A “spyware” is a software that sends back computer usage data to its creators; some companies do this to sell user click-throughs and/or online surfing habits to ad agencies and such. In worst case scenario, it provides a backdoor for hackers to keep a tab on your key strokes and mouse clicks.
Some softwares don’t necessarily send usage data back to its creator, however, they do “serve” you ads that you don’t ask for. Those are called “ad-wares”. They are just as equally annoying.
Another type of softwares are like parasites. They are fully self sufficient programs that are installed during the process of installing the main program. Those you can detect and remove easily.
In this thread, I’d like to share some tips and tricks on how to:
- avoid spy/adware installing themselves on to your computer
- methods to detect these spy/adwares
- methods to remove these spy/adwares
The following methods apply to Windows 2000/XP. Since I haven’t dealt much with Windows 98/ME, these tips may not apply.
[color=darkred]How to avoid having spy/adware installing itself on your computer[/color]
[color=blue]1. Read Before Click[/color]
When installing software, free or commercial, do read the installation procedures carefully. Do not click “Next” without knowing what is being done to your computer.
[color=blue]2. Be An Advanced User[/color]
“Nice” programs usually tell you what is being installed and provide checkboxes for the user to NOT install a feature, or in some cases, a spy/adware. Always choose the “Advanced” option if given one. Additional checkboxes are almost always hidden in the advanced mode. A good example is Netscape Navigator; it installs WinAmp (popular mp3 player), AOL Instant Messenger and a few other programs on your computer. But Netscape does allow you to uncheck them.
[color=darkred]How to detect spy/adware[/color]
[color=blue]1. Windows Task Manager[/color]
There are two ways to bring up the Task Manager window: 1.) right click on the tool bar at the bottom of the screen, in the menu option, select “Task Manager”. 2.) Hit “Ctrl + Alt” and then “Delete” keys at the same time; you should see a pop up window with six buttons – “Lock comptuer”, “Logout”, “Shutdown”, “Change Password”, “Task Manager” and “Cancel”. Select “Task Manager”.
In the Task Manager, there are 4 tabs, each tells you important information.
[ul]“Applications” – what software is being run currently. Usually spy/adwares don’t reveal themselves here.
“Processes” – what are being run behind the scene to keep your computer running (kind of like what your brain does in regulating body temperature, breathing… etc). This is where spy/adwares show up. More on this later.
“Performance” – tells you how hard your CPU is working and how much total memory is being occupied over time.
“Networking” – shows network activities of your network setup.[/ul]
At any given time, there are probably at least 15-25 processes taking place on your computer, even if you are not even running an application. So what are all the processes?! This tab provides a lot of information: what processes are being run, how much CPU time are they each taking and how much memory is required to run each.
csrss.exe, explorer.exe, lsass.exe, rundll32.exe, services.exe, smss.exe, spoolsv.exe, svchost.exe (sometimes a few of this), System, System Idle Process, taskmgr.exe, winlogon.exe
Common program processes
acrobat.exe (if running Adobe Acrobat), aim.exe (if running AOL IM), ccapp.exe (if running Norton Antivirus), cutftp.exe (if running CuteFTP), dreamweaver.exe, frontpage.exe, icq.exe, iexplore.exe (internet explorer, different from "explorer.exe), realschedu.exe (if Real player is installed), netscape.exe… etc. The list can go on forever.[/ul]
Did you spot a pattern? Most commercial applications name their processes according to the package name. How nice. If you find something abnormal (say a program name you are not aware of but is taking up CPU/memory), you need to double check what it is, and what it is doing. More on this later.
[color=blue]3. Communication Activities[/color]
Now that you know WHERE and HOW to monitor various activities and processes taking place on your computer, let’s see how to spot “Spyware”.
[ul]Bring up a DOS window. (Bottom left and side of the screen; “Start” --> “Run…” --> in the new window, type “cmd”, hit enter.)
In the DOS window, type “netstat” and hit enter.
There, you will see a list of network activities, complete with IP numbers followed by alphabetical characters (or just strings of characters separated by dots).[/ul]
If you notice any “suspicious” connections to/from your computer, go back to the Task Manager under the “Processes” tab, and see if there’s a process you didn’t initiate and is not part of the system processes. To find out more about a specific process, type the process name (e.g. nvsvc32.exe) in Google to search. If there are multiple “svchost.exe” processes, go back to the DOS window, and type “tasklist /svc” and see what are some of the programs or services currently using the process (e.g. Dhcp, EventSystem, lanmanserver… ). Some spy/adwares name their processes quite obviously. Keep an eye out.
[color=darkred]How to remove spy/adware[/color]
[color=blue]1. Add/Remove Programs[/color]
Open Add/Remove Programs (“Start” --> “Control Panel”, in the new window, 2x click on “Add/Remove Programs”). This is the best way to remove software installed from you system. Look over the list of programs and make sure you know what and why something is installed. Not all spy/adwares leave a trail here. But this is a good place to start.
[color=blue]2. Third Party Software[/color]
There are a number of spy/adware detection and removers that can help you detect other spy/adwares that don’t show themselves in the Task Manager or leave a trail in the Add/Remove Programs. They can also help you detect future spy/adwares. Here’s a couple:
Ad-Aware (free for personal use)
Hope this helps.
Any feedbacks, comments welcomed. Please do post your own tips as well.
Included in Forumosa.com Knowledge Base