Recent Any Answers postings suggest that AccountingWEB members are being pestered and disrupted by spyware and related internet irritations. This Expert Guide presents a summary of useful counter-measures suggested by commuity members.
In August, 'Knuckles' complained he was being harassed by an unwanted browser toolbar, while in November Jane Cable had trouble installing BT Broadband on a laptop running Windows XP (Service Pack 2), because the BT installer insisted there was spyware on her machine. The suggested treatments are documented below.
In its introduction to the topic, Spyware, Adware - Be aware! [1], RAN ONE describes several sub-species within the overall category of spyware. One of the most common sources of the affliction come from peer-to-peer software such as KaZaA used to swap music and move tracks commentary
'Spyware' is a broad category of commercially driven software that is usually bundled with other programs and downloaded innocently. A good way to attract a piece of spyware is to download the software for peer-to-peer services like KaZaA Emule, WinMX, and Morpheus that are used to swap free music tracks between PCs on the Net.
Another variant is Adware, which displays pop up messages on your screen, or in more sophisticated examples, it can even throw up a pop-up if you visit a competitor's website. And "drive-by downloading" occurs when spyware loads itself on to your machine when you visit a particular website.
Spyware and adware are typically low impact infections. But they can be irritating in the extreme, and as RAN ONE warns, more malicious variants can act as a backdoor on your computer to capture keystrokes and other information that might gain them access to bank accounts and other secure information.
Anti-Spyware applications
Most spyware varieties can be prevented by firewall programs and a range of antidotes suggested by AccountingWEB members:
The different tools use different methods of identifying and removing offending files, registry values and the like. Using a combination is recommended for more complete protection. And regardless of what software you use, keep the reference files up to date or the anti-spyware will be effectively useless.
Sometimes the preventive software can cause more worry than is necessary. Many websites, including AccountingWEB, store information about you in tracking cookies and often these cookies will be identified as a possible problem by programs such as Ad-Aware.
Spyware masquerading as anti-spyware
In a November posting, David Thorne commented that popular programs such as Spybot and Ad-aware clean up the mess, but put in a word for tools that prevent infections in the first place, including:
Just to fuel your paranoia, Thorne added that many so-called anti-spyware programs which either do not work or contain spyware of their own. He suggested a visit to Spywarewarrior.com [9] to check whether you're being offered a bogus program. Nigel Harris also found Spychecker.com [10], which provides a database to check downloads before you install them, and provides links to anti-spyware resources.
Rogue homepage attacks
Knuckles [11] wanted to keep AccountingWEB as his homepage, but some spyware had other intentions. Many of the anti-spyware tools above were mentioned in reply. But there are other countermeasures you can take.
Using a browser other than Internet Explorer and an operating system other than Windows makes you much less vulnerable, as Spyware, like other viruses, targets Microsoft software over anything else. However, that does not mean that Mozilla, Netscape and other non-Microsoft browsers are 100% secure.
I Robinson experienced the same problem and grew frustrated that whenever he tried to reset the browser's default homepage, the spyware greyed out the relevant Internet Options in Microsoft Internet Explorer. If this happens to you, select the Programs tab at the top of the Internet Options dialogue box and click the Reset Web Settings button. This will overwrite the site imposed by the spy program.
Rogue diallers
In October, Andy Shady [12] reported his ongoing problems with BT, after he was stung by £300 bill for accessing premium rate phone lines he knew nothing about. This was a result of an internet dialler scam.
Rather than taking your credit card details, some websites (usually containing dubious content) will get you to hang up your normal internet connection and redial on a premium rate. Less scrupulous operators will lure you to websites that download auto-dialler programs, or will send out autodialler viruses via email. Strange dialogue boxes that pop up and ask if you wish to continue accessing a particular site may alert you to the problem, but use of any current, reputable anti-virus application should keep them at bay.
Regulators and telecoms operators are beginning to crack down on dialling scammers, but that was too late for Shady, who is still trying to reclaim his money. Chris Davis was advised by BT that if he used a dedicated line for (non-broadband) access, the line could be barred from accepting premium rate numbers. IT Consultant Marc Wilson recommended taking advantage of this facility for any business line used for accessing the internet.
Broadband problems
Spybot on its own was not enough to enable Jane Cable [13] to convince the BT Broadband installer that her Windows XP (Service Pack 2) laptop was clean. "I have run the most up to date version of Spybot and it had cleared everything that was there - yet the problem persists," she noted.
Mark Snowdon replied that there are some well documented problems with BT (and other) broadband suppliers and Windows and XP SP2, which enforces a lot of security controls that can cause conflicts.
And "If you have one of BT's USB modems, put it back in the box and buy a firewall/router/ADSL modem." Belkin, US Robotics, Netgear, D-Link and other suppliers offer these for around £80, often with wireless capabilities. "Make sure they have 'SPI firewall' not just NAT," he advised.
If you have broadband you will catch infections if you are not using a decent firewall, Snowdon added. If you are not satisfied with the built-in Microsoft firewall, there are alternatives such as:
The ultimate solution to Jane Cable's problem was provided by Gareth Jones who recommend using some of the anti-spyware programs mentioned in a certain order and in conjunction with further programs, because different checkers find different things.
The following procedure, he said, "May seem like overkill, and does take time, but will be worth the effort":
1. Load and run Panda ActiveScan [17] then Housecall [18]
2. Visit the Windows Update [19] site, scan for updates in the main frame, and download and install all critical updates recommended.
3. Download, extract and run CWSShredder [20]
4. Install, then run and Ad-Aware SE Personal [21].
5. Reboot.
Cable followed the instructions and reported back that CWSShredder had done the trick.
Related articles
Our thanks to all the AccountingWEB members who provided the comments and advice contained in this guide: David Thorne, Nigel Harris, Nasar Ramzan, Jim Mercy, Des Farry, Dave Brown, Gavin Collins, Robert May, David Honeyman, Jenni Frost, Neville Ford, Paul Wakefield, Marc Wilson, Andy Shady, Chris Davis, David Wordley, C Prescott, Drew Edgar, Paul Taylor, Jane Rees, Steven Payton, Charles Verrier, Gill Walker, Daniel Clark, Clint Westwood, John Savage, Jane Cable, Tom Cadogan, Alastair Harris, Nicholas Myles, Gareth Jones, I Robinson, Christopher Lee, Mark Snowdon, John Terrill, Lester Perera, Mike Howard and John Kemp. If you are experiencing internet or other technology problems, you can often find the answer by searching the Any Answers [26] archive or posting a question. [27]
by Joseph Vallender and John Stokdyk, AccountingWEB.co.uk
Links:
[1] http://www.accountingweb.co.uk/cgi-bin/item.cgi?id=127905&d=448&h=455&f=0
[2] http://www.lavasoft.de
[3] http://www.javacoolsoftware.com/mrudownload.html
[4] http://www.pandasoftware.com/activescan
[5] http://housecall.trendmicro.com
[6] http://www.computercops.biz/downloads-file-349.html
[7] http://www.javacoolsoftware.com/sbdownload.html
[8] http://www.javacoolsoftware.com/sgdownload.html
[9] http://www.spywarewarrior.com/rogue_anti-spyware.htm
[10] http://www.spychecker.com/index.html
[11] http://www.accountingweb.co.uk/cgi-bin/item.cgi?id=129495&d=448
[12] http://www.accountingweb.co.uk/item/132586/448" target="blank
[13] http://www.accountingweb.co.uk/cgi-bin/item.cgi?id=133061&d=
[14] http://www.zonelabs.com
[15] http://www.kerio.com/kerio.html
[16] http://www.accountingweb.co.uk/cgi-bin/item.cgi?id=126821&d=448
[17] http://www.pandasoftware.com/activescan
[18] http://housecall.trendmicro.com
[19] http://windowsupdate.microsoft.com
[20] http://www.computercops.biz/downloads-file-349.html
[21] http://www.lavasoft.de
[22] http://www.accountingweb.co.uk/cgi-bin/item.cgi?id=127905&d=448&h=455&f=0
[23] http://www.accountingweb.co.uk/cgi-bin/item.cgi?id=119708&d=448
[24] http://www.accountingweb.co.uk/cgi-bin/item.cgi?id=126821&d=448
[25] http://www.accountingweb.co.uk/cgi-bin/item.cgi?id=66102&d=448
[26] http://www.accountingweb.co.uk/anyanswers/index.html
[27] http://www.accountingweb.co.uk/cgi-bin/iadmin.cgi?page=56&t=0