Malware, Adware and Spyware

[Chris Fultz]

norton anti-virus / always on

webroot spysweeper

pop up stopper campanion

[Bcahn836]

Pop ups- earthlink
Spy ware- Spy bot search and destroy
Virus- Norton
Spam-Norton
Adware- Spy Bot

[Justin Stiltner]

From some searching and cleaning last night on a customers computer ive found this really neat page.
Task List
It lists most tasks that can appear in task manager (right click start bar choose task manager) It lets you look up all those cryptic names and see exactly what those programs are, all listed by the first letter, and most with instructions on how to rid yourself of them. They are trying to sell their software by this site too but I have no experience with it so cannot vouch for it. But the task list was great and answered an age old question for me.. what is this alg.exe and why was it running.

[Bharat Nain]

Quote:

Originally Posted by Justin Stiltner

From some searching and cleaning last night on a customers computer ive found this really neat page.
Task List
It lists most tasks that can appear in task manager (right click start bar choose task manager) It lets you look up all those cryptic names and see exactly what those programs are, all listed by the first letter, and most with instructions on how to rid yourself of them. They are trying to sell their software by this site too but I have no experience with it so cannot vouch for it. But the task list was great and answered an age old question for me.. what is this alg.exe and why was it running.

Also, note that some spyware/adware is not going to show up your task manager instantly. It may launch when you launch another application. Sometimes you won't be able to even end the task in task manager. Sometimes, even when you end it, it comes back. These are the sort of problems you have to deal with. However, what Justin Stiltner suggested is an excellent way to check what adware/spyware you have one your computer... Good link Justin.

[DanL]

As was said before by many people, using non-ie browsers help. Firefox is popular, but I use Opera. The main difference is Opera is a product you must pay for if you want to get rid of (in my opinion completely unintrusive) banner ads while Firefox is open-source (free). I say banner ads loosly because these ads aren't bad at all - I set Opera to display the google text ads... these ads are always relavent to the site I'm on (i.e. on chiefdelphi, its always sites for robotics kits ) and every now and then I find them useful. Both Opera and Firefox offer improvements over IE such as customizable interfaces, putting bookmarks directly on the interface (kinda like the windows quicklaunch bar), tabbed windows (MUCH better than having 40 ie windows open in your taskbar), automatic pop-up stopping (I don't have any popups), and my favorite, mouse gestures. Mouse gestures in particular I find awesome because once you get the hang of them, you can move forward, move back, close windows, open windows, etc. by a single quick mouse motion. Last time I checked, Firefox didn't have these, but it may have changed. My biggest complaint about Opera is it doesn't seem to be able to stream video files - if you click on a link, it downloads the whole file first rather than opening it up immidiately in WMP and have WMP stream it. I'm sure there's a way to change that, but I haven't tried looking it up. Anyways, Opera is my preference - take that for whatever you want to take it.

The important part is most spyware gets onto your computer from security holes in IE. The biggest advantage of using Opera or Firefox is spyware is designed to infect your computer using IE. If you don't use IE, spyware simply doesn't get onto your system. I have Adaware and Spybot, and I run them every now and then... the worst thing they find is a buncha cookies.

On a similar topic, KEEP WINDOWS UPDATED! Again, Spyware finds its way onto your system through security holes - many of which have patches released shortly after they become a problem. Make sure you have Windows Automatic Updates turned on - this is the easiest way to make sure your system has the latest fixes. If you don't have XP, go to windows update atleast once a week. It'll save you both from spyware and viruses.

Another thing you can do to fight spyware is something called the windows HOSTS file. Using this file, you can essentially block any ad/spyware server. If you're interested in the technical details behind this, read this paragraph. Otherwise, skip to the next paragraph. There's this file hidden in windows (C:\Windows\System32\drivers\etc if you're on XP) - its essentially a DNS lookup table (computers only know how to get to servers by their numerical adress, or IP adress - something like 148.47.12.4. When you type something like www.google.com, your computer first contacts a known DNS server and asks, "what is the ip adress registered to www.google.com?" The DNS server responds with, "148.47.12.4" or whatever it is. Your computer then queries google using that ip address). The Windows TCP/IP protocol stack checks this file for a DNS entry before it queries its default DNS server. Someone discovered that if you put the domain names of ad/spyware servers into this file and have their associated ip be the local TCP/IP loopback ip of 127.0.0.1, then even if a popup is not blocked and a request is sent to say, ads.doubleclick.com, if there is an entry for ads.doubleclick.com in the HOSTS file, Windows automatically sends that request to 127.0.0.1. But since nothing exists at 127.0.0.1, that request doesn't get a response and presto! you're saved from seeing an ad. Doesn't matter if IE sent the request, Opera, Firefox, or a malicious program - since this blocking is a Windows hack, Windows makes sure that whatever program sent the request doesn't get a reply -- in essence, using the HOSTS file in this way causes Windows to not know where to find the malicious websites. Some people have collected long lists of popular ad servers and compiled HOSTS files that you can download.

In conclusion, I present
Dan's Abridged Guide to Keeping Spyware Off Your System
1. Scan for existing Spyware using spyware programs - the most popular being Adaware and Spybot: Search and Destroy. Read this thread for other programs people use and are happy with.

2. Don't use IE. Although its hard to let go (it was for me), other browsers offer better features than IE, including built-in pop-up stopping - the most popular ones being Opera and Firefox. In addition, because IE is so popular, spyware is designed to exploit IE-specific holes. If you use a non-IE browser, a lot of spyware doesn't even know how to attack your computer

3. KEEP YOUR SYSTEM UPDATED! The main reason viruses spread is because people don't install the latest patches. This is also true of spyware - windows updates sometimes fix the holes that spyware exploits to get onto your system. Windows XP has Automatic Updates - all you need to do is turn this on and forget about it... Windows will automatically check for updates and download them. If you don't have XP, check the windows update site atleast once a week.

4. The Windows HOSTS file offers a nice hack for your system to block ads and spyware. An example HOSTS file with a long list of blocked ad/spyware servers can be found here: http://everythingisnt.com/hosts.html. If you search, I'm sure you'll find others.

The most important thing is to be intelligent. Don't go to sites that give you lots of pop-ups. If something does pop-up asking you to install something that you didn't request, obviously hit No or Decline. Hope this helps, and happy surfing.

[JAH]

I run McAfee Virus, Firewall, and Privacy Service. I also run AdAware about once a month. I use Opera 7, it took me a while to get used to it but now I can't stand anything else. It blocks the pop up ads and allows tabbing with a stylish look.