Spyware has become such a problem lately that I decided to dedicate a full page to help folks deal with it.  I will keep this as current as I can with links to more information.

Links        Tools        Most Unwanted List

Spies, Hijackers, Snoops, Sneakers and other Computer Trouble Makers

Spyware is known by many names, adware, malware, trackware, scumware, thiefware, snoopware, sneakware.  For purposes of simplicity I’ll refer to all the aforementioned bad guys as “malware”.  Spyware by any name has evolved into a real monster for computer users and getting spyware is easier than ever.  You can get spyware by using file sharing services such as Kazaa, Bearshare, Limeware and other peer to peer (P2P) networking services, downloading files, chatting on the Internet, downloading “free” services such as search bars and games or by simply clicking on the wrong link.  I don’t mean for it to sound like a jungle out there but surfing the Internet and computing in general is not what it used to be and you need to take certain precautions which I will explain in this article.

Let’s first start off with some of the symptoms that you have contracted some sort of malware.  Popups, there may be so many popups that you can barely get on much less browse the Internet.  You may have popups appearing even when an Internet window is not open.  Your Internet browser home page been changed to something other than what you set it to?  This form of malware is called browser hijacking.  Your computer hard drive running a lot, indicated by your hard drive light either blinking or staying on when you feel there should be no activity?  Another clear indicator is that your computer is suddenly running slower than usual and/or takes a long time to boot up.  This may happen over time through normal use but if it suddenly happens for no apparent reason malware may be a suspect.  Your hard drive space is getting lower for no known reason, sudden lockups without an error message.

 Here are some steps to take to troubleshoot and eliminate suspected malware.  The first thing to do is to see what is starting up and running with your computer when it boots up.  You can do this by using Microsoft’s built in configuration editor.  Click on Start, then Run then type in msconfig and hit enter.  This will not work for Windows 2000.  If you have Windows 2000 you will need to download a separate utility.  You can use a program called Startup Control Panel, produced by  Mike Lin.  Startup Control Panel can be downloaded at http://www.mlin.net/StartupCPL.shtml.  Click on the startup tab on the far right.  Look to see if there is anything out of the ordinary or suspicious in the startup file.  You can check http://www.sysinfo.org/startupinfo.html for definitions of startup files.  Don’t be alarmed if you have several items that are marked to startup with your computer.  Depending on what you have connected to or installed on your computer, several application may be needed to support your hardware or software.  At this point we are only looking for malware.  Some of the malware will be pretty sneaky with names that look to be harmless.  Others may be aptly named such as worm.exe and yet others will simply try to confuse you with names like ht65w8 and this is where you will have to do some research before you can confirm whether it is friend or foe. 

 Once you have cleaned up your startup files you want to reboot your computer and go into the control panel, select the Add/Remove Programs icon and look for any malware that has installed itself in your system.  Again, look for any unrecognized entries in here.  Some of the common applications that you will want to delete are Kazaa, BearShare, Savenow, erebates, esaver, Bonzi Buddy, My Search Bar and esearch to name a few.  I would be very leery of any entry that had the word search in it but now all are bad.  Yet another word of caution in this step – some of the applications uninstall procedures are very sneaky.  Read the messages that come up during the procedure, many will word themselves to fool you into not uninstalling them with phases such as “Are you sure you want to discontinue the installation of this product?” which of course would stop the uninstall of the malware.   The next step in stopping malware that is currently on your system and running is to stop any running applications and/or processes.  You can do this by using the Windows Task Manager.  Press alt Ctrl Delete at the same time, Task Manager will appear.  Look at what applications are running but more importantly look at what processes are running.  Look for any suspicious running processes, again you may have to do some research to know what is bad and what is not.  Once you identified a bad guy, click the end process button.  The process may not end instantaneously and you may even have to click the End Process button again.

Ah, now the fun part.  Simply start up your favorite anti-malware application and click the kill button.  Unfortunately this isn’t as easy as it sounds.  With the proliferation of malware there is also a proliferation of anti-malware applications.  We should be thankful but which one do we use.  As with anything else in life do some research, get some recommendations.  Fortunately there are some decent and free applications out there and there are some that are worth paying for too.  Unfortunately there are some out there that are not worth paying for and are actually thieves in sheep’s clothing, imagine that.   I have included a link at the end of this article that has a list of bogus malware removal tools.  Some of the more recognized malware removal tools include Ad-Aware by lavasoft, Spybot Search and Destroy by Patrick Kolla, Pest Patrol, by Pest Patrol Inc.  Both Ad-Aware and Spybot have fully functional free versions as well as pay versions.  Pest Patrol has an evaluation version and it will find the bad guys but it will not remove what it finds unless you pay.   I paid for the $39.95 Pest Patrol one weekend after fighting what seemed to be a 3 headed dragon.  After I had exhausted my bag of tricks and dulled my 2 swords, Pest Patrol made the dragon disappear.  Needless to say I was impressed but I have since seen malware evolve and get even meaner.  One day at the Doctors In, at the Alamo PC Learning Center, myself and another doctor were trying to stop a hijacker, browser hijacker that is.  We had eliminated the malware and dumped the hijacker using an application called Hijack This which can be downloaded from http://www.spywareinfo.com/~merijn/downloads.html.  The hijacker kept reappearing so we installed the Windows Critical Updates, which I recommend everyone do.  One of the updates was for Internet Explorer which enabled it to defend itself from the malware and it kept the hijacker away. 

The bottom line is that malware has become a serious issue bringing computer users to their knees in a way that the virus problem has not.  If you are using Windows XP some relief may be here with the release of Service Pack 2.  Service Pack 2, which wasn’t released when I composed this article, promises to bring with it some spyware defense.  Computer users must be suspicious of programs that try to install themselves, keep their anti-virus definitions up to date, regularly scan their computers with an anti-malware application, use a firewall application, and ensure that they are current with Windows Critical Updates.  While this sounds like an arduous task think about what you do to take care of your automobile and lets face it some of us have become almost as dependant on our computers as are automobiles.  You wouldn’t drive your car with having gas and oil in it, making sure you have insurance and making sure it was safe to drive, i.e., brakes, headlights, tires properly inflated and so on.

Here are a few sites that you can use to keep you up on the subject of malware.

Top 10 Most Unwanted Spyware	This is a list compiled by Webroot, makers of SpySweeper.
Spyware Information Forum	This is a forum where online folks get together and discuss spyware problems and how to fix them; this site has saved me a lot of time.
Merijn.org	This site has some very useful information and downloads to help you from getting hijacked.  The link is slow loading at times so you may have to try at different times.
Spyware Directory	SpyWare articles and resources.
Spyware Infection by Webroot	Helpful information and explanations of malware
Hijack This Tutorial	Excellent step by step tutorial on tracking down and killing elusive browser hijackers
Bogus Spyware Removal Tools	Check this out before you pay for any spyware removal tools, some will do more harm than good.
Spyware Definitions	This site is full of spyware definitions and information on how to ward off the evil scumware
Spyware application reviews	Long list of anti-malware software with reviews and a star rating system
DoxDesk	A good long list of malware with some good intel on them
Benjamin Edelman	All the malware news you can handle

Toolbox for Malware

This site was last updated 02/15/2008