*This is from the Purepwnage forums by Wieman, telling you about spyware, a good find for the people who doesn't know about teh spyware in teh world and can be better protected using these tips.*
Alright, this thread is intended for people who have problems with spyware on their computer and getting it off of it. I bet there are a whole lot of people that have it since that company started giving websmasters money for it (see appropriate thread in GD)
What is Spyware?
Spyware, also know as Adware, is basically software that is installed on your computer without your knowledge, and gathers information about you and your PC, sending it back to base for either Advertising/Marketing or selling to other companies.
How does it get on my computer?
Ways that spyware find its way on to your pc are through Warez, and Porn sites that can download the software without you even knowing. P2P software is also a main contender for carrying spyware, and is often installed as part of the program. Some websites may trick you into downloading a piece of software that they claim is required for the website to run properly, once you download/install it then that’s when ‘real’ problems can start.
Even software that you think is safe to download and use (Download Accelerator, for example) are actually considered spyware because they can check the websites that you have visited and then send back ads that are in relation to those websites. Other software such as Porn Dialers and Premium Rate Dialers are also a big problem.
What can Spyware do?
Once on your PC, its purpose is to gather information about you the user and your pc. Data like Personal details, Passwords, and Credit Card information can be stolen and sent to someone else via your internet connection, again without you knowing. Keyloggers are a form of spyware that can be installed on your pc and that can be used to trace and log all data that you type. Your PC and your web browser can also be hijacked, meaning that your browser's homepage could be taken over by certain unwanted websites.
How do I know I have spyware?
The symptoms are similar to those from a virus:
* Your PC may be slower, with higher CPU usage than usual.
* Unexpected icons and shortcuts may appear on your desktop, and extra bookmarks in your Favorites.
* Your Web browser may have a search/tool bar that you’ve never seen before and a new home page.
* Popup ads may appear even when a browser is not open.
These are all classic symptoms that you have been hijacked and are being spied on.
What can I do about it?
Thankfully there is software that you can use to eliminate Spyware and Hijackers.
First off, don't use Internet Explorer, it sucks and is full of security flaws.
Alternative browsers:
FireFox and Mozilla (very recommended)
K-Meleon
Maxthon
Opera
Sometimes spyware is installed with troajns and viri etc. so here are some
Antivirus apps:
This comes with inbuilt firewall, antivirus, anti-spyware scanner, RAM defragger, disk defrag...the whole lot!!
AV-Comparatives.Org
Antivir Antivirus
Avast Antivirus
AVG Antivirus
F-Prot Antivirus Panda Online Scan
Stinger
Trend House Call
I've left Norton out since the only way you can use it for free is by downloading it via bittorent.
Ah and yes finally;
AntiSpyware:
Check this link to see if you have a REAL antispyware program:
Rogue/Suspect Anti-Spyware Products and Web Sites
Adware Away (about :blank killer)
Ad-aware
Ad-aware plugins
Claria/Gator Remover
CounterSpy
CWShredder
EZPCFix - works on BartPE
HijackThis
HijackThis Analyzer
Microsoft Antispyware Beta
PestPatrol
SpyBot
Spybot Search and Destroy 1.3.1 TX Update
SpySweeper - you can download a free trial there that works fine but doesn't update, you should buy it of course but a free cracked version is available on P2P services, a are most antispyware and antivirus progrmas you have to pay for.
SpywareGuard
WinPatrol
XP-Antispy
*Recommended
AntiTrojan:
a² Free
Ewido Trojan Remover
[url=http://www.moosoft.com/The Cleaner: (Trojan remover)[/url]
TrojanScan
Firewalls:
Jetico
Kerio Personal
Outpost
SoftPerfect Personal
Sygate Personal
ZoneAlarm Free
Kiero Personal firewall - I use it
Popup Blockers
A9 Toolbar
Google Toolbar
FireFox comes with a popup blocker but some sites have found a way around this. there are also some sites that use popups to acces their content.
Removal Guides and Tools:
Good Junk File remover
AboutBuster
EliteBar removal tool
Home Search Remover
Isearch toolbar uninstaller
Malware Warfare - A Step-By-Step Infantry Training Camp
Searchpage
OCHQ's guide to removing "Junkware"
I excluded lopdotcom since the most common installation can simply be removed through control panel --> software
Other Fixes:
BugOff
MoveOnBoot
VX2Finder
WinsockXP Fix
Discussion about Viri and Spyware @ MT forums - don't post there, they're all a bunch of elitist bastards that will eat you alive.
Don't use too much antispyware apps running at the same time, a friend of mine crashed his comp that way.
If you've still got a problem, use google, or post here.
cheers,
Weiman
EDIT: A complete guide to internet security by Taclooc.
Disclaimer; i did not write the following and what it says may not necessarily reflect my opinion, I don't plike Zonealarm for an example.
I'm sorry if things are being double mentioned.
Posted: Tue Sep 20, 2005 4:04 am Post subject: The Complete Guide to Internet Security
--------------------------------------------------------------------------------
The Complete Guide to Internet Security
-----------------------------------------------------------
1. Introduction and Updates
2. Common Questions
3. Prevention
4. Detection
….a. Using AdAware SE Effectively
….b. Using SpyBot Effectively
….c. Using SpySweeper Effectively
….d. Using HiJack This Effectively
5. Firewalls 101
6. All Programs and Their Use
-----------------------------------------------------------
1. Introduction
In the time I spent around multiple forums and boards, I notice that there are a lot of topics regarding internet security and the dreaded Spyware and Adware. Before starting, I want everyone to know that they should be careful when performing these actions, as even a simple deletion of the wrong file could cause a system crash or failure. Now, on with the guide.
-----------------------------------------------------------
2. Common Questions
Q: What is Adware?
A: Adware is a program put on one’s computer used to advertise. Common symptoms include slowdown, multiple popups, and a resetting homepage. Adware does not relay any information about the user, but instead bogs the computer down with advertising.
Q: What is Spyware?
A: Spyware is an addition to some Adware that secretly gather information about the user and relay it to advertisers or other interested parties. Spyware can get in a computer as a software virus or as the result of installing a new program.
Q: What is a cookie?
A: Cookies are small bits of data that are stored on your computer every time to access a site. Until cleared, the computer will remember almost everything about the site (text, pics, sounds) so it loads faster when you open it again. Thus, this takes up room, and after a long while you may have a lot of harddrive space taken up by cookies.
Q: What are tracking cookies?
A: Tracking cookies not only save data from sites, but they will also send this data to companies. These are considered malicious as they are an invasion of privacy and you will often end up with spyware if they are not deleted.
Q: How Did I Get Infected?
A: First of all, it’s nearly impossible to steer completely away from Adware and Spyware, but there multiple steps you can use to reduce infection and protect your computer. If you do any of the following things, you probably have Adware and/or Spyware:
- Use P2P programs such as KaZaA, GrokSter, or iMesh.
- Download free screensavers
- Download freeware applications
- Visit adult sites
- Surf the web
But how did you get infected? Simply put, your internet security settings are too low, and you don’t have the correct protection. Also, you probably think little of what you’re downloading and often receive lots of adware and spyware in the process.
Q: What’s so bad about Spyware and Adware?
A: Spyware and Adware do most, if not all, of the following:
- Install programs without your consent
- Slow your computer down
- Displays popups
- Tracks your internet activities
- Logs your actions and sends them to 3rd parties
- Changes your internet homepage
Q: OK, you caught me. Now I have Spyware and Adware, how do I get rid of it?
A: Be sure to follow this guide completely. Use HiJack as a checkup, and not as your main tool. Run it after you have completed all other programs.
-----------------------------------------------------------
3. Prevention
Before you go about destroying all the Spyware and Adware you have, it’s best to set up some programs that will help block re-infection.
Internet Explorer
Believe it or not, there are plenty of things you can do just on IE that can help to prevent any future attacks.
Disable ActiveX
Open IE and select Tools from the top. Click on Internet Options. Select the Security Tab and then hit the Default Level button. Now, click Custom and scroll to the ActiveX area. Ensure the following changes are made:
1. Download Signed ActiveX Controls: Prompt
2. Download Unsigned ActiveX Controls: Disable
3. Initialize ActiveX Controls Marked Not Safe: Disable
Change Your Cookies Settings
Open IE and select Tools from the top. Click on Internet Options. Select the Privacy Tab and move the slider to Low or Medium, just move it away from Accept All.
Check For Updates
Open IE and select Tools from the top. Click on Windows Updates. Run the scan and install ALL new updates, critical or not, you need them.
Spyware Blaster
This excellent program will add over 3,000 nasty sites to your block list, ensuring you will never be infected with them again. Once installed, click Updates on the left hand side. Check For Updates, then ensure you Enable All Protection from the Protection menu.
Now select Tools from the side and go to Browser Pages. Change the fist 2 sites to your Homepage and Search Engine (ex.msn.com and google.com). Now you are protected against over 3,000 sites. Be sure to check for updates frequently.
SpySweeper
Although simply a Free Trial Version, SpySweeper offers great protection as well as detection. Once you have downloaded SpySweeper, select Options on the left hand side and click the Active Shields tab. Turn the Homepage Shield on, and make sure you put the same site as you did with Spyware Blaster. Turn all other Shields on. Minimize SpySweeper and then right click its icon in the task tray and select Load at Startup. Now you have protection enabled here aswell.
Spybot Search and Destroy
This is easily one of the best Spyware prevention and detection programs there is. Once downloaded, skip the introduction and click Updates. SB-S&D will automatically search for any updates. If any are found, check them all and download them.
Now click Immunize on the left side. If you have unimmunized programs, select the large Immunize option at the top. Now click the box that says “Enable Permanent Blocking of Bad Addresses” and select Block Silently from the drop down list.
Great! Now you are prevented from many of today’s most common pests and annoyances.
Spyware Guard
This program is very easy to use, but I have had trouble saving some options and was overall disappointed in this program. Use this if you cannot get the above programs to work properly. Otherwise, don’t bother.
-----------------------------------------------------------
4. Detection
Now that you have your prevention programs up and running, its time to take out any pests you have on your computer.
A. AdAware SE
This is easily the best anti adware program out there if used correctly, and the new additions in SE make it that much easier. Many people will search for updates, run a normal scan, delete the objects, then wonder why their computer is still infected. Here I’m going to show you how to ensure that AdAware is being used to its full potential.
Customize Your Scan
Open AdAware and select Start. First, uncheck the Negligible Items scan, as these aren’t a threat, and are often important files for the user. Next, select the third option of “Use Custom Scan Options”. Click Customize to the right of it. On the Scanning tab, ensure that all folders and options are checked and have a green check mark to the left. Select General from the left hand side and ensure the following changes are made:
1. Save Log-File – On
2. Quarantine Objects – Off
3. Safe Mode – On
Next, select Scanning and make sure everything is turned on.
Finally, select the Tweak tab on the left. Ensure the following options are on:
Scanning Engine
1. Unload Recognized Processes - On
2. Scan registry for all user – On
Cleaning Engines
Turn everything on.
Now click proceed. After checking for updates, feel free to start your scan with your Customize Scan selected. Once it is finished searching, right click in the list and check “Select All”. All objects will be selected, and now you can proceed to click next and delete them. Be sure to open the Quarantine Area by selecting the package at the top menu and ensuring there is nothing there. If there is, delete it and make sure your settings have Quarantining disabled.
B. Spybot Search and Destroy 1.3
This program is also a great SpyWare killer. Open Spybot and at the top menu, click Mode and Select Advanced Mode. On the side bar, click Settings and open the File Sets menu. Make sure everything is checked. Now click Settings on the side menu and turn off the System Restore options, but ensure that backups are created of System Internals only. Under Scan Priority, select Time Critical. Good, now select Mode from the top and go back to Default. Select “Check for Problems”, and delete all the ones you feel comfortable about deleting.
C. SpySweeper
Once you have SpySweeper installed, Select Options from the side bar and click the Configuration Tab. Ensure that the correct drive is selected for scanning, and then ensure that Sweep Memory and Registry are checked. Ensure “Sweep All Folders” is checked and that Scan Priority is at high. Click Sweep Now from the side bar and delete everything you feel comfortable about deleting.
D. HiJack This
Each line in the HiJack This log start with a section name. The section names help categorize the results. The following are the section types:
R0, R1, R2, R3 – Internet Explorer start/search page URLs
F0, F1 – Auto loading Programs
N1, N2, N3, N4 – Netscape/Mozilla start/search page URLs
O1 – Hosts file redirection
O2 – Browser help objects
O3 – Internet Explorer toolbars
O4 – Auto loading programs from registry
O5 – IE options icons not visible in control panel
O6 – IE options access restricted by administrator
O7 – Regedit access restricted by administrator
O8 – Extra items in IE right-click menu
O9 – Extra buttons on the main IE button toolbar, or the extra items in IE “Tools” menu
O10 – Winsock hijacker
O11 – Extra group in IE “Advanced Options” window
O12 – IE Plugins
O13 – IE DefaultPrefix hijacker
O14 – “Reset Web Settings” hijackers
O15 – Unwanted site in trusted zone
O16 – ActiveX objects
O17 – Lop.com domain hijackers
O18 – Extra protocols and protocol hijackers
O19 – User style sheet hijackers
What does this all mean? I will now describe each of the above and their use.
-----------------------------
R0, R1, R2, R3 – Internet Explorer start/search page URLs
If you recognize the URL at the end as your homepage or search engine, then do not fix it. If you do not recognize the URL, have HJT fix it. For R3 items, always fix them, unless it mentions a programs you recognize.
-----------------------------
F0, F1 – Auto loading Programs
F0 items are always bad, fix them.
F1 items are usually older programs, but are usually safe.
-----------------------------
N1, N2, N3, N4 – Netscape/Mozilla Start and Search Pages
These pages are hardly hijacked and are usually safe. Fix it if you do not recognize a page.
-----------------------------
O1 – Hostsfile Redirection
You can usually fix these unless you put the lines in your Hosts file.
-----------------------------
O2 – Browser Helper Objects
Check the objects against this list:
to decide whether it is good or bad.
-----------------------------
O3 – Internet Explorer Toolbars
Once again, use the CLSID list and check to see whether it is good or bad:
-----------------------------
O4 – Auto loading Programs From Registry
Check this list to find out about the program:
-----------------------------
O5 – Internet Explorer Options Not Visible in Control Panel
Unless you've knowingly hidden the icon from Control Panel, fix this.
-----------------------------
O6 – Internet Explorer Options Access Restricted by Admin
You won’t usually have to fix this.
-----------------------------
O7 – Regedit Access Restricted by Admin
Always fix these items.
-----------------------------
O8 – Extra Items in Internet Explorer Right-Click Menu
If you don’t recognize the name, fix it.
-----------------------------
O9 – Extra Buttons in the IE Toolbar
If you don’t recognize it, fix it.
-----------------------------
O10 – Winsock Hijackers
These need to be fixed, but SpyBot is usually a better choice for fixing these.
-----------------------------
O11 – Extra Group in IE “Advanced Options” Window
Always fix this.
-----------------------------
O12 – IE Plugins
These are all safe expect for file names ending in .ofb.
-----------------------------
O13 – IE DefaultPrefix Hijacker
Always fix these.
-----------------------------
O14- Reset Web Settings HiJacker
If the URL does not match your ISP, fix it.
-----------------------------
O15 – Unwanted Sites in the Trusted Zone
Always fix these.
-----------------------------
O16 – ActiveX Objects
If you don’t recognize the URL, or the object has “dialer”, “casino”, “free_plugin”, etc., fix these.
-----------------------------
O17 – Lop.Com Domain HiJackers
These are usually safe, but if it does not match your ISP, fix it.
-----------------------------
O18 – Extra Protocols and Protocol HiJackers
The known hijackers are “commonname”, “ayb”, and “relatedlinks”. You should usually fix these.
-----------------------------
O19 – User Style Sheet HiJack
Fix this item if you receive slowdown and popups.
-----------------------------------------------------------
5. Firewalls 101
Q: What is a firewall?
A: A firewall is program that monitors all your internet traffic, both outgoing and incoming internet traffic. Every time you open your browser and surf the web, you are both receiving and giving data through you internet connection. When you receive malicious data, you may find yourself with spyware. With a firewall, you can block these malicious transfers, as well as stop outgoing data that may be sent to 3rd parties through spyware.
Q: How does a firewall help this?
A: Once you install the firewall, each program that uses the internet will first need to be passed by the firewall. You will receive a notification of the program trying to sent or receive data, and you have the choice of either granting or denying it permission. For example, when you open your browser, your firewall will notify you that IE/Firefox /Netscape/Mozilla is trying to access and receive data from the internet. You would click Allow and the program will have the right to transfer data. If you receive a notification for a program you don’t know, deny it permission, and then find out what the program is before allowing it access.
Q: Which firewall should I use?
A: I strongly recommend ZoneAlarm Personal Firewall. You can download it here: http://www.download.com/ZoneAlarm/30...ml?tag=lst-0-1
Setting Up ZoneAlarm PE
Preferences
From the main overview screen, click Preferences and ensure the following are selected:
- Load at startup: ON
- Protect client: ON
- Hide my IP when applicable: ON
Firewall
Under the Firewall section, set both sliders to Medium. If you have a home or office network, click the Zones tab and add a Subnet for each computer.
Program Control
Under the Main tab, move the slider to Medium and turn your internet lock off.
Under the Programs tab, you can specify which programs you want to use the internet. If you accidentally grant or deny permission to an application that you didn’t want to, check under this section to change it.
AV Monitoring
Always have this on, with your main AntiVirus program selected.
E-Mail Protection
Always have this on.
Well there you go, once you have set up your firewall, minimize it to your task tray and go about using your computer, safe and protected by your firewall.
-----------------------------------------------------------
6. All Programs and Their Use
AdAware SE
Deletes multiple adware programs.
CoolWebShredder
Detects the CoolWeb Trojan hijacker and other browser hijackers.
Google Toolbar
Brings Google to your toolbars and provides an easy-to-use pop-up blocker.
Hijack This
Displays system processes and other running programs.
MSN Toolbar
Bring MSN to your fingertips and provides and easy-to-use pop-up blocker.
Spybot Search and Destroy 1.3
Prevents and detects spyware programs.
SpySweeper
Prevents hijacks and detects tracking cookies.
Spyware Blaster
Adds over 3,000 sites to your block list.
Spyware Guard
Guards your browser from HiJack attempts and alerts you of attacks
ZoneAlarm Personal FireWall
This personal firewall checks all internet traffic and blocks malicious activity
Alright, this thread is intended for people who have problems with spyware on their computer and getting it off of it. I bet there are a whole lot of people that have it since that company started giving websmasters money for it (see appropriate thread in GD)
What is Spyware?
Spyware, also know as Adware, is basically software that is installed on your computer without your knowledge, and gathers information about you and your PC, sending it back to base for either Advertising/Marketing or selling to other companies.
How does it get on my computer?
Ways that spyware find its way on to your pc are through Warez, and Porn sites that can download the software without you even knowing. P2P software is also a main contender for carrying spyware, and is often installed as part of the program. Some websites may trick you into downloading a piece of software that they claim is required for the website to run properly, once you download/install it then that’s when ‘real’ problems can start.
Even software that you think is safe to download and use (Download Accelerator, for example) are actually considered spyware because they can check the websites that you have visited and then send back ads that are in relation to those websites. Other software such as Porn Dialers and Premium Rate Dialers are also a big problem.
What can Spyware do?
Once on your PC, its purpose is to gather information about you the user and your pc. Data like Personal details, Passwords, and Credit Card information can be stolen and sent to someone else via your internet connection, again without you knowing. Keyloggers are a form of spyware that can be installed on your pc and that can be used to trace and log all data that you type. Your PC and your web browser can also be hijacked, meaning that your browser's homepage could be taken over by certain unwanted websites.
How do I know I have spyware?
The symptoms are similar to those from a virus:
* Your PC may be slower, with higher CPU usage than usual.
* Unexpected icons and shortcuts may appear on your desktop, and extra bookmarks in your Favorites.
* Your Web browser may have a search/tool bar that you’ve never seen before and a new home page.
* Popup ads may appear even when a browser is not open.
These are all classic symptoms that you have been hijacked and are being spied on.
What can I do about it?
Thankfully there is software that you can use to eliminate Spyware and Hijackers.
First off, don't use Internet Explorer, it sucks and is full of security flaws.
Alternative browsers:
FireFox and Mozilla (very recommended)
K-Meleon
Maxthon
Opera
Sometimes spyware is installed with troajns and viri etc. so here are some
Antivirus apps:
This comes with inbuilt firewall, antivirus, anti-spyware scanner, RAM defragger, disk defrag...the whole lot!!
AV-Comparatives.Org
Antivir Antivirus
Avast Antivirus
AVG Antivirus
F-Prot Antivirus Panda Online Scan
Stinger
Trend House Call
I've left Norton out since the only way you can use it for free is by downloading it via bittorent.
Ah and yes finally;
AntiSpyware:
Check this link to see if you have a REAL antispyware program:
Rogue/Suspect Anti-Spyware Products and Web Sites
Adware Away (about :blank killer)
Ad-aware
Ad-aware plugins
Claria/Gator Remover
CounterSpy
CWShredder
EZPCFix - works on BartPE
HijackThis
HijackThis Analyzer
Microsoft Antispyware Beta
PestPatrol
SpyBot
Spybot Search and Destroy 1.3.1 TX Update
SpySweeper - you can download a free trial there that works fine but doesn't update, you should buy it of course but a free cracked version is available on P2P services, a are most antispyware and antivirus progrmas you have to pay for.
SpywareGuard
WinPatrol
XP-Antispy
*Recommended
AntiTrojan:
a² Free
Ewido Trojan Remover
[url=http://www.moosoft.com/The Cleaner: (Trojan remover)[/url]
TrojanScan
Firewalls:
Jetico
Kerio Personal
Outpost
SoftPerfect Personal
Sygate Personal
ZoneAlarm Free
Kiero Personal firewall - I use it
Popup Blockers
A9 Toolbar
Google Toolbar
FireFox comes with a popup blocker but some sites have found a way around this. there are also some sites that use popups to acces their content.
Removal Guides and Tools:
Good Junk File remover
AboutBuster
EliteBar removal tool
Home Search Remover
Isearch toolbar uninstaller
Malware Warfare - A Step-By-Step Infantry Training Camp
Searchpage
OCHQ's guide to removing "Junkware"
I excluded lopdotcom since the most common installation can simply be removed through control panel --> software
Other Fixes:
BugOff
MoveOnBoot
VX2Finder
WinsockXP Fix
Discussion about Viri and Spyware @ MT forums - don't post there, they're all a bunch of elitist bastards that will eat you alive.
Don't use too much antispyware apps running at the same time, a friend of mine crashed his comp that way.
If you've still got a problem, use google, or post here.
cheers,
Weiman
EDIT: A complete guide to internet security by Taclooc.
Disclaimer; i did not write the following and what it says may not necessarily reflect my opinion, I don't plike Zonealarm for an example.
I'm sorry if things are being double mentioned.
Posted: Tue Sep 20, 2005 4:04 am Post subject: The Complete Guide to Internet Security
--------------------------------------------------------------------------------
The Complete Guide to Internet Security
-----------------------------------------------------------
1. Introduction and Updates
2. Common Questions
3. Prevention
4. Detection
….a. Using AdAware SE Effectively
….b. Using SpyBot Effectively
….c. Using SpySweeper Effectively
….d. Using HiJack This Effectively
5. Firewalls 101
6. All Programs and Their Use
-----------------------------------------------------------
1. Introduction
In the time I spent around multiple forums and boards, I notice that there are a lot of topics regarding internet security and the dreaded Spyware and Adware. Before starting, I want everyone to know that they should be careful when performing these actions, as even a simple deletion of the wrong file could cause a system crash or failure. Now, on with the guide.
-----------------------------------------------------------
2. Common Questions
Q: What is Adware?
A: Adware is a program put on one’s computer used to advertise. Common symptoms include slowdown, multiple popups, and a resetting homepage. Adware does not relay any information about the user, but instead bogs the computer down with advertising.
Q: What is Spyware?
A: Spyware is an addition to some Adware that secretly gather information about the user and relay it to advertisers or other interested parties. Spyware can get in a computer as a software virus or as the result of installing a new program.
Q: What is a cookie?
A: Cookies are small bits of data that are stored on your computer every time to access a site. Until cleared, the computer will remember almost everything about the site (text, pics, sounds) so it loads faster when you open it again. Thus, this takes up room, and after a long while you may have a lot of harddrive space taken up by cookies.
Q: What are tracking cookies?
A: Tracking cookies not only save data from sites, but they will also send this data to companies. These are considered malicious as they are an invasion of privacy and you will often end up with spyware if they are not deleted.
Q: How Did I Get Infected?
A: First of all, it’s nearly impossible to steer completely away from Adware and Spyware, but there multiple steps you can use to reduce infection and protect your computer. If you do any of the following things, you probably have Adware and/or Spyware:
- Use P2P programs such as KaZaA, GrokSter, or iMesh.
- Download free screensavers
- Download freeware applications
- Visit adult sites
- Surf the web
But how did you get infected? Simply put, your internet security settings are too low, and you don’t have the correct protection. Also, you probably think little of what you’re downloading and often receive lots of adware and spyware in the process.
Q: What’s so bad about Spyware and Adware?
A: Spyware and Adware do most, if not all, of the following:
- Install programs without your consent
- Slow your computer down
- Displays popups
- Tracks your internet activities
- Logs your actions and sends them to 3rd parties
- Changes your internet homepage
Q: OK, you caught me. Now I have Spyware and Adware, how do I get rid of it?
A: Be sure to follow this guide completely. Use HiJack as a checkup, and not as your main tool. Run it after you have completed all other programs.
-----------------------------------------------------------
3. Prevention
Before you go about destroying all the Spyware and Adware you have, it’s best to set up some programs that will help block re-infection.
Internet Explorer
Believe it or not, there are plenty of things you can do just on IE that can help to prevent any future attacks.
Disable ActiveX
Open IE and select Tools from the top. Click on Internet Options. Select the Security Tab and then hit the Default Level button. Now, click Custom and scroll to the ActiveX area. Ensure the following changes are made:
1. Download Signed ActiveX Controls: Prompt
2. Download Unsigned ActiveX Controls: Disable
3. Initialize ActiveX Controls Marked Not Safe: Disable
Change Your Cookies Settings
Open IE and select Tools from the top. Click on Internet Options. Select the Privacy Tab and move the slider to Low or Medium, just move it away from Accept All.
Check For Updates
Open IE and select Tools from the top. Click on Windows Updates. Run the scan and install ALL new updates, critical or not, you need them.
Spyware Blaster
This excellent program will add over 3,000 nasty sites to your block list, ensuring you will never be infected with them again. Once installed, click Updates on the left hand side. Check For Updates, then ensure you Enable All Protection from the Protection menu.
Now select Tools from the side and go to Browser Pages. Change the fist 2 sites to your Homepage and Search Engine (ex.msn.com and google.com). Now you are protected against over 3,000 sites. Be sure to check for updates frequently.
SpySweeper
Although simply a Free Trial Version, SpySweeper offers great protection as well as detection. Once you have downloaded SpySweeper, select Options on the left hand side and click the Active Shields tab. Turn the Homepage Shield on, and make sure you put the same site as you did with Spyware Blaster. Turn all other Shields on. Minimize SpySweeper and then right click its icon in the task tray and select Load at Startup. Now you have protection enabled here aswell.
Spybot Search and Destroy
This is easily one of the best Spyware prevention and detection programs there is. Once downloaded, skip the introduction and click Updates. SB-S&D will automatically search for any updates. If any are found, check them all and download them.
Now click Immunize on the left side. If you have unimmunized programs, select the large Immunize option at the top. Now click the box that says “Enable Permanent Blocking of Bad Addresses” and select Block Silently from the drop down list.
Great! Now you are prevented from many of today’s most common pests and annoyances.
Spyware Guard
This program is very easy to use, but I have had trouble saving some options and was overall disappointed in this program. Use this if you cannot get the above programs to work properly. Otherwise, don’t bother.
-----------------------------------------------------------
4. Detection
Now that you have your prevention programs up and running, its time to take out any pests you have on your computer.
A. AdAware SE
This is easily the best anti adware program out there if used correctly, and the new additions in SE make it that much easier. Many people will search for updates, run a normal scan, delete the objects, then wonder why their computer is still infected. Here I’m going to show you how to ensure that AdAware is being used to its full potential.
Customize Your Scan
Open AdAware and select Start. First, uncheck the Negligible Items scan, as these aren’t a threat, and are often important files for the user. Next, select the third option of “Use Custom Scan Options”. Click Customize to the right of it. On the Scanning tab, ensure that all folders and options are checked and have a green check mark to the left. Select General from the left hand side and ensure the following changes are made:
1. Save Log-File – On
2. Quarantine Objects – Off
3. Safe Mode – On
Next, select Scanning and make sure everything is turned on.
Finally, select the Tweak tab on the left. Ensure the following options are on:
Scanning Engine
1. Unload Recognized Processes - On
2. Scan registry for all user – On
Cleaning Engines
Turn everything on.
Now click proceed. After checking for updates, feel free to start your scan with your Customize Scan selected. Once it is finished searching, right click in the list and check “Select All”. All objects will be selected, and now you can proceed to click next and delete them. Be sure to open the Quarantine Area by selecting the package at the top menu and ensuring there is nothing there. If there is, delete it and make sure your settings have Quarantining disabled.
B. Spybot Search and Destroy 1.3
This program is also a great SpyWare killer. Open Spybot and at the top menu, click Mode and Select Advanced Mode. On the side bar, click Settings and open the File Sets menu. Make sure everything is checked. Now click Settings on the side menu and turn off the System Restore options, but ensure that backups are created of System Internals only. Under Scan Priority, select Time Critical. Good, now select Mode from the top and go back to Default. Select “Check for Problems”, and delete all the ones you feel comfortable about deleting.
C. SpySweeper
Once you have SpySweeper installed, Select Options from the side bar and click the Configuration Tab. Ensure that the correct drive is selected for scanning, and then ensure that Sweep Memory and Registry are checked. Ensure “Sweep All Folders” is checked and that Scan Priority is at high. Click Sweep Now from the side bar and delete everything you feel comfortable about deleting.
D. HiJack This
Each line in the HiJack This log start with a section name. The section names help categorize the results. The following are the section types:
R0, R1, R2, R3 – Internet Explorer start/search page URLs
F0, F1 – Auto loading Programs
N1, N2, N3, N4 – Netscape/Mozilla start/search page URLs
O1 – Hosts file redirection
O2 – Browser help objects
O3 – Internet Explorer toolbars
O4 – Auto loading programs from registry
O5 – IE options icons not visible in control panel
O6 – IE options access restricted by administrator
O7 – Regedit access restricted by administrator
O8 – Extra items in IE right-click menu
O9 – Extra buttons on the main IE button toolbar, or the extra items in IE “Tools” menu
O10 – Winsock hijacker
O11 – Extra group in IE “Advanced Options” window
O12 – IE Plugins
O13 – IE DefaultPrefix hijacker
O14 – “Reset Web Settings” hijackers
O15 – Unwanted site in trusted zone
O16 – ActiveX objects
O17 – Lop.com domain hijackers
O18 – Extra protocols and protocol hijackers
O19 – User style sheet hijackers
What does this all mean? I will now describe each of the above and their use.
-----------------------------
R0, R1, R2, R3 – Internet Explorer start/search page URLs
If you recognize the URL at the end as your homepage or search engine, then do not fix it. If you do not recognize the URL, have HJT fix it. For R3 items, always fix them, unless it mentions a programs you recognize.
-----------------------------
F0, F1 – Auto loading Programs
F0 items are always bad, fix them.
F1 items are usually older programs, but are usually safe.
-----------------------------
N1, N2, N3, N4 – Netscape/Mozilla Start and Search Pages
These pages are hardly hijacked and are usually safe. Fix it if you do not recognize a page.
-----------------------------
O1 – Hostsfile Redirection
You can usually fix these unless you put the lines in your Hosts file.
-----------------------------
O2 – Browser Helper Objects
Check the objects against this list:
to decide whether it is good or bad.
-----------------------------
O3 – Internet Explorer Toolbars
Once again, use the CLSID list and check to see whether it is good or bad:
-----------------------------
O4 – Auto loading Programs From Registry
Check this list to find out about the program:
-----------------------------
O5 – Internet Explorer Options Not Visible in Control Panel
Unless you've knowingly hidden the icon from Control Panel, fix this.
-----------------------------
O6 – Internet Explorer Options Access Restricted by Admin
You won’t usually have to fix this.
-----------------------------
O7 – Regedit Access Restricted by Admin
Always fix these items.
-----------------------------
O8 – Extra Items in Internet Explorer Right-Click Menu
If you don’t recognize the name, fix it.
-----------------------------
O9 – Extra Buttons in the IE Toolbar
If you don’t recognize it, fix it.
-----------------------------
O10 – Winsock Hijackers
These need to be fixed, but SpyBot is usually a better choice for fixing these.
-----------------------------
O11 – Extra Group in IE “Advanced Options” Window
Always fix this.
-----------------------------
O12 – IE Plugins
These are all safe expect for file names ending in .ofb.
-----------------------------
O13 – IE DefaultPrefix Hijacker
Always fix these.
-----------------------------
O14- Reset Web Settings HiJacker
If the URL does not match your ISP, fix it.
-----------------------------
O15 – Unwanted Sites in the Trusted Zone
Always fix these.
-----------------------------
O16 – ActiveX Objects
If you don’t recognize the URL, or the object has “dialer”, “casino”, “free_plugin”, etc., fix these.
-----------------------------
O17 – Lop.Com Domain HiJackers
These are usually safe, but if it does not match your ISP, fix it.
-----------------------------
O18 – Extra Protocols and Protocol HiJackers
The known hijackers are “commonname”, “ayb”, and “relatedlinks”. You should usually fix these.
-----------------------------
O19 – User Style Sheet HiJack
Fix this item if you receive slowdown and popups.
-----------------------------------------------------------
5. Firewalls 101
Q: What is a firewall?
A: A firewall is program that monitors all your internet traffic, both outgoing and incoming internet traffic. Every time you open your browser and surf the web, you are both receiving and giving data through you internet connection. When you receive malicious data, you may find yourself with spyware. With a firewall, you can block these malicious transfers, as well as stop outgoing data that may be sent to 3rd parties through spyware.
Q: How does a firewall help this?
A: Once you install the firewall, each program that uses the internet will first need to be passed by the firewall. You will receive a notification of the program trying to sent or receive data, and you have the choice of either granting or denying it permission. For example, when you open your browser, your firewall will notify you that IE/Firefox /Netscape/Mozilla is trying to access and receive data from the internet. You would click Allow and the program will have the right to transfer data. If you receive a notification for a program you don’t know, deny it permission, and then find out what the program is before allowing it access.
Q: Which firewall should I use?
A: I strongly recommend ZoneAlarm Personal Firewall. You can download it here: http://www.download.com/ZoneAlarm/30...ml?tag=lst-0-1
Setting Up ZoneAlarm PE
Preferences
From the main overview screen, click Preferences and ensure the following are selected:
- Load at startup: ON
- Protect client: ON
- Hide my IP when applicable: ON
Firewall
Under the Firewall section, set both sliders to Medium. If you have a home or office network, click the Zones tab and add a Subnet for each computer.
Program Control
Under the Main tab, move the slider to Medium and turn your internet lock off.
Under the Programs tab, you can specify which programs you want to use the internet. If you accidentally grant or deny permission to an application that you didn’t want to, check under this section to change it.
AV Monitoring
Always have this on, with your main AntiVirus program selected.
E-Mail Protection
Always have this on.
Well there you go, once you have set up your firewall, minimize it to your task tray and go about using your computer, safe and protected by your firewall.
-----------------------------------------------------------
6. All Programs and Their Use
AdAware SE
Deletes multiple adware programs.
CoolWebShredder
Detects the CoolWeb Trojan hijacker and other browser hijackers.
Google Toolbar
Brings Google to your toolbars and provides an easy-to-use pop-up blocker.
Hijack This
Displays system processes and other running programs.
MSN Toolbar
Bring MSN to your fingertips and provides and easy-to-use pop-up blocker.
Spybot Search and Destroy 1.3
Prevents and detects spyware programs.
SpySweeper
Prevents hijacks and detects tracking cookies.
Spyware Blaster
Adds over 3,000 sites to your block list.
Spyware Guard
Guards your browser from HiJack attempts and alerts you of attacks
ZoneAlarm Personal FireWall
This personal firewall checks all internet traffic and blocks malicious activity
Comment