* This is geared toward HOME machines, do not perform this on your work/company machine without checking with their IT organization first.
* Credits: some information here was taken from Merjin's programs and site (http://www.spywareinfo.com/~merijn/index.html) and Christian Wagner at IO.com (http://www.io.com/~cwagner/spyware.html.).
What is spyware?
Spyware is a general term for a program that secretly monitors your actions (ie.; web surfing, email usage, etc) or collects and sends personal information to a 3rd party on the Internet. Sometimes times they are sinister such as acting like a remote control program for a hacker to use to control your PC for dubious purposes or software companies using it to gather data about their customer's web surfing habits to use to sell the data to other marketers. Generally spyware is frowned upon because of the secretive nature - the user is unaware of what it's doing or how it's using the data it is collecting.
The precise definition of spyware varies depending on who you ask. The calling card of a spy is that it is sneaky and not easily noticed. Spyware is any software that performs sneaky activities behind the user's back--these activities can range from installing itself onto your computer, gathering information on you and transmitting it across the Internet, downloading files or running programs on your computer, messing with your system settings, or even trying to silently pass itself on to others.
Like a real spy, it may don disguises to hide itself and its intentions. It will try very hard not to be noticed. It will persist in the background even after you tell it to go away. It might even try to hide from you if it knows you're looking for it!
Some characteristics of spyware:
Collects information from your computer without your knowledge and/or consent
Transmits a unique code to identify you (for tracking purposes) without your knowledge and/or consent
Collects/transmits information about your computer use or other habits without your knowledge and/or consent
Installs itself on your computer without your knowledge and/or consent
Keeps reinstalling itself, no matter how many times you remove it
Performs other unwholesome duties without your knowledge and/or consent
You can also take a look at a good FAQ about spyware here: <http://www.io.com/~cwagner/spyware.html
Top 13 signs your PC is infected with spyware:
* Web browser could be Internet Explorer, Mozilla, Opera, etc.
* If you see one or more of the following symptoms you could be infected.
1) Your usual home page or start page is changed and you have no idea why.
2) An unexpected toolbar appears in your web browser or on Windows and you don't know how it got there.
3) Your firewall alerts you to an unknown program or process trying to access the Internet.
4) New shortcuts appear on your desktop that you didn't put there.
5) New entries appear in your favorites folder that you didn't put there.
6) Your computer starts acting sluggish and slow (this could also be from a number of other reasons however).
7) Enormous web browser slowdowns when typing
8) Unable to access antispyware tools or sites
9) Redirections to another search site when trying to visit Google
10) Popups in Google and Yahoo when searching
11) Sites in the IE Trusted Zone you didn't add
12) Redirections to CoolWebSearch related pages
13) Redirections when mistyping URLs
Note: Many "free" downloads come with adware and spyware attached. Read the end user license agreement (EULA) carefully and beware what you install!
What to do if you think your PC is infected:
IMPORTANT: Be sure to type web addresses in exactly as stated here (copy it from here is best approach). There are many "imposters" with web addresses that are SIMILAR to the valid web addresses. These "imposters" pose as spyware removers when they are actually spyware themselves.
1. Boot Windows up in SAFE MODE and run anti-virus scan of entire system
2. Install and run Ad-aware and remove any found. I recommend running this program regularly, weekly. You can find this program at <http://www.lavasoftusa.com/
3. Install and run Spybot Search & Destroy and remove any found. I recommend running this program regularly, weekly. You can find this program at <http://www.safer-networking.org/
4. Install and run CWShredder. You can find this program at <http://www.spywareinfo.com/~merijn/files/CWShredder.exe
5. Check your browser for spyware (aka parasites): <http://www.doxdesk.com/parasite
There are also programs available that will show you your PC's startup entries along with what are called Browser Helper Objects (BHO). These objects are add-on pieces of software which enhance your Internet browser (re.; Internet Explorer, Mozilla, Opera, Netscape Navigator, etc). In many cases the spyware will add these types of objects to be used to tracking your web surfing and/or keyboard entries.
Caution: Be careful when running these BHO detector programs, you could break Windows and/or software applications if you remove the wrong items. See sites where security people will help users in need of help at <http://forums.spywareinfo.com/
Recommended BHO Detection/Removal Software:
* HijackThis at <http://www.spywareinfo.com/~merijn/files/HijackThis.exe
> (main page is at <http://www.spywareinfo.com/~merijn/downloads.html
- You can run this program and submit your log to www.spywareinfo.com
* BHODemon at <http://www.definitivesolutions.com/bhodemon.htm
Resource to Check Processes (from HijackThis log):
* Sysinfo.org http://www.sysinfo.org/
Once you have a clean PC you should consider installing spyware blocking software, here are some recommendations:
SpywareBlaster at <http://www.javacoolsoftware.com/spywareblaster.html
IE-SPYAD at <https://netfiles.uiuc.edu/ehowes/www...ce.htm#IESPYAD
Blocking Unwanted Parasites using HOSTS file at <http://www.mvps.org/winhelp2002/hosts.htm
WARNING about fraudulent anti-spyware software:
There is a fair amount of software out there which advertises themselves as spyware detectors and removers but which are actually spyware themselves! BE CAREFUL - I recommend only using KNOWN good anti-spyware applications.
Note that searching on Google and other search engines for terms like "Spyware" will find a number of these fraudulent products, both in search engine hits and in "sponsored links" (i.e. advertisements). There's probably a few examples in the Google AdWords to the right, since filtering them out is next to impossible.
Stay away from the following - DO NOT INSTALL THESE!!!:
SpyKiller, XoftSpy, SpyCatcher, SpyGuard, Spyware Nuker, SpyHunter, Warnet, Virtual Bouncer, AdProtector, Spyware Remover (from BulletproofSoft), SpyFerret, SpyGone, Stop-Sign, SpyBan, SpyAssault, SpyBouncer, SpyDoctor, SpyBlocs/eBlocs, NoAdware, PAL Spyware Remover, and SpyAssassin (aka "Ada-Ware") are all either of very dubious quality or known malware sources themselves.
WARNING about "helper" software:
There is a LOT of software out there claiming that they can help you search the Internet whether it's for the best deal on a new camera, or just trying to find information. Many times these advertise as web browser (re.; Internet Explorer, Mozilla) helper tools. BE WARNED: Most often than not these tools contain spyware with them. Think twice before installing, I recommend you don’t install them. However, if you really feel the need for them do research about these tools on the sites mentioned above such as <www.spywareinfo.com
> or <www.spywarewarrior.com
NEVER install anything from a pop-up advertisement !!!