Having computer problems? It may be spyware, one of today's most widespread threats to computer security. Do you have any of the following symtoms?
-The computer slows down.
-Lots of pop-up windows or random web pages are opening.
-Your homepage changes to an unfamiliar page and you can't change it back.
-Some sleazy web page takes over your browser.
-New icons appear on your desktop.
-Internet Explorer stops working..
-Computer takes much longer to start up than it used to.
-Computer crashes or locks up.
-Just generally strange behavior
If your computer has any of the above symtoms, it's very likely that you have spyware. Once spyware gets on your computer, it can get worse and worse, eventually making your computer almost unusable. Below are useful and effective steps to take to clean out existing spyware problems, and to prevent them from coming back.
1) Download the following programs:
All of these are offered free for personal use by their generous authors. (The one good commercial program that you may also want to consider is Spy Sweeper from Webroot.)
Ad-Aware SE Scans for spyware and removes it. There is a good tutorial on how to use Ad-Aware at: http://www.bleepingcomputer.com/forums/tutorial48.html
Spybot Search and Destroy Scans, removes, and prevents spyware. There is a good tutorial on how to use Spybot S&D at: http://www.bleepingcomputer.com/forums/tutorial43.html
Windows Defender Scans, removes, and prevents spyware. This is a good program, but you can only get it if you have Windows 2000 or XP. Help on using it at: http://www.microsoft.com/athome/security/spyware/software/howto/default.mspx
SpywareBlaster Prevents spyware from installing via "drive-by download".
CWShredder Removes one vicious, constantly evolving form of spyware called CoolWebSearch.
Once you have downloaded these programs:
- Update all the programs! You ll need to be connected to the internet. Without the latest updated definitions files, these programs are highly ineffective.
- Turn on SpywareBlaster s protection.
- Unplug the computer from the internet. Then the spyware programs can t phone home for backup as you try to delete them.
- Run scans in Ad-aware, Spybot, CWShredder, and Microsoft AntiSpyware. If on the first scan they find infections (called "objects" in Ad-Aware, called "problems" in Spybot S&D) then by all means delete what is found and then run a second scan to make sure they didn't come back. Sometimes you will have to restart your computer to get rid of certain threats.
- If after multiple scans with these programs (make sure they're updated!) you re not able to get rid of everything, try running them in Safe Mode. For more info on how to do that, click here. Turn on Ad-Aware s deep scanning options by following the instructions here.
- If after all this you still can't get rid of everything, skip to "Advanced Steps" found at the bottom of this article.
2) Activate Immunization, TeaTimer, and SDHelper in Spybot Search and Destroy
Hopefully, Ad-Aware, Spybot and Microsoft AntiSpyware are now finding 0 objects. Good job! Your computer now is probably pretty clean of spyware. Now we need to take steps to keep it that way, otherwise spyware will keep coming back. Open up Spybot. Click on Immunize on the left side of the window. Check for bad products, then click the green cross that says immunize. It should say "All known bad products are already blocked" and have a green checkmark. Make sure "Enable permanent blocking of bad addresses in Internet Explorer" is checked too.
Now open the Mode menu and change to Advanced Mode. On the left-hand side of the window, click on the gray box labeled Tools. Click on Resident, which is the third item under the Tools box. Check both boxes: Resident "SDHelper" and Resident "TeaTimer". Now Spybot will actively prevent any spyware from messing up your computer. Whenever a setting changes that might be spyware-related, a window will pop up saying Spybot "detected an important registry entry that has been changed". You then read the window and either allow or deny the change.
If you really do not like the Spybot Resident tools, you can use SpywareGuard, which protects you in a similar way. Download SpywareGuard here.
3) Eternal Vigilance: Scan and Update
Keep your progams updated! Simply having the spyware-fighting programs is nearly worthless: they're just sitting on your hard disk doing you no good. You must be diligent in actually updating and scanning. Once a week, check for updates for Ad-aware, Spybot, and Microsoft AntiSpyware and run their scans. In Microsoft AntiSpyware and Spybot it's possible to set them up to do this automatically. Choose a particular day of the week (like Monday) to always do this to help you remember. SpywareBlaster updates less frequently; check for updates in it once a month or so.
4) Use an Alternative B rowser
Most people use Internet Explorer to browse web pages. By not using Internet Explorer, you can increase your security significantly. Visionary recommends the Firefox browser. You may very occasionally come across a web site not totally compatible with Firefox. When visiting those web sites, you'll need to use Internet Explorer.
Firefox: Download from http://www.mozilla.org
5) Lock down Internet Explorer
Even though you're not going to be using Internet Explorer regularly any more, it still is a security vulnerability, because of its tight integration with Windows.
From the Control Panel, open Internet Options. Click on the Security tab. Click the globe labeled Internet. Press the Default Level button, then click Apply. Now press the Custom Level button. Change all settings having to do with Active X or plugins to "Disable".
Or, alternatively, you can just set the security level to High. This will make you more secure, but will frequently cause web pages to not display correctly and be missing features. Of course, if you are not going to any pages that require Internet Explorer, then you'll be using Firefox anyway and this won't be a big deal.
6) Be Careful and Smart
Use the following tips:
- Never click on a pop-up. Close pop-ups using the close box in the top right corner (the "X"), because sometimes even clicking "cancel" will install the spyware anyway.
- If a pop-up comes up asking "Do you want to install and run", you do not want to. Always close it using the close box in the top right corner.
- Never click on a link to an anti-spyware program advertised in Google ads. They may come up for "Ad-Aware" or "Spybot", but they are all fake. In fact, never click on any anti-spyware advertisement. There are tons and tons of fake anti-spyware programs (more info available here). Stick with the trusted few I recommend above.
- Be very careful and selective of what programs you download.
- Don't download heavily-advertised free software, like free screensavers -- they will often contain spyware/adware. Think about it. If it's "free", where does the money come from to promote it?
- Don't download things if you're not sure what they do and only download from reputable sites.
- Do not download P2P(peer-to-peer) music programs like Kazaa, Grokster, BearShare, Morpheus, Xolox, or eDonkey.
- Be somewhat careful and selective of which web sites you visit. Sometimes simply visiting a site will install spyware.
By following this advice, you should be able to avoid the great majority of spyware problems. If your computer is already infected, however, these steps may not be able to eliminate the spyware that's already there. In that case, you will have to use more advanced methods. Only do these advanced steps if you're somewhat computer-savvy and feel comfortable doing them. Otherwise, have a professional technician or computer repair shop fix your computer. If you bring it in to the Visionary office in Gillette we can send it to a computer store which can clean it off for you (there will be a charge). We're at:
1001 S. Douglas Hwy, #201, next to Subway, near the corner of 12th St.
a) Try manually removing anything you can. Open the Control Panel, then open Add/Remove Programs. Be careful in here because you don t want to remove something important. Look through the list of programs for any obvious instances of spyware. If you find any, remove them. For instance, if you re trying to get rid of Weatherbug, none of the removal programs will get it, but you can remove it in this Add/Remove Programs list. For more help with manual removal, click here. If you know what particular infection you have, we may have a help article on how to get rid of it, or you could do a search on google for the name of the infection or something distintive about it (for instance if a "Search the Web" page keeps opening up, we have an article here).
b) Open the C:/TEMP folder. Anything in there is highly suspect and should be deleted unless you know for a fact it s legitimate.
c) Delete all cookies and temporary internet files.
d) Look through C:/Program Files. If there s any directories for spyware in there delete them. You may have to do this in Safe Mode.
e) Then, if you still have problems, you'll have to download HijackThis and go to a spyware-fighting forum for further advice and help. Do NOT run HijackThis until you have read quite a bit on these spyware-fighting forums. If you delete everything HijackThis finds, you can mess up your computer and Visionary will not be responsible. Below are links to some good forums. They ll tell you how to download HijackThis and how to use it.
f) Alternatively, you can do a clean install of Windows. Before you do, back up any files you want to keep, like documents you've written, emails, pictures, etc., onto a CD or floppy disks. Sometimes doing a clean install is just simpler and faster than trying to clean out all the tons of garbage that's accumulated. Doing a regular re-install won t always clean out your spyware/trojans you need to do a clean install. This wipes everything off the hard disk and starts over. You ll need your Windows CD (a.k.a. Restoration CD, or Operating System CD). It takes an hour or two, but that s mainly spent waiting. After you complete the clean install, do steps 1-6 to protect from future infections.