What is spyware?
Spyware is malicious software that collects information about a user and is installed on a computer without the user's informed consent. Not to be confused with a virus.
There are many different types of spyware.
- Adware - is a type of spyware that collects information about a user in order to display targeted advertisments to the user.
- Browser Helper Objects (BHOs) - is a plug-in for Internet Explorer which helps developers customize and control the browser.
- Browser HiJacker - is when a malicious application adjusts your browser settings without your concent. For example: your homepage has changed to a search page, dangerous sites have been mysteriously added to your Favorites, questionable websites are added to Internet Explorer's list of Trusted Sites etc...
- Keyboard Logger - logs all the activity of your keyboard and reports this information back to a remote computer. This information can be used to steal passwords, bank information etc...
- Phone Dialer - AKA - Modem HiJacker - this type of application changes the phone number dialed when using a dial-up Internet connection so charges are incurred on the users phone bill.
- Remote Access Trojans (RATs) - malicious programs that run on a user's computer which permits an intruder remote access to that computer.
How do I know if my computer is infected? What are the signs of spyware?
- slower than normal computer? - Is your computer having trouble performing routine tasks? Has there been a sudden increase in the amount of times your computer crashes? Does your computer not start at all?
- homepage has changed by itself? - Has your homepage been hijacked? Does it open to a search page that you did not specify?
- pop-ups driving you crazy? - Do they appear as soon as you turn on your computer? Are they for adult websites? Some spyware will bombard you with popups that aren't even related to the website you are visiting.
- browser settings have changed and you can't change them back? - When you open up Internet Explorer does it open to a search page that you did not specify?
- new browser toolbars installed - but not by you? - Is there a mysterious toolbar installed on your browser?
- phone bill sky-rocketed - Do you see charges on your phone bill for adult websites or 1-900 numbers?
- unexpected new or new icons in your system tray? - Are there applications running on your computer that you did not install?
Now that you know a bit about what spyware is and how to tell if a computer is infected, let's get down to the removal process. First things first - backup your personal data! You should be doing this regularly anyway. Using Windows XP - Click Start >> All Programs >> Accessories >> System Tools, and then click Backup to start the wizard.
To remove spyware/adware you need two programs (maybe three). The two I recommend are SpyBot Search & Destroy and AdAware. SpyBot Search & Destroy can be found here www.safer-networking.org. AdAware can be found at this address www.lavasoftusa.com. The Third is an application called HiJackThis (which can be found here www.spywareinfo.com). Be warned, HiJackThis is for advanced user, the is a powerful tool! Consult the program's documentation before deleting any files, you could cause serious system damage if you do not know what you are doing.
Download, install and update the programs. Then restart the computer and tap the
F8 key on your keyboard as the computer begins to start - this will give you the
option of starting in 'Safe Mode'. You will see a few other options here as well.
For this particular job select 'Safe Mode'.
What is Safe Mode? Safe Mode is an alternate way of starting a computer using only the bare minimum of resources. It's a troubleshooting tool built into indows based operating systems.
If a computer is running in Safe Mode you should see that the screen resolution looks 'off', which is perfectly normal, and you should see the words 'Safe Mode' in the corners of the screen.
Run full system scans with both programs. They should be able to find the problems and remove them. To learn how to remove a particular item using SpyBot and/or AdAware consult each program's 'Help' documentation.
Next, restart the computer in "normal mode" and see what happens. If you are still experiencing problems start the computer in Safe Mode again and run the spyware scans once more. Make sure that the spyware definitions are up-to-date for each program before using Safe Mode. This will give you the maximum advantage when trying to detect and remove malware.
There is another tool built into Windows called MSCONFIG which I use quite often when troubleshooting spyware.
What is MSCONFIG? MSCONFIG is a special tool built into the Windows operating system (not included with Windows 95 and 2000) called “Microsoft System Configuration Utility” or “MSCONFIG”. MSCONFIG is designed to help you troubleshoot problems with your computer such it being slow, frequent crashes, as well as to remove spyware and viruses. As you may already know, running many programs at once will cause your computer performance to slow down. Don't forget, Windows also runs many programs in the background that you never see, you can use MSCONFIG to prevent some of programs from loading at startup which can greatly increase the speed at which your computer runs.
To access MSCONFIG Click Start, then click Run and type “MSCONFIG” or "msconfig"
(without the quotes), in the window that opens. Once MSCONFIG opens you will see
6 to 8 tabs (depending on which operating system you are using) which provide
access to various parts and processes that Windows uses. The tab you are interested
in is on the far right, it s called “Startup”. It controls which processes start
automatically when Windows loads. If this is the first time you are running MSCONFIG
you may notice that the list of start up items is quite long. You will see four
columns: the first is a column of check boxes, the second is the name of start
up item, the third is where the item is located on the hard drive and the fourth
is the registry location.
To remove an item from the start up menu remove the check mark from the corisponding check box. To instruct a process to run on start up put a check mark in the box.
By now you might be asking, "Which processes are safe to remove?" This is where it gets tricky. An easy way to determine whether a startup item is needed or not is to do a Google search for the process name and see you if you can safely remove the item from the start up menu. Many autostart entries are crucial part of Windows XP, for example: Userinit.exe and Explorer.exe, so don't remove these.
Once the computer is clean you should follow these tips to keep spyware and adware off your machine.
- Install anti-spyware software before you get infected
- Install a software firewall - a firewall acts as a barrier between your computer and the Interent, you can find many free for personal use - software firewalls. ZoneAlarm is a great free choice and can be found here www.zonelabs.com.
- Keep Microsoft Windows Up-To-Date - with Windows Update. Microsoft often releases software patches which you can download and install to help prevent malicious software from being installed on your PC.
- Stay away from questionable Websites! - you know what I am talking about!
- Use a secure Web Browser - such as Mozilla Firefox
When troubleshooting a computer with spyware problems the most important thing is to remain patient. I have personally removed over 30,000 infected files from computers over the past two years. I have had a 100% success rate thus far using the methods described above!
Good Luck!
Author: Michael McKennedy - http://www.MalwareSolutions.com
Resources:
http://www.malwaresolutions.com/what_is_spyware.html
http://www.malwaresolutions.com/tools_spyware.html
http://www.malwaresolutions.com/how_to_remove_spyware.html
http://www.malwaresolutions.com/how_to_use_msconfig.html
http://www.malwaresolutions.com/how_to_backup_files.html
