Contact Spyware with an Anti-Spy UtilityAfter spyware has installed itself, there are three distinct investigative steps to resolve the problem:
How do you know if your computer has been affected by spyware? If Browser toolbars and other BHOs appear, your browser home page is changed, or you can't access your Web browser The program that serves as your front end to the Web on the Internet. In order to view a site, you type its address (URL) into the browser's Location field; for example, www.computerlanguage.com, and the home page of that site is downloaded to you. configuration settings, then it is likely. Step 1: Location The easiest way to locate hidden spyware is to investigate the mechanisms spyware uses to hide and do its work. An easy way to verify communication is occurring is to view all of the current, active network connections on your computer using Active Ports. Active Ports is an essential tool that lists all incoming and outgoing connections for all the active network connections, such as your Internet dial-up or broadband connection See broadband and wireless broadband. . Another favorite spyware trick is to fill up your hosts file with invalid entries for valid Web sites. When you type a URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. (Uniform Resource Locator See URL. (World-Wide Web) Uniform Resource Locator - (URL, previously "Universal") A standard way of specifying the location of an object, typically a web page, on the Internet. Other types of object are described below. ) into your Web browser, such as http://www.cnet.com, the Windows network A local area network (LAN) made up of Windows clients and servers. Starting with Windows for Workgroups 3.1 in 1992, all versions of Windows have built-in networking. See Windows and NetBEUI network. stack uses various methods to resolve the FQDN (Fully Qualified Domain Name) The complete domain name for a specific computer (host) on the Internet. It provides enough information so that it can be converted into a physical IP address. The FQDN consists of host name and domain name. For example, www. (Fully Qualified Domain Name, for example www.cnet.com) into an IP address. If spyware is running, it will invariably in·var·i·a·ble adj. Not changing or subject to change; constant. in·var  i·a·bil show up as a process on your computer. Fortunately, the filenames and Registry keys used by all but the newest spyware are well known -- thanks to the efforts of antispyware researchers.
Step 2: Diagnosis The next step in the process is to make a final diagnosis. Fortunately, there are plenty of great antispyware utilities available, most of them free. Spybotis an all-purpose antispyware tool, and has been voted both CNET Best Anti-Spyware utility and one of the CNET Top 10 programs on Download.com. It can fix both Web browser-based spyware and application-based spyware, as well as remove usage tracks from applications and immunize im·mu·nize v. 1. To render immune. 2. To produce immunity in, as by inoculation. im your computer against future infection. HijackThisis an interesting antispyware tool in that instead of attempting to detect rogue applications as Spybot does, it targets the methods used by spyware to infect a computer. This means that it will find and list absolutely every program using these methods, regardless of legitimacy. As you learned in Lesson 1, spyware often uses the same features and flaws that legitimate applications use to provide their functionality. Although Spybot may have given you a list of the spyware it found, you shouldn't just jump straight in and remove it. Some spyware masquerades as a different type of spyware, and incorrect detection doesn't result in correct removal. The mantra for this stage is search, search, search again, and search a little bit more to be sure. Although Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. zones aren't a reliable security mechanism, they do provide some protection. Place the Web sites you know and trust into the Trusted Sites zone, and increase the security on the Internet zone. Internet Explorer uses the Internet zone for any Web site that isn't listed in one of the other zones; therefore, its security settings apply to the majority of sites you visit. As a minimum, make sure all the ActiveX and Active Scripting features are disabled. If practical, consider switching to another Web browser such as Firefox. Step 3: Removal Although antivirus software isn't designed to catch spyware, most desktop packages catch the methods spyware uses to infect your computer. This mainly happens through the Web browser cache -- when your browser downloads a Web page and stores it on disk, antivirus software intercepts the page as it's stored and analyzes it for viruses. Many JavaScript security exploits are categorized as viruses, so your antivirus software can also act as a warning system. GriSoft AVG AVG Average AVG American Volunteer Group (Flying Tigers) AVG Antivirus Grisoft (software) AVG Arteriovenous Graft AVG Angestelltenversicherungsgesetz (German Insurance Law) is an excellent free antivirus suite. Spybot can immunize your system against spyware. By setting various Registry keys and creating dummy files, Spybot immunization immunization: see immunity; vaccination. can fool a significant amount of spyware into thinking it's already installed, preventing it from really infecting your computer. Spybot also includes a BHO BHO Browser Helper Object BHO Bundeshaushaltsordnung BHO Barack Hussein Obama BHO Bhopal, India (airport code) BHO British History Online BHO Banjo Hangout (website) BHO Battle Handover that watches Web page requests within Internet Explorer. If it detects an attempt to load a known adware-based usage tracker, it will prompt you whether you want to allow it to continue. Spyware is a nasty trend that needs to be stopped immediately, but it does have an upside. One of the most interesting and challenging areas of research is trapping, analyzing, and defeating new spyware. We all rely on the dedication of the people who do this work for free, making it possible for everyone else to remove and avoid spyware. Most researchers start with a dedicated computer that has a basic installation of Windows, as well as a few common antispyware tools. They then take a snapshot of the operating system using a setup wizard creation tool (for example, Masai Editor), and then deliberately infect the computer with the spyware target. The setup tool is run again, and produces a difference file that lists all the changes that occurred since the previous snapshot. This immediately allows the researchers to understand what changes the spyware has made. 
|
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion