Put your business on its own state

SPYWARE

Spyware is the driving force behind the sudden surge of repair work. 8 out of 10 PCs that we repair are so riddled with spyware that they can barely even boot without locking up completely. It seems like only yesterday when the big issues of the day were viruses, worms, and Trojans. While these PC-related ailments are still major contenders for the Annoyance Award of 2004, it would seem that spyware is coming in at a close second and gaining fast. To make matters worse, spyware is becoming vastly more difficult to remove. Spybot-S&D, Ad-aware, HijackThis - how many freakin' tools does it take to get the job done, anymore? As most PC repair technicians are discovering, it often takes all of them in addition to being able to manually remove specific registry entries and problem files. Honestly, it is beginning to feel like the harder software developers work to create tools and utilities to empower the end user to remove spyware, the harder the creators of spyware work to create nastier, more stubborn spyware for us to contend with. With this in mind, one of my articles today will be examining techniques I use to deal with severe spyware infestations. I will show you how I take control of the situation and create a workable environment in which I can get the spyware off of the computer.

Let's get any existing spyware off of your system.

Make sure you have the latest version of Spybot-S&D on your PC. If you are not sure, uninstall it and then go to their Web site to reinstall it from scratch.

Be sure you use the Web update feature to keep it up to date. Just like an anti-virus, it needs to be kept up to date on the newest threats.

Download and install Ad-aware. With spyware on such a rampage, lately I have found that using both programs is a necessary evil when cleaning a severely infected system.

Update and run your anti-virus. Sometimes you can end up with a Trojan horse program on your computer that requires your anti-virus program for proper removal.

Now as for prevention, there are actually a variety of things you can do. The first is to disable your ActiveX and Java settings within IE's security settings. Just go to Tools, Internet Options, and then click Security. Click on Custom Level, and then go ahead and disable the settings mentioned above.

Realistically, this will be quite limiting as this does not allow you to use the functionality of many Web sites such as Windows Updates. My recommendation is to only use IE when you absolutely have to. This way you can leave the Java and ActiveX settings on for those Web pages that require it. So consider using Mozilla's Firefox for your every day browsing. Do not install the ActiveX or Java plug-in and this browser will keep you VERY secure. Having Firefox as your secure browser will alleviate many of the spyware headaches that most of us experience.

Spyware: the cruelest thing since the inception of highly inflated income taxes. Spyware, also commonly known as scumware, has been plaguing unsuspecting PC users for a number of years now. This year, however, it has been striking with the force of a thousand hammers with no end in sight. PC users all over the world have found themselves on the phone with tech support providers trying to figure out how to not only remove these annoying little buggers, but how to prevent their unwelcome return as well.

Today we are going to look at some techniques that I use to remove this junk and as well as some helpful preventive measures that can be taken to keep spyware from returning.

Removal:
Get the right tool for the job, Beavis! You should have a CD ready to go with all of the following utilities: Spybot-S&D, Ad-aware, HijackThis, and finally, CWShredder. CWShredder is designed to aid in the removal of Cool Web Search. There are many variants of this, many of which both Spybot-S&D and Ad-aware have difficulty removing. Also, while CWShredder is easy enough to operate, use extreme caution when using HijackThis as you can inadvertently disrupt your registry settings if you are not careful.

The hypnotoad says, "Safe Mode is our friend." After assessing the chaos that is the start up process on the infected PC, reboot and jump right into Safe Mode. There you can immediately edit the start-up folder and msconfig utility enough to get the PC booting into normal mode so that you have some room to get to work. Oh, while you are in Safe Mode, you should consider temporarily disabling System Restore in XP/ME. This will can make spyware cleanup a lot easier, especially if there is a virus hiding on the PC, as well.

Bust out the tool kit, kids- Now that you are able to get into normal mode with out complete lock up, it is time to get down to business. Assuming explorer.exe is not totally hosed, I like to start out with a nice helping of Spybot-S&D. Now after installing it, your first reaction might be to try to update it before running it. You are almost always wasting your time here, folks. If the PC in question is riddled with spyware, then the likelihood of actually being able to connect to the Internet is probably nil. Just run the latest version of Spybot-S&D from the damaged PC as is. Once this is finished, do the same with Ad-aware. Now try rebooting the PC. If the startup is less clunky, you might try the Internet connection to see if you are able to establish a solid connection now. If not, you may need the assistance of HijackThis and CWShredder. Run both of these (run HijackThis carefully, though) to help clean some of the Cool Web Search garbage off of the system along with damaging registry settings that may be causing connectivity woes. All righty, 9 times out of 10 at this point you should be able to connect to the Internet.

Everybody do the hustle... err... I mean, the update. Assuming you do not have any winsock errors or viruses to contend with, you should be able to connect to the Internet. Update Spybot-S&D, Ad-aware, and CWShredder to make sure you have definitions for all of the latest nasties out there. Then run each of these programs again to get any leftovers off of the system. This should take care of the spyware issues on this computer. All that is left is to scan for viruses and check for Windows Updates so that you can get the PC back to your client's home.

Prevention:
The big lie: Now your clients will swear up and down that they would never browse adult material while online. However, the reality is quite to the contrary when you discover 4 - 5 porn dialers on your client's PC during a routine checkup. I personally do not push the issue too much as it tends to tick off my clients and they become quite defensive. Just explain that that spyware tends to generally come from Web sites that contain adult material as well as other non-mainstream Web content. This way they can read between the lines without becoming embarrassed. (To be fair, in a number of cases it may be your clients' children who are "checking out" the adult material. So don't always assume that the client is aware of where the browser's history will lead to. Then again, sometimes it may be the remnants of a P2P program.)

Offer one of the Mozilla browsers! Offer to install one of the Mozilla browsers (Mozilla, Firefox, etc.) that can be used for day to day browsing. This way, your client will not be hit with the Java and ActiveX exploits that are aimed at IE users. If ActiveX or Java are needed, the client can use IE in those cases. (Make sure Java is disabled within Mozilla/Firefox.)

Use SpywareGuard and SpywareBlaster. This winning combination has proven to be highly effective from my own personal experience. As long as they are kept up to date, they make a nice final line of defense between the spyware and your PC.