Editore"s Note
Tilting at Windmills

Email Newsletter icon, E-mail Newsletter icon, Email List icon, E-mail List icon Sign up for Free News & Updates

November 26, 2004
By: Kevin Drum

SPYWARE....Terry McDermott, an LA Times reporter, recently became a victim of the nationwide spyware epidemic and wrote a pretty good story about in today's paper:

I found links for Lycos and clicked on one. That was the beginning. Within minutes, my computer was swamped with advertisements pop-ups, pop-unders, pop-all-overs. There were so many I couldn't close them before others started appearing. I had to shut the computer down.

....It went on for days. The blizzard of ads sometimes thinned, sometimes thickened. At times, there were so many that the computer couldn't process them all and froze. Every time I restarted, my home page was reset to the pornographic site. Every time I tried to do a Google search, a Lycos search engine appeared instead. New items for services called Bargain Buddies and Deal Helper were added to my Web favorites list.

The whole story is pretty interesting, especially the interview with the spyware promoter who sings a sad song about how he's a victim too. McDermott reports that he eventually solved his infestation with help from a group called AumHa.org.

Of course, there's another way: set up a blog, wait a couple of years to accumulate a large readership, and then beg them for help. Hey, it worked for me!

However, McDermott's article reminded me that I never got around to explaining how I got rid of my mother's spyware infestation last month. And since so many people were willing to help me out with advice, I really ought to do my part to pass on some of the knowledge I gained to others who may someday run into spyware problems of their own.

The complete blow-by-blow description is below the fold. Click the link to read the whole thing.

Here's what I did. Note that this was all for a Window XP machine, and some parts of it might not apply to non-XP machines. What's more, just because this worked for me doesn't necessarily mean it will work for you. But it's worth a try.

  1. Luckily, my mother knew exactly when the spyware problem had started. So I rebooted in safe mode and chose a restore point from a couple of days before then.

    To boot in safe mode, tap the F8 key repeatedly while starting up your computer. Choose "Safe Mode" when the option menu is displayed. (Other methods of booting in safe mode along with a more detailed description of the whole process can be found at www.pchell.com/support/safemode.shtml.)

    Eventually you will be asked if you want to proceed to safe mode ("Yes") or perform a system restore ("No"). Click No and then choose the date you want to restore to. (You can find a nice description of the restore procedure at www.theeldergeek.com/system_restore.htm complete with pictures!) The whole process takes several minutes. Get a cup of coffee.

  2. Following the restore, I rebooted in normal mode and installed the freeware versions of three anti-spyware programs (you can't install new software in safe mode):

    • AdAware (www.lavasoftusa.com/support/download/)

    • SpyBot (www.safer-networking.org/en/download/index.html)

    • a-squared (www.emsisoft.com/en/)

    Needless to say, you'd be wise to install (and regularly update) these programs now, before you need them. Downloading was impossible on my mother's computer, for example, so I had to download them on my machine, burn them onto a CD, and then install from the CD. You can save yourself this hassle by installing them right this minute and then remembering to update them every once in a while. (Yeah, yeah, I know: fat chance. Believe me, I feel your pain.)

  3. Then I rebooted in safe mode again and ran all three programs. Why in safe mode? Because I had already tried running AdAware in normal mode and the spyware was smart enough to detect it and shut down the computer before it could run. Safe mode prevents the spyware from running and gives the anti-spyware programs a fighting chance to do their job.

    This took about half an hour, but it was worth it because each program found stuff that neither of the others did.

  4. Finally, I rebooted in normal mode and ran all three programs again. Just to make sure. (This was worth it too, since the second scan found yet more stuff that was missed the first time around.)

  5. And then, if memory serves, I rebooted in safe mode and ran 'em all one more time. Couldn't hurt, after all.

  6. That did the trick. The final step was to download and install the Firefox browser (www.mozilla.org/products/firefox/). The entire installation took just a few minutes and it automatically imported all my mother's Internet Explorer settings. Since Firefox is impervious to most spyware, my mother is unlikely to ever get infested again.

    (I've found that Firefox works very well and it's now my default browser. It has a couple of minor drawbacks, but nothing serious, and I now keep IE around only for the rare site that doesn't render properly in Firefox. More here.)

In addition to all this, you might want to consider installing a firewall like ZoneAlarm. I didn't install it on my mother's machine because it can be a little confusing to use sometimes, but if you're not scared of the occasional popup query it's a good line of defense to have on your PC.

That's it. Good luck!

Kevin Drum 2:01 PM Permalink | Trackbacks

Bookmark and Share
 
Comments




 

 

Read Jonathan Rowe remembrance and articles
Email Newsletter icon, E-mail Newsletter icon, Email List icon, E-mail List icon Sign up for Free News & Updates

Advertise in WM



buy from Amazon and
support the Monthly