Spyware - Your Web Browser is the Culprit!
Kevin Souter
My first experience with a spyware BHO based infection was several months ago. I had gone through all of the usual steps with the client’s machine to clean it. Ad-Aware was run, Spybot: Search and Destroy was as well. Nothing looked suspicious in the system’s startup. All appeared well, but it wasn’t.
After extensive testing and no further symptoms I returned the computer to my client’s home. I hooked it back up, and dialed the internet. Everything so far was progressing smoothly. But, as SOON as I loaded Internet Explorer: BAM the same pop-up advertisements and other annoying things started happening again. With much embarrassment I had to take the computer back to my office and try again.
It was all Internet Explorers fault. Microsoft Internet Explorer comes with a feature that is designed to add third-party functionality to their browser. It’s actually a very good idea. Unfortunately, it now gets taken advantage of.
The producers of spyware know that many people now have spyware removers installed on their computers. They also know that quite a few people have the ability to check what is in their start-up. Because of this, BHO’s are crafted so that the spyware lies dormant until Internet Explorer is opened. Then it can start its dirty work.
The best program to remove an errant Browser Help Object is HijackThis. This program was originally designed to remove homepage hijackers and gradually morphed into an all-around removal tool for everything. If there’s any one tool that I couldn’t part with it’s HJT.
To start, download HijackThis 1991. Once you’ve got it, open it. Click the button that says “Do a system scan only”. Following that, scroll down to the items labeled 02 – BHO. Remove anything here that looks suspicious. Internet Explorer does not require any BHO’s to run. Just keep an eye on the path that it loads from, and the name of the file. A legitimate one will be fairly easy to spot, as it’ll have a legit title and OK looking path.
If the filename looks like it was randomly made, like ASGSRT32.DLL or whatnot then there’s a good 90% chance that it’s bad. Even if you do remove one that’s good, you can always use the restore feature of HJT to bring it back.
If you need any other H ijackThis help then read the previous link.
About the author: Kevin Souter is a full time computer repair technician. He also operates a free spyware removal site, as well as a general computer repair site.
The latest information and news on Spyware Removal Advice :
In what appears to be just a bad headline, the business publication says that Microsoft plans to introduce spyware. (It's actually planning free antivirus software)
Court Slams Door On Sale of Spyware (Slashdot)
coondoggie writes "The Federal Trade Commission yesterday had a US District Court issue a temporary restraining order halting the sale of RemoteSpy keylogger spyware. According to the FTC's complaint, RemoteSpy spyware was sold to clients who would then secretly monitor unsuspecting consumers' computers. The defendants provided RemoteSpy clients with detailed instructions explaining how to ...
FTC get CyberSpy?s RemoteSpy banned in the U.S. (Geek.com)
The Federal Trade Commission (FTC) has been successful in its bid to get the RemoteSpy spyware application released by CyberSpy Software banned in the U.S. For now the ban is temporary, but the FTC are pushing to make it permanent. The ban stems from a complaint (PDF) lodged by the Electronic Privacy Information Center (EPIC) back [...]
Microsoft to offer free anti-virus software (The Manila Times)
Microsoft has announced plans to offer free anti-virus software to PC users starting next year. The Redmond, Washington-based software giant said the software, code-named "Morro," will "provide comprehensive protection from malware including viruses, spyware, rootkits and trojans."
Microsoft Will Replace OneCare with Security Software (NewsFactor via Yahoo! ...
Microsoft plans to stop accepting paid subscriptions to Windows Live OneCare in mid-2009. The security software is slated to be replaced by a free offering code-named Morro, which will focus on providing consumer PCs with core protection from viruses, spyware, rootkits, trojans and other forms of malware.
Microsoft to offer free security in 2009 (ITP.net)
?Morro? to protect Windows users from malware including viruses, spyware, rootkits and trojans
Microsoft to offer free security software (MSNBC)
Microsoft Corp said Wednesday it will discontinue sales of its subscription PC security service and instead offer free software to help protect computers from viruses, spyware and other threats.
Court Orders Halt to Sale of Spyware (WAAY-TV Huntsville)
At the request of the Federal Trade Commission, a U.S. District Court has issued a temporary restraining order halting the sale of keylogger spyware. According to the FTC's complaint, the Florida-based CyberSpy Software, LLC marketed and sold RemoteSpy keylogger spyware to clients who would then secretly monitor unsuspecting consumers' computers. The FTC seeks to permanently bar the unfair and ...
Microsoft to offer free security program (Sydney Morning Herald)
Microsoft to ditch its subscription PC security service and offer free software to protect computers from viruses, spyware and other threats.
Microsoft to Offer Free Virus Protection Software for Windows (Wired News)
Microsoft's new Windows antivirus package will furnish XP, Vista and 7 users free protection from viruses, spyware and other malware, starting in the second half of 2009. While it'll replace Microsoft's current paid service, we don't suggest throwing away any third-party solutions just yet.