Rid the spies!
Spyware - also known as Adware or Parasite. It is in installed in a system to secretly gather information about the user and relay it to advertisers or other interested parties. Spyware is usually bundled in a software that are offered as free program or shareware and website service .
Security Issue - A spyware has all privileges of the user who installed it. It can delete, read, write, download, install another software, change or edit users' preferences. Others can even format the hard-drive!
Prevention:
1. Go to Windows Update website. Make sure that your system is fully patched. Install the latest version offered to your system. Do not use an outdated application.
2. Configure your browser properly. Microsoft has detailed information on how to secure your Internet Explorer browser.
Even if you are not using Internet Explorer, you should keep it up-to-date and make sure that all security patches are installed because it is integrated with many applications in your system that automatically run Internet Explorer. If you are using other browser, check the documentation provided by the vendor on how to secure your browser. Keep it up-to-date too.
3. Configure your e-mail client properly. It's best to practise the following in using any e-mail program:
- Disable Preview Pane
- Restrict the processing of Scripts by configuring your e-mail program to use Restricted site zone. (You need to configure Internet Explorer not to run scripts in the Restricted zones)
- Make sure that your anti-virus program is configured to monitor/scan incoming and outgoing messages (including any attachment)
- Do not open unexpected attachments
- Read all messages in plain text that stops HTML spam from downloading images that confirm your e-mail address as valid
If you are using Outlook Express, Microsoft pubished a guide in Using Virus Protection Features in Outlook Express 6
3. Block Pop-ups. You can install 3rd party application to block the pop-ups. If you are using Internet Explorer, Microsoft has info on how to Prevent Pop-up Ad Windows When Browsing with Internet Explorer. Note: The Internet Explorer in Windows XP SP2 that is due to released this year has pop-up blocker.
4. Use a firewall. Install a personal firewall that will stop or alert you if there is a malicious or suspicious application that are trying to make an outside or incoming communication from/to your system. If you are using Windows XP, you can simply enable and configure the XPs' firewall. (Note: Windows XP Firewall will only monitor incoming communication). There many firewall software available, this page has some list of free personal firewall software.
5. Install the following tools
6. Use IE-SPYAD that adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. It will:
- Stop unwanted crapware from being installed behind your
back via "drive-by-downloads"
- Prevent the hijacking of your home page and other key
Internet Explorer settings;
- Shut down ActiveX, Java, and scripting, all of which can
be employed to push obnoxious advertising on you and
compromise your privacy and security;
- Block cookies, which can be used to monitor and track your
travels around the Internet;
- Combat obnoxious script-based popups that clutter your
screen and force unwanted advertising on you.
You can also use HOST file to block ads, banners, cookies, web bugs, and even most hijackers. There are number of individuals or group that offer HOST file. Three of them are from:
Removing Spyware
1. Go to any of the following site to check if your system has spywares:
2. Download the following free tools:
3. Run CWShredder.exe (make sure that no browser or windows is open), click Fix button. Restart the computer.
4. Run TrendMicros' Damage Cleanup Engine. Make sure you've read its readme.txt before using it.
5. Install Microsoft AntiSpyware, Spybot-Search & Destroy and Ad-aware SE (update the programs before running a scan), let the 2 programs fix what it detected as spywares. Run the Ad-aware plug-ins. Reboot the system in between. If these programs prompt you to run again after a restart, do so.
6. Use Stinger and avast virus cleaner. Reboot the system in between.
7. Visit any of the 4 sites (in item #1) again to check if the system is now clean.
8. If you suspect that there is still a problem with your system or the system is still acting strange, create a new folder in C:\ and name it as HijackThis. Download HijackThis then save it in the new folder that you just created. Close all open browser then run Hijackthis.exe. Click 'Scan' then click 'Save Log' and save it in your desktop. Go to security forums that offer HijackThis log analysis. You can see the list of recommended forums in ASAP page.
Special cases:
- If you loss your internet access (cannot connect to the internet though all settings are correct), use LSP-Fix. You can also use Winsock2 Fix (designed for Windows 98, 98SE, and ME) or WinsockXPFix (direct download) (designed for Windows XP)
- If you cannot run or use CWShredder, use CWS.SmartKiller
- If your browser is hijacked with res://random .dll/random and/or seeing pop-ups when you start your browser, you might want to use About:Buster
- If you are getting an 'Unexpected error' about a missing DLL when running CWShredder or HijackThis, you need the Visual Basic Runtime Libraries available from Microsoft.
Important Note: There are other spyware/removal tools available from different site. Do not use them unless you know what are you doing. Seek advise from the forums listed in ASAP.org before running other removal tools.
Don't be fooled by fake Spyware removers!