Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /var/www/hosts/cases/inc/refcount.php on line 23
CASEScontact - solutions, tools & skills against latest security, cybercrime, hacking & malware threats
Just the facts
     
Title   CASEScontact.org guide: the best ways for getting rid of spyware and stealthware
Description  

Weeding out spies with CASEScontact.org's spyware removal guide that tells you how to:

  1. check if you have spyware,
  2. get rid of what might be on your system (free tools to do so - see Tips 1-3), and
  3. minimize the risk for future spyware infections

Get through the above three steps in 15 minutes or less at no cost to you.
CyTRAP LABs ID   CT210002
Date   2006-05-17
Systems affected  
  • Windows/2000/NT/XP etc.
  • Mac OS 10.xx (Jaguar, Panther)
Select language  
Version number   1.3
ISSN   1603-9866
Verify tip   http://casescontact.org/tips/210002
Risk assessment   High
Impact/Severity   High
Audio/Podcast files   CyTRAP PodCast show - Protecting your digital assets - Wednesday, May 17, 2006
Update - change  

2006-05-17 - Update 2

  1. Tool added to catch spyware running under stealth mode - tried and tested by CyTRAP.eu/RiskIT Labs
  2. technical terms linked to glossary section,
  3. two more free spyware removers added
  4. 8 steps checklist for removing spyware from WinCurity - CASEScontact.org's blog has also been added.
 

Why not get new tips and alerts by e-mail directly to your in-box? It's much more convenient:

Your email: or press here.
 

What's up?
     
   
Real life scenario Internet & PC scenario
What is the threat or vulnerability?    

Celebrities such as Jennifer Lopez, Bill Gates, Britney Spears, Shakira and Paris Hilton all try to protect their privacy by keeping paparazzis off their private property.

Celebrities to not give permission to a paparazzi photographer to install a webcam or other devices on their property.

Spying on people is a nasty business and invades at least another person's privacy.

In cyberspace, spyware are nasty applications that generally do not ask permission before installing themselves onto your computer.

Similar to adware, spyware can kep track of sites people visit, allowing the program to deliver ads that reflect users' interests and thus increase the chance of triggering a sale.

This guide provides you with information on how to get rid of these nasties using free tools to do so fast and swift.
 
 

Problem & Solution
     
Admin  

Please share this information with your colleagues, because they will appreciate it very much.

  • You can receive these tips directly in your e-mail in-box - subscribe now - you will be glad you did

    Incidentally, this guide about removing spyware is part of your multi-layered security approach that you should have implemented with your home PC. Get the tools and the best tricks for how to successfully fight off future spyware and malware infections by looking at:

    •      
    What does it mean to me? Am I vulnerable?  
    So why should you care? Well, you are probably reading this tip because:
    • your computer is running slow,
    • you are getting 'served' pop-up ads you do not want,
    • you may be receiving errors you have not seen before and/or,
    • it could be that your web browser is littered with toolbars and your homepage has been hijacked.

    If your PC is showing any of these symptoms your system is most likely infected with spyware, malware, or adware.

    All of these programs are different from viruses (which usually cause your PC not to function) and from each other, but they all do pretty much the same thing, slow down your system, perform things you do not want and make your surfing experience a pain. Spyware is a type of malware that a user

    1. does not want to remain installed on his or her hard-drive, and
    2. if spyware is installed already, the user should get rid of it as fast as possible.
    And no, spyware is not the same as adware. However, there is a fine line between the two.

    1. The Threat may come in a variety of forms, including malicious code exploiting a known vulnerability or else by the user downloading a program from an untrusted site.

      Some experts have claimed that the spyware wars are over, because spyware has won by having succeeded to be present on every PC in some milder or more agressive form or other.

    2. Vulnerability is is that information will be collected from you without having gotten your consent or else not having you really made aware of what you are consenting to before installing the program.

      It is safe to say that at least 2 out of 5 home PCs are infected with spyware. Worst is that an infected machine will usually have several spyware programs installed.

    3. Impact is that spyware takes up memory on your computer and makes it run slower.

      Possibly worse is that arbitrary code is being executed on one's machine without authorization.

      Additionally, depending upon the malicious intent, damage may be severe. Imagine, if a spyware package found information required to order something online on your behalf? The time, frustration and expense it will be for you to reverse such charges is substantial.
         
    If I fix the problem - will it help me?
    How    		  
    In case you believe that your computer is not infected by spyware, why not take your system for a quick test drive?

    The results from this test might surprise you. Maybe you can even count yourself lucky by testing your system only to find out that it can be given a clean bill of health.
         
    How can one describe the solution?  
    The solution starts before your PC is being infected by spyware. Thus follow these steps to the letter:
    1. implement the concept of layered security right now;
    2. take action before being infected by implementing these 4 preventive measures against spyware; and if you are already infected
    3. check out the 8 steps guide for getting rid of spyware for easy to use and practical advice.
    Please, why not take 5 minutes and check out the above links before continuing. You will be glad you did, because this will safe you a few headaches and time to fix spyware-related problems down the line.

    Just for your information, a cookie is not necessarily spyware as some programs make us believe. Instead you may:

    1. want one cookie because it gives you a better surfing experience on a website you visit regularly, while you may want to
    2. get rid of a cookie from a particular site that you feel is useless, not needed or a nuisance because you will never again visit the site.
    If you need some help with getting rid of cookies or finding out some other tricks, check out: Cookies - Making them Work for YOU - More Securely.
         
    Does Microsoft offer me a solution?  

    Microsoft took over the Giant Company, a maker of antispam and antispyware products in December 2004.

    Microsoft Windows AntiSpyware offers this package for free to licensed Windows 2000, Windows XP and Windows Server 2003 customers only. Eventually, Microsoft might begin charging for the program.

    You can download:

         
    Where can I get more help?  

    To find a list of resources and also have many terms explained in layman's language, please visit here for help about and links to free anti-spyware software for home use:

     


    What is the solution to this problem ?
         
    Tip 1  

    The first two options listed below remove spyware by doing the job:

    • fast, and
    • easy way and, most importantly, both are
    • recommended for helping you improve your layered protection security posture.
    You can get two free anti-spyware programs with these links:
    1. Secureworld, easy to use and it works; and
    2. Lavasoft - a well-known product
       
         
    Tip 2   Another two well-known tools that do a very good job are:

    Please remember that all these tools use a definition file that identifies spyware. Hence, this file must be updated from time-to-time to assure that you are protected against the latest threats.  

         
    Tip 3   An important trend that you should be aware of is rootkits using stealth mode whereby they can stay undetected by your usual spyware tools. In turn, these can not be removed, unless.....

    An example was the Sony/BMG rootkit that resulted in more than 2 Mio users having their computers infected . Playing music CDs/DVDs from such artists as: Celine Dion, Ray Charles, Cyndi Lauper and Neil Diamond got their computers infected. However, get info and the free tool here for catching rootkits under stealth mode:

     


    Take another 2 minutes - More tricks to safeguard your information better
         
    Tidbit 1  

    Another headache is Look2Me, a new generation of "polymorphic" spyware, which continuously changes its filename and other identifying characteristics each time the user logs on and off the infected PC.

    Once it becomes resident on a PC, Look2Me runs inside a critical Windows process (i.e., hooking into Winlogon.exe) and operates in stealth mode, never appearing in the Windows Task Manager's process display.

    Look2Me exploits a Microsoft operating system feature that allows programs to be notified when a user logs off.

    Because of this problem, most users infected by this spyware do not even know that they are (use the free tool under Tip 3 to find that one).

    In such a case you need to have a possibility to logg processes on your machine to see which file it is that is trying to hide or which process you want your anti-spyware program to get rid off. We have help, namely:

       
    Tidbit 2  

    One notable CoolWebSearch spyware variant attempts to prevent users from viewing the Windows Task Manager, so they cannot see the processes that are running on their PC. (e.g., as you do when pushing CTRL-ALT-Del).

    This variant of CoolWebSearch spyware also prevents users from running the Windows Regedit program, a tool commonly used by tech-savvy professionals to edit the Windows registry in hopes of manually removing spyware.

    Adding insult to injury, some variants of CoolWebSearch spyware provide an uninstaller which, instead of removing the offending software, actually installs more spyware onto the infected PC. This "brotherhood of spyware" opens the door to invite new spyware guests onto your computer.

    To remove this and other browser hijacker programs you can get this freeware program:

    Tidbit 3   Some of today's spyware steals personal information (e.g., login passwords, keys, etc.) and posting it on a public server.... a feast for cybercrime.

    This spyware reveals whatever one holds private and personal, such as:

    • logs instant messaging and other chat activity,
    • the web addresses visited by the victim,
    • user names and passwords the victim uses to log into various web sites, as well as information filled out on web site forms, AND
    • accesses Microsoft's Internet Explorer "Protected Storage", which is where Internet Explorer stores information and passwords entered into web forms.

    Once this information has been collected, it is transmitted to a remote web server over the internet. Once transmitted to the server, the information is dumped into an unencrypted file. Anyone who knows the address of this server can view this file. Apparently, the personal information of thousands of victims is being written to this file on a continuing basis. Sunbelt has been monitoring the file and has discovered that the information it contains is being compressed and archived at regular intervals. The file then is reset to blank so that more information can be written to it.

    The tools mentioned under Tips 1-3 should help you getting rid of such spyware for sure.

       
    Watch out   Some users get confused what anti-virus programs can do versus spyware scanners. They both do important jobs but not the same, namely:
    1. anti-virus programs focus on file scanning, while
    2. anti-spyware programs focus on system scanning.

    Hence, an anti-virus program helps preventing your PC from getting infected, while a anti-spyware program finds these nasty things if they have already infected your PC's hard-drive.

    Accordingly, both programs do different jobs and are needed.

    Also, you have to change the options in your favorite web browser regarding the acceptance and/or rejection of cookies. The guide:

    explains exactly how you can change your cookie options to better protect yourself against spyware in easy to understand non-technical terms.   

     


    CYTRAP resources - check it out - because it will help you better protect yourself
         
    Related tips  
    Glossary   Please either sign in by clicking on 'Login as a guest' to get the definition, no registration required or else get a free registration to get access, its worth it.
    Additional risk minimization  

    What can cause some problems sometimes is if a vendor decides to remove a software from their definition files, without letting users know. Hence, while product A was still removed from your PC yesterday because the program identified as spyware, today this is no longer the case since the firm decided that it is now adware only.

    The Sony rootkit nightmare or Sony-BMG case was an example how code may be installed spying on users supposedly to protect a company's rights. And yes, many spyware removal programs did not find the hiding Sony-BMG rootkit and others failed to identify as spyware (it was since it reported back information to Sony without the user's explicit consent).

    To better safeguard oneself against such attacks and newly evolving forms of spyware code it is necessary to:

    1. follow a strict regiment of layered security, AND
    2. use more than one spyware remover, AND
    3. run it at least ONCE A WEEK on your machine

    If you want to check at the end if you did things right, have a look at this checklist, you'll be glad you did:

    Del.icio.us  

    Was this tip helpful to you? If yes, why not bookmark it at Del.icio.us

         
    Technorati tags   , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

    Administrative
         
    Author   Urs E. Gattiker - CyTRAP Labs
         
    Revisions  
  • 1.1 - 2005-04-15 - First Version
  • 1.1 - 2005-08-16 Update 1

  • 1.2 - 2006-05-17 - Update 2

    		•
    Contact details   Web: http://CASEScontact.org
    E-mail: support01@CASEScontact.org

    Tel: +41(0)76-200-7778 or + 44(0)70-9237-6036
    Fax: +44(0)70-9237-6036, dial 3 send fax
     

    --END of ADVISORY - Important Info Below--
     
    We recommend that you VERIFY ALL ADVISORIES you receive IMMEDIATELY, by clicking on the link provided at the top of this alert.

    NO WARRANTY
    Any material furnished by CASEScontact.org is furnished on an 'as is' basis. CASEScontact.org, writers & sponsors make no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material.

    Ride the rollercoaster successfully by subscribing to our alerts, tips, tools and skills training receiving them either via:

    1) e-mail
    2) RSS feeds, or else, just get a
    3) free skills tune-up


    NO WARRANTY
    Any material furnished by CASEScontact.org is furnished on an 'as is' basis. CASEScontact.org, writers & sponsors make no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material.

    CASES writers & sponsors do not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement.
    Full DISCLAIMER notice at: http://www.casescontact.org/terms.php

    UNSUBSCRIBE
    If you no longer wish to receive this TIP ADVISORY, please Unsubscribe at:
    http://www.casescontact.org/unsubscribe.php

    QUESTIONS, comments, ideas? Cheer us up at:Tips-Comments at CASEScontact.org

    CASEScontact.org -- Threat Alerts and Security Notices --clear and precise, no compromise -
    --currently hosted by Flashcable
    -- END of TIP & Tricks ADVISORY--
    Copyright (c) 2007 by CyTRAP labs - Urs E. Gattiker. All rights reserved.