Protect your Computer from Spyware

By Mon Nasser, AccuTrack

I am protective when it comes to my computer: I do not open email attachments unless I am expecting them, I do not use file-sharing programs, and I do not download software unless I trust the source. As a result, I thought I was safe from spyware and viruses. However, a few weeks ago I had an experience with my home computer that changed my view of computer security.

I was surfing the web and visited a trusted site. When the site opened, a dialogue box popped up. The dialogue box had an unreadable mix of characters that extended on top of its response buttons! I have never seen that before and realized something was wrong, so I closed the box immediately. However, it was already too late!

The trouble started with a change of my desktop's background. The new background had a text message "SPYWARE INFECTION! Your system is infected with spyware." This was followed by various pop ups that prompted me to buy a "system cleaner" called "Spysheriff". Of course this seemed too strange as the pop ups were caused by a virus, and the virus was prompting me to clean itself with this 'Spysheriff" program!

After Googling the term 'spysheriff', I found out that this 'cleaner' is actually made by the same people who made the virus. Hmm, so they infected my PC with a virus and want me to pay a fee to get it cleaned. Sounds like blackmail, doesn't it? Of course since the 'cleaner' is written by the same people who wrote the virus, I would not trust the cleaner.

The effects of this virus were severe. Every minute or so an ad will pop up in an Internet Explorer Window. I could close the ad window but a few seconds later another one would pop up. This was very annoying because it interrupted my work: I would be typing an email message for example and suddenly I'd find an ad in front of me and my keystrokes would be diverted to the ad's window! In addition, I now had this sinking feeling that everything I do on that computer might be monitored by some hacker lurking somewhere on the Internet.

The first thing I tried to solve this problem was to remove 'spysheriff' from my computer by deleting its files. However, it somehow kept coming back! Next I tried Windows "System Restore". This is a wonderful feature that allows you to restore your computer a previously saved state. Unfortunately it turned out that 'spysheriff' purposely deletes the Windows restore points to circumvent this feature!

The next step was to try a reputable antivirus program. I started by downloading the 15-day evaluation version of Norton AntiVirus 2006. It was a good thing I could try the product without having to buy it first as it did not solve this problem. After a scan that lasted a couple of hours, Norton displayed a message like: "2 threats identified. 0 threats cleared. 2 threats remaining"! The software had a link that opened a web page with instructions for 'manual removal' of the identified threats. I tried following these instructions but the problem remained.

Next I tried Spybot - Search & Destroy, a free anti-spy software. The software identified several spy programs on my computer and cleaned them. However, the problem I had with the ad pop-ups problem remained.

For the next few days I tried other commercial programs. These include AVG Anti-Virus, X-Cleaner, XoftSpy, and Ad-Aware. The interesting this is that each one of those programs found threats that others missed and cleaned them. Unfortunately, none of them fixed the ad pop-up problem.

There was only one solution left: to reformat the hard drive, reinstall Windows, and start over. This was an extreme measure as it meant having to backup all documents, photos, email files, data, and anything else I created on that computer over the years and copy everything back after reinstalling Windows. If I forget any file it would be lost forever. Not to mention that this process consumes a lot of time.

I located my Windows installation CD and researched the Windows reinstallation process. However, I decided to try one more thing before proceeding with the formatting of the hard drive. This time it was Spyware Doctor by PC Tools Software. I used PC Tools products a long time ago and liked them. So I downloaded and ran Spyware Doctor.

The software did its scan like all the others did before it, but then it did something different. The software popped up a message saying that a threat was detected and it will now perform an "emergency reboot of the system". It went ahead and restarted Windows. However, when Windows booted up Spyware Doctor was the only thing that came up and it ran its scan again. It then cleaned up the threats it found and continued with the boot up process. Voila! This time the annoying pop-ups were gone!

So to summarize, this is what I learned from this experience:

  1. You can get a computer virus by simply visiting a webpage. The site I visited was hacked and the virus implanting code was added to its webpage.
  2. You should use more than one anti-spy program to protect your computer as it seems that different programs find different problems. I liked Spyware Doctor (because it solved the problem I had) and Spybot (because it's free).
  3. You should use an antivirus program. However, realize that the antivirus program might not fix some problems. In my case, Norton and AVG did not fix this particular problem.
  4. Make sure your Windows System Restore feature is turned on and create restore points. This feature is really the easiest solution if you get hit by a spyware or virus attack. However, some sneaky viruses might disable this feature. Hopefully Microsoft will put a protection on the restore points in a future release of Windows.
  5. Use Google to investigate the virus or spy program that hits your computer. Simply copy the messages the virus or spy program generates into Google and research it. Also if the antivirus program is not able to 'clear a threat' you can put the threat's name in Google for more info.
  6. Keep your Windows, anti-virus, and anti-spy software current by downloading their latest versions. As new threats appear, Windows and other anti-spy software are updated with countermeasures, so it is important to have the latest software available.
  7. Finally, be sure to back up your important files. Even with all the safeguards, you might still be subjected to a new attack that will destroy your files.

Finally, here is a list of the tools I mentioned above with information on how to get them:

AVG Anti-Virus plus Firewall by GRiSoft $48.95 with free 30 day trial http://www.grisoft.com

X-Cleaner by XBlock. Freeware that includes cookie cleaning, Internet cache cleaning, and scans for many popular spy software packages. The Pro Version which has a larger anti-spyware database and costs $29.95.
http://www.xblock.com

Norton AntiVirus 2006 $39.99
http://www.symantec.com

Spybot - Search & Destroy. Written by Patrick Kolla from Ireland. Free software. http://www.spybot.info/en/index.html

XoftSpy by ParetoLogic. Spyware Detection and Removal $39.95
http://paretologic.com/products.aspx

Ad-Aware SE Professional by Lavasoft $39.95
http://www.lavasoftusa.com/software/adaware/

Spyware Doctor by PC Tools Software. PC Magazine Editors' Choice, June 19, 2005
$29.95
http://www.pctools.com/spyware-doctor/

Questions or comments? Contact the author at mon@accutrack.org.