Rid Your Systems of Spyware
Spyware modules are related to computer viruses, but pose a different type of threat to your systems. Spyware is created by underhanded, unethical marketers who want to monitor your customers' browsing habits and force their browsers to their own companies' Web sites. These insidious programs hog memory resources while at the same time spying on the user's privacy. Spyware can also steal a user's passwords and credit-card numbers. For more on the dangers of Spyware, see this Spyware Guide article.
How can you tell if your customers' systems have been infected by Spyware? Look for these two main symptoms:
1. Strange toolbars and Web sites your customer has never seen before are suddenly visible on the screen.
2. Major Web sites, such as Google and Yahoo!, are mysteriously "not available" on the PC, while lesser known sites are.
As your first line of defense against Spyware, I recommend two main software products: Spybot and Ad-Aware. These programs can detect and eradicate Spyware. They can also dramatically improve the overall performance of a PC. That's because at any given moment, a computer may be infected by as many as 250 Spyware programs...or even more. By using these programs, you not only kill all the evil Spyware, but you also gain back precious system resources.
Both programs are very easy to use. Essentially, they are "click button" programs that allow you to check and delete items on a list. They also contain "immunization" modules that protect a system from future attacks.
Recipe Ingredients
- One copy of Spybot installed on the system.
- One copy of Ad-Aware installed on the system.
- AOL 9.0 (optional).
- msconfig.exe (included in Windows; for more information see my earlier TechBuilder Recipe.
As you install both Spybot and Ad-Aware, look for a check-box informing you that the program icons will be placed on the desktop. I recommend leaving these check-boxes alone. It's convenient to have the icons available on the desktop. To run each program, simply double-click on the icon that was created by the installation routine.
Step 1: Automated Pre-Installation Spyware Protection
First, let's look at "pre-flight" preparation of Spyware protection for customer's PCs. I recommend that you follow these procedures either while building your white boxes or upon their initial delivery. But note, while these "pre-flight" procedures are important, they are not 100% reliable. For this reason, you'll still need to periodically make manual system scans. (I discuss them later in this recipe.) With that said, let's dig in.
Below is a screen shot of Spybot's entry point. You will see this screen when Spybot is initially run.
By using the immunize module of Spybot, you will protect your computer from many future Spyware attacks. The immunize button is on the left side of the screen shot seen above. It looks like a wall of red brick. Click this button now.
In this particular example, the Spybot immunization module found 1,776 bad products.
Next, click OK, then click the other Immunize button, which is next to a green cross on the upper-left side of the screen. Click OK once more, and the PC will be immunized.
Now let's turn to Ad-Aware. When you run Ad-Aware for the first time, you will receive a message saying that Spybot was detected. Don't worry about this, just click past the message, and Ad-Aware will proceed normally (also check the box which instructs the programs not to show this message in the future).
The Ad-Aware equivalent of the Spybot Immunization function is called Ad-Watch. It is only available in the paid-for version of Ad-Aware. The screen shot below gives you an idea of how to retrieve Ad-Watch. As you can see, the button for Ad-Watch is located on the left hand side of the screen. If your client is interested in this feature, request that they buy the paid-for version of Ad-Aware, then run Ad-Watch on their PC.
Step 2: Manual periodic scan procedures for Spyware detection and deletion
Once your white-box systems are in the field, you will still need to manually check them for Spyware from time to time. Here's how to manually scan a customer's PC using Spybot.
First, start the system, then click on the button that says Check for problems, as seen in the screen shot below. Let the program run for about 5 minutes -- it will take this long for the computer to do a proper scan. When the computer is finished scanning, you will have a display that looks something like the screen shot below All the listings in red are Spyware. They should be removed now.
If the computer is badly infected, it's possible that not all the boxes you see will be checked. You must go through the list by hand and check every box which was not checked automatically. Otherwise, these pieces of Spyware will not be removed from your computer. This is a tedious but important step. Please take care to finish it completely.
You can now click on fix selected problems. You will see this message pop up: Spybot is about to delete selected items. Click OK to that message. The computer will need form one to three minutes to complete this process.
The screen shot below will come up automatically at the end of the scan. Green checks indicate that each associated Spyware module has been removed from your machine. Make sure you go through this entire list to make sure that all entries have a green check mark. If not, run Spybot until the list is clean.
If you have made it to this point, well done! Your customer's computer is now in much better shape than it was before you started this recipe.
Now let's move on to using Ad-Aware in the field. The entry screen is shown below. Performing a manual scan of your customers' PC is similar to the process used in Spybot. Click the Scan Now button on the left to start the manual scan. A message box will come up, with three selections on how to scan. The default selection should say Perform smart-system scan, which is the desired process. Click Next.
Let Ad-Aware do its thing for about four minutes. You will be presented with the results screen seen below (after clicking Next).
The interface is similar to that of Spybot's. You may right-click with your mouse, and another menu will come up, giving you the option to select all objects. You may do this, or you may check each box individually then click Next. You will be told that "the selected objects will be removed". Click OK so that Ad-Aware may delete the Spyware you selected. You will then see Ad-Aware going through its process of Spyware removal. After that you will be presented with a results screen, verifying that all of your selections were removed successfully.
Step 3: Using AOL 9.0, msconfig.exe, and Google for Spyware detection and removal
AOL 9.0
America Online, recognizing the threat of Spyware, includes its own Spyware detection client in versions 9.0 and up. The screen shot below shows the client, which can be launched from the desktop icon (the icon is placed on the desktop by default when AOL 9.0 is installed). You can also launch the client by going to "keyword spyware" in the actual AOL 9.0 program.
This client essentially works the same way as Spybot and Ad-Aware do. It can deliver a powerful blow to any Spyware lurking on your customer's PCs. It often detects Spyware that the other software packages hve missed. To run the client, simply click Scan Now and follow the prompts that follow.
Msconfig.exe
As I explained in my earlier TechBuilder Recipe, How to Speed Your Systems With msconfig, msconfig.exe is a powerful program that comes included in Windows. An additional feature of msconfig.exe is that it may be used to detect and eradicate Spyware.
The startups.exe database contains more than 3,000 entries describing all the known programs that can load in the startup routine of a PC. Many of those programs listed and described are likely Spyware. Go through the instructions on how to modify msconfig.exe, using startups.exe as a reference. If you see that any of the programs in your customer's startup routine happen to be Spyware, here is another place to get rid of them. The startups.exe database provides a description for each program you may find in your startup routine, and if any of them happen to be Spyware, you'll know right away. Below is a screen shot of a typical msconfig.exe screen.
If all else fails, turn to the Web. As you know, Google is the leading search engine, not a Spyware-detection program. Nonetheless, Google can help you find important Spyware repair tools. It's what you should use if all of the aforementioned programs fail to get a PC 100% clean.
In the rare instance that none of the other programs remove all Spyware from your customer's PC, you can manually "play detective" by feeding clues into the Google search engine, then following up on what you find. This is a tedious process that may take several tries. Yet virtually all existing Spyware threats have been logged in the Google directory, and they may be found by searching on related keywords.
For example, when I Googled on "Gator Spyware," I received 56,000 results, including some great suggestions on how to deal with this infection. Gator, by the way, is a known piece of Spyware that is present on almost every PC that has not been scanned.
Other examples may be more complex. But give this method some time and effort, and you'll be up to speed on the latest Spyware-fighting best practices.
DAVID KARY is the founder and CEO of rippt.com. He has no commercial affiliation with any products or services mentioned in this Recipe.
Discuss this Recipe with more than 2,600 other registered system builders. Visit TechBuilder's Recipe Forum today.