From a recent Wall Street Journal article:
Boost Your PC’s Defenses
To Avoid Spyware Scourge
August 2, 2004
Yes, Virginia, there is something worse than spam – spyware.
Spam isn’t fun – it can clog up your inbox, make you miss important e-mails and expose you to offensive content. But spyware can do far worse. The most-common forms of spyware pop up Internet Explorer windows filled with ad links. Sounds minor, but they can distract you from your work and slow down or crash your machine. Meanwhile, there are spyware programs that do more nefarious things – such as transmit details about your online travels or even log your keystrokes (which could include credit-card numbers and other sensitive information) for transmission elsewhere. And while spams can just be deleted, spyware can be infuriatingly difficult to remove from your PC.
Jace found this out the hard way a couple of weeks ago, when his computer came down with a nasty dose of parasites – browser helper objects, data miners, registry keys, executable files, DLLs and other beasties from the spyware menagerie. I’ve tangled with spyware before, but previous attacks were like the common cold – minor annoyances easily dispensed with. This was spyware Ebola, with programs galore trying to access the Internet and digging into my PC’s innards and refusing to let go.
Fumigating my PC was an infuriating, irritating process, but it got done, and I learned a couple of valuable lessons: Get your defenses against spyware up before something bad happens. And should they fail, don’t panic – a little common sense and some fact-finding should put you back on your feet, pest-free.
First, about those defenses. In this day and age, you need them – far more so if you use peer-to-peer software or ever poke around the Internet’s dodgier precincts. (No value judgments implied, just trying to keep you safe.) If you use a Windows PC, make sure you’re up-to-date on security patches via Windows Update. Have a personal firewall, keep it on, and use it – if some random program you don’t recognize wants to access the Internet, tell it “no” and see what happens. (Jace uses ZoneAlarm Pro PC and Mobile Security Software | ZoneAlarm , though he’s not endorsing it or any other product.) Get an antivirus program, keep up to date on virus definitions and updates, and keep it running. (Jace subscribes to Norton Antivirus, which came with his PC.)
Finally, get yourself an antispyware program, make sure it’s up to date, and run it periodically to keep your system clean. In fact, you’re better off getting two such programs and using both to make sure nothing gets through. (Jace uses a combination of Ad-Aware and Spybot Search & Destroy.)
This is a good start. Now, close up some security holes in Internet Explorer – particularly ActiveX controls that could let rogue sites surreptitiously plant programs on your PC without permission. (These are known as “drive-by downloads,” and, yes, they’re evil.) Lavasoft, the makers of Ad-Aware, have simple instructions http://www.lavasoftsupport.com/index.php?showtopic=6553 for how to set your permissions to keep you safe without making surfing a pain. Those instructions will also suggest you download two programs from Javacool – SpywareBlaster SpywareBlaster® | Prevent spyware and malware. Free download. and SpywareGuard SpywareGuard® . Do so. Finally, take Lavasoft’s advice and update Internet Explorer’s list of “restricted sites” by going here https://netfiles.uiuc.edu/ehowes/www/resource.htm and following directions.
Now that your shields are up, surf smart. Be extremely wary of sites that ask you to download special software – you’ll know these because Windows will present you with a gray box with a green GIF ( see an example here Beginners Guides: Browser Hijacking & How to Stop It - PCSTATS.com ). Unless you’re expecting to download something or absolutely trust the site, tell it “No.” Be equally wary of sites that pop up dialog boxes telling you you’ve won something or asking if you want to download something. If you get one of these pop-ups, don’t answer “No” – instead, corner-X it out of existence, and make sure you’re clicking on the outermost little X. (Answering “No” can mean the same as answering “Yes.” Sleazy, isn’t it?) Also, don’t get cute when customizing your PC: Sadly, it’s not uncommon for little games, horoscopes, weather monitors and other system ridealongs to come with spyware, meaning these freebies can come with a really steep price.
So what happened to Jace? The first sign of trouble: little browser windows that minimized, but wouldn’t open. Next: Alerts from ZoneAlarm that a variety of programs were trying to access the Net. (Um, no.) An Ad-Aware check found more than 20 “new objects,” from registry keys to files. And opening Task Manager (Control-Alt-Delete from the desktop) revealed a number of mysterious new things. BargainBuddy? Web Rebates? Uh-oh.
Bad, but things would get worse: Ad-Aware wasn’t able to remove some of the things it found, and asked to run again after a reboot. This means trouble – many spyware programs employ a number of evil stratagems to protect themselves from deletion. For instance, they’ll break themselves into two components, and if you shut one down in Task Manager, the other one revives its mate instantly. And because Windows won’t normally let you delete files that are in use, you can’t root these programs out by simply finding them in the guts of your PC and killing them.
This is where panic set in – panic the Internet helped dispel. If you’re having a technical problem, odds are someone else has also had that problem and begged for help. There are white hats as well as black hats online – people who hate spyware even more than you do and will help you get rid of it.
Google is a great weapon to ferret out persistent, mysterious spyware problems. I brought up my Task Manager and wrote down all the mysterious .exes that made me suspicious, then did a Google search on each of them. Most turned out to be baroque but innocent Windows processes, but a few were revealed as intruders. The key villains turned out to be a duo called WinUpdt.exe and WinKA.exe. I found the folder containing them, but couldn’t delete the contents – even some measures too esoteric to go into here failed. Ad-Aware and Spybot seemed powerless. And I was furious.
But Google provides. In the end, the silver bullet http://forums.spywareinfo.com/index.php?showtopic=13580 for WinUpdt turned out to be satisfyingly low-tech – rename the files as .txt, open them in Notepad, and corrupt them with nonsense characters. (I vented by typing hypotheses about the creators’ ancestry and anatomy.) Terminate program in Task Manager, save corrupted file with Notepad, and WinUpdt choked on the changed file and could be deleted. And it felt good. (One caution with Googling spyware: Some spyware queries turn up dopey, dead-end search sites that exist only to generate ads for their creators. You want technical forums. Use your horse sense to determine if the search results will meet your needs.)
With WinUpdt.exe and its little friends safely dispatched (sound of frantic knocking on wood), I decided to get tough on spyware, as described. Recent days of surfing have been infection-free, with little or no inconveniences encountered as a result (more wood-knocking). The Internet can still feel like a walk through the valley of the shadow of darkness, but now I feel like I’ve got the forces of righteousness on my side. It’s nice to fear no evil.