Spys, Hijackers, Snoops, Sneakers and other Computer Trouble Makers

Back Home Computer Defense Department

Malware is known by many names, adware, malware, trackware, scumware, thiefware, snoopware, sneakware.  For purposes of simplicity I’ll refer to all the aforementioned bad guys as malware, which is short for malicious software.  Malware has evolved into a real monster for computer users and getting malware is easier than ever. 

You can get malware by using file sharing services such as Kazaa, Bearshare, Limeware and other peer to peer (P2P) networking services, downloading files, chatting on the Internet, downloading “free” services such as search bars and games or by simply clicking on the wrong link.  I don’t mean for it to sound like a jungle out there but surfing the Internet and computing in general is not what it used to be and you need to take certain precautions which I will explain in this article.

Let’s first start off with some of the symptoms that you have contracted some sort of malware.  Popups, there may be so many popups that you can barley get on much less browse the Internet.  You may have popups appearing even when an Internet window is not open.  Your Internet browser home page been changed to something other than what you set it to?  This form of malware is called browser hijacking.  Your computer hard drive running a lot, indicated by your hard drive light either blinking or staying on when you feel there should be no activity?  Another clear indicator is that your computer is suddenly running slower than usual and/or takes a long time to boot up.  This may happen over time through normal use but if it suddenly happens for no apparent reason malware may be a suspect.  Your hard drive space is getting lower for no known reason, sudden lockups without an error message.

Here are some steps to take to troubleshoot and eliminate suspected malware.    Often malware will insert itself in your Windows startup so the first thing to do is to see what is starting up and running with your computer when it boots up.  You can do this by using Microsoft’s built in configuration editor.  Click on Start, then Run then type in msconfig and hit enter.  This will not work for Windows 2000.  If you have Windows 20000 you will need to download a separate utility.  You can use a program called Startup Control Panel, produced by  Mike Lin.  Startup Control Panel can be downloaded at http://www.mlin.net/StartupCPL.shtml.  Click on the startup tab on the far right.  Look to see if there is anything out of the ordinary or suspicious in the startup file.  You can check http://www.sysinfo.org/startupinfo.html for definitions of startup files.  Don’t be alarmed if you have several items that are marked to startup with your computer.  Depending on what you have connected to or installed on your computer, several application may be needed to support your hardware or software.  At this point we are only looking for malware.  Some of the malware will be pretty sneaky with names that look to be harmless.  Others may be aptly named such as worm.exe and yet others will simply try to confuse you with names like ht65w8 and this is where you will have to do some research before you can confirm whether it is friend or foe.  The rule is if you are unsure leave it alone.

                                               

Once you have cleaned up your startup files you want to reboot your computer and go into the control panel, select the Add/Remove Programs icon and look for any malware that has installed itself in your system.  Again, look for any unrecognized entries in here.  Some of the common applications that you will want to delete are Kazaa, BearShare, Savenow, erebates, esaver, Bonzi Buddy, My Search Bar and esearch to name a few.  I would be very leery of any entry that had the word search in it but now all are bad.  Yet another word of caution in this step – some of the applications uninstall procedures are very sneaky.  Read the messages that come up during the procedure, many will word themselves to fool you into not uninstalling them with phases such as

“Are you sure you want to discontinue the installation of this product?” which of course would stop the uninstall of the malware.  Remember the rule, if you are unsure leave it alone.

Ah, now the fun part.  Simply start up your favorite anti-malware application and click the kill button.  Unfortunately this isn’t as easy as it sounds.  With the proliferation of malware there is also a proliferation of anti-malware applications.  We should be thankful but which one do we use.  As with anything else in life do some research, get some recommendations.  Fortunately there are some decent and free applications out there and there are some that are worth paying for too.  Unfortunately there are some out there that are not worth paying for and are actually thieves in sheep’s clothing, imagine that.   I have included a link at the end of this article that has a list of bogus malware removal tools.  Some of the more recognized malware removal tools include Ad-Aware by lavasoft, Spybot Search and Destroy by Patrick Kolla, Pest Patrol, by Pest Patrol Inc.  Both Ad-Aware and Spybot have fully functional free versions as well as pay versions.  Pest Patrol has an evaluation version and it will find the bad guys but it will not remove what it finds unless you pay.   I paid for the $39.95 Pest Patrol one weekend after fighting what seemed to be a 3 headed dragon.  After I had exhausted my bag of tricks and dulled my 2 swords, Pest Patrol made the dragon disappear.  Needless to say I was impressed but I have since seen malware evolve and get even meaner.  One day at the Doctors In, at the Alamo PC Learning Center, myself and another doctor were trying to stop a hijacker, browser hijacker that is.  We had eliminated the malware and dumped the hijacker using an application called Hijack This which can be downloaded from http://www.malwareinfo.com/~merijn/downloads.html.  The hijacker kept reappearing so we installed the Windows Critical Updates, which I recommend that everyone do.  One of the updates was for Internet Explorer which enabled it to defend itself from the malware and it kept the hijacker away. 

The bottom line is that malware has become a serious issue bringing computer users to their knees in a way that the virus problem has not.  If you are using Windows XP some relief may be here with the release of Service Pack 2.  Service Pack 2, which wasn’t released when I composed this article, promises to bring with it some malware defense.  Computer users must be suspicious of programs that try to install themselves, keep their anti-virus definitions up to date, regularly scan their computers with an anti-malware application, use a firewall application, and ensure that they are current with Windows Critical Updates.  While this sounds like an arduous task think about what you do to take care of your automobile and lets face it some of us have become almost as dependant on our computers as are automobiles.  You wouldn’t drive your car with having gas and oil in it, making sure you have insurance and making sure it was safe to drive, i.e., brakes, headlights, tires properly inflated and so on.

Here are a few sites that you can use to keep you up on the subject of malware:

            http://forums.malwareinfo.com/ - this is a forum where online folks get together and discuss malware problems and how to fix them; this site has saved me a lot of time.

            http://www.malwareinfo.com/~merijn/downloads.html this site has some very useful information and downloads to help you from getting high jacked.

            http://www.webroot.com/wb/malwareinformation/malwareinfection.php - check this one out.

            http://pcpitstop.ibforums.com/axslinger/helpfiles/bogus.htm - this is a list of bogus malware removal tool that will do more harm than good. 

Stay safe and happy computing.

[Back to Computer Repair in San Antonio]     [Computer Defense Articles]