Akron Cigar Club, Akron Ohio
 
Tech Tips
Club Info ACC News Minutes By-Laws Tech Help
 
Home
Forums
Cigar
Cigar Review
Calendar
News
Contact Us
Links
  Akron Cigar Club - Tech Tips

Tech Tips - Spyware

 

Table of Contents

  1. What is spyware?
  2. How can I get rid of spyware?
  3. Software hangs but no spyware found.
  4. What should I know about anti-spyware software?
  5. What do I need to get rid of viruses?

What is spyware?

Spyware is a general term for a program that secretly monitors your actions (ie.; web surfing, email usage, etc) or collects and sends personal information to a 3rd party on the Internet. Sometimes times they are sinister such as acting like a remote control program for a hacker to use to control your PC for dubious purposes or software companies using it to gather data about their customer's web surfing habits to use to sell the data to other marketers. Generally spyware is frowned upon because of the secretive nature - the user is unaware of what it's doing or how it's using the data it is collecting.

The precise definition of spyware varies depending on who you ask. The calling card of a spy is that it is sneaky and not easily noticed. Spyware is any software that performs sneaky activities behind the user's back--these activities can range from installing itself onto your computer, gathering information on you and transmitting it across the Internet, downloading files or running programs on your computer, messing with your system settings, or even trying to silently pass itself on to others.

Like a real spy, it may don disguises to hide itself and its intentions. It will try very hard not to be noticed. It will persist in the background even after you tell it to go away. It might even try to hide from you if it knows you're looking for it!

Some characteristics of spyware:

  • Collects information from your computer without your knowledge and/or consent

  • Transmits a unique code to identify you (for tracking purposes) without your knowledge and/or consent

  • Collects/transmits information about your computer use or other habits without your knowledge and/or consent

  • Installs itself on your computer without your knowledge and/or consent

  • Keeps reinstalling itself, no matter how many times you remove it

  • Performs other unwholesome duties without your knowledge and/or consent

    • You can also take a look at a good FAQ about spyware here: <http://www.io.com/~cwagner/spyware.html>

     

    Back to Top

    How can I get rid of spyware?

    IMPORTANT: Be sure to type web addresses in exactly as stated here (copy it from here is best approach). There are many "imposters" with web addresses that are SIMILAR to the valid web addresses. These "imposters" pose as spyware removers when they are actually spyware themselves.

    1. Boot Windows up in SAFE MODE and run anti-virus scan of entire system

    2. Install and run Ad-aware and remove any found. I recommend running this program regularly, weekly. You can find this program at <http://www.lavasoftusa.com/>

    3. Install and run Spybot Search & Destroy and remove any found. I recommend running this program regularly, weekly. You can find this program at <http://www.safer-networking.org/>.

    4. Install and run CWShredder. You can find this program at <http://www.spywareinfo.com/~merijn/files/CWShredder.exe>

    5. Check your browser for spyware (aka parasites): <http://www.doxdesk.com/parasite>

    There are also programs available that will show you your PC's startup entries along with what are called Browser Helper Objects (BHO). These objects are add-on pieces of software which enhance your Internet browser (re.; Internet Explorer, Mozilla, Opera, Netscape Navigator, etc). In many cases the spyware will add these types of objects to be used to tracking your web surfing and/or keyboard entries.

    Caution: Be careful when running these BHO detector programs, you could break Windows and/or software applications if you remove the wrong items. See sites where security people will help users in need of help at <http://forums.spywareinfo.com/>.

    Recommended BHO Detection/Removal Software:

    HijackThis at <http://www.spywareinfo.com/~merijn/files/HijackThis.exe> (main page is at <http://www.spywareinfo.com/~merijn/downloads.html>)

    - You can run this program and submit your log to <http://www.spywareinfo.com> for analysis.

    BHODemon at <http://www.definitivesolutions.com/bhodemon.htm>

    Once you have a clean PC you should consider installing spyware blocking software, here are some recommendations:

    SpywareBlaster at <http://www.javacoolsoftware.com/spywareblaster.html>

    IE-SPYAD at <https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD>

    Blocking Unwanted Parasites using HOSTS file at <http://www.mvps.org/winhelp2002/hosts.htm>

     

    Back to Top

    Software hangs but no spyware is found.

    If your applications are hanging up on opening or other problems that are typically spyware related, but a spyware scan does not detect anything, then check your startup programs for any unusual entries. They may be resolved by removing an undetected spyware program from Windows startup.

    Solution

    To check what programs are getting started, follow the instructions for the OS:

    Windows 98

    - Click on Start
    - Click on Run
    - Type in msconfig
    - Hit enter
    - Click on the Startup tab
    - Uncheck anything that may be spyware related

    Windows 2000

    - Right click on My Computer
    - Click on manage
    - Click on the + before System Information
    - Click on the + before Software Environment
    - Click on the Startup Programs

    This will give you a list of what is running at startup. Unfortunately you cannot edit/delete anything from this window. If you find something that is spyware related, then you must go remove it via the registry. Below are the registry keys that a startup program may reside in:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce

    Delete any keys out of here that are SPYWARE - ***BE CAREFULL ON REMOVING STUFF*** If you are unsure whether or not something is spyware, use the following tips:

        1. Search for the program on Google

      Example: The registry or Startup Programs window shows that Rundll.exe is being launched when the computer boots. The path or command that is associated with the Rundll.exe points to a bridge.dll file that resides in the Download Programs folder. You would do a search on Google for bridge.dll and not Rundll.exe (which is a Microsoft service).

        2. Does the path to the program point to a temp or cache folder (i.e. Temporary Internet Files)

    Windows XP (exactly the same as Win98)

    - Click on Start
    - Click on Run
    - Type in msconfig
    - Hit enter
    - Click on the Startup tab
    - Uncheck anything that may be spyware related

     

    Back to Top

    What should I know about anti-spyware software?

    WARNING about fraudulent anti-spyware software:

    There is a fair amount of software out there which advertises themselves as spyware detectors and removers but which are actually spyware themselves! BE CAREFUL - I recommend only using KNOWN good anti-spyware applications.

    Note that searching on Google and other search engines for terms like "Spyware" will find a number of these fraudulent products, both in search engine hits and in "sponsored links" (i.e. advertisements). There's probably a few examples in the Google AdWords to the right, since filtering them out is next to impossible.

    Stay away from the following - DO NOT INSTALL THESE!!!:

    SpyKiller, XoftSpy, SpyCatcher, SpyGuard, Spyware Nuker, SpyHunter, Warnet, Virtual Bouncer, AdProtector, Spyware Remover (from BulletproofSoft), SpyFerret, SpyGone, Stop-Sign, SpyBan, SpyAssault, SpyBouncer, SpyDoctor, SpyBlocs/eBlocs, NoAdware, PAL Spyware Remover, and SpyAssassin (aka "Ada-Ware") are all either of very dubious quality or known malware sources themselves.

     

    WARNING about "helper" software:

    There is a LOT of software out there claiming that they can help you search the Internet whether it's for the best deal on a new camera, or just trying to find information. Many times these advertise as web browser (re.; Internet Explorer, Mozilla) helper tools. BE WARNED: Most often than not these tools contain spyware with them. Think twice before installing, I recommend you don’t install them. However, if you really feel the need for them do research about these tools on the sites mentioned above such as <www.spywareinfo.com> or <www.spywarewarrior.com>.

    NEVER install anything from a pop-up advertisement !!!

     

    Back to Top

    What do I need to get rid of viruses?

    If you suspect you may be infected with a virus or some other piece of malware? Scan your PC with one (or all) of the below Internet-based anti-virus scanners, and best of all it's FREE.

    Here are some tips for Windows Users:

    1. Boot PC up in SAFE MODE. Press F8 key when machine is booting (black screen with white letters "Starting Windows...")
    2. Scan with your current anti-virus scanner - clean anything found.
    3. Reboot PC in SAFE MODE with NETWORKING (for 2000 and XP users)
    4. Scan PC with one of the free web-based scanners mentioned below. Again, clean anything found.
    5. Reboot normally, you're done!

  • http://housecall.trendmicro.com
  • http://www.grisoft.com
  • http://security.symantec.com
  • http://www.pandasoftware.com/activescan/
  • http://www.bitdefender.com/scan/license.php
  • Additional Spyware Help

     

    Back to Top
    Copyright © 2004  Akron Cigar Club. All rights reserved.
    Revised: 05/20/05.
    		•