Can't remove spyware?
Here are some easy steps to take to help you rid yourself of annoyances caused by what most are calling spyware.
If the computer is at the point that it's locking up, you may want to wipe the computer clean and reload the operating system. If that sounds too hefty, and you'd like to try cleaning it out instead, here are few things to understand, download, and do to get you on the right path.
"I already have spyware scanning included with my antivirus package. How the heck do I have spyware!?"
Well, spyware isn't a virus in the traditional sense. There are certainly aspects of both a virus and a piece of spyware that are similar, but I feel the real issue is the focus of the organisation that produces the software bent on their removal.
Antivirus vendors have focused very heavily on viruses, and my opinion is their products created to detect and remove spyware are not at the level of sophistication that some of the older and free products have achieved.
"Fine! Just get it off of me!"
There are two tried and tested pieces of software I trust. One is Spybot Search & Destroy. The other is Adaware. Both of free for personal use.
Some folks will tell you that Spysweeper is another good, third option but I've never relied on it before so I'm not able to give it the thumbs up it may or may not deserve. You can download a trial version, but the full product requires purchase.
Note: Some spyware that is installed tries to get you to buy spyware removers! How well do you think those will work? For a rule of thumb, be extremely wary of any spyware removal tool that presents itself on your desktop saying it can fix your problems.
In general beware of anything magically delicious except Lucky Charms.
After downloading both of those utilities, you'll need to install them, check for updates, and run scans of the computer in search of the spyware.
That should take a good hour or maybe two, and you may be able to stop reading here without more problems for a while. If you find there are some sticky issues or you'd like to find a little more out about how spyware got on there to begin with, please continue reading or check back after your scans are complete. (You may also want to bookmark this in the event you need to return for later issues.)
"Where did it come from?"
Out there. Somewhere.
To be sure, this stuff was designed to get into your computer without your conscious consent. The method the person used to infiltrate your computer though, that varies.
Sometimes spyware is included with free programs you download. Think: free games and shareware. Some free software developers include spyware and have you agree to them including spyware in their free utility or game. Simply stated, the developers of the free games and utilities want to get paid - and they do that with embedding advertising. They hook up with spyware vendors to embed advertising into their "free" product.
Are you familiar with those lengthy license agreements that you click "I Agree" to in order to install most software? Yes? But you didn't read the license agreement?
Don't beat yourself up. Neither did I.
There are other times spyware gets into your computer by you viewing an email or visiting a website designed to infiltrate your computer. This method is important to pay attention to, and a bit more difficult to understand. It's also where I find the more pesky spyware comes from.
"How can I get spyware from just looking at a web page or email? I didn't install anything!"
Vulnerabilities.
It comes down to what people will do for a buck, really. Crafty and immoral people take a software product like Microsoft Windows or Internet Explorer and test it under certain strains. Flaws are found in the software that can give them control of your computer. This is similar to what the virus writing folks do. They attack vulnerabilities in the software that you run. When they find a vulnerability in your software, they write a piece of code to use that can get your computer to install their software without your consent.
The easiest defense for this is to be sure your software is patched.
For Microsoft Products like Windows and Internet Explorer, Windows Update is the place to visit. From there you can download and install updates to your computer, and even set up an automatic routine that will keep you at the latest level of security.
"I'm getting really irked. The scanners didn't get rid of everything like you said they would."
There are a couple of quick tips those software packages don't tell you.
1.) Check Add/Remove programs for installed spyware. If the spyware can be found here, I've found there's less of a chance it able to be removed by one of the scanning utilities. I suppose the rationale is if you can click a button to remove it, why should the spyware scanner interfere? Here's a list of some spwyare to remove from the Add/Remove Programs list. Use your own discretion as for what to remove. Be sure to look up an entry if you're not sure it's something you need.
2.) Safe Mode. The free scanners both offer to run another scan at startup if there's a piece of spyware that wasn't removed in the first scan. This used to work well, but spyware has grown so persistent that it just doesn't take care of all of them. Starting the computer is safe mode is more efficient than running another scan "at startup" in the regular Windows mode. For instance, if a Windows service has started that houses the spyware, the scanner still won't necessarily be able to kill the process and delete the files. Safe mode loads fewer services and doesn't seem to protect those services as strictly.
3.) One persistent piece of spyware just won't get off. If there's just one entry left and it won't seem to leave (or you're still getting evidence of spyware and the scanners say you're clean), you'll need to find out more information about it. Some spyware isn't removed because it's so new that the definitions have not found their way into the scanners yet. In this case, try to find a savvy computer person who's already done the footwork for removing this spyware.
- Check for attributes of the spyware. Is your homepage redirected to a web site you don't know? That's a good hint. What site is it? Google it, but be careful not to visit that site. Chances are if you do it will try to download more spyware. Use the name of the site in addition to the word "spyware" in a Google search. Repeat this method with other clues you find.
- Download HijackThis!. This is a tool to be used very carefully. For using to remove spyware, Safe Mode works best. Use it especially for BHO objects that seem shady. If those BHOs won't remove, that may be another clue to Google for.
It's unfortunate, but spyware, trojan horses, and viruses are going to be on the rise soon, I think. The name of the problem is Rootkits.
Rootkits are relatively new in the menagerie of unsecure computing. It's low-level stuff, deeper than any of the issues I've outlined here.
Fortunately or unfortunately I haven't run across an instance where I've needed to remove one yet. If you're interested in learning more about Rootkits and the potential threat it implies, here are a couple of links.
- See episode 12 (and some following episodes for updates) in the Security Now! podcast by Steve Gibson and Leo Laporte describing Sony's use of Rootkits out in the wild.
- RootkitRevealer by Sysinterals (recently acquired by Microsoft) as a tool for detection and removal.
My best guess is, in order to meet the next level of detection and removal of malware, we're going to resort to offline scans as a practice. Something similar to a dual-boot.
Currently, there are methods to boot from a usb device or a cd (like Knoppix), and run scans in this fashion but what I don't see yet is a very robust way of detecting and removing spyware, or making this a routine practice for the home user.
I feel the rising issue is the focus of attack and resilience by the virus or spyware writer. The more savvy of them code with removal in mind, but we could eliminate their advantage by taking the battle offline.
If Antivirus and Spyware removal vendors would agree on a secondary boot methodology for removal, I think we've have a serious way to defeat most of this junk.
