 |
The following might sound as a fantastic tale, a modern myth, but it is absolutely true; one of many parts in a frightening development.
Imagine that you one day discover that wherever you go a man follows you and takes notes about everything you do. Initially you do not bother; just another freak with too much time to spend. But then you enter a book shop, see a comic book with "The Smurfs" and begin to eye trough it. Right away the man dials someone on his mobile phone. After a while he approaches you and starts to hold up ads for blueberry jam in your face every twentieth second. When you later enter the supermarket you notice that the man runs ahead of you and replaces the labels on all blueberry jam jars that are not of the same brand that he advertises on his placards. What on earth is going on?
Here are a few programs which will help secure your PC:
The Firefox browser makes surfing safer:
Ewido Security Suite
Probably the best anti-spyware program I've seen. Real time protection if you wish, takes care of Aurora and similar really though infections easily. You can try for free for two weeks and then buy it rather cheap if you decide to keep it - which I recommend that you do.
Ad Aware - The classic and most trusted program for detection and removal of spyware.
ZoneAlarm - Free firewall. A firewall is a must have when you access the Internet, otherwise your PC is wide open to intrusions.
Cleans your PC from personal information you're not supposed to know of or have any control over.
BHO-Cop keeps track of BHOs.
Well, when the man saw that you were interested in "The Smurfs" he instantly dialled the advertising agency he works for and told them that. On the agency sharp minds are set to work:
-What can someone interested in "The Smurfs" be likely to be interested in from our clients?
-Have you considered the fact that "The Smurfs" are blue?
-Hmm... Yes! Then this person just have to be found of blueberry jam also! Lets flood this one with as many ads for "The Crocodile's Blueberry Jam" as possible!
Of course is this not happening out on the streets, not just yet, but the man with the notepad can be found in many versions in a lot of computers, often without their owner's knowledge. Small programs which are very interested in what you are doing and would be very happy to interfere with that.
Have you noticed that the flow of popup- and pop-under-windows with ads has increased lately?
That surfing the Internet is slower than ever?
That pages with apparently no ads on them throw up annoying popup-ads right in your face and that it seems to be almost impossible to get rid of these?
Then it is most likely that your computer has been invaded by a spyware or scumware virus!
And it is certain that your computer is infected if you see pop-up ads on this page.
Also, if you see that certain words on a page always are links then you have a scumware-virus. Scumware are programs hidden in your computer which automatically turns certain keywords on Internet pages into links to their advertisors. Some scumware even replace paid ads on webpages with their ads.
Scumware and spyware are exactly what they sound like. They are programs which hide in your computer and spy on you. Some log all you do - passwords and secret diaries may not be that secret anymore - and then send information to shady advertising agencies which then send you these annoying popup ads.
Why they spy on you is a mystery since most of the ads are probably about things of no interest to you; weird pills, pornography pay sites (which only idiots lend their VISAs to), the X10 camera and many more are the most common things you will come across whatever your interests.
The X10 ads are not necessarily launched from spyware, but annoying they are.
Click here to get rid of the X10 ads.
If you do not only wish to lose X10 but get rid of almost all Internet ads then click here to learn about a rather simple solution; how to edit the HOST-file in your computer in order to block unnecessary servers like Doubleclick etc.
Click here for a free online spyware scan of your computer. The link opens in a new window, you can scan your PC while you continue reading this page.
|
Common spyware, adware and scumware and their makers and distributors are:
|
| Aadcom | Ad trojan very similar to the Blackstone Data Transponder. In other words; attaches to IE-explorer, spies on everything; what you write in forms, search for, your computer configuration etc.
| | Adware | Note: Not Ad Aware!
| | Adware.180Search | Self-repairing adware which monitors what is viewed in your browser. Associated with OverPeer.
| | Alexa, zBubbles | Check your Tools-menu in Internet Explorer, if you find an option that says Show related links or something similar then Alexa is watching you. Alexa and zBubbles log searchstrings and addresses for pages you visit. Alexa comes with Internet Explorer every time you update it if you do not explicitly deselecet it. Data which is gathered by the Alexa Toolbar are used to create statistics, so called "traffic ranking" on web sites at Alexa.com. The statistics are not very reliable since only a very small percentage of the web surfers use the Alexa toolbar, judging by the logs here at MaxMagnusNorman.com perhaps less than one in a thousand. Still Alexa is frequently used in matters of web marketing.
| Aureate
|
| | Aurora | Monitors your surfing and sends you pop-up ads based on your surfing habits. A high level security risk which should be removed before anything else is done with your PC. There's no need to follow the many times complicated removal instructions found on the net, Aurora is easily removed with the Ewido Security Suite.
| | Back Orifice |
| | BackDoor-G |
| | BearShare |
| | Blackstone Data Company | The programmers behind the very bad spyware trojan named Transponder. Transponder has been remade into several other viruses such as VX2, Sputnix, RespondMiter etc. If your computer has been infected with Transponder via an ActiveX or such you do not only suffer from tons of pop-up ads but you can also be sure that everything you do or write on the net is sent to these guys. The Transponder virus used to registry itself with the key 00000000-5eb9-11d5-9d45-009027c14662 in the registry, the iehelper.dll file found in the Windows/System folder is crucial for its function.
| | Bonzi | Don't fall for cuteness. Besides BonziBUDDY this company markets InternetALERT, Internet ALERT '99 and Intruder ALERT '99. These programs are described in the same terms as a firewall but they do not work as a firewall, they do not protect you from anything, quite the opposite, they are classified as "Evil Port Monitors" which open ports making your computer totally open for intrusion, instead of securing your computer's ports as a real firewall would do. The Bonzi programs are also infamous for being very hard to uninstall for computer novices.
| | Comet Cursor | One of the most common causers of pop-up ads.
| | CoolWebSearch (CoolWWWSearch.SmartKiller) | Malware and Scumware which prevents you from starting Ad-Aware and other anti-spyware programs. Hijacks your browser and changes startpage to "About:Blank". It also blocks you from visiting webpages which are critical to the product. (It should be laws against behaviour such as that, shouldn't it?- Isn't it?!) Download Ad-Aware cloak to regain control.
| | CuteFTP |
| | Cydoor | Cydoor is quite possibly the creators behind the infamous Clicktilluwin-trojan virus which was bundled with LimeWire and other "freeware".
| | DelFin Media Viewer | Invades your computer with "TV-like" ads.
| | Doubleclick | Traces you mainly with cookies, check the Windows/Cookies-folder.
| | Download Accelerator (DAP) | Tracks surfing habits, changes browser homepage, popup and popunder ads.
| | DownloadWare | Same as Download Accelerator
| | DSSAgent |
| | EverAd | No longer in business.
| | Expedioware | No longer in business.
| eZula
|
| | FastTrack |
| | FileMix Surf+ |
| | Flashpoint / FlashTrack |
| Flyswat
|
| | FTapp-BHO |
| | Fun Web Products, FunWebProducts | A very common program. Is detected by a program on this site (look for a red warning message at the top of this page). Hijacks your browser and changes your start page. See iWon.
| | GameSpy Arcade |
| | Gator | The first versions of Gator had as its official function the capability to remember its users passwords and such things. (Would you also give your cash card code to the guy selling hot-dogs beside the cash dispenser machine in order to help you remember the numbers?) Gator is a real abomination since A; the program covers other advertiser's ads with Gator's ads on web sites and B; some of its ads can be interpreted as being child pornography. One version of the program uses a security leak in ActiveX to install itself from webpages without your knowledge, a behaviour suspiciously similar to the BadTrans virus.
The free URL redirection service CJB.NET is one of the largest spreaders of this version of Gator. If you use CJB.NET's services then make sure that you turn this option off if possible.
| | GoHip (Windows Startup) | Messes up Internet Explorer, changes your startuppage and AutoSignature. Attaches spam which you have no control over to all E-mail messages you send. Use Pegasus Mail instead of Outlook and you can stop worrying about E-mail viruses.
| Grokster
|
| | Hotbar | Monitors Internet Explorer and Outlook Express, censors web pages. Is detected by a program on this site (look for a red warning message at the top of this page).
| | IEPlugin |
| | ImiServers |
| | ISTbar | See XXXToolBar
| | iWon | Notorious adware maker, have made amongst other programs: iWon Search Assistant, iWon Co-Pilot, Fun Web Products, MyWeb and MySearch. The programs are usually installed when the victim clicks on one of the company's ads.
| | KaZaA and TopText - Sharman Networks | Alters things you see on the Internet, adds yellow links to the text on other people's homepages.
A company called Brilliant Digital will soon release a peer to peer program - Altnet - piggy-backing on KaZaa which will have the ability to merge together all KaZaa users into a world-wide network with private owned computers as nodes, the program's primary under-the-table function is of course to make as much money as possible on spam and prying, using these private computers processing power for different companies' sometimes complicated computing tasks. It is said that users will be allowed to decide if they want this program running or not, but those who has been ignorant enough to accept KaZaa's terms of use has already agreed - technically speaking. My technical term for this is "vampyrism". You may ask yourself who's computer you're using nowadays..
| | LimeWire |
| | Lop.com |
| | Magic Lantern | A codename for FBI's surveillance program, exists in several versions, amongst others a trojan which is sent to the suspect via E-mail. It's a keylogger which is used to get access to passwords and such. An other kind of police spyware are portable computers which are installed at the suspects ISP (internet service provider). The FBI-version is named Carnivore. These boxes search for certain keywords in data sent via the net, but this doesn't work if the data is encrypted. The advantage is that this kind of spying is very hard to detect.
| | Medialoads | Invades your computer with "TV-like" ads.
| | Nail | Self-repairing spyware distributed by "A better internet".
| | Netscape 6+ | It is not absolutely certain that this browser can be classified as spyware. But its behaviour is very suspect since the program acts as a server and when started tries to send information from your computer to someone on the net. Many of the programs which comes with NS6 are though certainly spyware. This is tragic since Netscape earlier had the position as "The Good Guys" in relation to more commercial interests.
| | NetSource101 |
| | Network Essentials |
| | NetZany |
| | Newdotnet |
| | OnFlow |
| | OpenMe.exe | Ad virus which is spread via E-mail and then flows the targeted computer with pornographic pop-ups. Use Windows search function and delete the openme.exe-file, then clean up windows startup-settings.
| | Overpeer Promotional Solutions | Company which do all they can - such as plant corrupted files and spyware in P2P-networks - in order to stop copyright violations.
| | Radlight | This program -a media player- is really an abomination. It's not only a spyware but a so called malware, a program which destroys other programs on your computer. Radlight has a built in function which destroys the anti-spyware program Ad-Aware, both the free and the pay version of Radlight display this behaviour. Igor Janos is the "star" behind this. A funny thing about Radlight which also give witness to the character of its programmers is the fact that if you write "Ad-Aware" or "Lavasoft" in their support forum, the words are automatically changed into obscenities (tested and confirmed 2002-08-27).
| | Real.com |
| | SearchIt Toolbar, Pugi |
| | Simbar | Causes popup-ads for Internet Explorer users.
| | Spedia |
| | Timesink / Conducent | No longer in business.
| | Web3000 | Messes up important system files and covers other's ads. Like Gator another spreader of abusive pornography.
| | Webdialer | Hijacks your internet connection and causes enormous telephone bills.
| | Webhancer |
| Windows Media Player 8+
| Information about what you are listening to and what you are looking at are sent to WindowsMedia.Com.
| | Wnad | Trojan which is usually installed with the Yo Mama, Osama!-game. Causes pop-up ads.
| | VX2 |
| | XXXToolBar | A very offensive BHO you might catch if you surf around on the darker sides of the net. Hijacks your browser and dial-up settings. Like Gator another spreader of abusive pornography. Remove with Ad-Aware and turn off the sites xxxtoolbar.com, slotch.com and toolbarcash.com in your HOSTS-file.
|
...and many more.If you have any of these or similar suspected programs on your computer you should get rid of them right away!
(But if it's stuff like Magic Lantern which is troubling you then it might not be spyware you should get rid of in the first hand but maybe your present way of life.)
|
| There are also an abundance of other spy programs which do not hold back their reason for existence, programs which are installed on your computer by someone close to you, at work or in your home.
These programs are made to run in "stealth mode", to do their business unnoticed in the background of your computer. Here are some tell-tale files for some of these programs,
keep in mind that these files might be named the same as legitimate files or shared by other, legitimate programs and if you should find only one file per program on this list then there is probably nothing to worry about.
Also keep in mind that the "best before" date for this list always was yesterday:
| | Eblaster | msrac32.exe, oledscn32.dll, ocxdrv32.dll, netsplr.dll
| | Netvizor | sysdiag.exe, nvopts.dat, systemsa32n.dll
| | Spector | mstestsym.exe, mstestsym.chm, wmshell.dll, wwdtnt32.dll
| | Spy Agent | saopts.dat, sbrowse.exe, systemsa32.dll
| | Spy Anywhere | libimg.exe, snmpapi.dll, sneopts.datl
| | Winwhatwhere | xceedftp.dll, windoc.sys, msdfcng.exe, msegng.exe
|
This kind of prying is illegal in many countries.
|
A problem is that most common anti-virus programs do not detect this kind of viruses since users most times are fooled into installing them willingly, often by clicking some button on a popup-webpage which will not close otherwise.
One way to detect and remove these viruses is to download the free Ad-Aware program, which helps quite well - sometimes you have to run it a couple of times in order to get rid of some virus-components.
Another recommended program is BHO-Cop, which helps tracking so called "browser helper objects". BHOs are add-ons to Internet Explorer, in theory the idea is quite useful but mostly BHOs are used for nothing else than spyware. This is because if a spyware uses a BHO it can leak information about you via your browser, therefore avoiding getting halted by your computer's firewall (I really hope you are using a Firewall ).
To permanently disable some BHOs you can (at your own risk) remove the IEhelper.dll file found in the Windows/system-folder from time to time.
In order to prevent some web-based programs from installing by themselves without you knowing about it you should - in Internet Explorer - select "Tools" and then click on "Security". In the security settings for the Internet you select "Install on demand" regarding all ActiveX- and "Installation of desktop items"-related matters. If you later on get tired on the prompts to install these programs then either just disable all ActiveX and desktop items or choose to install only secure ActiveX items (which however is no guarantee that these programs are indeed secure).
You can also use Windows search function in order to search for and remove files on your computer related to the list of programs mentioned above. If doing so you will however find another very irritating behaviour regarding this kind of software; that they are self-healing. If you do not remove the core of the application in question the spyware will replace the files you have removed! This is done because the makers of scum- and spyware know that people after realising the truth about them will do their best to remove these programs and therefore this self-generating viral code is added to their programs to keep them running on your PC.
Another trick is to give the virus- and spyware-programs names similar to important Windows-files such as "Explorer.exe" and "Kernel32.exe". Take for instance the program dlder.exe which was bundled with amongst others LimeWire, KaZaA and Grokster. DlDer is hidden in the Windows-folder where it downloads a program called explorer.exe, a spyware with the same name as Windows-explorer, the fake explorer is placed in the hidden folder Windows/Explorer/. If there is a hidden folder with the name Explorer in your Windows directory, then it is probably a spyware trying to camouflage itself. If you attempt to remove dlder.exe and the fake explorer on your own, then be sure not to remove the real Explorer.exe which resides in the root of the Windows-folder.
It is not often one comes across such an amount of obvious lies and wrigglishness as in the case of spyware. On the spywaremaker's homepages you can read denials under oaths that their programs do not behave in the mentioned manner. A manner which is though obvious to anyone with a firewall installed, which clearly shows how these programs make their best to submit information to their "mother servers". Promises and assurances from these people are obviously worth nothing. It almost seems like making spyware is like a drug to some programmers, it is a lot of risks involved, it opens up for a even bigger lot of unnecessary conflicts and it can not be that lucrative. The result of the prying can neighter be particulary useful considering how arbitrary and wind-driven most people's surfing habits are and most people do not consider pop-up ads as good PR for companies, ad-campaigns like these rather make people loathe them.
So, what more can one do?
If you should encounter child pornography you should report it to www.rb.se (Swedish Save The Children). They will check if the case can be taken to court and you can be anonymous as informator.
Are there any other legal actions to take against people snooping around, messing up our expensive computers and wasting our precious time? In some countries there are, yes, and if industrial espionage is suspected, yes, but since this is a global problem and there are no global laws there is not much to do except to look out for and remove these programs and never ever do any business what so ever with the kind of people who do this stuff.
Webmasters could send invoices to these companies (if they would find them), claiming them payment for ad-space. $1000 dollars a month and up is a recommended fee.
There is however one thing I know I would do if I found a peeping tom with a notepad outside my real window - I would grab a gun.
Related article: E-mail scams.
This text may be distributed freely if you link back to MaxMagnusNorman.com
|
|
|
