|
Basic information on preventing and removing spyware
The term spyware is used here to describe parasites that can dramatically affect your computer. There are actually several types of malware, such as spyware, adware, worms, trojans, dialers, and the list goes on and on. This information is provided for informational purposes only to give you an idea of where to look if you think you've been infested. If you need help or to research spyware check the spyware help links page.
I, as well as millions of others, learned about fighting spyware the hard way - by having it install itself on your system and not knowing how it got there, or in some cases, by drive-by downloads. The best way to fight spyware (besides having an up to date anti-virus program, firewall, and anti-spyware programs, and performing regular updates of your windows operating system) is by using common sense and caution. If you receive an email from someone you don’t know with a file attached, don’t open or download the file. If you receive a file from someone you know, scan it with an anti-virus program first before running it. There are several online virus scan sites that scan your computer for free while you’re online. The spyware link page contains links to online virus scanners.
Ebay, Citibank, Bank of America, Microsoft and other larger corporations do not send emails asking for your personal information. If you receive an email from what looks like a reputable company asking for your account and personal information, pick up the phone and call them first. These companies already have your information and will not request it through email. Microsoft does not send attachments claiming to be updates with emails either.
Another major cause of spyware infestation comes from peer to peer (P2P) file sharing applications. In a lot of cases, downloading music and movies through these applications can lead to all kinds of problems. The easiest way to avoid this type of infestation is to avoid these programs completely. Pirated movies and applications are often times purposely infested with spyware. It's always best to pay for and download music files from reputable sites. This will save you from a lot of legal implications as well.
If you receive a pop-up while surfing the internet stating that you have spyware on your system, you can rest assured that it’s a probably a ploy to get you to download and run their spyware software, which is either total garbage, or in worst case scenarios, contains spyware itself. Do not download anything or click in these windows requesting more information. Close them. For a partial list of spyware programs, see programs that are suspected to be infected with spyware and this database of spyware programs.
If you do not have a pop-up stopper, either press alt+F4 or control+W, which closes the current window, or press the escape button which stops the page from loading. Some of the pop-ups are very persistent. If worse comes to worse, give it the three finger salute - press control+alt+delete simultaneously to bring up your task manager and close the window that way. The google tool bar for internet explorer has an excellent pop-up stopper, and it's free.
If you're not familiar with a program you want to try, run a google search for spyware. Type the name of the program followed by the word spyware and check the results that come up. Never open files from people you don't know and scan the file with an anti-virus program even if you do know who sent it to you. There are links to some excellent Free Anti-Virus programs if you can't afford one. You need to keep yourself protected, use common sense and don't panic.
If your computer starts acting funny or is sluggish, you may want to check for a Trojan, spyware or worms. It’s not always easy to find out if your computer is infected. If you do happen to get invaded by spyware, don’t panic. There are several sites that help you get rid of it, and several free tools to remove it and protect your computer. For a list of helpful free software, see the spyware links page.
Caution: The following involves searching in the registry. If you're not familiar or uncomfortable with the Windows XP (or any other version for that matter) registry do not attempt to find these. For basic information on the Windows XP registry see the Windows XP registry page. Information is provided for informational purposes only. Below is a partial list of keys and system files to check for spyware:
Registry keys and system files to check if you think you have a Trojan or spyware.
An excellent place to start searching is the run subkeys. See if there are any unfamiliar programs that run when you start your computer. Check the following:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesO nce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Expl orer\Run (NT, 2K, XP and 2003 only)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
The following registry keys should contain a value of 1. If the value is different, you may have problems. To access the value, right click the key and select value.
HKEY_CLASSES_ROOT\batfile\shell\open\command
HKEY_CLASSES_ROOT\comfile\shell\open\command
HKEY_CLASSES_ROOT\exefile\shell\open\command
HKEY_CLASSES_ROOT\htafile\shell\open\command
HKEY_CLASSES_ROOT\piffile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htafile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shell\open\command
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services - look for programs you don’t recognize.
Check your startup folders for unfamiliar programs. If there are items in your recycle bin you can’t see and can't delete, you may have spyware.
Check the win.ini file (C:\Windows\win.ini): Look in the [window] section for Run= and Load=. Items in these sections run and load automatically when you start windows.
Check the System.ini file (C:\Windows\System.ini): Look in the [boot] section for shell=explorer.exe<program name>. Any program listed after explorer.exe will also load automatically when you start windows.
Check your computer for open ports. You can use CurrPorts (http://www.nirsoft.net/utils/cports.html) (which is freeware) or Autoruns, Process Explorer and RootkitRevealer (http://www.sysinternals.com/) also freeware. All are excellent utilities and they’re free. There are numerous other useful utilities available from both sites also. HiJackfree and a-squared personal from Emsisoft are both excellent free utilities that can help locate and fight malware.
Look for unfamiliar batch files in the following folders: C:\, C:\Winnt, C:\Windows, C:\Winnt\System32 and C:\Windows\System32. Batch files end with the .bat extension.
There are numerous links on the spyware help and information links page. You'll find links to some excellent resources to help research things thoroughly.
|
