|
What is Spyware and Adware?
Spyware
and Adware is software made by publishers that allow them to
snoop on your browsing activity, invade your privacy, and flood
you with those unwanted popups. Most users of the internet are
infected with these applications.
How does Spyware and Adware affect
internet user?
All information you enter via the
web can be intercepted. Unauthorized sites can add themselves to
your desktop as icons. or your internet favorites. Your browsing
activity can be tracked and monitored. Your personal information
can be sold to other parties without your knowledge or consent.
Your default homepage and settings can be hijacked so that you ca
not change them.
An alarming increase in orgainized crime syndicates are using
spam to deliver spyware to hijack computers. Once the criminals
gain access to the computer, they harvest sensitive and private
financial data and turn the computer into a 'zombie' for relaying
even more spam messages. In some instances, the data gathered is
held for extortion purposes.
Use another browser then Microsoft's
Internet Explorer.
Browsers Mozilla Firefox and
Opera are immuned to browser hijackers for two reasons. Most
people use Microsoft's Internet Explorer. Thus most malicious
code are custom for it. Programmers at Mozilla
Firefox or Opera,. made
their browsers very secure.
If you prefer Internet Explorer then
there is a lot of work to be done.
Update your
browser and operating system. Use WindowsUpdates
and install the latest version of Internet Explorer and its
Service Pack,and security patches that are available. Replace
Microsoft Java VM with Sun Java that can be downloaded from
http://www.java.com/.
Microsoft Java VM is flawed with security holes that hijackers
use. Microsoft has dropped their browser support and made
agreement to user Sun's. Sun's Java is more secure and more up to
date. Make certain, in Java's options, that Sun Java JRE is set
to work with Internet Explorer.
You might want to remove the Microsoft JVM, which Microsoft no
longer supports, in favor of the more recent Sun Microsystems
JVM. To remove the Microsoft JVM, perform the following steps:
From the Start menu, select Run. Enter the command RunDll32
advpack.dll,LaunchINFSection java.inf,UnInstall to start the
uninstall process Click Yes to the confirmation, then select
Reboot. After the machine restarts, delete the following items:
the \%systemroot%\java folder java.pnf from the \%systemroot%\inf
folder jview.exe and wjview.exe from the \%systemroot%\system32
folder
The HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM
registry subkey
The
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\JAVA_VM registry subkey (to remove the
Microsoft Internet Explorer (IE) options)
After Microsoft Java
is removed, download Sun's newer JVM for Windows from
http://java.sun.com/getjava/index.html.
Open Internet Options from the Windows control panel and click
the "Security" tab. Highlight the "Internet"
icon and then click "Custom Level". Choose "Medium"
from the drop-down box at the bottom, then click the "Reset"
button. Click ok, then click "Custom Level" again.
Set the following options as listed below:
.NET Framework-reliant components
ActiveX controls and plug-ins
Download signed ActiveX
controls (Prompt)
Download unsigned ActiveX
controls (Disable)
Initialize and script ActiveX
controls not marked as safe (Disable)
Run ActiveX controls and
plug-ins (Enabled) (This actually refers to Java and Flash, not
ActiveX)
Script ActiveX controls marked safe for scripting
(Prompt)
Miscellaneous
Access data sources across
domains (Disable)
Drag and drop or copy and
paste files (Prompt)
Installation of desktop items
(Prompt)
Launching programs and files
in an IFRAME (Prompt)
Navigate sub-frames across
different domains (Prompt)
Software channel permissions
(High safety)
Userdata persistance (Disable)
Scripting
Run a registry script called IE-SPYADS.
This script will place an enormous number of web sites known to
be abusive into Internet Explorer's "Restricted Zone".
Any site in that list will be unable to run javascripts, java
applets, set or read cookies or use ActiveX scripting.
Install SpywareBlaster.
ActiveX programs need to use a CLSID (identifier number) before
Windows will execute them. SpywareBlaster stops certain ActiveX
CLSIDs from working by setting a "kill bit" in the
Windows registry. This will stop ActiveX drive-by installations
from programs that use those numbers, as well as preventing
software already installed from running if they use that CLSID.
Install Browser
hijack blaster This is another download site: Browser
Hijack Blaster. This program will watch for alterations to
the home page, default page and search page as well as watching
for Browser Helper Objects being installed. If it detects a
change, it immediately will pop up a warning and ask if you wish
to allow the change. Another freeware WinPatrol is recommend.
Downloads from http://www.winpatrol.com WinPatrol
Periodically scan with antispyware and antivirus software.
Spybot
Search & Destroy is good for antispyware and Nod32
is good for antivirus.
PC World Class Award 2004 considers SpyBot Search & Destroy the Best Anti-Spyware Scanner.
Download
Spybot S&D,
from http://www.safer-networking.org.
Install
help for Spybot S&D is available from www.tomcoyote.com.
Download another anti-spy program
Ad-adware
6.0
from www.Lavasoft.de.
Secure Outlook email program
Disable
the preview pane if you use Outlook or Outlook Express. Simply by
highlighting an email while the preview pane is active, even to
delete it, could activate any scripting in that email. Visit
TomCoyote's site for instructions
on doing this.
Cool Web Search is a trojan that
installs the about:blank and other variants..
CWS
is a trojan that hijacks Internet Explorer start and search
settings to one of several different web sites. Most of these web
sites appear to have an affiliate relationship with
coolwebsearch.com in which coolwebsearch pays them for every
visitor they refer. . CWS hijack sets Internet Explorer to use a
custom style sheet containing javascript that opens a pop up
window. Different dll file names are copied to the
\windows\system32\ folder. Even if you fix the hijack, this file
will reinstall it the next time it is loaded. The variants
hijacks the Internet Explorer's SearchHook and. redirects all
search and start page settings. More variants install a small web
server, contained in a file named svchost32.exe. It adds several
google addresses, search.yahoo.com, and search.msn.com to the
HOSTS file, telling windows that the IP addresses for those sites
is at 127.0.0.1, where it is hiding. The trojan lists the
hijacker's web site into Internet Explorer's trusted security
zone. This allows that web site to have virtually unlimited
access to the system files in the computer...
Merijn has produced freeware CWS removal programs. Following
are downloads from
http://www.spywareinfo.com/~merijn/cwschronicles.html
CWShredder
another download
HijackThis
another download
Sometimes spyware will prevent downloads, then use these
direct downloads.
CWShredder
direct download
HijackThis
direct download
If you are getting 'Unexpected error'
about a missing
MSVBVM60.DLL, install the
Visual Basic 6 runtime libraries from Microsoft
CWShredder
does not include all hidden dll about:blank variants,
Use the
PV.ZIP fix from Shadowwar below. The PV.ZIP fix Shadowwar was
created to remove all dll variants of trogan about:blank.
Download pv.zip
from www.zerosrealm.com
Clean the Windows Registry of temporary hidden directories and
files. Use the register clearner, EasyCleaner
from www.toniarts.com.
Specific file entries can be removed using
Register Lite from www.resplendence.com.
Be wary of other Spyware and Adware
removers that popup on your computer.
Some are
spyware programs themselfs. They will show you a list of spy
programs you have. but will not remove them unless you pay them.
They want to take your money and run. Few of them are not
effected removers and sometimes damage your system.
|