What is spyware…would you recognize it? Many people say they would but would you really? Spyware comes in many shapes and from many sources and some we wouldn’t even recognize these days, it’s hidden so well. You don’t even have to agree to install it any more. The installers have figured out a way around that now. It’s called a “drive by” http://www.eweek.com/article2/0,1759,1829174,00.asp Also known as an ActiveX drive-by-installer for premium-rate phone dialers. http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453072541 Some drive-bys have begun to show users the license -- but only after the user presses Yes, and only after the software is installed! http://www.benedelman.org/news/092904-1.html What that means is that you, the consumer, sitting at your computer, can get one of these simply by going by a web site and innocently downloading something. So just what is spyware, adware, Trojans and all the other terms you hear floating around? Let’s start with some quick definitions of terms. Virus: Any program that replicates itself. Trojan: A program or script that comes in a form that hides its true identity and purpose, or slips in by a hidden method. Hijacker: A program or script that changes system settings, can change internet settings, and reroute web pages. Spyware: Small programs which attempt to monitor your habits on the internet. While some spyware will attempt to stay hidden from detection, some will make it's presence known through popup advertisements related to your websurfing habits. While spyware companies claim the software is harmless, infected consumers suffer annoying advertisements, slowdowns, crashes, and other problems. Worm: A virus that attempts to replicate itself though networked computers using shared files/drives, or vulnerabilities in the operating system. Keyloggers: Programs that log keypresses, used to steal passwords. Downloaders: Programs that use security flaws to download unwanted programs in the background. Virus's can use downloaders to update themselves. Phishers: Email that comes with the purpose of stealing information. The email is normally disquised as coming from a respectable business, and may contain a link for you to "update your account".. Don't do it, it's a trick. If you have a question whether or not the email is real, then call the business and ask. Malware: Software designed specifically to damage or disrupt a system. Can also be software that features deceptive licenses and tricks the user into installing unwanted programs alongside purposely installed software. Adware: Software that brings targeted ads to your computer, after you provide initial consent for this task. Some Adware may hijack the ads of other companies, replacing them with its own. Adware typically will track your browsing habits and report this info to a central ad server. Cookie: Any cookie that is shared among two or more unrelated sites for the purpose of tracking a user's browsing and/or gathering and/or sharing information which many users regard as "private.". Definitions of "private" may differ. Some consider any code "private" if it uniquely identifies a user, even if it is not their name or email address. Now, what does all this mean to the average home user. You get up one morning, Turn on your computer, and up pops all these pop ups. Or it won’t turn on…or it’s slower than molasses in January. What do you do…you try to get help. IF you are smart, you will have read all this and have these programs at your fingertips and a place to go for help. If you’re smarter, this won’t happen cause you will keep your machine buttoned up. But we are gonna pretend you are in the first group and get you ready to get help. Let's collect some highly respected tools. (Please do not add non-recommended tools to your system without researching them first, some software supposedly written to protect your system can cause more harm than good!) Spybot Search & Destroy http://www.safer-networking.org/en/download/index.html (Antispyware) Make sure to enable Tea Timer protection to prevent system setting changes. Also, make sure to use the inoculate feature to block access to known spyware websites. Adaware SE http://www.lavasoftusa.com/ (antispyware) Microsoft® Windows AntiSpyware (Beta) http://tinyurl.com/6fuq4 SpywareBlaster http://www.javacoolsoftware.com SpywareGuard http://www.javacoolsoftware.com A-Squared HijackFree http://www.hijackfree.com/en/ HijackThis http://www.spywareinfo.com/~merijn/downloads.html (hijacker/spyware/virus detection tool) Useful for posting a log for experts to diagnose your machine. Using these Tools should remove and prevent the majority of spyware infections! Now let's go on to misconceptions about security. A common misconception about security is that a firewall is all the protection you need. This is not true. A firewall will only protect against worms, and hackers attempting to access your machine through openings in your OS and network settings. It does not protect against virus's that you download and install, spyware, trojans, or hijackers. While it is useful and necessary, it's usefulness is highly exaggerated, it will not fully protect you. Nevertheless, make sure you use one! Another common misconception is that antivirus programs will remove or delete a virus. This isn't what antivirus programs are built for. Antivirus programs are built to detect the presence of a virus, and aid in preventing a virus from infecting your machine, they are not built to remove every virus once a virus is installed. While some antivirus programs will remove a virus, they will not remove every infection. If your PC has contracted a virus, and your antivirus program reports it, you need to annotate any information your antivirus program gives you and search for more information on it's removal until you know the virus is removed. Another misconception is that your fully protected! No matter how well you secure yourself, there is nothing that will fully protect you short of isolating the machine away from network connections and people. HOW TO SECURE YOURSELF: OR : FINALLY THE GOOD STUFF 1: Run a firewall to protect against worms and hackers. I put this first as it's the simplest step, but as I said before, in terms of security it's not going to keep you safe by itself. What firewall you use is up to you. My personal recommendation is ZoneAlarm Free. http://www.zonelabs.com/store/content/home.jsp There is one other freeware worth mentioning: Sygate Personal Firewall Free http://smb.sygate.com/ 2: Run a antivirus. Although it probably won't remove all virus's, it should let you know where the virus is at and when to get help. What antivirus program you decide to use is completely up to you. I have no personal favorite here on the freeware side but on the paid ones, I highly recommend NOD32 http://www.nod32.com/home/home.htm over any of the rest. AVG Free Edition http://www.grisoft.com/doc/1 Avast! Home Edition http://www.avast.com/ a-squared (a²) Free edition http://www.emsisoft.com/en/ (this is primarily for trojans) AntiVir Personal Edition http://www.free-av.com/ 3: Secure your browser. This is where it gets a bit complicated. There are many ways to do this, and many programs that will aid in doing it. One of the best approaches is to run a alternative browser, such as Firefox http://www.mozilla.org/products/firefox/ , which may not be as targeted by hackers as often as Internet explorer for exploits. I will relate this mainly to Internet Explorer, as it is the most common browser used. I highly recommend you enter your internet security settings by clicking tools/internet options/security tab, and setting your security to at least the medium level. Whenever you send credit card information, look for a picture of a lock on the bottom status bar of the browser. Don't send the information if the lock is not there or shows the lock open. My personal recommendation is to use portable Firefox on a USB drive. http://johnhaller.com/jh/mozilla/ 4. Secure your OS. It's important to run a update for your OS as new vulnerabilities and exploits are discovered. The same is true for all your programs. Schedule time to keep your software up to date. 5. I also suggest you use a startup manager. A startup manager will aid you in getting to know what is starting up when you boot your machine. A good startup manager will also aid you in removing unwanted startup programs, and can make your machine more responsive while booting. My personal recommendation is Startup Delayer. http://www.r2.com.au/software.php?p...show=startdelay Be VERY careful here. If you do not know what you are doing, do not remove anything. 6. Watch your e-mail. If your email application allows it, then disable images in your email. Never open an attachment without virus-scanning it first. Never respond to request for personal information through a embedded link. Use spam filters.. I recommend using spampal for pop email clients. http://www.spampal.org/ 7. Try an alternate email client such as Thunderbird http://www.mozilla.org/products/thunderbird/ or Eudora http://www.eudora.com/ They aren't targeted as often as Outlook or Outlook Express by hackers as often for exploits. Like Internet Explorer, Outlook/OutlookExpress is the most common mail client used. For this reason, it is also targeted. Using an alternative is a good way to avoid hackers. 8. Secure your wireless network. While I won't go into depth on this, a good read is here: http://www.practicallynetworked.com/networking/wireless_security.shtml 9. Secure your network. Don't needlessly share folders and files within your network. Use logins and passwords. But I’ve done all this and I still got infected, now what? . Well, this is an example of a script that a security expert at one of the various forums around the internet would recommend. Make sure you are dealing with a reputable one. Check for the Alliance of Security Analysis Professionals. (ASAP http://asap.maddoktor2.com/ ) sign on the door of the site or with the person you are dealing with. Please perform the following prior to posting an HiJack This log, The following steps will likely clean most of the garbage from your system, First Download Ad-Aware SE http://www.majorgeeks.com/download506.html Use the: “Check for Updates Now” option and download the latest reference files Use the Start button, and on the next window, select: Perform Full System Scan Press Next, and let Ad-aware scan the hard drive When finished, right-click the window with the entries, choose: Select All from the menu, and click Next Once AdAware SE has removed the entries, close the program Restart the computer Next Download the latest version of Spybot Search & Destroy http://www.majorgeeks.com/download2471.html Please check it for updates, Run the program and have it fix anything it finds in Red. Restart your computer, Next Update your Anti Virus Next Reboot to safe mode see http://www.spyware911.net/safemode.htm Delete the entire contents of the below Temp folders, but not the TEMP folder itself. Remove all the files and sub-folders from the below TEMP Folders: C:\Documents and Settings\ \Local Settings\Temp C:\temp C:\windows\temp The TIF ( Temporary Internet Files) can also be emptied via: Internet Explorer--Tools--Internet Options--General tab--"Delete Files", Also tick the "delete all offline content" box . Clean out your Recycle Bin Next Run a full system scan with your Anti Virus, Run a scan with Ad-aware, Have it fix anything it finds, Run a scan with Spybot, Again have it fix anything it finds Next Restart your computer, Next Free online scan http://www.kaspersky.com/remoteviruschk.html http://www.pandasoftware.com/activescan/ http://www.bitdefender.com/scan/licence.php (Prefer this one) Run a scan, preferably with Bitdefender. Be sure and Check Auto Clean. Make a note of anything it can’t remove Next Go to TrendMicro - Free Online Scan Be sure and check Auto Clean before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself. Next Please go http://www.majorgeeks.com/download3155.html and unzip the newest version of HJT into a new dedicated folder, Create a folder on the C: drive called C:\Programs\HJT. Unzip HijackThis into this folder. Launch Hijack This, then "Do a system scan and save log file". This will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more. Most things are harmless and needed so don't make any changes. Post a log in a new thread started by you please. Your likely to get help quicker if you start your own thread, Posting a HJT log in someone else’s thread gets to confusing and there is a good chance it will get overlooked. A script like this is used almost across the board and gets help to the victim of almost any type of computer attack. Once started, it changes depending on each individual but we almost all start the same way. The reason for this is that those programs, used together give us a “big” picture of what is going on inside a person’s computer. It also cleans out as much junk as possible ahead of time. Security is no joke…as anyone who has been at the receiving in of such a crime has found out. At worse, it can cause data lose and destruction and lose of identity. At best, it’s an annoyance and a pest. Don’t let spyware win.