August 30, 2004

 

This article is available at www.pinonpc.com/spyware.htm .

 

I am here to tell you that there seems to be a wave of spyware going around right now.  Over 75% of my daily work these days is removal of spyware.  In this letter I will catch you up on what I know, what I believe and what seems to work *right now*. 

 

(0) Symptoms – any of the following can indicate spyware resident on your PC

  • Your PC suddenly seems to be sluggish, working too hard to do the simplest of actions
  • You see the internet icon in the system tray all lit up when you are not surfing or emailing
  • Your start web page for Internet Explorer has changed and won’t change back
  • There are strange windows even tho you have a good pop-up blocker installed
  • Norton Anti-Virus appears to be running but won’t Live Update or scan your hard drive
  • Norton Anti Virus Auto Protect is disabled and won’t enable
  • … and many more ….

 

(1) HISTORY

Three or 4 months ago spyware was limited to Gator/GAIN and the like which did not adversely affect your Windows or clog up your PC too much.  They were easily removed with AD-AWARE (http://www.lavasoftusa.com/ ) and I gave it to many of you to use to clean up your PC on your own.

 

Then suddenly, I began to see spyware/adware which was destructive and very clogging of your PC.  Ad-Aware became helpless in removing these pests.  Sometimes, during an uninstall, the spy program would break Windows thereby forcing a rebuild of Windows and replacement of all programs and data.  Nasty. 

 

In the last 2 weeks I am seeing a new generation of spyware which defies removal by any tool or device known to me.  Again forcing a rebuild of Windows.

 

PC WORLD - Your PC May Be a Haven for Spies:  http://www.pcworld.com/news/article/0,aid,116526,00.asp

 

(2) WHAT IT IS AND WHY THEY CREATE SPYWARE

PC WORLD - Who's Seeding the Net With Spyware?:  http://www.pcworld.com/news/article/0,aid,116512,00.asp

 

(3) AN INTERESTING COINCIDENCE
This week major news sources reported a teaming up of virus writes and spammers (http://www.msnbc.msn.com/id/5748117/ ).  This is annoying but so far not damaging.

 

(4) MY THEORY

The sudden change in the behaviour and complexity of spyware speaks to me of a crossover from the virus world of techniques and methods into the spyware world.  Norton Anti-Virus will often report a 'virus' that it could not eliminate.  Then research shows that it is a well-known spy ware product.  hmmm.  I have no proof, just a gut feeling based on observations.

 

(5) GETTING RID OF SPYWARE

Up until recently, just about all spy ware removal tools other than Ad-Aware planted their own spy ware while removing those of their competitors (http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2004/08/16/BUG5C86GE61.DTL&type=tech ) 

 

While haunting the spyware discussions on tech sites, I learned of a growing reputation for the 2 once-most-notorious such programs: SpyBot and Spy Assassin.   I tried them and they indeed seem to have cleaned up their act.  Now they form the lead of my attack on spy ware.  Trouble is, those bogus removal programs still exist.  Here is a list, partial or complete I do not know, of such bogus removers: (http://www.spywarewarrior.com/rogue_anti-spyware.htm ).  Please check this list against what you may have installed on your PC.  If found, remove them via ADD/REMOVE PROGRAMS in the Control Panel.

 

Currently, I use the following programs to clean client's PCs:

Spy Sweeper             www.webroot.com

SpyBot                       http://reviews.cnet.com/4505-5_7-20848563.html?legacy=cnet

Spyware Blaster        http://www.javacoolsoftware.com/spywareblaster.html

CW shredder             http://www.majorgeeks.com/download4086.html

HiJack This!               On 2nd thought – don’t play with this – it modifies the registry directly and the probability of breaking windows is Very High!

 

(6) CONCLUSION

I am SURE that in the near future there will be new and 'better' spyware removal tools required.

 

For now, DO NOT accept any download requested by a web site.  DO NOT install any tool to help you search the web, or stop pop-ups, or put pretty faces into your email (Incredimail is ok though), or....  If they are offering you a free tool, ask yourself: WHY?  WHAT are they getting in return?  Remember: It is not in their best interest to help you have more fun on the internet! or keep your clock correct. or ....

 

AN INTERESTING LINK:

http://www.pcworld.com/reviews/article/0,aid,115939,pg,6,00.asp  This is page 6 of a 9 page report on Pc World’s web site.  At the bottom of this page are links to the other 9 pages in the series.

 

P.S.

The BEST and most well-behaved pop-up blocker I know of remains the toolbar from AltaVista (www.altavista.com ).

 

PPS Here’s a breaking story to chill you:

 

A new computer virus takes spying on victims one step farther than most worms -- the malicious program is capable of switching on webcams, allowing the author to literally peek into victims' lives. The virus, called Rbot-GR, isn't spreading much, according to antivirus firm Sophos. Still, the technique is "creepy," says spokesman Graham Cluley, and it brings digital voyeurism to new heights.