Dealing with Spyware, Adware, Malware, Browser Hijackers, and Other Nasties
5/29/04 - Laura Dolson
I have recently had a run-in with this stuff and a few friends who are also having problems have asked how to deal with it. Having spent tens of hours online researching the problem, I thought I'd let you know what I found worked for me. This is certainly not a comprehensive article, I'm just trying to help my friends out with some suggestions.
First, some basic info.
1) This stuff isn't technically viral, and your anti-virus software will not do anything for it. Some of the nasties on my computer were trojans which first were found on the Net last year, but searching the Norton and McAfee sites didn't show a thing about them (although I note that very recently McAfee has come out with some anti-spyware protection, so things might be changing).
2) This stuff gets into your PC and spreads its tentacles everywhere, including into hidden files. It gets into the registry of your computer, and is capable of reinstalling itself if you don't get every last scrap out. For me, it kept rising from the grave like something out of a horror movie. When I finally thought I was clean and protected, two weeks later it was back.
3) It is common for spyware to masquerade as or be included in ANTI-SPYWARE software! Be very careful what you download! Don't just do a search for "spyware" and start poking around, or you could end up in worse shape than you started out.
4) When trying to learn about this, pay attention to the dates on the articles. Each generation of this stuff is more and more sophisticated. Any article that says the problem is simply dealt with, or that one piece of software will be sure to fix the problem, seems touchingly naive at this point.
5) The sites that
try to help people get rid of this stuff are subject to frequent "denial
of service attacks" (where "flooding" or other steps
are taken to close down the site or otherwise fix it so people can't
get to the site - if you are curious about what I'm talking about, go
here).
If you are infected, you may also find that part of the problem is that
your browser gets hijacked away from these sites. This happened to me.
I quickly learned there is no such thing as ethics with the people that
develop this stuff. If you are having trouble getting to a site, it
may be that they are battling the elements, but also look at the address
window of your browser to make sure it isn't being sabotaged (a common
tactic is for the software to insert extra characters into the address
so it won't work).
6) The stuff is varied, and has lots of different symptoms, but some of the main ones are:
- Ads popping up everywhere
- Porn popping up everywhere
- Your browser being "hijacked" - you click on a link and
you're off to somewhere you didn't ask to go.
- Your search is "hijacked" - you go to Google to do a search,
and it's all ads
- Your home page is replaced
- Software comes unbidden to your computer - toolbars, searchbars, links
on your desktop, links in favorites to name a few
- Your computer slows down to "molasses in January" speed
- Your computer just shuts down altogether.
Charming, eh?
General Information About the Problem - Articles
Sick of Spam? Prepare for Adware - Wired Magazine May 7, 2004
Inside Spyware - Fairly comprehensive article from Intranet Journal
Hidden
Menace - From The Economist - emphasizes legal side, also general
info 6/3/04
How I Dealt with The Problem
This is the road I suggest, based solely on what, through experimentation, reading, and advice from the "expert" sites I found worked for me.
1) Update Windows!! Don't ever let your security updates lapse. I made this mistake - NEVER AGAIN. Just go to your start menu and then to "Windows Update" in the top section. If you haven't done so, schedule automatic checks to see if there are new security updates. While you're at it, you'll want to make sure you have the latest version of Internet Explorer, because some security holes in the browser were fixed with IE 6.0. Even though these are technically "protective" vs "fixes", you should still do them as soon as you can.
2) Get basic anti-crap software. In my experience, no one piece of software removes everything. The following are the ones I use, and are the ones most often recommended by reputable Web sites like spywareinfo.com.
Ad-Aware - Probably the most popular - good quality, free, and provides free updates. Everyone should get it, and run frequent updates and scans.
SpyBot S&D - This is excellent free software with free updates, and pretty comprehensive. Again, one everyone should have.
Spy Sweeper - Excellent program, but updates are only by subscription. Still worth downloading if you have a current infestation.
Zone Alarm (added 8/04) - I recently added this one, and it may be the best one so far.
There are others; these are just the basic one I used. Also, because my infestation seemed to have some of the symptoms of the CoolWebSearch (a trojan becoming very common), I also downloaded:
CoolWebShredder (you can download this from the middle of the page, the program is called CWShredder) This is mainly one guy in the Netherlands who donates his time to fighting variants of this one nasty thing - and there are a lot of variants. I've directed you to a mirror site of his original site, because it's so common for the CWS trojan to keep you away from his site.
3) If you know when you acquired the main infection, you can check what files came in at that time by going to your start menu and doing a search by date for files modified. Sort by "when last modified" by clicking on the box at the top of that column. Look through everything that came in at that time - I found some hidden files when I did this. Either delete the stuff, or, if you aren't sure, make a separate folder (we called mine "Evil", and put it under "Program Files") and put everything in there, to be deleted at a later date if there aren't any problems. I moved or deleted everything that was *created* at that time, as opposed to only *modified* at that time. (You can tell this by looking at the properties of the file.)
4) If you are still having problems, it's time for the experts. Get thee to the wonderful folks at spywareinfo.com. This is a great site, with reliable information and dedicated (if overworked) people volunteering their time. Unfortunately, the site is a little disorganized, and it's easy to lose time wandering around looking for what you need. It can be interesting to do this, but if you're pressed for time, I'll help you sort through it:
- You will be asked to download and run a program called "Hijack This" (found on the same page as the CoolWebShredder above), which will create a log that you will post on their forum (after first registering). Make sure to give them all the info they ask for and follow instructions carefully. Sometimes so many posts come in that they just don't enough time - if you've done your homework, it makes it easier for them to help you, and they are more likely to.
- These are the posting instructions. Note that if your browser is being hijacked there is a link to another article - that article really doesn't apply if hijacking isn't one of your symptoms, so don't let it confuse you. Do make sure you are posting in the correct forum when you post your log.
- If your post hasn't been answered in a few days, reply to your own post and tell what else you've tried - that way they'll know you still have a problem and are still working on it. This got me a quick response when I did it. Being polite and appreciative doesn't hurt either. :-)
Other sites: Lavasoft, maker of the Ad-Aware software mentioned above, as a similar forum for users of its software. I haven't participated in it, but the folks running it look like they know what they are talking about.
How to Protect Yourself From Future Attacks
1) See #1 Above
2) http://www.spywareinfo.com/articles/hijacked/prevent.php Note that in that article, they mention changing browsers. I have found that there are a few sites that I still need IE for, but otherwise, I have entirely changed over to Firefox, and I love it, even though it's still technically still under development. If you are even the tiniest bit adventurous, I highly recommend it. It's faster, it has tabs (instead of having a bunch of windows open, you can have tabs in the same browser window, and you can very easily switch from one to another), and it has a lot of "extensions" which are capabilities that can be fairly easily added on (the hardest part is wading through the possibilities). I assume many of these will be incorporated in the final edition.
3) Download Spywareblaster (free) and update it frequently.
4) Update your other protective software - antivirus, Ad-Aware, Spybot - and scan frequently.
5) Don't download anything you aren't sure is safe. If something tries to download without your invitation and presents you with a dialog box, it may be safer to cancel the box by clicking on the X in the upper right-hand corner than to click "No", which may be a trick.
Whew!! Good luck!!! I know it sucks!
Copyright © 2004 by Laura Dolson. All rights reserved.