating System Windows(r). In our world to ever compete and provide the best solution or most flexible browsing software, created a huge problem for our internet Explorer friend. IE, as its typically called, is fast and interprets even the most poorly written HTML (a web page, its coding format) pages. This is its first and major problem. Because IE can take sloppy and lazily written code, intelligent and smart programmers can use this to exploit security problems within IE. One of the most notorious ways of exploiting IE, is to install software on YOUR computer without you even seeing a installation dialogue. This is creative manipulation of install on demand. You can find it in your internet properties, in advanced.
The red square shows the two properties. When enabled software can be manipulated to install without your knowledge. Without it enabled however, many plug ins and legitimate software may fail to install, rendering your surfing experiences very limited.
That was just an example of how IE has problems security wise. Since IE is becoming an integrated part of windows, this now extends these security issues over to your operating system creating little protection against the internets malicious coders. There are several other security problems that exist within IE, however they are too technical to describe in detail in this document.
In many cases, the worst of IE troubles are patched quickly by microsoft. Microsoft offers free updates to their supported products via Windows Update ( http://windowsupdate.microsoft.com , or you will find it under tools in IE, as well as usually located in your start menu in various locations. ) This is a simple yet crucial step in maintaining your computer. You should never expect your Systems Manufacturer ( Companies like Compaq, Dell, HP, Totally Awesome Computers ) to keep your computer dated for you, just like you would not expect your car manufacturer to put oil in your car every 3 months or as directed. I would recommend doing windows update at least ONCE a week. Sometimes you may pick up several updates, sometimes you will not pick up any. The advantage to doing windows update this frequently, and that you will also pick up any WINDOWS related updates, not just Internet explorer. So its a two in one deal. Doing them often also ensures that these updates are downloaded quickly and do not take an enormous amount of time. After a while, failure to do so allows the available updates to stack up, and eventually would take a long time to get your computer, which is especially frustrating if you are on a dial up connection.
While the above should still be done regardless if you use IE or not, the other best surfing solution I have is to change browsers. While Microsoft may offer IE for free and bundle it with Windows, it doesn't mean you are forced to use it. The Browser 'FireFox' by Mozilla is a free alternative written by the open source community. This browser has several advantages which are worth considering. The first being that its written by the Open Source community. This means there is a huge following of programmers and developers who will not tolerate security flaws or embedded spyware. Firefox also requires strict coding on websites, so all these dirty tricks that are being used on IE, will not work in Firefox. I have tested Firefox for well over a year now and have had no browsing problems on correctly written websites, it does java, macromedia flash and shockwave, interprets DHTML and XML. It also has other features available on their website as downloadable extensions.
You can get FireFox from their website at http://www.mozilla.org or here from our servers for a likely quicker download.
Topic 2 : Windows.
As we discussed above, windows is frequently updated to release security patches and fixes for their software. All the above discussion about IE can be applied to windows itself. Running windows updates will help prevent these holes from being exploited and protect your computer. ONe thing to note, Windows 98 is no longer being supported by microsoft. That means any new security holes and flaws being discovered will not be addressed. Only Windows XP and Windows 2000 or greater will be maintained. If you have an older Windows 98 system, you may want to consider upgrading or purchasing a new computer with Windows XP.
Again, the best solution is to run windows update frequently.
The likelihood is that you already have spyware on your computer. Patching windows and switching to Firefox are still good choices however they won't remove the spyware that has already gotten onto your system. So, you need a way of getting rid of it.
Spybot is on of the first Spyware removal programs out there and has a top notch scanning and removal capabilities. Written by a German over in Europe, spybot is free and free from spyware itself. Unfortunately, the contributing community to Spybot is limited and rely solely on donations, so its updates to spyware definitions ( definitions are new rules to detecting and removing spyware ) are spaced out usually two to three months. Each update is usually inclusive and very large, so you're getting your waits worth. Two other features of Spybot which make it a must is its immunizations and host file additions. Immunizations come in the form IE's Site blocking ability. NOTE: This will have no effect if you use FireFox.
The host file additions block windows from even accessing these sites. This means that if you use Firefox, or IE, those spyware related sites will be blocked no matter what.
You can get spybot from their website at http://www.safer-networking.net or here
Adaware is another veteran of spyware removal and has come a long way since their start. Its free for personal use and has more frequent spyware definition updates. While it may lack some preventative features in their free edition its still a great scanner. By default Adaware will scan and display MRU lists ( Most recently Used ) and cookies as well by default. Spybot also has this capability but you must specify it in its details. Adaware is available from http://www.lavasoft.com or here.
And lastly, if you are running windows XP, Microsoft offers a beta of its own antispyware which is, surprisingly very good. They purchased the rights a spyware scanner called Giant and have been developing it for themselves. You can get it from http://www.microsoft.com in their download center or here.
Unfortunately sometimes spyware is just too much, you can end up getting thousands of components from hundreds of installed spyware infections and its just too much to deal with. At this point the best thing to do is to format your computer and start from scratch. Luckily, its usually easy to back up your data before you get the system wiped clean. This does mean that you will need to resetup any software you had previously and any settings, but you are for sure to get rid of the spyware infection you had previously.
Spyware is a nasty thing, and right now its a thing to stay. I hope the above has helped you understand spyware and in the future combat spyware. I will update this document as things developed. If you have any suggestions for addition to this, please contact me.
© 2005 Nebonet.com. All rights reserved. Windows and Microsoft Antispyware are trademarks of the Microsoft Corporation. All other mentioned products are copyright and trademarked their respective owners ( such as Firefox, Adaware, Spybot.)
Firefox ( Home Page | Download ) - Secure and Reliable Web Browser to replace Internet Explorer. This is strongly recommended.
Spybot ( Home Page |
Download ) - Spyware scanning and Removal. One
of, if not the best.
Spybot Updates ( Download
)
Ad-Aware ( Home Page | Download ) - Spyware scanning and Removal. They do good and can catch a few things that spybot does not.
Microsoft Defender ( Home Page | Download ) - Spyware scanning and Removal.
WARNING : USE OF THESE TOOLS MAY REQUIRE YOU TO REINSTALL ANTIVIRUS AND/OR FIREWALL SOFTWARE. DO SO AT YOUR OWN RISK. USE OF THESE TOOLS IS INTENDED TO RESOLVE SPECIFIC ISSUES AND IMPROPER USE MAY DAMAGE YOUR COMPUTER SOFTWARE !!!!
LSP FIX (Download) - LSP Removal Utility
WinsockXP Fix (Download) - Reinstalls the Winsock support files.
NOTE: DOWNLOAD BOTH LSP AND WINSOCKXPFIX FIRST, then run them.
Hijack This (Old Version | New Version) - Scans Registry and other places to remove items from starting up or being active when windows is running. New Version requires an installation. Old version is standalone and can be used if you are having troubles installing it (due to spyware, virus, memory issue's, etc.)
ComboFix : (Download) - Multiple spyware scan and removal.
ADS SpyFix : (Download) : A specific fix for ADS exploits
BugOff : (Download) -
CWShredder : (Download) - Specific Fix for CoolWebSearch
Kill2Me : (Download | L2M.REG Fix)
Tremonton Bandwidth Test Tool. NOTE: ONLY USE THIS AS INSTRUCTED BY SUPPORT. USE OF THIS PROGRAM OTHERWISE WILL GET YOUR CONNECTION RESTRICTED AND POSSIBLY SHUTOFF.BWTEST.EXE