Threats - Viruses, Spyware, Malware, and Phishing

Viruses and Spyware and Malware  .  .  .  the evil trio of computing  .  .  .  and the more recent "Phishing", which is a carefully designed trick website with a key logger that grabs your personal information as you type it in (Name, Address, Credit Card numbers, passwords, etc).  

Malware is a loose term, that includes spyware, adware, trojans, worms, auto-dialers, and keyloggers.

As a user, you need to be defended against these threats - especially now, with Microsoft issuing bulletins and patches almost daily, about newly discovered threats.  You will never block or remove all of it, but it's just a never-ending task that you must perform.  But be forewarned - it is a tedious process !!  

Viruses - the most damaging viruses typically attack the boot sector of your hard drive.  Less dangerous but very troublesome are those that infect Internet Explorer, or your Email (remember the "Love" viruses?).

Spyware - spyware differs from viruses, in that it is not used to disable or damage your PC in any way.  Instead, it is used to report back (spy) to a central database.  Spyware often comes in the guise of a slightly useful utility, that does offer some sort of function, such as an Internet Web Search Utility - but at the same time sends your personal information back, such as your hardware you use, which programs you run, what websites you commonly hit, etc.

Beware Porn Sites - The Price Tag is Spyware!  -  It was always suspected but now a source reported that practically ALL porn sites (98%) use some kind of spyware to track visitors. I do have to qualify this with the fact the source is a vendor of spyware tools, so you need to take that into account. Porn sites are using spyware like Data Miners, and this malware was immediately followed by Windows Exploit Trojans.

To make things worse, 15% of the sites launch porn dialers that will cost your organization even more by raking up costs for long-distance phone numbers. Browser Hijacks are also used in 95% of the cases, which are a real resource killer with their pop-up ads and bandwidth consumption. New variants appear constantly, and can bring and end-user's box to a standstill.

Phishing :  Phishing, or brand spoofing, attacks involve legitimate-looking e-mail messages that appear to come from real organizations in an effort to "phish" for personal or financial information. Phishers have spoofed Web sites like eBay, PayPal, MSN, Yahoo, Best Buy and America Online.  The way it works, is you receive an email that appears to be from your ISP or other trusted provider.  It says something about a problem with your account and the need for verification.  It supplies a link to an official looking website with a form.  You fill out the form, and then send it (or even if you realize that it is bogus just before sending - but have filled it in - they sometimes have already hacked you and capture the keystrokes as you type). 

There is no anti-phishing software.  The only way to protect against Phishing is to be alert and non-trusting.  Be suspicious of suspicious emails !!!  



Defending Your PC

There are three primary utilities you will need to defend your computer.  In addition, if you are infected with a particularly dangerous, new virus that is not yet protected by your software, go to Mcafee or Symantec's website.  They usually post up manual removal instructions and/or a standalone removal tool :

1 - Antivirus Utilities 

Make sure to get one with auto-protect and scanning capabilities.  The three most popular, and excellent antivirus programs are:

There are many others also, such as Panda, PC-cillin, etc.  If you have no money:

2 - Spyware Detection & Removal Tools  - and finally, a Spyware Blocking Tool !!

You will need to run ALL of these to get rid of as much spyware as possible.  Also, make sure to update them as much as possible, since new spyware is always coming out on the web.

IMPORTANT - none of these utilities find all Spyware - not even close - for example, recently, Spybot found "AdBureau, Avenue, DoubleClick, MediaPlex, and HitBox" on my PC.  AdAware found none of those !!  But AdAware found a number of Spyware entries that Spybot missed.  The same is true of Bazooka and HiJack This.

Note from the Author - I do not work for LavaSoft and have absolutely no connection with them.  However . . . .

GET AD-WATCH !!!!!!!!!!!!!!!!!!!!!  And most of your Spyware problems will be over.  It is not available as a standalone product - but it comes packaged with Ad-Aware SE Pro, available at LavaSoft.  

I spent most of 2004 cleaning and cleaning and cleaning Spyware from my system.  The Anti-Spyware tools worked well, and removed the spyware.  BUT IT ALWAYS CAME BACK - usually within days.  So I also spent most of 2004 wondering why there was no utility to block spyware from ever entering my computer.  ENTER Ad-Watch.  This is an auto-protect utility that runs in the background, and like Norton Antivirus, runs in the background and shows up as a small icon in the system tray.  SInce installing Ad-Watch, the Spyware that used to blast it's way into my system, now enters at a snail's pace, as 99% of it is SUCCESSFULLY blocked.  They have convinced me - this works !! 

Now - again, no matter how good LavaSoft's products are  .  .  .  so far, no Anti-Spyware tool can get rid of it all.  So download and use the products from the following list.  Once a month is enough usually, but if you notice a lot of odd problems, run them again.  IMPORTANT - make sure to run their "Check for Updates" each time before scanning for spyware:

*** Make sure to Look for Leftover Spyware - open Explorer and go to Program Files - spyware loves this folder. Look for suspicious folders, check their contents in Google Groups to see if they are spyware, and delete them. Also look in the c:\temp folder and delete any suspicious files.

3 - Personal Firewall  

- (see also ) - this will protect your PC from unauthorized access from Hackers.  It locks down many of the TCP and UDP ports that are favorites of hackers, and look for backdoor (Trojan Horse) probes as well.  The new Windows XP Service Pack 2 will automatically turn on the Microsoft Firewall (which previously was optional).  However, you may want to invest in a 3rd part vendor's tried and true firewall, with an update feature.  Here are the best personal firewalls:

Others include - eTrust, Fireball, Freedom/Hacker Stopper, F-Secure, Kerio, Look'n'Stop, McAfee, Outpost, Panda, PC-cillin, Preventon, PrivateFirewall, , Sygate, Terminet, Tiny & Trustix


Spyware Removal

What is Spyware? A technology that assists in gathering information about a person or organization without their knowledge. On the Internet, "spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties." In some cases even after these programs have been removed from your system. As such, spyware and or Malware is cause for public concern about privacy on the Internet. These type applications also in many cases can cause unknown browser problems.

How did this happen?

When your Security settings are "soft" these sites take advantage of this and actually install software on your system without your knowledge or consent. In other cases downloaded software comes bundled with other "components" (spyware\adware) that you don't realize exists until you start having problems or discover your browser has been hijacked.

Recommended Minimal Security Settings

Close all instances of Internet Explorer and Outlook Express
Control Panel | Internet Options | Click on the "Security" tab
Highlight the "Internet" icon, click "Custom Level"

Click on the "Content" tab, Click the "Publishers" button

Click on the "Advanced" tab

How To: Prevent this from happening again?

The first thing you must remember is that adware\spyware tools are basically for removal after the fact. The trick is "layered protection" for maximum prevention!

1) Use a HOSTS file and keep it updated!
2) Make use of the Internet Explorer Restricted Zone
3) Install a firewall (see -  Security Issues)
4) Install an Antivirus program (see -  Security Issues)
5) Add a Startup Monitor (freeware) to protect your system [more info]
6) Improving the security of your computer (Microsoft)
7) Add SpywareBlaster 3.2 to your "Layered Protection"

How To: Safely remove these Parasites from your system

Experienced Users SpyBot 1.3 [freeware]
Once installed make sure to update via online before scanning!
Fix the items labeled in red, items labeled in blue-green are optional.
Spybot S&D Support Forum: [Net-Intergration] How To: [Tutorial]

One of the newer tricks Coolwebsearch uses is to block the infected user from accessing most major anti-spyware programs and sites. Download: CWS.SmartKiller  [site2]

Novice Users Ad-Aware SE Personal 1.03 [freeware]
Once installed make sure to update via online before scanning!
Lavasoft Support Forum Note: Lavasoft also has a HijackThis section at their Forum

Double-check your system with HijackThis! (after using one of the above)

Download: HijackThis 1.98.2 [freeware] from: [author] [site1] [site2] [site3]

Editors Note: Since HijackThis does not (yet) come with a install routine, create a folder via Windows Explorer for HijackThis, then move the file to this folder. This way any backups created are saved in a legit folder. I've seen too many instances where the user runs HijackThis from a temp folder and any backups are lost if that temp folder is cleaned out. You should also make sure you are using the latest version each and every time you run HijackThis, as there are new detections added all the time.

Unzip, double-click "HijackThis.exe" and Press "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Click: "Save Log" (generates: "hijackthis.log") HijackThis Tutorial (recommended read)

  Next, go to:

Sign in, go to the "Spyware and Hijackware Removal" section.
Press "New Topic", copy and paste hijackthis.log into your new message.

Visiting the SpywareInfo Forum or one of the other recommended Forums, to finish cleaning up your system is highly recommended. As neither Ad-Aware or SpyBot can no longer completely remove these pests. This is mainly due to new daily threats and the use of random generated filenames used by these parasites!

  Dealing with Coolwebsearch and affiliates

Editors Note: there are now nearly 10,000 Coolwebsearch affiliates!
They do this as a "Pay-per-Click" scheme, basically getting a few cents for each user that gets hijacked to Coolwebsearch or one of it's major affiliates. Nice guys huh? Most of these affiliates are Adult related, so be careful where you surf and practice Safe Hex!

Additional Prevention

Both the HOSTS file and the Restricted Zone entries target most of the major parasites, hijackers and unwanted search engines. If you are also having trouble with unwanted pop-ups - [start here] There are however several severe security risks that still exist in Internet Explorer. Until Microsoft releases a (hot fix) patch, users can protect themselves by taking several other steps.  [more info]

Various Registry Fixes

To use: download - right-click and select: Edit to view in Notepad.
Right-click and select: Merge - to enter the info into the Registry, and reboot.

Note: always backup the Registry before making any changes. Also be aware these reg files are intended for stand-alone or home users. Corporate users are urged to check with their network supervisor before removing restrictions.

Removing Unwanted IE Menu Items

To manually remove from the Registry [Experienced Users]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt]

Repairing your Winsock Connection

If you have suddenly lost your Internet connection after removing spyware (such as NewDotNet, and Commonname) the following steps will help restore your connection.

Editors Note: in a emergency situation you can get ToolbarCop 2.6, to fit on a floppy disk, and transfer to the affected machine.

Various Troubleshooting Articles

  Other Spyware and Parasite related Sites and Newsgroups