Spyware 101: Detecting, Removing, and Preventing

Written by rob on April 30, 2006 – 12:33 pm -

When the Internet went mainstream, the first “danger” was the infamous viruses. Whether it was the popular Love Bug virus that struck the whole Internet via e-mail in mid-2000, or the Code Red worm of 2001 that was allegedly a cyberterrorist attack, everyone who uses the Internet nowadays has heard of viruses (or, more semanticly correct, virii). In fact, almost everyone in today’s cyberworld has Anti-Virus software to protect them from these viruses. There really is no excuse to not have one, as there are multiple free anti-virus scanners (Avast!, AVG) that work just as well as their paid-for counterparts from Symantec and McAffee. Suffice it to say, the Internet threat of viruses is no longer a huge threat, given this wide-spread knowledge and protection of the danger.

Enter Spyware. Circa 2005, spyware became a widespread threat to the unsuspecting Internet public. Spyware refers to a wide variety of malicious programs that, once on your computer, proceed to monitor where you go on the Internet (hence the spy part of the name) and give you unsolicited pop-up advertisements at an uncontrollable rate. By taking advantage of various holes in the Microsoft Windows operating system, combined with the Internet Explorer browser, spyware can install itself onto a user’s computer without their knowledge. Spyware, technically speaking, are usually programs that are very small in size, and hide themselves either somewhere in the C:/Program Files directory, or in the C:/Windows and C:/Windows/system32 directories. Simply by browsing the Internet using the aforementioned browser and operating system (Internet Explorer with Windows), you can slowly become infected with spyware. Unlike viruses, spyware will not replicate itself and attempt to send itself to people in your address book or buddy list. However, getting one form of spyware often times pops up windows of other spyware-ridden websites, and before long you are infected with dozens (sometimes, hundreds) of different variants of spyware.

Spyware is less serious than viruses on almost every level. Rarely does spyware delete your files, corrupt your operating system, or try to infect your friends and family via e-mail. However, it is indeed an annoyance that no PC user should have to endure. As briefly mentioned above, the most common symptom of spyware is pop-up ads that can occur at any time, even when your Internet browser is not open. Another symptom, which is one of the reasons spyware must be fought, is the general slowdown of your computer. Spyware, when installed, tells your computer to run it at start-up. Therefore, every time you start up your computer, every little spyware program you have will also start up, slowing the boot of your computer. Moreover, spyware is known to hog memory, which will slow down opening and closing programs, as well as your overall computer speed.

Now you know generally what spyware is and why it can be a bad thing. If you are eager to see if your computer has spyware, and want to learn how to combat it, read on.

As spyware sprouted up, so did anti-spyware applications, not unlike what occurred with viruses. There are many popular anti-spyware programs out there, but something you need to keep in mind is that some of them are fake anti-spyware or anti-virus applications, and instead of helping you, they will just install more spyware onto your computer. Some programs known to do such a thing are SpyTrooper, SpyAxe, and Antivirus Gold. Simply put, if you don’t want to have to worry about getting one of these rogue applications, just stick to the programs listed here, which should be more than enough for almost every situation.

That being said, I recommend you download the following anti-spyware programs:

While each of these programs can work by themselves rather well, the simply fact is that each and every one of them has their strengths. SpyBot is the best overall, as it searches for all known spyware and can eradicate it quite well. Ad-aware, on the other hand, can’t identify known spyware as well as SpyBot, but can identify unknown spyware, since it searches your whole hard drive instead of just locations of known spyware. Windows Defender combines the two of those to a certain extent, but its real strength is real-time scanning… that is, it will alert you if a spyware program is trying to install itself before it gets embedded into the system and does any damage, which is an especially useful thing to have. That being said, I use the programs to scan my computer in the order listed above (that is, SpyBot first, then Ad-Aware, etc.), but you can do whatever you feel is the best after you have a general feel of each program’s strength and weaknesses. Below I will go through the general installation and usage of all three programs.

SpyBot Installation and Usage

Installing SpyBot is very straight-forward. Just choose English as your language, press next a few times and agree to the License Agreement. When you get to the portion where you need to choose which components to install, I recommend you uncheck Additional Languages if you only speak English, as you don’t want to waste 2.7MB of hard drive space. Press next two or so more times until you get to the part where you can choose if you want an icon on the desktop, etc. As far as the icons go, that is your choice. As far as the permanent protection options go, I recommend you don’t use either. Windows Defender takes care of the second option, and the first option will become irrelevant if you don’t use Internet Explorer anymore (see below for Firefox discussion). Press next a few more times, then Finish (leaving the check box to run SpyBot checked).

When SpyBot first runs, it gives you a warning message regarding the fact that if you remove certain spyware programs, the programs that installed them may not work anymore. This is entirely true, and it is something you may want to keep in mind. Needless to say, you really should never need to use any spyware-ridden program, so I don’t think breaking the program should bother anyone. I recommend checking the box so it won’t show you the message again. Then press OK.

A wizard will come up that will guide you through the initial setup of SpyBot. The first option is backing up the registry. This will take a few minutes, but I highly recommend you do it, just in case something goes wrong later on. Press Next when it is finished. The next option is finding and downloading updates. This is a CRUCIAL step, as not doing this will leave you vulnerable to the newest spyware threats. During the course of the update, SpyBot may restart. If it does, you will be into the main interface. Otherwise, you can follow the rest of the wizard and then you will be at the main interface as well. The first thing you want to do is click on Immunize on the side. Press OK to the message that comes up, and press the green plus button at the top of the screen to immunize your system. This prevents certain bad software programs from being installed.

When immunization is finished, press the Search and Destroy icon on the side bar. This is the main part of the program, where SpyBot will actually go through and find any spyware. Press the Check for Problems button and it will do its thing. This may take a long time, depending on your computer’s speed. As of the time of writing, SpyBot was looking for over 38,000 spyware programs. To give you an idea as to why updating is so important, in October of 2005, there were only 23,000. In less than seven months, then, over ten thousand new threats were discovered. In my case, I didn’t find anything. If you didn’t either, you are in very good shape. However, if you use Internet Explorer on a daily basis I can almost gaurantee you will have at least ten problems. If you click on a piece of spyware, and expand the double arrows on the side, SpyBot will tell you what it is. Check all the ones you want to delete. Usually the ones it checks for you are the ones you need to get rid of. Then press Fix Selected Problems. It will go through and delete all the culprits. When it is finished, you can close the program.

One notable feature of SpyBot is starting before Windows loads all of your programs. If it was unable to delete some of the programs in the above step, it will ask you if you want to start it at system startup. What this will do is let SpyBot run before all your spyware loads. The reason this is necessary is because you can’t delete programs that are currently running, so if the spyware you are trying to delete is running in the background, you won’t be able to remove it with SpyBot. Using this start-up run feature can help get rid of a lot more of the problems than just running it normally, and I recommend you do it every time SpyBot suggests it, in order to eradicate all threats.

Make sure before every subsequent scan you do later on, you Search for Updates and download all of them.

Ad-Aware Installation and Usage

The installation of Ad-Aware is much easier than SpyBot. Just press Next through the whole thing. At the very last screen, before you press Finish, I recommend you uncheck Open Help File and Run Full System Scan Now, just so we get a chance to explore the interface before the initial scan. Do, however, leave Update Definition Files checked. The same thing goes with these as with SpyBot… the scanning is only as good as the definition files, so you need the latest ones to combat the latest theats. Press Finish and the updated definitions will be downloaded, then Ad-Aware will restart into the main interface.

The only thing you really need to note in this main screen is the little world icon in the top right (next to the i icon). This is what you will click on every time you start the program in order to update it, which I recommend you do before every scan. Once you open that window up, simply pressing Connect will search for and download any updates. Doing so now should tell you that you are up-to-date, so just press Finish.

Other than that, all you need to do is press Start. The two main modes available are Smart System Scan and Full System Scan. I use Smart System Scan nearly every time I scan, and I only recommend the Full scan if you think you are infected with spyware and want to make sure you get everything. I also usually uncheck the box that says Search for Negligible risk entires. All this does is look for the files that contain your Most Recently Used (MRU) files. What those are is, for example, in Windows Media Player, you can go to File->Recent File List to see the music you played recently. If you do want to clean those out, leave it checked. Otherwise, uncheck it now. Make sure the Smart System Scan is the selected option, and then press Next to scan your hard drive. If you have a lot of files, this will usually take longer than SpyBot.

When the scan is completed, press Next. The window that comes up will display all of the spyware objects found. The biggest difference between this and SpyBot is that Ad-Aware does not automatically check entires. You need to manually check the ones you want to delete. More often than not, you want to select them all, so right-click any entry, and press Select All objects. I just wanted to note that althought SpyBot found nothing, Ad-Aware found 1 critical object, a tracking cookie. This shows that each program has their own strengths. Anyway, after selecting the objects you wish to delete, press Next, and then OK to confirm. The files will be removed, and you will be brought back to the main interface. You can then close the program.

Windows Defender Installation and Usage

The Windows Defender install has some kinks in it. If you downloaded it from the Microsoft website (meaning you have a validated version of Windows), then the install should be fine. However, if you downloaded it from the mirror provided above, or any other site, then you may have problems. The reason is because it needs to see a certain version of Windows Update on your computer. Specifically, the version of Windows Update that validates your copy of Windows. There are numerous ways to get to that version of Windows Update without actually validating Windows, but for legal reasons they will not be discussed here. Google is your friend, if you decide to take that route.

Regardless, I am going to assume that, one way or another, you downloaded and completed the install of Windows Defender. After installing it, it will run in the background and alert you any time a program tries to do something spyware-like. Take note that if it alerts you while you are installing software, you should Allow the action. Installing software, even legitamite software, may edit registry keys or set a startup program, things Windows Defender considers to be spyware activity. So, just don’t panic and press Block every time it pops up. It will often tell you what program is doing it, but a general rule of thumb is to only Allow things while you are installing a known-good software applications (discussed briefly at the end of this article).

I use Windows Defender only to get those alerts. However, it does have scanning functionality like the rest of the anti-spyware applications discussed above. Go to your Start Menu, then All Programs, then Windows Defender to open the actual program up. All you have to do is press the Scan button at the top of the screen and it will go ahead and scan your system. If you click the down-pointing arrow next to the Scan button, you can specify a Quick or Full scan, which are similar to the Smart and Full scans of Ad-Aware. After the scan is complete, you can remove them similarly to SpyBot program, where it automatically chooses what options to do. Take note, however, that Windows Defender has the most false positives of all the programs. That is, it may say something is spyware that is actually a perfectly good program. One example I ran into was RealVNC; Windows Defender wanted to delete it, but RealVNC, while it can be used to monitor someone’s activity, has many good uses. Just make sure you look over what it is going to delete before giving the program the go ahead.

Like I said, I don’t use Defender’s scanning functionality that much, simply because it has those false positives and it doesn’t detect as many things as the other two programs. That being said, its alerts are very helpful in preventing spyware from getting to your computer, which is why I recommend you have the program. This brings me to the final topic…

Prevention of Spyware

If you followed the article so far, you know how to use SpyBot, Ad-Aware, and Windows Defender to scan and remove spyware that is on your system. However, removing it is only the first step. You must take the proper precautions if you want to prevent the spyware from infecting you all over again.

The first thing I recommend you do, and the most effective, is to install Mozilla Firefox and use that as your default browser. The reason Firefox is so much better in terms of spyware is because it does not support Microsoft ActiveX. That is the platform that most spyware programs exploit in order to get on your system, so if you don’t have it enabled (which is the case when you use Firefox), most spyware can’t even touch you. One particular line I liked on Wikipedia’s entry on spyware is that: “Not a single browser ranks as safe, because in the case of spyware the security comes with the person who uses the browser.” That being said, Firefox is the safest you can get in terms of just a browser.

You can get Firefox here. The install is extremely easy. Just press Next a couple times, and then, finally, Finish. When it first starts up, it will offer to import settings and bookmarks from Internet Explorer. Accept the default choice and press Next. The next option is for your homepage. I recommend you change this option to Import your Home Page from Internet Explorer. Then press Next, and finally Finish. The browser itself will now load. It will alert you that Firefox is currently not set to be your default browser, and then ask you to change it. Press Yes to set Firefox as your default browser. You will now be inside the browser. I now recommend you exit the browser and replace all your icons pointing to Internet Explorer to icons pointing to Firefox. I then recommend you to use Firefox ALL THE TIME.

If you take my advice, and plan on using Firefox long term (there is no reason not to!), then I suggest that you take this time to go on over to Macromedia’s website and download Flash player. Most new users to Firefox get discouraged when they go to websites, which don’t display because they are Flash sites. They then go back to the spyware-friendly Internet Explorer. If you install Flash Player now, I gaurentee you 99.9% of websites will work exactly like they did on Internet Explorer. The only sites that don’t work on Firefox are ones that require ActiveX. The only one that I use on a daily basis that requires ActiveX is FilePlanet, which has an ActiveX download manager that it uses when downloading files. I implore you to use Firefox all the time, and only open Internet Explorer to go to TRUSTED sites that require ActiveX. (Also, take note that Firefox has tabbed browsing. If you press Control+T, it will open a new tab. You can then go to another site, while your previous site remains in the other tab. You can switch between tabs simply by clicking on them. Learning how to use this feature effectively will make your browsing experience so much more efficient.)

The second action I advise you to take is simply to run your anti-spyware applications once a month. I only use SpyBot once a month, and never use Ad-Aware unless I suspect that I’m infected. As the above quote from Wikipedia suggests, Firefox is not the ultimate solution. If you are a well-informed user of Firefox, you will not get any spyware. But the average PC user is not well-informed, and may answer Yes to the wrong dialog box. That being said, if you run SpyBot once a month you can insure that any spyware that did find a way to your system will be removed in a timely fashion. Also make sure you UPDATE the definitions of SpyBot and Ad-Aware (Windows Defender does this automatically) before running any scans.

One way spyware can get on your computer is that it can come bundled with software. Well-known culprits of this are Bonzi Buddy and Gator. To prevent yourself from being infected by spyware in this way, you should only download software from trusted sites. CNET’s Download.com is probably the largest software downloading site on the Internet, and all of its applications are now tested to be spyware-safe. Downloading from them should yield spyware-free applications, and add an extra layer of protection to your computer.

The final bit of advice for preventing spyware is also a great way to generally make your computer more secure. About once a month, you should run Windows Update (available through the Start Menu). This will update your version of Windows, filling in any holes that spyware-makers can use to infect you. Updating Windows also will give you the latest versions of Windows Media Player and Internet Explorer. So, when you go to those ActiveX sites that you need to use Internet Explorer for, you can rest assured that you have the latest and most secure version of the browser. Keep in mind that Windows Update runs in Internet Explorer, so when you are finished updating you should close Internet Explorer and go back to Firefox.

Following the above advice on detecting, removing, and preventing spyware should help you clean up your computer, end annoying pop-up ads, and can even speed up your computer considerably. Following the advice in the Prevention section should keep your system spyware-free, and keep everything running smooth.


Posted in Tech | Comments Off on Spyware 101: Detecting, Removing, and Preventing

Comments are closed.