Posted on 12/21/2004 2:39:48 AM PST by goldstategop
Spyware used to be defined as applets, cookies or any other method used to collect statistics on your browsing habits. Gone are the days of such a benign interpretation. Spyware has evolved into a problem that surpasses those posed by traditional worms, viruses and Trojans.
Today, these once relatively innocuous apps have evolved from anonymous, and often invisible, traffic statistics gatherers into beasts capable of crippling your PC's performance by installing unwanted toolbars, pop-up ads, desktop icons and many other nuisances.
If that's not bad enough, some Spyware will modify system files, change security zone settings, keylog your sessions, spawn Trojans and change start page settings. Today, the term "spyware" is, in my opinion, synonymous with virus, and as usual, you have been left to deal with this on your own.
How did this happen?
Like many age-old schemes, the desire for easy money has driven spyware development into the darkest corners of the Internet. Unscrupulous individuals use flaws in the Windows operating system in combination with Microsoft's browser, Internet Explorer, to distribute their wares, or more accurately, infect your machine.
Countless types of applications, browser helper objects, cookies and bots are now competing for your finite system resources in order to pitch pop ups, report your internet activity, modify OS settings and steal personal information. Simple site statistics are no longer sufficient to sustain the beast.
Spyware companies are making millions of dollars by evading laws, finding loopholes, exploiting vulnerabilities and making their products resistant to removal. When compared to what we all know as a traditional virus, spyware is much worse because viruses are not nearly as tenacious when it comes to re-propagation or resistance to removal.
This may sound like the work of evil, globally dispersed hacking networks but many spyware developers are operating within U.S. borders without so much as a hiccup from the legal system. Although as of late, the spyware problem has generated some rumblings on Capitol Hill.
Another punch to the gut is that it is very easy to track who is benefiting from your pain. Spyware partners are typically paid on a, 'per installation' basis. This means that there is a unique ID associated with each installation so that the partner can get paid. This information is easily acquired, yet no one is doing anything about it.
To further entertain us, Spyware companies are very shrewd and typically add verbiage on their sites to make you believe that all their software is installed only with your consent. What's even more hilarious is how the worst offenders have anti-spyware animations running on their sites.
If you look closely you would almost believe that you are reading a legitimate EULA when in fact, you're reading deceptive or flat out inaccurate information. Many of them tell you that the apps can be easily uninstalled using the add/remove programs feature in Windows. In my experience, this does not work. In fact, there have been times when I have seen what appears to be a complete uninstall only to find that the Spyware is still operating in the background.
My anti-virus suite will surely help me, won't it?
No. If you look at this from the standpoint of AV providers, there is no financial benefit, thus, there is no motivation to add spyware removal features.
Many of the best removal tools are freely available for download. It does not make sense to attempt to develop something better than people already expect for free. Additionally, it is much harder to keep up with spyware than worms, viruses and Trojans because most of the aforementioned were not designed for financial gain and were typically developed by loose bands of unfunded hacking groups to prove a point.
When compared to the financial forces that are backing spyware, the cost to AV companies to keep up would be astronomical. Without a significant increase in product costs, AV companies cannot allocate resources to battle what has become the new front on the assault of your Internet experience.
I have a personal firewall and I patch my system all the time. Shouldn't I be safe?
Absolutely not. For openers, Microsoft is slow to deliver patches in relation to the speed and efficiency that malware developers disseminate their apps. Statistics show that browsing a single site can yield over a dozen infections.
What's worse is that Browser Helper Objects (BHOs) are invisible to personal firewalls. The traffic is seen as originating from your browser, not the malicious helper. Spyware developers know precisely how personal firewalls behave and their apps are written to take advantage of allowed protocols and applications. Adding insult to injury, spyware uses Microsoft's own zone security model against them by simply placing malicious sites in Internet Explorer's trusted zone.
OK so which spyware removal tool is the best?
There is no single tool out there that can rid you of your troubles. Typically, running two or three different scanners will yield different results. A popular tag team approach to vanquishing the unwelcome code includes installing both Lavasoft's Adaware and Spybot Search and Destroy.
Also, detecting spyware is completely different from removing it.
As of late, spyware makers have started delivering apps that cannot be removed with automated tools so even if you ditch IE in favor of an alternate browser you may still find yourself spending hours trying to remediate infections. Sadly, users end up lost in search engine results and scanning forums hoping to find a remediation process that worked for other poor souls.
In some cases, a complete OS reinstall is quicker than bearing this pain. You may also find yourself victimized by your own desire to remove spyware. Some crooked coders have actually developed what look to be legitimate spyware scanners, which are, in fact, spyware propagators.
What can we do?
Sadly, the funding that's fueling spyware development is far greater than the funding devoted to stopping it. Until the playing field evens out, spyware is going to continue to invade our privacy, steal information and cause financial and personal loss.
For now, the best thing you can do is visit trusted sites and be vigilant about scanning your machine with a variety of anti-spyware tools. Keep in mind that most bona fide removal tools are developed by independent groups of developers and small development firms. Paying for anti-spyware software is not an indicator that you are getting a superior product over free, open source alternatives.
Look on the Internet for a shell.dll on one of the legit dll file sites and install it in the appropriate Windows folder. It ought to resolve your issue.
____________________________
Today, these once relatively innocuous apps have evolved from anonymous, and often invisible, traffic statistics gatherers into beasts capable of crippling your PC's performance by installing unwanted toolbars, pop-up ads, desktop icons and many other nuisances.
The best way to stop pop ups is to download a HOSTS file and install it to the Windows System 32 folder. Use Spybot to make it read only. It will stop pop ups from loading even better than pop up blocker software will for Windows will check the hosts file before connecting to a site that it determines is ad-ware related. Also good for avoiding connections to infected sites on the Web.
BTTT
I recommend Xandros 3.0. Windows like and the easiest Debian Linux distro for newbies to install and maintain. Even all the names have been changed to make getting around the operating system as painless and familiar as possible. In addition, with the Deluxe Version, you can run Windows applications with Crossover Office. http://www.xandros.com
Yes an excellent read, we should use it to educate some of our users who still complain about us blocking downloads.
Though I must disagree with some of the authors points, many vendors now are treating spyware as the threat it is and include signatures to detect and remove spyware along with viruses. Trend Micro for one does this, as we use their corporate product for our desktops. Our gateway devices, Fortinet A/V firewalls, also detect spyware along with viruses, SPAM etc.
Of course you still need to be running Spybot AND Ad Aware, but even then sometimes you get some nasty stuff that neither will remove and the only recourse is reload. I'm more tempted nowadays to just reload anyway even if all scans come clean, you can never really know what evil has been embedded in your system.
A Good Word. Thanks.
One of he biggest computer challenges I have these days is figuring out the best migration path to Linux for those people who ask me to solve all their Windows woes!
ping
You can do it manually. You can get a hosts file here and replace the one on your PC for FREE. http://www.mvps.org/winhelp2002/hosts.htm
I'm going to have to print out this thread and think about buying a new computer. I still have Windows 98. I've been avoiding it because I'm not on the computer that much, and when I am, I usually only go to FR. I think I picked up spyware because I was researching weddings. (I had two daughters get married within the past year.)
I put that in the bag for when my current freeware expires. Thanks.
THanks much!!! Will try it.
There's a lot of programs that will help. Go over the suggestions listed - try them all, even the ones that cost $ usually have a 30 free trial.
Does the missing file interfere with anything? If not, its probably part of the infection and no big thing. Im no expert, I learn from trial and error.
Ping for later reference
bump
I have just this week cancelled my internet at home. I spend most of my time getting rid of all sorts of crap that I manage to 'collect' while on. It has turned into just a ROYAL pain in the ass.
Do you REALLY need internet at home? You can do anything you need to do at work (during lunch hour) anyway and not worry about your bank account, credit cards, etc. etc. getting hacked due to company installed state of the art internet proctection applications.
no more home internet for me thank you. BEGONE!
I could use some advice, please. (Win 98, broadband, Firefox).
I update and run Norton Internet Security and Anti Virus regularly.
Spyware programs: Ad-Aware, Spybot, XoftSpy, and Adware Filter (This seems to find the most bugs). I've also recently used HijackThis to clear up a problem (with help from the geeks at I Am Not a Geek website).
I run Windows Update regularly. (When I go there it says "there are no critical updates". But in the left column there are always downloads available. Are those "non critical"? How do I know which ones to download?)
Here's my problem:
Norton Internet Security ran overnight and listed the following adwares...but didn't give me the option to delete or quarantine them, despite saying they are a threat....
NNEZTA388.exe
Trickler3103.PIC fs dempt 3103.exe
Wloxkr.exe
I searched around and found that Trickler is associated with Gator. NNEZTA388 has something to do with a screensaver I downloaded, then removed. I don't know what Wloxkr is.
I ran all my spyware programs and found a few items to delete. Then I scanned again with Norton and the same 3 "threats" showed up...with no option to remove them.
Any suggestions?
Have you run Spybot? If they show up and Spybot can't fix them - click the location to jump to the Registry to manually delete the keys.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.