How to Find, Remove and Prevent Spyware, Internet Intruders, and Pop-Ups

Introduction

Internet Intruders are unwanted software that is installed while surfing the Internet, and that typically uses the Internet in the process of exploiting the user and the user's machine. Typically such software is installed without the user's full awareness of the consequences of such an install (although the user might have been given some notice of what would happen). Such software is typically difficult to manually detect, and difficult to remove. It usually compromises some combination of the user's privacy, the confidentiality of the user's information, or the user's productivity. Productivity is compromised when frequent ads popup, when bandwidth and storage space is consumed, when pages load more slowly, etc.

 


Spyware is one of the most typical Internet intruders. Spyware, is any product that employs a user's Internet connection in the background without their knowledge, and gathers/transmits info on the user or their behavior. Many spyware products will collect referrer info (information from your web browser which reveals what URL you linked from), your IP address (a number that is used by computers on the network to identify your computer), system information (such as time of visit, type of browser used, the operating system and platform, and CPU speed.) Spyware products sometimes wrap other commercial products, and are introduced to machines when those commercial products are installed.

Trojans, also known as RATS (remote access Trojans), is another type of Internet intruder. Like the horse of old, a trojan carries with it an unexpected surprise. Trojans do not replicate like a virus, but they do leave behind a program that can be contacted by another computer. From there, they can do just about anything. While it's possible a trojan can be used to take control of a computer, the most common trojans are dialer programs. Dialers are used without your knowledge to make international or premium calls (900-type numbers) from your PC. That's more than an annoyance; it can get expensive.

Trojans are most often hidden in games and other small software programs that unsuspecting users download then unknowingly execute on their PCs. Two common trojans are known as Back Orifice and SubSeven.

Adware is software that displays advertisements to computer users. Some of the most strict definitions of adware include applications that are sponsored for their free use. For example, Gator is one adware that collects users information in exchange for its free use.
 

Spyware's Symptoms

Spyware, trojans and adware contact other computers, and each of them is program of its own, therefore they use system resources such as CPU cycles, memory and an Internet connection.

Slower Computer Speed

There are several reasons your computer may be running slow, but if you use it on a regular basis, then you're familiar with their normal speed. Older computers tend to run slower. Some applications cause computers to run slower. Computers are machines, they do not have moods. A sudden change in how your computer is running could be a sign of spyware or adware.

E-Mail Symptoms

If you're getting a lot of bounced back mail and see evidence of e-mails being sent without your knowledge, then it's possible that trojan spamware has found its way onto your computer. Spamware is a trojan that can turn your computer into a spam launching pad and create headaches for unknowing computer users, especially if a virus is sent. Even if your computer is not being used to send spam, trojans can steal a copy of your e-mail address book and send it back to a spammer.

Abnormal Behaviors

Victims of some trojans report CD drives opening and shutting, or programs opening and closing.  These are all signs a program may be up to no good in the background.

Offline Symptoms

Keyboard loggers can capture passwords and user names, so if the bank, brokerage or credit card accounts you access online appear to have been tampered with, your computer may be a place to start looking for clues. User names and passwords to e-mail and Web-based applications are also vulnerable.
If you have any reason to believe someone is interested in tracking what you do online, scan for spyware regularly.

Pop-Up Advertisements

If the following signs are present, it might be an indication that you are infected with Adware or spyware.

-- Ads pop-up on your desktop or over offline applications such as a word processor
-- Ads pop-up when you visited a Web site or open a new Web page.
-- Pop-ups appear after you visited hacker sites or pornographic sites.
-- The pop-up ads are targeting on terms you have searched recently .

Locating Internet Intruders on Your PC

To locate Internet intruders, your first stop should be the Add/Remove Programs section of your Windows Control Panel (Start Menu --> Settings --> Control Panel). You should also check the Windows Start-Up Folder (C:\Documents and Settings\All Users\Start Menu) to see if any programs have been added.

Evidence of spyware infestations can also be found in your computer's registry. It is recommended that only experienced computer users change the registry, and there are registry editors available that help makes changes when they are needed. There are also registry monitors that keep track of which applications are accessing your computer's registry.

Removal of Internet Intruders

One of the first things you should do if you find a trojan or spyware on your computer is disconnect it from the Internet. It is probably not enough to just close a browser session; you should pull the phone line out of the wall or disconnect the modem so your computer is not connected to any network.

Spyware and Adware Scanning Software

The easiest way to find and remove spyware and adware is with scanning software. Anti-spyware software is not the same as anti-virus software, although some anti-virus packages will detect some known spyware programs. The good news is that some of the most functional anti-spyware and anti-adware software is free.

Anti-spyware software works in much the same way as anti-virus software. It scans your computer's hard drive and looks for files associated with known spyware and adware programs. After the scan, the software usually displays or quarantines potential problems and allows users to decide what should be removed. As mention earlier, definitions vary and your tolerance to certain advertising-related cookies may be high.

Like anti-virus software, anti-spyware software relies on databases of known rogue programs that must be updated. Regardless of which anti-spyware package you decide to use, make sure you understand how and when it updates so you are protected against the newest pests. Also check any type of spyware or adware removal programs with the spyware databases. A program called SpywareNuker claims to be a removal program, but has been reported to be spyware itself.

Some anti-spyware software may specialize in locating only keyloggers, for example, so read the features before you use it.

Other Removal Options

You can always check the Add/Remove Programs section of Windows to see if any adware or spyware is listed. Some of the quasi-legitimate adware programs may include uninstallers, but malicious pests do not.

There is a fairly complete list of adware programs, what they do, and how to manually remove them (if possible) at http://doxdesk.com/parasite/.

Blocking Pop-Up Ads

One way to avoid the potential danger lurking behind pop-up ads is to install software that blocks them. Many ISPs offer tools to stop pop-ups from appearing. The Mozilla browser does not allow pop-ups. The Google Toolbar also blocks pop-up ads.

There are numerous programs that block pop-ups. Before installing them, research the developer and the company to make sure they are legitimate. Also be sure to note how they effect your system. Some pop-up blockers may discourage new windows, such as instant messages being sent to you, from opening.

Click here for a list of pop-up blocking software:

 http://www.webattack.com/Freeware/misctools/fwpopblock.shtml.

Windows Messenger Pop-Ups

One relatively new form of pop-up that has been annoying Internet users with potentially dangerous effects is spam being sent using the Windows Messaging feature in Windows XP. This is not the instant messaging software that is used by millions of computer users, but rather an administrative tool that is meant to be used by systems administrators to contact users.

While there are utilities that claim to stop such pop-ups, the Windows Messenger feature is relatively easy to disable. To disable the Windows Messenger in Windows XP:

In Windows XP --> Control Panel --> Administrative Tools. Double-click Services. Double-click

Messenger. In the Startup type list, choose Disabled. Click Stop, and then click OK.

Prevention of Internet Intruders

Safe E-Mailing

You probably know that opening spam or any e-mail from persons unknown or with an unexpected attachment is unwise. In addition to viruses, RATS and other programs can be present in e-mail attachments. Web sites advertised in unsolicited e-mail can try to plant dialers or other types of pests on your computer.

If you use Outlook or Outlook Express for your e-mail, there are some settings you can adjust to make your e-mail safe from spyware and viruses. The Preview Pane, which lets you view an e-mail while keeping your mailbox on the screen, has been a cause of concern among e-mail users, especially if you have scripting or ActiveX enabled. By automatically opening e-mails, there are reports of viruses spreading, such as the KAK-Worm. Malicious content like the KAK-Worm exploits security holes in the software, so enabling or disabling the Preview Pane is not the ultimate issue. Keeping up with patches and security fixes is a better long-term solution.

To disable the Preview Pane in Outlook, click on the View menu. For more information on securing Outlook and Outlook Express, read this: http://www.tames.net/security/oesettings.htm

Safe Surfing

Be careful what you download. Read all dialogue boxes carefully and close anything that looks suspicious. When closing dialogue boxes or pop-up advertisements, be sure to use the proper "X" to close the window. The Web is full of ads that feature mock "Xs" or "Close" or "OK" buttons within the ad. Clicking on them actually clicked on the ad itself. If you're not sure how to safely close a window that has opened in your browser, right click on the window in your Windows Taskbar (usually at the bottom of your display) and click on "Close."

Some ads that appear online attempt to pass themselves off as security alerts or messages from tech support (these are called FUIs, or Fake User Interface, ads). If you're using a computer within an organization, communicate with your tech support staff if you're unsure whether a message is legitimate, and familiarize yourself with how tech support communicates with the computer users in your organizations.

 

More Resources

Pestware 101

CEXX.org Spyware Discussion Boards

Deflecting Assaults on Privacy

 Dealing with Sneaky, Slimy Malware
 


This article is copyrighted by Los Angeles Chinese Learning Center, a non-profit organization in Los Angeles, California.  For more computer related articles, please see our computer article collection. Please contact us if you have suggestions for improvements or additions to this article.