Technique
Save Time By
Recognizing scumware — spyware, adware, hijackers, and other lowlifes
Installing Spybot-S&D
Getting the scum out
You have to fee, sorry for the folks at Microsoft who deal with the scum. The programmers who wrote the installer for Windows XP Service Pack 2 were livid when they discovered that their final release choked on machines that were running a self-described “permission-based contextual marketing network” called T.V. Media (www.totalvelocity.com).
Most people who were running this, uh, contextual marketing network had no idea that the program was installed — and they blamed Microsoft when the Service Pack 2 insta,,er croaked.
Microsoft spent hundreds of mi,,ions of do,,ars on SP2, and this piece of, uh, contextua, marketing network software brought the insta,,er to its knees.
And you think you have scumware problems.
What Is Scum?
Far as I’m concerned, scumware is in the eyes of the beholder.
To be a ,eeeet,e bit more specific, scumware is a generic term for software that s,ithers into your system, usua,,y as part of a program that you down-,oad and insta,,, but occasiona,,y in the guise of an e-mai, attachment. Scumware does annoying things — hijacks your Internet Explorer home page, keeps track of the things you type or the pages you visit, or pops up ads whi,e you’re trying to work. Some types of scumware even down,oad their own updates automatica,,y, without your permission, or “phone home” and deposit information about you on the scumauthor’s computers.
Scumware companies frequently call their products “adware” but that’s gi,ding a jet-b,ack ,i,y. It’s true that scumware asks before it insta,,s itse,f on your computer, but frequent,y the detai,s are buried in hundreds of ,ines of dense pseudo-,ega, mumbo-jumbo.
The most successful company in this business, by far, is an outfit that used to be called Gator, which just changed its name to Claria. Gator also goes by the acrimonious acronym GAIN — for Gator Advertising Information Network. Remember those names. In my topic, they’re scumware, and if you’re ever given an opportunity to download and install a program that’s signed by Claria, uh, Gator, er, GAIN, to coin a phrase, just say No. (And you thought I was only cynical about Microsoft.)
Knowing When You’ve Been Slimed
It’s pretty hard to define the term “scum” and, as you might imagine, it’s even harder to define the term “scumware”. But you can bet that you’re looking up the scummy side of the cash cow when:
Internet Explorer goes bananas: Your home page gets hijacked; IE starts showing you “search” pages that specialize in, uh, barnyard animals with unusual talents; IE suddenly sports a new toolbar; or you get redirected to pages that don’t match anything you ever typed.
You start getting pop-up ads on your desktop and you aren’t even using a Web browser, or you get pop-ups that have nothing to do with the site you’re visiting. Yes, they often reference barnyard animals with unusual talents.
You have a firewall that monitors outbound traffic (such as ZoneAlarm; see Technique 51) and it keeps warning you that some program you’ve never heard of is trying to send data out to the Internet. Moo.
If you think you’ve stepped in it big time, try running the scan at www.pcpitstop.com. It’s a good, easy (and free!) place to start.
You should also run Ad-Aware, which I discuss in Technique 53. Ad-Aware’s focus lies more with advertising, cookies, and the like — but there’s lots and lots of overlap between scummy advertising and, er, scum in general.
Running Spybot-S&D
Every Windows XP user should install and regularly use Spybot-S&D.
Patrick Kolla’s Spybot-Search & Destroy rates as the number-one spyware identifier and eliminator. Here’s how to get it:
7. Start Internet Explorer and go to www. safer-networking.org.
2. Click the Download link (which is probably on the left). Then click through to a download site, and download the program.
You may get redirected to a different site. You are probably required to click IE’s download blocker, and again on a security warning.
3. Run the downloaded file.
Spybot-S&D takes you through a quick, easy installation. When you finish, Spybot launches itself and offers to take a snapshot of the Registry. Go ahead. (Removing some spyware can cause programs to stop working. Spybot-S&D may be able to get those programs working again if it has access to a clean copy of the Registry.) Then Spybot offers to scan for updates. Get them and install them. You end up at the main Spybot-S&D screen (see Figure 52-1).
4. Click the Search & Destroy icon on the left. Then click Check For Problems (see Figure 52-2).
Go get a latte. This can take a while.
• Figure 52-1: Spybot-S&D’s main screen
• Figure 52-2: Spybot-S&D doesn’t start until you click Check for Problems.
5, When you (and Spybot) come back, all the
problem entries are checked. Click Fix Selected Problems.
Spybot creates a System Restore Point, and then zaps out the offending entries. The System Restore Point may come in handy in the highly unlikely event that Spybot removes something from your system that you really need. If running Spybot sends everything to Hades in a Handbasket, go through the steps in Technique 64 to bring your old system back.
In some cases, your piece of scum may launch every time Windows starts, and you may not be able to figure out which program is causing the problem. Spybot can’t delete a running program, so you may need to run Spybot in Advanced mode (choose Mode Advanced Mode) and have it scan when you reboot the machine.
6, Run Spybot every week or two.
Make sure you click the Update button to get the latest scummy definitions.
Patrick asks for a donation if you use the program: money well spent, in my opinion.
Going Beyond Spybot
So you’ve tried Ad-Aware, you’ve tried PC Pitstop, and you’ve tried Spybot-S&D, and you still have problems. Who ya gonna call?
Scumbusters.
Something like that. An excellent discussion of every trick in the scumbusting topic is at www. michaelhorowitz.com/removespyware.html. Good job, Michael.
