Spyware - Is someone watching you?

by Scott Hendison What is Spyware? Otherwise known as Adware, spyware tracks your Internet use, and reports it back to marketing companies. These marketing companies then use your web-surfing habits, your cookies, and other gathered information to “personalize” the popup ads, ad banners, and even your junk e-mail. There are other types of spyware too, that record keystrokes and passwords etc. but those are not commonly found or easily available to the public. For this article, I’m speaking of the spyware known as Adware. In my opinion, any software that uses the Internet to transmit any information about me or my computer use without my knowledge should be illegal. Unfortunately, at this point in time, it’s not illegal, and in fact spyware use by advertisers seems to be on the rise. Whenever I work on any computer myself, I also look for known spyware. More often than not, I find some. Names like Doubleclick, DSSAgent, Comet Cursor, Flycast, Gator, NewDot, OnFlow, Flyswat, TSadbot, HotBar, Web3000 and Webhancer, and dozens more are familiar to many people. I’ve seen these names in hundreds of computers, usually in the msconfig startup section. Sometimes I’ve seen them in the “details” button of an “illegal operation” or in the description of an “Invalid page fault”. Still other times they pop up as errors when first booting your computer, telling you there was some sort of some .dll problem. The point is, there’s plenty of this junk out there. and you need to get rid of it. Where does it come from? Well in most cases, you downloaded and installed the spyware yourself. Not intentionally, of course, but adware/spyware is an unfortunate byproduct of most “FREE” software downloads, like Bonzai Buddy, CuteFTP, Download Demon, Kaaza, NBC Quick Click, Real Player and…well, the list just goes on and on and on. If you just love to download and try out different free software programs because they sound cool, then I would practically guarantee that your machine is infected. It’s just a sad but true fact, that most of the free software you can find is actually supported by Spyware/Adware. Other times, this spyware can be even bundled with software that’s actually on a CD. A good example of this is DSSagent, which comes with several Mattel and Broderbund programs. I would also encourage you to be suspicious of any CD software that comes free out of a cereal box or free with a kids fast food meal. Do you really think you’re just getting some free entertainment for your toddlers? Do you expect quality software out of a cereal box? What harm can it do? You mean in addition to slowing down your machine, taking up hard drive space, causing you to have bootup errors, illegal operations and invalid page faults? Besides sharing your family web surfing habits with marketers, and causing you to receive even more Internet pop-up windows and junk e-mail than you already do? Oh, none I can think of. It’s fine, really. How can I get rid of it? Now we come to the meat of the issue. Manually removing them is a tedious, time consuming pain in the neck, and not always 100% successful. There are software programs you can buy, that will detect and remove spyware, going through your system file by file, and rooting out these programs like the viruses they really are. There are also…what else? Free versions! Two very popular free ones, are called Ad-aware and Spybot. Ad-aware is the one I recommend for novices, and it's really quite good. You can download it for free (yes free, but it's okay) at http://www.lavasoftusa.com/. After downloading and installing it, you'll be able to scan your computer in just a few minutes, and rid yourself of lots of things you may not even realize you have. It's well worth reading the "getting started" and other sections of their website too. The one I prefer is called Spybot, but it's not quite as easy to figure out. You can get it at http://www.safer-networking.org, and I like it because it also lets you "immunize" against over 500 known bad applications. Just like Antivirus software, both programs need to be updated regularly. I have known about the existence of Spyware programs for a long time, but until I had the trouble removing some on my own machine, I had never really done much research about it. In writing this article, I was amazed to find out how much spyware is really out there. Remember, if something sounds too good to be true, then it probably is; and with most free software, the price can actually be pretty high. Update: 9-2002 Wow. I got hold of something really awful, called Huntbar. It added a toolbar to IE, changed my home page, and generally wreaked havoc, making my address bar disappear. Even AdAware wouldn't detect and get rid of it! It was automatically installed just by visiting a certain URL. Norton AV script blocking etc. didn't stop it. Instead of just running a system restore with XP, I decided to track it down. What a mistake!. It took me over an hour to get rid of, but here's the solution... Believe it or not, it was easy. I went to http://www.huntbar.com and then to the top help link - scroll all the way to the bottom, and there are two uninstalls to download. I ran them both and the Huntbar toolbar, Fastseeker etc. were both gone after closing and reopening Internet Explorer. Woohoo! These people should be shot. Update: 1-2004 It's now reasonable to assume that 9 out of 10 computers have spyware on your machine unless they have no internet connection. I have NEVER run spybot on a machine and not found something. Even my own. Learn Spybot. Run it weekly. Update 6-2004 It's out of control. Now there are certain spyware applications that will just reinstall themselves after you remove them with the spyware removal software. They usually do this by putting an .exe file in the startup of your Windows program, like Wintools. Others like the notorious hijacker about:blank edit your registry so you can't get rid of it. The spyware problem has grown to such enormous proportions, that there are many people unable to use their computers. Nearly half of all my service calls are spyware related. Other software programs are available to help you win the fight, but they're not that simple to figure out. I routinely have to use CoolWeb Shredder, and HijackThis to get rid of some of these programs, as well as Bulletproof Spyware removal, AdAware, and Spybot too. Sometimes all three are necessary on a badly infested machine. Once I'm clean I always install immunize with the latest version of Spybot and then I install WinPatrol to keep things running smoothly. Update 9-2004 Everyone had the About:Blank spyware problem this summer. It was the worst I've ever seen. It turns your home page to an ad portal and it reads about:blank in the address bar. The first time I saw it, I spent nearly two hours on it. Unable to remove it, I edited the registry to redirect the browser to Google instead of that page, but it wasn't gone. At least the computer was useable. A few days later, I found some manual instructions using the CD and recovery console. After that, AboutBuster was released, and now, in September, there are several removal tools. If the removal tool doesn't work, then format and reinstall Windows, unless you're comfortable in the recovery console booting from your Windows CD. Once you get your computer clean (or format and reinstall Windows) run Spybot and Adaware regularly, and use Winpatrol to keep the junk out. Update 12-2004 Redirect to 69.20.16.183 ieautosearch - Unbelievable. This is a new one with no name yet. After two hours of trying everything under the sun, I gave up, and am waiting it out. someone will solve it soon, I'm sure, but here's the problem... After all normal and thorough removal spyware options, even using Firefox, the IE window pops open, displaying various advertising, and I cannot get rid of it. I only found one reference on the web, and I did all that was there, and even tried manual registry editing too, removing all .dll references. Then, at reboot, EVEN IN SAFE MODE those .dlls I can't remove are actually renamed to something else. As near as I can tell, there's a process at startup generating random .dll names , 3 of which can't be changed or deleted because they're in use. This one has me really PO'd. I guess it's a Look2me thing, but even their own removal download finds no "installations of their software). I call it an "infection". This is the offending entry in the magic hosts file... 69.20.16.183 ieautosearch When it's found with Hijack This, even in safe mode, you can scan, delete, rescan, and it's back that fast, regenerating right before your eyes. Also, the hosts file cannot be write protected, and when I delete it, this @#$% thing recreates it instantly. You can watch it right before your eyes. Scotty the WinPatrol Windows watchdog had to be muzzled. These are the #@$%^ idiots right here that created it... Eblocks.com Any input is welcome...Keep your eye on this post for more... http://www.iamnotageek.com/t-78554.html Scott Hendison 503.522.9244 Portland Technology Consultants

Last Updated ( Thursday, 04 October 2007 )