Spyware -

Is Someone Watching You?
By: Scott Hendison   ·   Originally Published: December 2001

 

Last Updated  June 6, 2005

 

All of Scotts Computer Help Articles

What is Spyware?

As a Portland computer repair technician in Oregon from 1997 to 2002, the majority of my new small office and home customer service calls were due to Spyware (A.K.A. AdWare) problems. These days, I'm an SEO consultant, but I used to make my living driving out to their locations and fixing spyware problems, charging travel time, and hourly rates nearing $100 per hour.

 

Spyware exists to track and monitor your Internet use, and then report back to marketing companies with information. These marketing companies then use your web-surfing habits, your cookies, and other gathered information to “personalize” the popup ads, ad banners, and even your junk e-mail. 

 

Spyware causes major computer performance issues, limits internet access, changes your home page, generates spam, and even causes Windows crashes. If you're reading this because you have some odd problem, then you almost certainly have have spyware on your computer. 

 

There are other types of spyware too, that record keystrokes and passwords etc. but those are not commonly found or easily available to the public. For this article, I’m speaking of the spyware known as Adware.

 

I think any software that transmits any information about me or my computer use without my knowledge should be illegal. Unfortunately, at this point in time, it’s not illegal, and in fact spyware use by advertisers seems to be on the rise. Major Banks and companies all over the world are supporting this awful form of advertising.

 

Names like Doubleclick, DSSAgent, Comet Cursor, Flycast, Gator, NewDot, OnFlow, Flyswat, TSadbot, HotBar, Web3000 and Webhancer, and dozens more are familiar to many people.  I’ve seen these names in hundreds of computers, usually in the msconfig startup section.

 

Sometimes I’ve seen them in the “details” button of an “illegal operation” or in the description of an “Invalid page fault”.  Still other times they pop up as errors when first booting your computer, telling you there was some sort of some .dll problem. The point is, there’s plenty of this junk out there. and you need to get rid of it.

 

Where does it come from?

 

Well in most cases, you downloaded and installed the spyware yourself.  Not intentionally, of course, but adware/spyware is an unfortunate byproduct of  most “FREE” software downloads, like Bonzai Buddy, CuteFTP, Download Demon, Kaaza, NBC Quick Click, Real Player and…well, the list just goes on and on and on. 

 

If you just love to download and try out different free software programs because they sound cool, then I would practically guarantee that your machine is infected. It’s just a sad but true fact, that most of the free software you can find is actually supported by Spyware/Adware.

 

Other times, this spyware can be even bundled with software that’s actually on a CD. A good example of this is DSSagent, which comes with several Mattel and Broderbund programs.  I would also encourage you to be suspicious of any CD software that comes free out of a cereal box or free with a kids fast food meal. Do you really think you’re just getting some free entertainment for your toddlers?  Do you expect quality software out of a cereal box? Then don't install it! Run like the wind!

 

Since 2003, there are even websites that will add spyware to your your computer just by visiting their website, and it wasn't until Windows XP SP2 in August of 2004 that Microsoft made an attempt to stop it.

 

What harm can it do?

 

You mean in addition to slowing down your machine, taking up hard drive space, causing you to have bootup errors, illegal operations and invalid page faults? Besides sharing your family web surfing habits with marketers, and causing you to receive even more Internet pop-up windows and junk e-mail than you already do?  Oh, none I can think of.  It’s fine, really.

 

How can I get rid of it?

 

Now we come to the meat of the issue. Manually removing them is a tedious, time consuming pain in the neck, and not always 100% successful. Fortunately, in most cases, you're not going to have to pay someone like me to come to your computer, only to get re-infected a few weeks later.

 

There are software programs you can buy that will detect and remove spyware, going through your system file by file, and rooting out these programs like the viruses they really are. I've tried them all, but CNET Declared CounterSpy #1 In it's 2008 AntiSpyware Top 10 to Counterspy, rating it the best of all the products. at only $19.99, it's a great value too. You can get Counterspy here (In the interest of full disclosure, this is my affiliate link, but please don't hesitate to try it)

 

There are also…what else? Free versions! Unfortunately, as of this writing, none of the free ones will protect or clean like they once did. Okay, if you insist, two very popular free ones are called Adaware and Spybot. Adaware, is available at http://www.lavasoftusa.com/. and Spybot, (not quite as easy to figure out) is at http://www.safer-networking.org

 

Just like your Antivirus software, both programs need to be updated regularly upon use. Used in tandem, and updated regularly, you can protect yourself nearly as well, but you're really better off buying Counterspy. $20 bucks, install it, and forget it. Unless of course you actually want to LEARN something too! If so, read on...

 

I have known about the existence of Spyware programs  for a long time, but until I had the trouble removing some on my own machine in 2000, I had never really done much research about it.

 

In writing this article (originally in 2001), I was amazed to find out how much spyware is really out there. Today, in mid-2005, it's downright scary. Remember, if something sounds too good to be true, then it probably is; and with most free software, the price can actually be pretty high.

 

Update: 9-2002

 

Wow. I got hold of something really awful, called Huntbar. It added a toolbar to IE, changed my home page, and generally wreaked havoc, making my address bar disappear. Even AdAware wouldn't detect and get rid of it!  It was automatically installed just by visiting a certain URL. Norton AV script blocking etc. didn't stop it.

 

Instead of just running a system restore with XP, I decided to track it down. What a mistake!. It took me over an hour to get rid of, but here's the solution -

 

Believe it or not, it was easy. I went to http://www.huntbar.com and then to the top help link - scroll all the way to the bottom, and there are two uninstalls to download. I ran them both and the Huntbar toolbar, Fastseeker etc. were both gone after closing and reopening Internet Explorer.

Woohoo! These people should be shot.

 

Update: 1-2004

 

It's now reasonable to assume that 9 out of 10 computers have spyware on your machine unless they have no internet connection. I have NEVER run spybot on a machine and not found something. Even my own. Learn Spybot. Run it weekly. 

 

Update 6-2004

 

It's out of control. Now there are certain spyware applications that will just reinstall themselves after you remove them with the spyware removal software. They usually do this by putting an .exe file in the startup of your Windows program, like Wintools. Others like the notorious hijacker about:blank edit your registry so you can't get rid of it. The spyware problem has grown to such enormous proportions, that there are many people unable to use their computers. Nearly half of all my service calls are spyware related.

 

Other software programs are available to help you win the fight, but they're not that simple to figure out. I routinely have to use CoolWeb Shredder, and HijackThis to get rid of some of these programs, as well as Bulletproof Spyware removal, AdAware, and Spybot too. Sometimes all three are necessary on a badly infested machine. Once I'm clean I always install immunize with the latest version of Spybot and then I install WinPatrol to keep things running smoothly.

 

Update 9-2004

 

Everyone had the About:Blank spyware problem this summer. It was the worst I've ever seen. It turns your home page to an ad portal and it reads about:blank in the address bar. The first time I saw it, I spent nearly two hours on it. Unable to remove it, I edited the registry to redirect the browser to Google instead of that page, but it wasn't gone. At least the computer was useable. A few days later, I found some manual instructions using the CD and recovery console. After that, AboutBuster was released, and now, in September, there are several removal tools. If the removal tool doesn't work, then format and reinstall Windows, unless you're comfortable in the recovery console booting from your Windows CD. Once you get your computer clean (or format and reinstall Windows) run Spybot and Adaware regularly, and use Winpatrol to keep the junk out.

 

Update 12-2004

redirect to 69.20.16.183 ieautosearch - Unbelievable. This is a new one with no name yet. After two hours of trying everything under the sun, I gave up, and am waiting it out. someone will solve it soon, I'm sure, but here's the problem...

 

After all normal and thorough removal spyware options, even using Firefox, the IE window pops open, displaying various advertising, and I cannot get rid of it.

I only found one reference on the web, and I did all that was there, and even tried manual registry editing too, removing all .dll references. Then, at reboot, EVEN IN SAFE MODE those .dlls I can't remove are actually renamed to something else.

As near as I can tell, there's a process at startup generating random .dll names , 3 of which can't be changed or deleted because they're in use. This one has me really PO'd.

I guess it's a Look2me thing, but even their own removal download finds no "installations of their software). I call it an "infection".

This is the offending entry in the magic hosts file...
69.20.16.183 ieautosearch


When it's found with Hijack This, even in safe mode, you can scan, delete, rescan, and it's back that fast, regenerating right before your eyes.

Also, the hosts file cannot be write protected, and when I delete it, this @#$% thing recreates it instantly. You can watch it right before your eyes. Scotty the WinPatrol Windows watchdog had to be muzzled.

These are the #@$%^ idiots right here that created it... Eblocks.com

Any input is welcome...Keep your eye on this post for more...

http://www.iamnotageek.com/t-78554.html
(The above problem was finally fixed in late January 2005)




Locking Mailboxes to Prevent Identity Theft

Providing local neighborhood news and articles servicing the Gateway, Parkrose and surrounding communities.


Scott Hendison hereby grants reprint rights for all of his own articles on this website providing that the following three italicized lines (with the live link) are included as a byline:

 

Scott Hendison is a computer & internet consultant based in Portland Oregon, specializing in search engine placement and internet marketing. For more information visit his SEO Consulting site.

 

Failure to include the above two lines will violate my copyright, and I may come looking for you if I'm bored... Please don't steal it!

 

Want more info?

Scott is the CEO of Search Commander, Inc. and owner of Portland Technology Consultants, MPH computing, and Get WordPressed. He is a on the Board of Directors for the Oregon Computer Consultants Association, and an active member of the East Portland Chamber of Commerce.

His website is filled with nearly 100 computer & technology related articles, he writes a search marketing blog, and he is the creator of automatic SEO consultant software.

 

© Copyright 1997-2005; PDXTC Web hosting -   All Rights Reserved.



Trying to quit smoking? electronic cigarettes are a great alternative to tobacco.