1 Jun 05
How Malware gets on your computer
Malware sneaks onto your computer several different ways. Most of it gets installed bundled with software that you voluntarily download and install onto your computer because it claims to speed up the computer, fix problems, allow you to view a special file, or add some functionality. Most of this software doesn't do what it claims, and will in fact slow down your computer and cause problems because of the malware that is bundled with it.
Some programs even claim to remove malware from your computer, when, in fact, it installs more. Malware can also masquerade as "updates" for your computer or use a similar trick to convince you to click on a pop-up add or download a program, so be sure to only get updates from trustworthy places.
Another common way that adware and spyware gets on computers is through peer-to-peer file sharing programs. Kazaa, for example, uses Cydoor and GAIN adware programs to deliver advertisements. When you install Kazaa, you also install Cydoor and GAIN, which then deliver pop-up advertising to your computer. Many other P2P file-sharing programs, including Ares, have similar adware bundled with them. For a spyware free peer-to-peer file sharing solution, check out my Guide to BitTorrent.
Browser toolbars, such as the dreaded Hotbar, are another common source of adware and spyware. These toolbars sit at the top or your browser window and offer tools that enhance your browsing experience. Usually they provide a search box, allowing you to do an internet search right in the toolbar. They may also provide bookmarks or other functionality.
Unfortunately, they almost always come with undesired functions, such as reporting your browser habits back to some central source or displaying advertisements. Hotbar, for example, tracks the web sites you visit and reports them for marketing purposes. If you need the functions that these toolbars offer, use Firefox as your browser and find an extension that suits your needs (more on Firefox later.)
The first thing is to take your computer back by removing the adware and spyware that has infected your computer. The good news is that the two best anti-adware programs I know of are free.
Spybot Search & Destroy
The first program is called Spybot Search and Destroy. The project was started by one gentleman with a special interest in privacy. A small group maintains the program and distributes it on their web site for free. They do ask for a nominal donation from the bottom of your heart, but it isn't required.
Spybot's focus is on accuracy. The program aims to remove all the spyware that it can find on your computer without any false positives. A false positive is when an anti-adware program identifies a legitimate file as spyware when it shouldn't. False positives are a pet-peeve of the Spybot team, and they work very hard to avoid them. You can be certain that when Spybot identifies a file, it really is a malicious file.
The program is easy to install, easy to use, easy to update, and most importantly, its effective. It eliminates the adware currently on your system and blocks it from coming back. The newest version also offers real-time protection by blocking adware programs as they try to install themselves, warning you if anything acts out of turn. You can download Spybot from their downloads page.
After you download the file, double click it to install it. The installation is straight forward. The first time you run the program, it should ask you to update the program and make some back-ups. Just follow the directions it provides. You only have to do that once.
From then on, try to run the program about once a week. Every time you run it, get all the available updates first (through the "search for updates" feature inside the program.) Then, use the immunize feature, which blocks known bad programs. Finally, run a scan. That should keep your computer free of all adware and spyware.
As good as Spybot S&D is, it’s a big internet out there. In order to keep all your bases covered, you might need a secondary program. I recommend Adaware SE Personal by Lavasoft. Also easy to install, update, and run, Adaware will easily mop up anything that Spybot doesn't cover.
Adaware's focus is on completeness. Lavasoft really wants to get all the adware and spyware off your computer, and they use very aggressive scanning to get the job done. They feel that your privacy is worth a few false positives. The result is a very through scan of your computer. Just make sure you look the list of files it identifies over for false positives or you may loose access to a file you actually wanted.
Some malware can use nasty tricks to reinstall itself after you remove it. If you are having trouble getting rid of a particularly bad infection, try this:
Safe Mode only loads the minimum programs your computer needs to run. That should keep the malware programs from running in the background and reinstalling themselves while you remove them. If that still doesn't work, you will have to search online for a way to get rid of that specific malware program. You could also try some of the other programs listed below.
BartPE - You can run anti-spyware and anti-virus programs from a BartPE bootable CD. This way, any any spyware programs on your hard drive don't have a chance to start. AdAware and McAfee command line antivirus are both included in the plugins.
HijackThis - Anything that Spybot and Adaware can't remove, HijackThis can. Not a scanner like the others, but more like a registry editor. Requires some technical knowledge, so please use it carefully.
Spyware Blaster - Designed to prevent spyware more than to remove it. This program changes your Internet Explorer security settings to try to keep you from infecting yourself in the first place. Recommended by Tom's Hardware.
Other programs - Almost any good antivirus program will include some adware and spyware protection these days. If you already have something installed, make sure it is updated to keep yourself protected.
Of course, at some point, if your computer is too infected, it becomes more practical to back up all of your data, erase the entire had drive, and reinstall windows than to try to surgically remove hundreds of individual pieces of malware. If you back up regularly, you could also restore a backup that is less infested and clean that instead of starting all over.
26 Sept 07