Home Custom Computers Password Depot DoC's Homepage Contact Gord Class Photos Service Request Suggestions Mega Search Site Map

Battling Spyware

Using Search Engines What Is Registry? Easy Cleaner Spyware Primer Windows XP SP2 Drive-By Downloads Battling Spyware Your Toolbox Windows Annoyances XP Annoyances Startup List System Restore XP System Restore ME Safe Mode ME/98 Safe Mode XP Using MSCONFIG Virus Fighting Spam Busting Maintenance Fresh Diagnose Using BCC Outlook & Explorer Phishing Scams Trusted AntiVirus SiteHound Wireless Home Network Common Fixes Free Online Tools Trouble Links Vista Annoyances About WinZip Further Reading

  

System Files Spyware Removal

Up
Courses
Free Software
Glossary Of Terms
Private Tutoring
Computer File Types
Games Room
Support Forum
LP's to CD's

Gord's Hot Computer Service Offer!
Check out Gord's Fantastic In-Home Computer Tune-Up Special

Gord's new Fast & Free Computer Helpdesk
 Gord's FAST & FREE Online Computer Tech Support Helpdesk - AskGordRoutley.com!

>> Computer Repairs & Computer Tune-Ups
>> New Custom-Built Computer Systems
>> Used Computer Systems
>> Private Tutoring
>> Virus Removal
>> SpyWare Removal
>> Data Recovery

Rid Yourself Of Spammers NOW!!

Drive-by Downloads:

Most unwanted spyware, adware & scumware gets installed through what I call "drive-by downloads". What exactly is a drive-by download?  Well it's like a drive-by shooting - you never know what hit you till it's too late!

A drive-by download is a program that a Web site surreptitiously plants on your Windows PC when you load its pages. (This problem is, by most accounts, limited to Microsoft's Internet Explorer browser). Many of these are only irritating -- they just force-feed advertising pop-ups to your browser -- but some change your home and search pages (hijackers), will alter your favourites and mangle important system settings. Some automatically download to your computer, often without your consent or even your knowledge. Unlike a pop-up download, which asks for your consent (albeit in a calculated manner likely to lead to a "yes"), a drive-by download is carried out invisibly to the user: it can be initiated by simply visiting a Web site or viewing an HTML e-mail message. Frequently, a drive-by download is installed along with another application. For example, a file sharing program might include downloads for a spyware program that tracks and reports user information for targeted marketing purposes, and an adware program that generates pop-up advertisements using that information. If your computer's security settings are lax, it may be possible for drive-by downloads to occur without any action on your part.

Xupiter, an Internet Explorer toolbar program, is frequently installed as a drive-by download. The program is said to replace the user's home page, change browser settings, and use redirection to take all searches to the Xupiter Web site. In some versions, the program initiates drive-by downloads of other programs. Furthermore, although it comes with an uninstall utility, Xupiter is said to be next to impossible for the average computer user to remove.

A few of these programs can be found and deleted within the usual Add/Remove Programs control panel. Others may be featured in Internet Explorer's list of "Browser Helper Objects" (some help!), which you can view by going to IE's Tools menu and selecting "Internet Options . . . " Click the "Settings" button and then, in the small window that opens, click "View Objects."

Top Spyware, Scumware & Adware Threats:

Spyware can bring your computer to a screeching halt. Learning to protect your computer from today's most dangerous spyware threats is essential self-preservation. There are spyware programs that are so dangerous they can open a backdoor to your confidential information, consume massive amounts of CPU capacity and memory, clog your network and destroy your data. PCs affected by these programs slow to a crawl, impacting computer usability and reliable operation. Even worse, frustrated users end up having to spend money getting it removed, since many are totally impossible to get rid of without re-installing Windows.

Top 20 Worst SpyWare Products:

KaZaA
Cool Web Search
Lop.com
SearchNow
MyWebSearch, aka MySearch
My Search Bar
My Way Speedbar
CoolBar/LookThru Cool Searchbars
IWon, iWon Co-Pilot, iWon Search Assistant, and MySearch/MyWeb (see write-up at bottom)
Adult Search Bar (ASSbar)
Excite Search bar
LookThru Cool Search Bar
IST Bar
Comet Cursor
Bonzi Buddy
Ezula
HotBar (Adopt.Hotbar.com)
GameSpy Arcade
Weather Bug
Smiley Central

The spyware below is considered to be the most rapidly spreading at this point:
Gator/GAIN/Claria
Grokster
Adopt.Hotbar.com

Here is a compilation of the threat, background & additional spyware information on the worst of the worst ...

KaZaA
KaZaA is the number one spyware threat on the Internet in the eyes of most technophiles because of its widespread popularity & it's "open door to the net". KaZaA claims that its software has been downloaded 214 million times - that's just scary. It includes spyware, adware and browser help objects (browser hijackers). It also increases your vulnerability to viruses, trojans & worms as "fake files" containing malware are extremely wide-spread on these networks.

Other peer-to-peer file exchange programs, such as Blubster, E-Mule & Gnucleus, could also degrade your systems performance and consume storage space because they are all bundled with adware or spyware.

CoolWebSearch (CWS)
CoolWebSearch has the ability to hijack your Web searches, home page, and Internet Explorer settings. Recent variants of it install itself using malicious HTML applications or security flaws, such as exploits in the HTML Help format and Microsoft Java Virtual machines. Over 80 different domains have now been identified as affiliated with coolwebsearch. People are paying big money to hi-jack machines. CoolWebSearch is probably one of the most vicious programs in terms of how nasty it is. It completely hijacks the browser so you can't do anything. I consider it to be the most dangerous program on the worst spyware and adware threat lists because it is next to impossible to remove without formatting your computer.

PurityScan
PurityScan frequently displays pop-up advertisements onto your computer whenever you are online. It induces you to install it by claiming to find and delete pornographic images.

n-CASE  (msbb.exe)
n-CASE is an adware program that delivers targeted pop-up advertisements to your computer. This program is usually bundled with freeware applications.

Gator (GAIN)
Gator (GAIN) is an adware program that has the ability to display banner advertisements based on your Web surfing habits. Gator is usually bundled with numerous free software programs, including the popular file-sharing program KaZaA.

Transponder/Transponder (vx2)
Transponder is an IE Browser Helper Object that monitors requested web pages and data entered into online forms, then delivers targeted advertisements.

ISTbar/AUpdate
ISTbar is a toolbar used for searching pornographic web sites that has been reported to display pornographic pop-ups and to hijack your homepage and Internet searches.

KeenValue
KeenValue is an adware program that collects personal information and delivers advertisements to your computer.

Internet Optimizer's Bargain Buddy
Bargain Buddy delivers targeted pop-up advertisements to your computer based on key words you might enter while surfing the Web.

Internet Optimizer
Internet Optimizer hijacks error pages and redirects them to its own controlling server at http://www.internet-optimizer.com.

Perfect Keylogger
Perfect Keylogger is a monitoring tool that records all visited web sites, keystrokes and mouse clicks. For example, it can log passwords, account numbers and other sensitive information. It is usually installed manually by the victim after being received by email.

TIBS Dialer
TIBS Dialer is a dialer program that hijacks your modem and dials 1-900 toll numbers, usually to access pornographic "pay" Web sites at $5.99 a minute. If your monthly phone bill suddenly jumps to $918.57 you're probably infected!

Newly Discovered Threats:

Searchit - Also known as: Pugi, after its internal object name., SearchIt Toolbar
TrojanDownloader.Win32.Vivia.f
TrojanDownloader.Win32.Vivia.e
TrojanDownloader.Win32.Apropo.g
Advanced Excel 2000 Password Recovery
Win32Info - Also known as: Adult content dialler
Win32.ExeBundle.272 - Also known as: TrojanDropper.Win32.ExeBundle.272 [Kaspersky]
PS2 Emulator - Also known as: ->taskmgr.exe [F-Prot], packed: SfxMaker [Kaspersky], TrojanClicker.Win32.VB.cr [Kaspersky]
WinSpy 5.6.1
Fake Delete - Also known as: FakeDel joke [McAfee]

FunWebProducts:

It turns out that FunWebProducts is an operation of a company called IWon, and is anything but fun!. Its software - a Web application - is essentially yet another piece of adware (often mistakenly called spyware although that is arguably a related subgenre). FunWebProducts is notable because it acquired a large user population with remarkable speed. Iwon is responsible for a series of notorious adware products including IWon, iWon Co-Pilot, iWon Search Assistant, and MySearch/MyWeb.

What FunWebProducts actually does - as do a lot of other adware and spyware products - is to make it difficult or impossible to uninstall the software as well as hijack your browser by setting your home page to point to other sites. Worse still, FunWebProducts attempts to reset the browser home page should you dare to try to change it. But, of course, anyone who downloads this free software will read the 5,000-word EULA that explains it all in incomprehensible legal mumbo-jumbo.

15 Steps To Preventing Spyware:

  1. Use programs like AdAware & SpyBot Search & Destroy regularly. I use both, and a paid-for version of Pest Patrol. SpyBot also has an "immunization" feature that will prevent many offenders from even being installed. This must be done on a "clean" system or it won't work however. You can't close the barn door after the horse has escaped!
  2. For extreme infections, you can resort to using Pest Patrol, while not free, it is certainly cheaper than losing all your data. It just "might" be able to get rid of it for you relatively painlessly.
  3. Speaking of data, back it up to CD, DVD or external USB hard-drive regularly (especially your digital photos). Use a program like Handy Backup to do it for you every day & email you a confirmation. I use this approach with a USB 180GB external hard-drive at 3am every day.
  4. When faced with a pop-up asking if you want to download/install "this or that" free goodie, don't click "yes" or "no" or "agree" or "OK" to close a window. Instead, click the red "x" in the corner of the window or press the Alt + F4 buttons on your keyboard to close a window (safest bet).
  5. Don't use peer-to-peer download software unless you have a good firewall (a hardware firewalled router is best) and fully updated anti-virus software.
  6. A technique I use quite frequently in my never-ending struggle to avoid spyware when I'm downloading free software is to use a search engine (Google works best) to search for the item followed by the word spyware and a question mark. Make sure it is spelled right. Search like this example for KaZaA >>> "KaZaA spyware?" If any results on, lets say the first two search results pages say anything about spyware, adware or something like, "Help, I can't get rid of..." your best bet is to avoid the download.
  7. The worst offenders like CoolWeb Search, burrow deep into your system registry and need to be surgically removed with such specialized tools as "HijackThis" and "CWShredder", free downloads at http://www.spywareinfo.com/~merijn.
  8. There are some good alternatives for utilities containing spyware. Instead of KaZaA, use WinMX. Instead of WeatherBug, use Weather Watcher, etc.
  9. Microsoft has just released it's beta version of "Microsoft Windows AntiSpyware" for free download. To grab your copy visit http://www.microsoft.com/athome/security/spyware/software/default.mspx. Microsoft just bought out "Giant AntiSpyware and have put their label on it.
  10. Surf and download smarter. Be more cautious when downloading free software, especially "free" file-sharing applications, which often are bundled with spyware. Do not download or run e-mail attachments unless you know what they are. Only download from Web sites and people you trust.
  11. Keep your operating system up-to-date. Windows XP Service Pack 2 adds significant security enhancements that can block spyware before it takes root.
  12. Adjust your Web browser's security settings or use a more secure Web browser. Microsoft Internet Explorer allows you to customize your security settings. Other Web browsers, such as Mozilla Firefox offer more security settings than Internet Explorer. Note: These new browsers may not be compatible with some websites, but are appropriate for general day-to-day browsing.
  13. Use a firewall. The newest versions of both Microsoft Windows XP operating system includes built-in firewall software.
  14. Downloading free software? Read the license agreement first, to make sure you are not giving permission for additional spyware to be installed. This sort of licensing is especially common in popular peer-to-peer products like KaZaA.
  15. And finally: just be cautious! A huge amount of spyware ends up on people's systems because they were not careful about what they were installing or where they were surfing. It seems obvious, but be careful what you do. Those pop-up windows that come up asking you if you want to install so-and-so software? Read them before saying no, just to make sure you hit the right button. If other people use your system, educate them on the dangers first. The shadier side of the Internet is crawling with loaded websites. These come equipped with nasties that will totally mess up your system if you let them. Just be careful out there.

Back
Next

Search Query

Want Windows XP AND Vista on your new computer?

Gord's Computer Blog

Gord's Business Website

Want A Super Computer Custom-Built  By Gord? Click Here!!

$AVE your travel bucks - Visit DoC's 1SecureTravel.com

DoC's 1SecureDomains.com - Domain Registration only $25/year!

Let DoC Host Your Website from $5.99/month!

Let DoC Submit Your Website to 66+ Search Engines Fast!

Back Home Up Next

Google

Search
Web

  www.eldercomps.com

www.pcmedixwebs.com

www.docsdownloads.com


Copyright © 2002-2008 pcMedix Web Solutions Group.  All rights reserved
Updated: August 06, 2008 09:25 PM