Introduction
This tutorial is intended as a general guide on how to fight spyware for inexperienced computer users. It is by no means complete, but will help you get rid of a bunch of nasty bugs and show you how to avoid getting hit in the future.
Table of Contents
What is Spyware?
Types of Spyware
Fighting Spyware - First Steps
Fighting Spyware - The Tools Pt. 1
Fighting Spyware - The Tools Pt. 2
Using the Tools
Preventing Spyware Infections
What is Spyware?
Strictly speaking there is spyware, adware, and a lot of other stuff that can be summarily called malware. I'll refer to the whole thing as spyware in this guide.
These are programs that aren't really classified as viruses but are not something you want to have on your computer nonetheless. They range from rather harmless tracking cookies to browser hijacks, dialers and other nasty stuff. Effects include redirecting internet searches, pop-ups, compromising security and generally slowing down your computer.
Spyware is the most annoying form of advertising. The idea behind it is to literally bombard you with ads. The next section will list a few of the dozens of things spyware can do:
Types of Spyware - a short Overview
- Tracking cookie: This is the most harmless form of spyware. A cookie is a small file used to identify your computer to a website. These forums use a cookie to keep you logged in, for example. Tracking cookies try to track your movement throughout the web, allowing certain websites to hit you with targetted advertising. If you browse through a lot of hardware websites, certain sites will start showing you hardware ads. These things are quite harmless, but people generally value their privacy and don't want to get tracked.
- Browser Hijack: A browser hijack is a much more serious form of spyware. The name describes it pretty well. This hijack re-sets your homepage to a usually ad-ridden page offering everything from viagra to online gambling - in short, a page that will try to get you to give them money in exchange for nothing. Internet Explorer is quite vulnerable to this, I haven't experienced any other browser hijacks, although I'm quite confident that they are out there as well.
- Search Redirects: Similar to the hijack, these redirects will prevent you from using google or other regular search engines, and instead direct you to a page that will display sponsored links. Whatever you search for, you can be sure that the pages listed as search results will try to sell it to you.
- Popups: A small program that runs in the background. It will open popups at random, even if you're not currently surfing, and possibly drop shortcuts to online casinos and other junk on your desktop
- Search Bar/Weather Bar/Search Assistant: These programs offer little functionality at all and are used as a transport medium for some of the spyware programs mentioned above.
Fighting Spyware - First steps
Depending on which form of spyware you have been hit with it can be very easy or almost impossible to get rid of it. Towards that end, there are a bunch of helpful programs, which I will comment on in the next section. For now, here are the first steps you should take before attempting to remove spyware.
- Back up your personal data. Most of the programs you can use to fight spyware are quite safe, but you never know. Also, some (albeit quite rare) forms of spyware object to being removed and may damage your installation of windows when you remove them.
- Turn off system restore. There is no point in removing all spyware, only to have windows put it back on your system from a previous restore point. Instructions on how to turn off system restore can be found here.
Fighting Spyware - The Tools Pt. 1
A bunch of nasty critters can be removed from your system with the tools windows puts at your disposal. We'll have a look at them now.
- Common Sense: I cannot stress this enough, probably the number one reason for spyware infections are gullible users. First off, 99% of the content on the internet isn't free, even if it says so. There is almost always a catch.
A blinking banner telling you that you have won something means you didn't win shit, but they will tell you that after you entered your email and maybe home address. They will also tell you that by giving them your address you agreed to receive five dozen emails per day offering products to enlarge your penis.
"Free search bars" or "free weather bars" or "free smilies" are just an excuse to drop all kinds of nasty programs on your computer, and it will take you hours to clean up that mess. Be smart, think about what you do online. The general rule of thumb is, the flashier the banner, the more emphasis is put on the words "absolutely free", the more likely it is to drop unwanted programs on your computer.- Software Uninstall: That's right, some programs allow you to remove them voluntarily. Click on start, select "settings", then click on "control panel". Then click on "Add or Remove Programs". After a short while, a list of all installed software products will appear. Go through it and look for suspicious entries, such as "Search Assistant" or "Weather Bar" . Click on remove.
- msconfig: This tool lets you control which programs and services are launched at windows startup. To activate it, click on "Start", select "run", and type "msconfig". Then hit enter.
In the new window click on the "Startup" tab. You can choose which programs windows is supposed to launch when it boots up. Disable suspicious entries here, but make sure not to kill vital processes. It's usually a good idea to google for then name of the suspicious process, there are a bunch of sites that offer detailed info on whether this is spyware or merely your mouse driver.
Fighting Spyware - The Tools Pt. 2
Some of the nastier forms of spyware can't be killed so easily and require you to download external programs. All of the tools I will now describe are available for free. After downloading them, make sure to update them using their update functions.
- Lavasoft Ad-Aware: A handy tool that can detect a lot of common spyware threats and remove them. It can also scan for dangerous windows settings.
- Spybot Search & Destroy: This program uses a different search approach and complements Ad-Aware nicely. It also offers an "immunize" function which will block a number of bad sites, preventing you from getting certain types of spyware in the first place.
- Ewido Security Suite: This program is not freeware, but it has a free trial version which you can use for two weeks. It is one of the most comprehensive anti-spyware tools I have come across so far,and offers a bunch of very useful features, such as scanning your RAM for active spyware threats. The trial version is fully functional.
- HijackThis!: This tool analyzes your startup list and certain registry entries and will show whether or not you are infected. Be careful before you kill any entries there, a lot of them are from legitimate programs. However, most forums dedicated to helping people with spyware problems will require you to post a log from this program so the pros can have a detailed look at your problem.
Fighting Spyware - Using the Tools
Make sure you followed the steps detailed in the section Fighting Spyware - First Steps before running any of the programs.
After you have done that, download and install the tools mentioned above. Make sure to let the programs update their definitions afterwards.
You can run all those tools in normal mode, however a lot of the newer spyware variants won't be removed that way. A better idea is to reboot in safe mode. To do that, reboot your computer and press F8 before windows loads. You will be presented with a screen with multiple boot options. Select "safe mode" (should be the first item on the list).
Windows will boot, but it will probably look like crap. That is because in safe mode only the most basic drivers are loaded, which results in reduced graphics functions etc. Don't worry, the next normal reboot will reveal windows in its full glory again.
Run the tools one after another. Remove all entries they find. Reboot the computer again in normal mode.
Preventing Spyware Infections
There's a bunch of stuff you can to to reduce the risk of getting hit by spyware again.
- Think before you click. This sounds trivial, but the best defense is still an informed user. Don't click on popups promising to increase your computer performance. Don't open suspicious emails. Don't click on banners offering free icons, or weather bars, etc. There is no such thing as a free lunch, this stuff is almost always infected with spyware or worse.
- Keep your software up to date. This means updating windows on a regular basis. Security holes are found and fixed all the time, and you should take advantage of those fixes.
- Don't use IE. Internet Explorer is the #1 most used browser on the web, meaning that most people who program spyware target IE and it's security holes. You can avoid a lot of nasty stuff by switching to a different browser. Firefox and Opera are popular, easy to use and offer advanced browsing features which IE lacks.
- Run spyware sweeps on a regular basis. You should install the tools mentioned in the sections above and run them every now and then with updated definitions to kill off any spyware you might have contracted. Some of them also offer guards, programs that run in the background similar to a virus scanner and alert you when spyware attempts to infect you.
- You might want to install a firewall as well, which will alert you if unknown programs try to access the internet. There are several free firewalls out there. I use Kerio Personal Firewall myself. Other free firewall software solutions are Zone Alarm and Tiny Personal Firewall.
If you still run into spyware problems you can't solve, you can create a thread about it in the Technical Discussions Forum. Please include a log from HijackThis.
Originally Posted by Moe
