|
Open This Page In A New Window
They Damaged My Laptop,
Don't Be Their Victim Too.
If you frequently notice unwanted behavior and degradation of your computer performance, then you are here in the right place to get informed what's all about that.
|
| Spyware infestation can create significant unwanted CPU activity, disk usage, and network traffic, all of which slow the computer down. Stability issues, such as application or system-wide crashes, are also common. Spyware which interferes with networking software commonly causes difficulty connecting to the Internet. |
|
When I feel the slow down of my computer performance, I reboot it in the safe mode. There are automatic cleaning procedures, but I'm satisfied with the "manual" cleaning.
To operate the computer in safe mode, I press the [F8] button as soon as the first screen appears and press continually till the safe mode option screen appears, and then I choose to run the system in safe mode with the ability to be connected to the internet during the session.
When I'm asked to choose the user name and password, I choose [Aministrator] account. Not all the users have many 'users' on their computers, but I have 5 users on my computer, of course all of them are created by me and I'm the user in all these accounts.{If you need to know how you create more than one user to your computer, click here}.
I be happy by the super speed of the system after that. Anyhow, I go immediately to [My Computer], double click its icon from the desktop or open it by [Start > My Computer]. When [My Computer] window opens, I double click the folder named [Documents and Settings], when it opens, I see a folder for each user that named by the user name, then I double click the first user's folder to open it.
When it opens, I look for a folder named [Local Settings], this folder is a hidden folder, that means in most cases you can not see it. So, to make this folder visible, I look at the upper part of the window, there is a bar named command bar, the commands seen are [File-Edit-View-Favorites-Tools-Help]. Each of them scroll down to sub menu when I click it.
Well, I click the [Tools] command and choose [Folder Options], a small pop up window opens contains some command tabs to choose from, I click the tab named [View], then under a folder tree named [Files and Folders], a subfolder named [Hidden files and folders], there are 2 options, the first is [Do not show hidden files and folders] and the other is [Show hidden files and folders], I tick the button on the left of the second option, then [Apply] > [OK] > pop up window automatically closed.
Now I can see all the hidden folders and it is time to double click the targeted ones, so I start with the [Local Settings] folder, double click > double click [Temporary Internet Files] > double click [Content.IE5] folder > Ctrl+A (Holding down the keyboard Control Button (Ctrl) and pressing (A) letter from the keyboard) to select all folders inside that [Content.IE5] folder > Holding down the Shift button on my keyboard and pressing the keyboard Delete button (Del) > a dialogue box arises asking me (Are you sure you want to delete these items? Yes/No) > Yes > A second dialogue box appears and ask Yes/No > Yes > The folder becomes empty.
Then I go up two levels back to Local Settings Folder and double click the [Temp] folder and delete all files and folders inside it the same way I deleted the temporary internet files folder.
And why not emptying the Cookies folder on the run? I go up one level to the user's folder > double click [Cookies] Folder and delete all its contents the same way.
The next step is to go up one level, choose another user and repeat the procedures.
P.S.
I also delete all the [History] folders inside all the users' folders, you have the choice to delete or keep them.
P.S.S.
I do my surfing 'homework' in safe mode. I discovered that the downloads are limited during the safe mode session. |
|
 | Did you know that spyware may collect different types of information?
Some variants attempt to track the websites a user visits and then send this information to an advertising agency.
More malicious variants attempt to intercept passwords or credit card numbers as a user enters them into a web form or other applications. |
The spread of spyware has led to the development of an entire anti-spyware industry. Its products remove or disable existing spyware on the computers they are installed on and prevent its installation.
Spyware, unlike viruses and worms, does not usually self-replicate, but exploits infected computers fr commercial gain. Typical tactics furthering this goal include delivery of:
- Unsolicited pop-up advertisements.
- Theft of personal information including financial information such as credit card numbers.
- Monitoring of Web-browsing activity for marketing purposes; or routing of HTTP requests to advertising sites.
Most spyware is installed without users being aware. Since they tend not to install software if they know that it will disrupt their working environment and compromise their privacy, spyware deceives users, either by piggybacking on a piece of desirable software such as Kazaa, or tricking them into installing it (the Trojan horse method).
Some "rogue" anti-spyware programs even masquerade as security software.
The distributionship of spyware:
-
The distributor of spyware usually presents the program as a useful utility — for instance as a "Web accelerator" or as a helpful software agent.
-
Spyware can also come bundled with shareware or other downloadable software, as well as music CDs. The user downloads a program and installs it, and the installer additionally installs the spyware.
-
Tricking users by manipulating security features designed to prevent unwanted installations. (Internet Explorer prevents websites from initiating an unwanted download.) However, links can prove deceptive:
for instance, a pop-up ad may appear like a standard Windows dialog box. The box contains a message such as:
"Would you like to optimize your Internet access?" with links which look like buttons reading Yes and No. No matter which "button" the user presses, a download starts, placing the spyware on the user's system. Later versions of Internet Explorer offer fewer avenues for this attack.
No Payment for 90 Days at Fujitsu
Some spyware authors infect a system through security holes in the Web browser or in other software. When the user navigates to a Web page controlled by the spyware author, the page contains code which attacks the browser and forces the download and installation of spyware.
The spyware author would also have some extensive knowledge of commercially-available anti-virus and firewall software. This has become known as a "drive-by download", which leaves the user a hapless bystander to the attack. Common browser exploits target security vulnerabilities in Internet Explorer and in the Microsoft Java runtime.
The installation of spyware frequently involves Internet Explorer. Its popularity and history of security issues have made it the most frequent target. Its deep integration with the Windows environment and scriptability make it an obvious point of attack into Windows.
Internet Explorer also serves as a point of attachment for spyware in the form of Browser Helper Objects, which modify the browser's behaviour to add toolbars or to redirect traffic.
A spyware program is rarely alone on a computer: an affected machine can rapidly be infected by many other components.
Users frequently notice unwanted behavior and degradation of system performance. A spyware infestation can create significant unwanted CPU activity, disk usage, and network traffic, all of which slow the computer down. Stability issues, such as application or system-wide crashes, are also common.
Spyware which interferes with networking software commonly causes difficulty connecting to the Internet. In some infections, the spyware is not even evident. Users assume in those situations that the issues relate to hardware, to Windows installation problems, or a virus.
Some owners of badly infected systems resort to contacting technical support experts, or even buying a new computer because the existing system "has become too slow".
Badly infected systems may require a clean reinstallation of all their software in order to return to full functionality.
Get Total PC Protection with McAfee Total Protection for $79.99!
Some other types of spyware modify system files so they will be harder to remove. Any program the user runs (intentionally or not) has unrestricted access to the system. Spyware, along with other threats, has led some Windows users to move to other platforms such as Linux or Apple Macintosh, which are less attractive targets for malware.
AFFILIATE FRAUD
A few spyware vendors, have written stealware. Stealware diverts the payment of affiliate marketing revenues from the legitimate affiliate to the spyware vendor.
Spyware which attacks affiliate networks places the spyware operator's affiliate tag on the user's activity—replacing any other tag, if there is one. The spyware operator is the only party that gains from this.
Spyware-makers may commit wire fraud with dialer program spyware. These can reset a modem to dial up a premium-rate telephone number instead of the usual ISP. Connecting to these suspicious numbers involves long-distance or overseas charges which invariably result in high charges. Dialers are ineffective on computers that do not have a modem, or are not connected to a telephone line.
McAfee PC Protection Plus: Anti-Virus, Anti-spyware, anti-hacker, PC performance, saves & restores files - Only $49.99
Examples Of Spyware
-
CoolWebSearch, a group of programs, takes advantage of Internet Explorer vulnerabilities. The package directs traffic to advertisements on Web sites including coolwebsearch.com. It displays pop-up ads, rewrites search engine results, and alters the infected computer's hosts file to direct DNS lookups to these sites.
-
Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to advertising. When users follow a broken link or enter an erroneous URL, they see a page of advertisements.
However, because password-protected Web sites (HTTP Basic authentication) use the same mechanism as HTTP errors, Internet Optimizer makes it impossible for the user to access password-protected sites.
-
180 Solutions (now Zango) transmits detailed information to advertisers about the Web sites which users visit. It also alters HTTP requests for affiliate advertisements linked from a Web site, so that the advertisements make unearned profit for the 180 Solutions company.
It opens pop-up ads that cover over the Web sites of competing companies.
-
HuntBar, aka WinTools or Adware.Websearch, is a small family of spyware programs distributed by TrafficSyndicate. TrafficSyndicate.com is a trademark of IBIS, LLC. It is installed by an ActiveX drive-by download at affiliate Web sites, or by advertisements displayed by other spyware programs — an example of how spyware can install more spyware. These programs add toolbars to IE, track browsing behavior, redirect affiliate references, and display advertisements.
-
Movieland, also known as Moviepass.tv or Popcorn.net, is a movie download service that has been the subject of thousands of complaints to the Federal Trade Commission (FTC), the Washington State Attorney General's Office, the Better Business Bureau, and others by consumers claiming they were held hostage by its repeated pop-up windows and demands for payment!!!
As the spyware threat has worsened, a number of techniques have emerged to counteract it. These include programs designed to remove or to block spyware, as well as various user practices which reduce the chance of getting spyware on a system.
Nonetheless, spyware remains a costly problem. When a large number of pieces of spyware have infected a Windows computer, the only remedy may involve backing up user data, and fully reinstalling the operating system.
Spyware Removal
Windows Defender's Spynet offer a community to share information, which helps guide both users, who can look at decisions made by others, and analysts, who can spot fast-spreading spyware.
A popular generic spyware removal tool used by those with a certain degree of expertise is HijackThis, which scans certain areas of the Windows OS where spyware often resides and presents a list with items to delete manually.
As most of the items are legitimate windows files/registry entries it is advised for those who are less knowledgeable on this subject to post a HijackThis log on the numerous antispyware sites and let the experts decide what to delete.
Open source anti-spyware programs are also available. One program, wssecure, can detect new processes and change in system files using checksum verification, a technique that can be helpful in detecting spyware that are downloaded automatically due to Windows vulnerabilities.
If a spyware program is not blocked and manages to get itself installed, it may resist attempts to terminate or uninstall it. Some programs work in pairs: when an anti-spyware scanner (or the user) terminates one running process, the other one respawns the killed program. Likewise, some spyware will detect attempts to remove registry keys and immediately add them again.
Usually, booting the infected computer in safe mode allows an anti-spyware program a better chance of removing persistent spyware. Killing the process tree can also work. A new breed of spyware is starting to hide inside system-critical processes and start up even in safe mode. With no process to terminate they are harder to detect and remove. Sometimes they do not even leave any on-disk signatures.
STOP THEM NOW! | Download AVG Anti-Spyware from HERE and save that file to your desktop.
When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.
- Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
- Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
- On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
- Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
- Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
- Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
- Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
- Launch AVG Anti-Spyware by double clicking the icon on your desktop.
- Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
- AVG will now begin the scanning process. Please be patient as this may take a little time.
Once the scan is complete, do the following:
- If you have any infections you will be prompted. Then select "Apply all actions."
- Next select the "Reports" icon at the top.
- Select the "Save report as" button in the lower left-hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
- Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Please go HERE to run Panda's ActiveScan
- You need to use IE to run this scan
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on My Computer to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Post a new HijackThis log along with the logs from the AVG and Panda scans to me. |
|
Glossary |
ACTIVE X.
This technology, patented by Microsoft, allows programs to be run online in your computer through Internet Explorer. This technology allows you to view Word or Excel directly through the browser or scan your system for viruses with just a simple mouse click.
BROWSER.
A browser is a program that allows you to view pages on the Internet.
Common examples include: Internet Explorer, Netscape Navigator and Opera.
DIRECTORY.
Divisions or sections used to structure and organize information on a disk or drive. The terms 'folder' and 'directory' refer to the same concept. They may contain files and other directories (sub-directories).
EXTENSION (of a FILE).
Files have a name and an extension, separated by a dot: NAME.EXTENSION. A file can have any NAME, but the EXTENSION -if it exists- can have no more than 3 characters. This extension indicates what type of file it is (text, Word document, image, sound, database, program, etc).
FIREWALL.
This is a barrier that can be used to prevent unauthorized access between a private network and the Internet or to set security controls on information being sent between intranets and the Web.
HEURISTIC.
This is a technique or method to facilitate problem solving. In the world of computers, it is a system for detecting previously unknown viruses.
OPERATING SYSTEM.
This is a group of programs that lets you use your computer and all the associated hardware. You could have the best computer in the World (hardware), but without an operating system, it won't work (you wouldn't even be able to start it). Some operating systems include: MS-DOS, UNIX, Linux, OS/2, Windows XP/2000 Pro/NT/Me/98/95, etc.
PROXY.
A proxy server acts as an intermediary between a local network (e.g. an Intranet) and the external connection to the Internet. In this way, a connection can be shared to receive files from web servers.
TROJAN (Trojan Horse).
This is a program, similar to a virus, with the difference that it tries to take control of the affected computer and carry out certain operations.
WORM.
This is a program, similar to a virus, with the difference that its only action is to reproduce itself, either wholly or partially.
HACKING TOOLS AND OTHER POTENTIALLY UNWANTED PROGRAMS.
Programs that can be used by hackers to cause damage to the users of a computer (gaining complete control of the affected computer, stealing confidential data or scanning communications ports, etc.).
MALWARE.
A threat to users’ computers and IT networks. More specifically: viruses, worms, Trojans, dialers, hacking tools, jokes and security risks. |
|
