In the Forums...
Posted: January 2, 2003
Written By: Dan "Tweak Monkey" Kennedy
Where do they come from? How can I fight back?
Adware and spyware usually come to your PC three ways, listed from most common to least:
1) File sharing programs such as KaZaA, Morpheus, Bearshare, Grokster, and Limewire. Almost any free file sharing program out there will install Adware on your computer except a few (such as a stripped version of "Kazaa Lite").
2) Internet sites that attempt to install plug-ins or extra features. It's hard to decide which of these are bad and which are actually beneficial, but for the most part, if you're reading a site you know is not as well established as another (comparing a Geocities hacking site to Microsoft.com, for example), be careful about installing add-ons. When you first visit the site, boxes might pop-up telling you to install the "Comet Cursor" or "Gator advertising Network". Some users either accidently click "Yes" or just click it to make it go away. Be very careful if the corporation is not one you haven't heard of!
3) Installed with legitimate programs. I have seen Spyware install with software that appears to be legitimate, including game demos and ISP software. Be careful of what you install and always choose "Custom" installs to see what kind of crap people package with their software.
How can I fight back?
It's not easy. The best thing you can do for now is remove the Spyware, Adware, and Messages. You probably will not be able to find the original source of the problem so nobody will be held responsible. Boycott the file sharing programs that install these backdoor programs or download Lite versions. Help others remove Spyware and be careful in the future with your PC.
Know Your Enemy
Windows 95/98/Me: Just hit CTRL-ALT-Delete and scan for the Spyware types mentioned below.
Windows 2000/XP only:
In order to conquer Spyware, you must first know the names of the programs. Close any program you can in your system tray (bottom right corner) and close any programs you have open except this Window (unless it's printed). Now hit CTRL-ALT-Delete and click the "Processes" Tab. With everything closed, you should have less than 20 programs open, even less if you have disabled your virus scanner for this test.
The programs you should see include: -taskmgr.exe
-svchost.exe (even 4 or 5 of it)
System Idle Process
A nice clean list.
Other programs running are fine as long as you know what they go to. For example a file that begins with "NV" is probably an Nvidia display driver or application and any program that begins "NAV" is probably Norton Antivirus.
If you see many other programs such as "Dialer", "Freeaccess", "Offer", "Save*", "GATOR", "Newdotnet" (or New Net, New.net), "Xupiter", "Shop*", "Ad*", "Bargains", "NewsUPd", prepare to nuke them.
Now, let's remove this junk!