SAGE Advice - The
Web browser "malware" etc
Preventing malware and such is always better than cure. Anti-virus software is a must. Sage Advice recommends Trend Micro's Pc-Cillin Internet Security 2006. It is a top performer as anti-virus, good performing at anti-spyware/anti-adware, has a email spam filter, anti-phishing and now a "two way" firewall (that is, it wil monitor outgoing traffic as well as incoming in case you get a "trojan" which runs on your PC sending data out).
Most malware works by either making an entry in the Windows registry so that the malware runs ever time you start Windows, or by adding itself to the "Browser Helper Objects" which run when you open Internet Explorer. It seems fairly obvious that most malware can be thwarted by preventing these changes.
Spybot has a oddly named utility called Tea Timer which does exactly that. If attempts are made to change any of he critical registry entries a prompt is given allowing the user to accept or decline the change. If you are installing new software the answer will probably be Accept. But if you are not ....
Microsoft's AntiSpyware program has a similar but much less effective tool, plus it takes up much more system resources to run.
Currently circulating and not always trapped by anti-virus or spware detection is a file call msupdate.exe. This is not from Microsoft. It shows up on the Startup menu folder in Win98 and in the task manger list.
First stop it from running by
Now undo the changes it has made.
command /c del regedit.com
Virus outbreaks are a relatively well known problem these days. But there are others.
Spyware often comes, unannounced, with applications or programs downloaded. KaZaa is well known for delivering spyware. The object is to send data from your PC to remote servers. Quite what they do with the data is unclear, but any decipherable credit card numbers could be useful. The best way to avoid spyware is take great care what you download and from where. Easier said than done. About the best way to block and/or eliminate spyware is Ad-Aware from LavaSoft. One sign of spyware is unexpected traffic on your Internet connection sending data. You should only expect to send data when sending e-mail or, in a limited degree, whilst downloading files or surfing. Each time you request a site or page some data must be sent. Each file you download (which includes web pages) is sent as as a series of "packets". Every so many packets your PC must tell the sending server that you have received the packets. Continuous upload traffic is probably spyware.
Ad-Aware will also stop ads (or new web pages) from popping up in your browser. However, this can also stop some web sites from working correctly. Internet banking is a classic case where a new browser window is popped up in such a way to prevent you reaching it without a pasword.
Other little files which end up on your PC are designed to keep taking you to sites which reward the malware author for each visit. Some of these are referred to as "bots", short for robot, because they operate your Web browser for you. Often associated with spyware bots operate by connecting you to the specified web sites, usually when the browser starts up. You may see unexpected traffic on your Internet connection, your browser change to a new page unexpectedly or just that your browser seems unresponsive. Spybot is good for catching this sort of software as well as the items Ad-Aware misses.
One variation on the bot is Browser Helper Objects (BHOs). Adobe Acrobat uses a BHO to integrate Acrobat into your browser to open PDF files within the browser. No problem there. There are many other OK uses too. However, BHOs can also be used to force your browser to open selected web sites (often multiple sites) every time your browser opens. They may also cause the same sites to be visited at regular intervals. You may see unexpected traffic on your Internet connection, your browser change to a new page unexpectedly or just that your browser seems unresponsive. One way to test for these is to open your browser when no Internet connection is available (and do not log on to a connection). You will probably see you browser "flickering" and repeatedly trying to connect to site. BHODemon is great for getting rid of these.
Last modified: January 03, 2008