How to Find, Remove and Prevent Spyware, Internet Intruders, and Pop-Ups
Internet Intruders are unwanted software that is installed while surfing the Internet, and that typically uses the Internet in the process of exploiting the user and the user's machine. Typically such software is installed without the user's full awareness of the consequences of such an install (although the user might have been given some notice of what would happen). Such software is typically difficult to manually detect, and difficult to remove. It usually compromises some combination of the user's privacy, the confidentiality of the user's information, or the user's productivity. Productivity is compromised when frequent ads popup, when bandwidth and storage space is consumed, when pages load more slowly, etc.
Trojans are most often hidden in games and other small software programs that unsuspecting users download then unknowingly execute on their PCs. Two common trojans are known as Back Orifice and SubSeven.
Adware is software that displays advertisements to
computer users. Some of the most strict definitions of adware include
applications that are sponsored for their free use. For example, Gator is one
adware that collects users information in exchange for its free use.
Spyware, trojans and adware contact other computers, and each of
them is program of its own, therefore they use system resources such as CPU
cycles, memory and an Internet connection.
Slower Computer Speed
There are several reasons your computer may be running slow, but if you use it on a regular basis, then you're familiar with their normal speed. Older computers tend to run slower. Some applications cause computers to run slower. Computers are machines, they do not have moods. A sudden change in how your computer is running could be a sign of spyware or adware.
If you're getting a lot of bounced back mail and see evidence of e-mails being sent without your knowledge, then it's possible that trojan spamware has found its way onto your computer. Spamware is a trojan that can turn your computer into a spam launching pad and create headaches for unknowing computer users, especially if a virus is sent. Even if your computer is not being used to send spam, trojans can steal a copy of your e-mail address book and send it back to a spammer.
Victims of some trojans report CD drives opening and shutting, or programs opening and closing. These are all signs a program may be up to no good in the background.
Keyboard loggers can capture passwords and user names, so if the bank, brokerage or credit card accounts you access online appear to have been tampered with, your computer may be a place to start looking for clues. User names and passwords to e-mail and Web-based applications are also vulnerable.
If you have any reason to believe someone is interested in tracking what you do online, scan for spyware regularly.
If the following signs are present, it might be an indication that you are infected with Adware or spyware.
-- Ads pop-up on your desktop or over offline applications such
as a word processor
-- Ads pop-up when you visited a Web site or open a new Web page.
-- Pop-ups appear after you visited hacker sites or pornographic sites.
-- The pop-up ads are targeting on terms you have searched recently .
Locating Internet Intruders on Your PC
To locate Internet intruders, your first stop should be the
Add/Remove Programs section of your Windows Control Panel (Start Menu -->
Settings --> Control Panel). You should also check the Windows Start-Up Folder
(C:\Documents and Settings\All Users\Start Menu) to see if any programs have
Evidence of spyware infestations can also be found in your computer's registry. It is recommended that only experienced computer users change the registry, and there are registry editors available that help makes changes when they are needed. There are also registry monitors that keep track of which applications are accessing your computer's registry.
Removal of Internet Intruders
One of the first things you should do if you find a trojan or spyware on your computer is disconnect it from the Internet. It is probably not enough to just close a browser session; you should pull the phone line out of the wall or disconnect the modem so your computer is not connected to any network.
Spyware and Adware Scanning Software
The easiest way to find and remove spyware and adware is with
scanning software. Anti-spyware software is not the same as anti-virus software,
although some anti-virus packages will detect some known spyware programs. The
good news is that some of the most functional anti-spyware and anti-adware
software is free.
Anti-spyware software works in much the same way as anti-virus software. It scans your computer's hard drive and looks for files associated with known spyware and adware programs. After the scan, the software usually displays or quarantines potential problems and allows users to decide what should be removed. As mention earlier, definitions vary and your tolerance to certain advertising-related cookies may be high.
Like anti-virus software, anti-spyware software relies on databases of known rogue programs that must be updated. Regardless of which anti-spyware package you decide to use, make sure you understand how and when it updates so you are protected against the newest pests. Also check any type of spyware or adware removal programs with the spyware databases. A program called SpywareNuker claims to be a removal program, but has been reported to be spyware itself.
Some anti-spyware software may specialize in locating only keyloggers, for example, so read the features before you use it.
Other Removal Options
You can always check the Add/Remove Programs section of Windows to see if any adware or spyware is listed. Some of the quasi-legitimate adware programs may include uninstallers, but malicious pests do not.
There is a fairly complete list of adware programs, what they do, and how to manually remove them (if possible) at http://doxdesk.com/parasite/.
Blocking Pop-Up Ads
One way to avoid the potential danger lurking behind pop-up ads
is to install software that blocks them. Many ISPs offer tools to stop pop-ups
from appearing. The Mozilla browser does not allow pop-ups. The Google Toolbar
also blocks pop-up ads.
There are numerous programs that block pop-ups. Before installing them, research the developer and the company to make sure they are legitimate. Also be sure to note how they effect your system. Some pop-up blockers may discourage new windows, such as instant messages being sent to you, from opening.
Click here for a list of pop-up blocking software:
Windows Messenger Pop-Ups
One relatively new form of pop-up that has been annoying
Internet users with potentially dangerous effects is spam being sent using the
Windows Messaging feature in Windows XP. This is not the instant messaging
software that is used by millions of computer users, but rather an
administrative tool that is meant to be used by systems administrators to
While there are utilities that claim to stop such pop-ups, the Windows Messenger feature is relatively easy to disable. To disable the Windows Messenger in Windows XP:
In Windows XP --> Control Panel --> Administrative Tools. Double-click Services. Double-click
Messenger. In the Startup type list, choose Disabled. Click Stop, and then click OK.
Prevention of Internet Intruders
You probably know that opening spam or any e-mail from persons unknown or with an unexpected attachment is unwise. In addition to viruses, RATS and other programs can be present in e-mail attachments. Web sites advertised in unsolicited e-mail can try to plant dialers or other types of pests on your computer.
If you use Outlook or Outlook Express for your e-mail, there are some settings you can adjust to make your e-mail safe from spyware and viruses. The Preview Pane, which lets you view an e-mail while keeping your mailbox on the screen, has been a cause of concern among e-mail users, especially if you have scripting or ActiveX enabled. By automatically opening e-mails, there are reports of viruses spreading, such as the KAK-Worm. Malicious content like the KAK-Worm exploits security holes in the software, so enabling or disabling the Preview Pane is not the ultimate issue. Keeping up with patches and security fixes is a better long-term solution.
To disable the Preview Pane in Outlook, click on the View menu. For more information on securing Outlook and Outlook Express, read this: http://www.tames.net/security/oesettings.htm
Be careful what you download. Read all dialogue boxes carefully and close anything that looks suspicious. When closing dialogue boxes or pop-up advertisements, be sure to use the proper "X" to close the window. The Web is full of ads that feature mock "Xs" or "Close" or "OK" buttons within the ad. Clicking on them actually clicked on the ad itself. If you're not sure how to safely close a window that has opened in your browser, right click on the window in your Windows Taskbar (usually at the bottom of your display) and click on "Close."
Some ads that appear online attempt to pass themselves off as security alerts or messages from tech support (these are called FUIs, or Fake User Interface, ads). If you're using a computer within an organization, communicate with your tech support staff if you're unsure whether a message is legitimate, and familiarize yourself with how tech support communicates with the computer users in your organizations.
CEXX.org Spyware Discussion Boards
Deflecting Assaults on Privacy
Sneaky, Slimy Malware
This article is copyrighted by Los Angeles Chinese Learning Center, a non-profit organization in Los Angeles, California. For more computer related articles, please see our computer article collection. Please contact us if you have suggestions for improvements or additions to this article.