Link: A-Z Index Link: Search WU Link: Support WU
 
Willamette University Willamette Integrated Technology Services
Link: Help Desk
Link: Services & Resources
Link: Academic Support
Link: Technical Support
Link: News
Link: About Us
Link: Contact Us
Resources

 

Help Documents Index

Other Resources:

Computer Labs

Software Downloads

Equipment Scheduling

WITS Policies

WITS Home

 

Updated 3/31/2005

Spyware and Adware ("Malware".)

Introduction to Malware

So what exactly are Spyware and Adware?

How do I know if I have it?

How did I get it on my computer?

How do I get rid of it?

What can I do to keep this stuff off my computer?

What about a pop-up blocker? Will that help me?

Watch out for Fakes!

Tools for removing Spyware.

lndividual Removers.

More information and tools.

What can the Help Desk do for me?

How-to documents.

Introduction to Malware (Spyware/Adware).

Perhaps the largest problem facing the average computer user today is the phenomenon we call Spyware or Adware.

You may have noticed as you browse the internet: an occasional pop-up advertisement at a site you didn't expect to see, or one that shows up on your screen when you didn't even have a browser open. Perhaps you mistyped your favorite website's name and happened upon a barrage of ads and offers of software downloads or replacement home pages.

Spyware and Adware have become a larger problem than conventional viruses for most computer users and will probably overtake SPAM (unsolicited bulk email) as the number one annoyance of internet usage in the near future (if it hasn't done so already).

The good news is that there is hope on the horizon. New security patches for Windows, better removers, and more awareness could stem the tide of this digital menace. We've already noticed improvements in the spyware war here at Willamette. Read on to learn all about how to keep yourself ahead of the game.

So what exactly are Spyware and Adware?

The Microsoft Corporation defines these software menaces as the following:

Spyware is software that sends your personal information to a third party without your permission or knowledge. This can include information about Web sites you visit or something more sensitive like your user name and password.

Adware is software that displays advertisements on your computer. These are ads that inexplicably pop up on your display screen, even if you're not browsing the Internet.


Hijackers, Browser Helper Objects, DSO Exploits, keyloggers...there are literally thousands of malicious programs out there. Some are not easily classified as exactly Adware or Spyware. Many behave more like viruses or worms and intend to do harm to your computing lifestyle. Some simply track where you go on the internet and report that activity back to some mothership server to be tabulated and analyzed for advertising purposes. Nearly all are irritating at best, and many can be difficult for even the most savvy computer geek to remove. The variety and payload of these programs are nearly immeasurable. Collectively, the gamut of malicious unwanted programs has been termed by the internet community as "Malware".

How do I know if I have it?

There are several obvious, and a few more subtle ways to tell if you have any 'malware' on your computer.

Symptoms. Just about any combination of the following symptoms can indicate a spyware/adware infestation:

  • New pop-ups. Pop ups are everywhere, but if you start to see them when you visit web-sites that didn't have them before, or when you are not even surfing the web, that can be a dead-giveaway that you may [or potentially] have spyware installed on your computer.
  • Home Page. If your home page has unexpectedly changed, it can be a sign that some spyware program put it there, especially you are unable to change it back to your preferred page.
  • Search Page: If you do a search with your browser and an unexpected site handles the search.
  • Extra toolbars: New toolbars either in your browser or your system appear unexpectedly.
  • System Slowness: Many computers slow down considerably as a result of being bogged down with unwanted programs.
  • Unusual computer behavior: Programs not opening, or closing properly. Web-links not working, any unusual behavior might have a spyware source.

Other things to look for:

If you're more computer savvy (or brave). You can always look in the Windows Task Manager. There you will find a list of all the processes running on your computer. Look for names that might be obvious ("WebRebates", or "FreeStuff" would likely be spyware programs) culprits. If you're not sure about a process, do an internet search with its name: you should be able to find out if it is a valid Windows program or not.

How did I get it on my computer?

Almost all malware on your computer is there because you installed it. You might not have known it, but you actually are an active participant in getting this nasty stuff installed on your system. You actually had to click on something or install a seemingly legitimate piece of software for this stuff to get to you. Often it is accidental, or at least unsuspected. A small portion of these programs come through unsecured network ports like viruses. But the vast majority are programs that you agreed to install, whether you wanted to or not.

Here are some of the more common methods used to get this stuff on to your computer.

The DriveBy: It could be something as simple as clicking on a deceptive pop-up ad, or visiting a corrupt web-site. Misspelled versions of legitimate web-sites are among the most notorious for being carriers of this kind of software. These ads/sites contain programming information or commands that tell your internet browser to download and install something from their site. Similar to downloading a legitimate plug-in behind your back to improve your browsing experience, these unintentional downloads (or "driveby downloads" as they have become known) secretly install spyware or adware onto your computer.

Bundled Software: Think that new screensaver is free? Not always. Often the price for free software is paid in spyware. Many underhanded companies have paid makers of otherwise legitimate software to include their malicious program in a bundle with their product. Peer-to-Peer filesharing and downloading software are popular examples of this type of bundled software.

Just plain asking for it: You see a popup advertising a "FREE VIRUS SCAN ONLINE" you click it, and a dialog box asks if you want to install "freevirusscannerforyou.exe"? Not knowing any better, you do, and you're done. The software claims to scan your computer and reports no viruses. But Ha! you enter an endless cycle of pop-ups and misdirected Home Pages that plague you until you give-up and reformat your hard-drive.

Like it or not. Unlike SPAM, which you can get just for having a simple last name (jones@smith.com is probably buried under a mountain of virtual mail), or viruses which troll the net looking for computers to infest, if you have spyware on your computer, chances are you did something to bring it there.

How do I get rid of it?

Removing the unwanted spyware from your computer is not as easy as it used to be. A few years ago running a sweep with a popular removal program was all you needed to keep the pesky stuff out of your life. Now, experts agree that one tool is not enough and most recommend the use of several tools to get rid of all the spyware on a severely clobbered computer.

Depending on how much stuff you have accumulated, and the nature of the specific threats, removal can be as simple as downloading and running a few programs we have listed below (see Tools for removing Spyware. ). There are; however, more persistent spyware programs that defy removal from these tools and require a knowledgeable individual several hours of painstaking (and precarious) work to remove properly.

There is always the final recourse: the dreaded "Format and Reinstall" of your Operating System, programs, and important data. Doing this will pretty much guarantee that any spyware will be removed from your computer. When faced with a five-to-six hours spyware removal session, vs. a three-hour reinstall of everything on your computer, the decision to do so can make sense.

What can I do to keep this stuff off my computer?

There are several preventative measures you can take to keep malware off your system.

  • Browse wisely. Knowing what sites you visit that might attempt a Drive-by download, or making sure you don't agree to install anything you aren't sure about can go a long way to not getting spyware installed in the first place.
  • Stop sharing files. Using peer-to-peer software, or even sharing with other users on RESNET (via file + printer sharing) is almost a sure-fire way to expose yourself to spyware. Sometimes it is contained in the peer-to-peer software; other times it is contained within the files you are acquiring with these methods.
  • Keep your antivirus software updated. Several anti-virus programs are now including known spyware in their lists of threats they prevent/remove.
  • Switch internet browsers. Much of the spyware installs occur because Internet Explorer is so well united with the Windows Operating System that it allows Drive-by downloads to occur more easily. Other browsers (Netscape, Mozilla, Opera etc) are not so well entrenched in the system and simply can't allow some of those installs to happen.
  • Keep Updating your Operating System. See that little reminder about Windows Updates on your screen? Click on it, do whatever it tells you: Service Pack 2 and Beyond. An up-to-date machine is much much safer on the internet than an un-updated one. (Service Pack 2 is a big update to the Windows XP operating system. It includes numerous security enhancements, as well as disabling some of the controls that make Internet Explorer so susceptible to spyware installation. **Note: We always recommend backing up important documents from your computer before doing any installation of this magnitude. More information on SP2 can be found here: Microsoft site on SP2.)

What about a pop-up blocker? Will that help me?

Most modern browsers have pop-up blockers available. Windows XP Service Pack 2 even includes one for Internet Explorer. These can be wonderful tools for avoiding the barrage of pop-ups plaguing the internet today. When it comes to spyware prevention, pop-up blockers help somewhat.

Many of the pop-ups you see on the internet aren't just advertisements, they are spyware installs waiting to happen. They are designed to be deceptive and trick you into clicking on a link inside the pop-up which will lead you to a drive-by download or even more pop-ups. Pop-up blockers can help mainly by preventing you from seeing the deceptive advertisement in the first place.

There is a catch too. If you do have adware on your computer that is blasting you with pop-ups, your blocker might be stopping the ads, but not removing the source of the problem. Even though you might not see it, the bad software could still be there, slowing down your system and causing you trouble. Use anti-spyware programs to help determine if any unseen threats still reside on your computer.

Watch out for Fakes!

Among the more unscrupulous tactics used by spyware/adware pushers are the fake spyware removers. You'll see a pop-up warning you to get their groovy removal tool to protect you from spyware, but they are simply tricking you into installing their own malicious program.

Some simple rules to follow:

  • Don't believe pop-ups. There are very few honest pop-ups. Especially ones that advertise anything you have to download. Just stay away from false advertising.
  • Know the good from the bad. There are numerous known fakes out there. Do a bit of legwork before you download a fake remover. A quick internet search should be able to reveal a list of known programs that pose as spyware removers.
  • If you're not sure, don't download it. If you don't know whether a spyware remover you're being offered is legitimate, don't download it. Call the Help Desk, ask a knowledgeable friend, whatever. You're much better off finding out first than dealing with the potential hazards of downloading a fake program.

Here is at least one list of suspected fake spyware removers: Rogue-removers.

Tools for removing Spyware.

Here are some of our favorite tools for removing this menace from your computer:

New. Microsoft Anti-Spyware: Although currently still in Beta (not quite ready for prime-time), Microsoft's work on the spyware-removal front is impressive. It is simple to understand, very powerful, and free.

Ad-aware: The name may sound deceptive, but Ad-aware (made by the Lavasoft company) is the preferred tool for removing most spyware from a computer. It's easy to use and nearly impossible to do any additional harm to your computer by using it. It's free, but if you pay for it you can also add its protective features.

Spybot Search & Destroy: Another fairly simple tool that catches some spyware that Adaware misses. Spybot SD also includes an "Immunize" feature which attempts to block spyware from getting in.

PestPatrol: You have to pay for this one, but it is regarded as a great tool for removing/preventing spyware.

Spy Sweeper: Brought to you by Webroot. Very higly reviewed by respectable agencies. There is a free trial version as well as the full-bore "pay" version.

lndividual Removers:

Sometimes removers like Ad-aware and Spybot SD don't remove all of the spyware on a computer, or some especially resilient programs refuse to be removed. For those cases you can find individual removers or get help from knowledgeable people on the internet who have devoted time and energy to creating tools and information to help rid the internet of spyware.

More information and tools:

There are numerous web-sites dedicated to discovering and eliminating spyware/adware/malware from the computing world. Here are a few that contain helpful information, links to specific threats, and removal tools.

Spywareguide : Comprehensive guide to many specific spyware threats. We haven't tried their "free online scanner" so use at your own risk.

Spywarewarrior: An online community devoted to hunting down and removing spyware wherever they find it.

PC Hell: Not just devoted to spyware, this site has help for virus removal and general computer issues.

Security at Home: Microsoft's own take on spyware and adware. Includes prevention tips and information.

What can the Help Desk do for me?

WITS is very committed to helping you rid yourselves of the spyware menace. We are more than happy to show you how to acquire, update, and use the spyware removers effectively. We have a knowledgeable staff who can help you identify and try to remove specific threats that defy normal removal as well.

Keep in mind that our resources are limited, and the spyware problem continues to grow. We cannot guarantee that we can find/remove all of the nasty stuff. Nor can we make any promises that you will never get spyware again. It's up to you to increase your awareness of the behaviors you engage in that can lead to more spyware infection.

Sometimes a computer is too far gone to recover. Even after time and effort from the most savvy staff members, spyware can be so entrenched in a computer that there's no feasible way to remove it. In these cases we may recommend you restore your system using your Windows CDs or System Restore disks that may have come with your PC.

"How-to" Documents

WITS Help Desk has prepared some "how-to" guides for using several of the spyware removal programs.

Ad-aware how-to.

Spybot SD how-to.

 

WITS - Willamette University - 900 State Street, Salem Oregon 97301 - 503-370-6004
Questions or comments on this site? webmaster@willamette.edu

Last Updated August 14, 2006

Willamette University Willamette Integrated Technology Services