Spyware Guide
1. What is Spyware?
2. Spyware or Virus?
3. Symptoms of Infection
4. Known Culprits
5. Removing Spyware
6. Links, Downloads and Further Reading
1. What is Spyware?
Spyware predominantly consists of computer software that accumulates and reports on the users Internet browsing habits without their consent.
Other forms of Spyware can refer to a range of unwanted products which can bombard a user with pop-up adverts, harvest confidential information, re-direct to fraudulent webpages and install stealth phone dialers.
Spyware is also known as Malware, Scumware, Adware and Parasite, to name a few of its more pleasantly known aliases.
However, as most users will think anything abnormal occurring is Virii related, my intention here is to help people differentiate between Viruses & Spyware.
2. Spyware or Virus?
Although Spyware can resemble Virii in more ways than one, (both auto execute and install without any user consent), there are major differences between the two.
Viruses rely purely on users with poor security in it's attempt to infect and spread to avoid detection, whereas Spyware relies on persuading credulous users to download and install it by offering a kind of "bait".
One such example aimed at children is Bonzi Buddy that claims:
"He will explore the Internet with you as your very own friend and sidekick! He can talk, walk, joke, browse, search, e-mail, and download like no other friend you've ever had! He even has the ability to compare prices on the products you love and help you save money! Best of all, he's FREE!"
A typical piece of spyware installs itself in such a way that it starts every time the computer boots up (reducing stability), runs at all times, monitors Internet usage and delivers targeted advertising to the affected system.
3. Symptoms of Infection
Some Spyware has additional consequences, other than slowing the PC down and not all of them are pleasant.
Stealth dialers may attempt to connect directly to a particular telephone number rather than to a user's own intended ISP. Connecting to the number in question usually involves long-distance or overseas charges, resulting in huge telephone bills which the user has no choice but to pay.
Some other types of spyware go to the extent of modifying system files to make themselves harder to remove. In particular, Targetsoft actually makes modifications to the Winsock files and the deletion of these files will result in an severe interruption to normal network activity.
4. Known Culprits
Generates Pop-ups / Potentially damages systems:
- 180 Solutions
- DirectRevenue
- lop.com
- Bonzi Buddy
- Cydoor
- Gator
- New.net
- ShopAtHomeSearch
Hijacking Browsers:
- CoolWebSearch
- Euniverse
- Xupiter
Fraudulent:
Espionage:
- Back Orifice
- is also classified as a Trojan Horse
Miscellaneous:
- Internet Optimizer
- MarketScore
- CnsMin
5. Removing Spyware
In some instances where a computer's performance has degraded to such a point that it no longer functions reliably, a full uninstall/reinstall of the Operating System may be required.
However the focus here is on the removal of Spyware (where possible) and hopefully, preventing it from occurring on the users system.
First, let's start by rebooting the end user's computer into Safe Mode. Reboot the machine as normal and start tapping [F8] repeatedly.
A screen will load up where you can choose to boot into Safe Mode. Select this option and press Enter. You will now see a screen where you can select the Operating System - just press Enter to continue booting into Safe Mode.
Once logged into Safe Mode, click on Start > Run and enter the following command:
msconfig
This opens the System Configuration Utility. Choose Selective Startup and click onto the Startup tab.
The selected items are what programs automatically load on the startup of the computer. As most of this will seem like gibberish to the end user and as such, it is essential to know what is necessary and what we don't want. I have included a link to a comprehensive guide to startup entries here.
Once the unwanted items have been unticked, restart the computer and boot into Windows normally.
Please bear in mind that this is not guaranteed to resolve all issues of Spyware but some entries will make themselves apparant in the Add/Remove Programs of the Windows Control Panel and I would suggest removing what you can manually from there also.
As Spyware also takes advantage of security holes found in Internet Explorer, I also recommend certain browsers such as Firefox and Opera which provide a more stable and alternative approach to web browsing.
6. Links, Downloads and Further Reading
Useful Links
Downloads
Further Reading
|