Threats - Viruses, Spyware, Malware, and Phishing
Viruses and Spyware and Malware . . . the evil trio of computing . . . and the more recent "Phishing", which is a carefully designed trick website with a key logger that grabs your personal information as you type it in (Name, Address, Credit Card numbers, passwords, etc).
Malware is a loose term, that includes spyware, adware, trojans, worms, auto-dialers, and keyloggers.
As a user, you need to be defended against these threats - especially now, with Microsoft issuing bulletins and patches almost daily, about newly discovered threats. You will never block or remove all of it, but it's just a never-ending task that you must perform. But be forewarned - it is a tedious process !!
Viruses - the most damaging viruses typically attack the boot sector of your hard drive. Less dangerous but very troublesome are those that infect Internet Explorer, or your Email (remember the "Love" viruses?).
Spyware - spyware differs from viruses, in that it is not used to disable or damage your PC in any way. Instead, it is used to report back (spy) to a central database. Spyware often comes in the guise of a slightly useful utility, that does offer some sort of function, such as an Internet Web Search Utility - but at the same time sends your personal information back, such as your hardware you use, which programs you run, what websites you commonly hit, etc.
: Phishing, or brand spoofing, attacks involve legitimate-looking
e-mail messages that appear to come from real organizations in an effort to
"phish" for personal or financial information. Phishers have spoofed
Web sites like eBay, PayPal, MSN, Yahoo, Best Buy and America Online. The
way it works, is you receive an
email that appears to be from your ISP or other trusted provider. It
says something about a problem with your account and the need for
verification. It supplies a link to an official looking website with
a form. You fill out the form, and then send it (or even if you
realize that it is bogus just before sending - but have filled it in - they
sometimes have already hacked you and capture the keystrokes as you type).
There is no anti-phishing software. The only way to protect against Phishing is to be alert and non-trusting. Be suspicious of suspicious emails !!!
Defending Your PC
There are three primary utilities you will need to defend your computer. In addition, if you are infected with a particularly dangerous, new virus that is not yet protected by your software, go to Mcafee or Symantec's website. They usually post up manual removal instructions and/or a standalone removal tool :
1 - Antivirus Utilities
Make sure to get one with auto-protect and scanning capabilities. The three most popular, and excellent antivirus programs are:
There are many others also, such as Panda, PC-cillin, etc. If you have no money:
2 - Spyware Detection & Removal Tools - and finally, a Spyware Blocking Tool !!
You will need to run ALL of these to get rid of as much spyware as possible. Also, make sure to update them as much as possible, since new spyware is always coming out on the web.
IMPORTANT - none of these utilities find all Spyware - not even close - for example, recently, Spybot found "AdBureau, Avenue, DoubleClick, MediaPlex, and HitBox" on my PC. AdAware found none of those !! But AdAware found a number of Spyware entries that Spybot missed. The same is true of Bazooka and HiJack This.
Now - again, no matter how good LavaSoft's products are . . . so far, no Anti-Spyware tool can get rid of it all. So download and use the products from the following list. Once a month is enough usually, but if you notice a lot of odd problems, run them again. IMPORTANT - make sure to run their "Check for Updates" each time before scanning for spyware:
- Example - I had an Internet Explorer Favorites folder called "Internet", with bookmarks that have taken me years to save. Ad-Aware wrongly identified numerous Favotites that I use all the time as being "Cool Web Search" spyware. So I removed all the "spyware" and lost many of my Favorites !!! I then had to re-instate them.
*** NEW - Lavasoft's Ad-Watch ***
Bazooka" - it will not remove the spyware for you, but lists simple instructions on how to remove each threat that it finds. Bazooka finds a couple of spyware programs that neither Spybot nor Ad-Aware can find.
Hijack This - BE CAREFUL !! Hijack will find a lot of "false positives", which are valid program files. This is why it has no default checking of items to be removed - there is an option for that in the Config, but leave it as is, so you have to manually check items. Nevertheless this is a very important utility - because it can get rid of unwanted Internet Explorer buttons, toolbars, and pages that popup when you start IE. No other utility can do this !!! Download: HijackThis 1.98.2 [freeware] from: [author] [site1] [site2] [site3]
*** Make sure to Look for Leftover Spyware - open Explorer and go to Program Files - spyware loves this folder. Look for suspicious folders, check their contents in Google Groups to see if they are spyware, and delete them. Also look in the c:\temp folder and delete any suspicious files.
3 - Personal Firewall
- (see also http://www.firewallguide.com/software.htm ) - this will protect your PC from unauthorized access from Hackers. It locks down many of the TCP and UDP ports that are favorites of hackers, and look for backdoor (Trojan Horse) probes as well. The new Windows XP Service Pack 2 will automatically turn on the Microsoft Firewall (which previously was optional). However, you may want to invest in a 3rd part vendor's tried and true firewall, with an update feature. Here are the best personal firewalls:
Others include - eTrust, Fireball, Freedom/Hacker Stopper, F-Secure, Kerio, Look'n'Stop, McAfee, Outpost, Panda, PC-cillin, Preventon, PrivateFirewall, , Sygate, Terminet, Tiny & Trustix
What is Spyware? A technology that assists in gathering information about a person or organization without their knowledge. On the Internet, "spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties." In some cases even after these programs have been removed from your system. As such, spyware and or Malware is cause for public concern about privacy on the Internet. These type applications also in many cases can cause unknown browser problems.
How did this happen?
When your Security settings are "soft" these sites take advantage of this and actually install software on your system without your knowledge or consent. In other cases downloaded software comes bundled with other "components" (spyware\adware) that you don't realize exists until you start having problems or discover your browser has been hijacked.
Recommended Minimal Security Settings
Close all instances of Internet Explorer and Outlook Express
Control Panel | Internet Options | Click on the "Security" tab
Highlight the "Internet" icon, click "Custom Level"
Click on the "Content" tab, Click the "Publishers" button
Click on the "Advanced" tab
How To: Prevent this from happening again?
The first thing you must remember is that adware\spyware tools are basically for removal after the fact. The trick is "layered protection" for maximum prevention!
1) Use a HOSTS file and keep it updated!
2) Make use of the Internet Explorer Restricted Zone
3) Install a firewall (see - Security Issues)
4) Install an Antivirus program (see - Security Issues)
5) Add a Startup Monitor (freeware) to protect your system [more info]
6) Improving the security of your computer (Microsoft)
7) Add SpywareBlaster 3.2 to your "Layered Protection"
How To: Safely remove these Parasites from your system
Experienced Users SpyBot 1.3 [freeware] http://security.kolla.de/
Once installed make sure to update via online before scanning!
Fix the items labeled in red, items labeled in blue-green are optional.
Spybot S&D Support Forum: [Net-Intergration] How To: [Tutorial]
One of the newer tricks Coolwebsearch uses is to block the infected user from accessing most major anti-spyware programs and sites. Download: CWS.SmartKiller [site2]
Novice Users Ad-Aware SE Personal 1.03 [freeware] http://www.lavasoftusa.com/
Once installed make sure to update via online before scanning!
Lavasoft Support Forum Note: Lavasoft also has a HijackThis section at their Forum
Double-check your system with HijackThis! (after using one of the above)
Download: HijackThis 1.98.2 [freeware] from: [author] [site1] [site2] [site3]
Editors Note: Since HijackThis does not (yet) come with a install routine, create a folder via Windows Explorer for HijackThis, then move the file to this folder. This way any backups created are saved in a legit folder. I've seen too many instances where the user runs HijackThis from a temp folder and any backups are lost if that temp folder is cleaned out. You should also make sure you are using the latest version each and every time you run HijackThis, as there are new detections added all the time.
Unzip, double-click "HijackThis.exe" and Press "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Click: "Save Log" (generates: "hijackthis.log") HijackThis Tutorial (recommended read)
Next, go to: http://www.spywareinfo.com/forums/
Sign in, go to the "Spyware and Hijackware Removal" section.
Press "New Topic", copy and paste hijackthis.log into your new message.
Visiting the SpywareInfo Forum or one of the other recommended Forums, to finish cleaning up your system is highly recommended. As neither Ad-Aware or SpyBot can no longer completely remove these pests. This is mainly due to new daily threats and the use of random generated filenames used by these parasites!
Dealing with Coolwebsearch and affiliates
Editors Note: there are now nearly 10,000 Coolwebsearch affiliates!
They do this as a "Pay-per-Click" scheme, basically getting a few cents for each user that gets hijacked to Coolwebsearch or one of it's major affiliates. Nice guys huh? Most of these affiliates are Adult related, so be careful where you surf and practice Safe Hex!
Both the HOSTS file and the Restricted Zone entries target most of the major parasites, hijackers and unwanted search engines. If you are also having trouble with unwanted pop-ups - [start here] There are however several severe security risks that still exist in Internet Explorer. Until Microsoft releases a (hot fix) patch, users can protect themselves by taking several other steps. [more info]
Various Registry Fixes
To use: download - right-click and select: Edit to view in Notepad.
Right-click and select: Merge - to enter the info into the Registry, and reboot.
Note: always backup the Registry before making any changes. Also be aware these reg files are intended for stand-alone or home users. Corporate users are urged to check with their network supervisor before removing restrictions.
Removing Unwanted IE Menu Items
To manually remove from the Registry [Experienced Users]
Repairing your Winsock Connection
If you have suddenly lost your Internet connection after removing spyware (such as NewDotNet, and Commonname) the following steps will help restore your connection.
Editors Note: in a emergency situation you can get ToolbarCop 2.6, to fit on a floppy disk, and transfer to the affected machine.
Various Troubleshooting Articles
Other Spyware and Parasite related Sites and Newsgroups