Malware

Protect against spyware and adware with Spybot

Here's how you can use Spybot to put an end to spyware and adware on clients' desktops.

By simply visiting a Web site or installing shareware, you may be installing software, cookies, or applications that are able to monitor and log your Internet activity. This category of software is generally referred to as spyware. Adware is normally associated with shareware that generates pop-up ads or displays banner ads.

Spybot is a freeware tool to detect and remove spyware and adware from your system, and it performs this job remarkably well. Here's how you can install and configure Spybot to protect your privacy.

Installing Spybot
Spybot is donation-ware from Spybot S&D. That means you don't have to pay for it, but the organization does take donations to support future development. You can obtain the latest version of Spybot from the Spybot Web site. Download the installation file, currently Spybotsd12.exe, to a temporary directory on your hard drive, and you're ready to go.

To install Spybot, double-click on the self-extracting archive and follow the prompts in the Setup Wizard. Spybot installs like every other Windows program you've ever used, with no confusing prompts or gotchas during the wizard. Once the installation is complete, you’re ready to start running Spybot.

Running Spybot
To start Spybot, double-click on the desktop icon. The first action to take when Spybot runs is to check for updates by clicking the Search For Updates button. This will ensure that the spyware signatures used by Spybot and the program itself are up to date. If there are any updates, click the Download Updates button and let them download and install.

The default for Spybot is to run in Easy Mode. In this mode, Spybot searches for problems using a predefined configuration. Easy Mode is a good way to run Spybot if you want to run a quick check for cookies and other items that can identify you and report your Internet activity to a third party. Running Spybot in Advanced Mode, however, provides more configuration options. To run Spybot in Advanced Mode, use the following procedure:
  1. Right-click the desktop icon for Spybot.
  2. In the menu, left-click on Properties.
  3. The target executable for Spybot will be:
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe /easymode
  4. Change the executable target to:
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
  5. Double-click the icon to run Spybot in Advanced Mode.

Main settings
All configuration changes are made through the menus contained in the Settings tab: On this tab, you'll see several options that allow you to adjust Spybot to suit your preferences. Here are the main options you'll want to take note of:
  • Save All Settings: This allows Spybot to be used with the same configuration for every scan.
  • Create Backups Of Fixed Spyware Problems: Some programs associated with Spyware will not function after the spyware component is removed. If you must use a program with a spyware component, the ability to recover the spyware will eliminate the need to reinstall the entire program.
  • Create Backups Of Removed Usage Tracks: Creating a backup of usage trackers allows you to view these trackers and examine which Web sites are trying to monitor your activity.
  • Create Backups Of Fixed System Internals: Any registry inconsistencies fixed by Spybot may cause problems for your system. Using this option allows the registry to be restored to the state it was in before the Spybot scan.
  • Ignore If Single Detections In Include Files Need A New Program Version: Activate this option.
  • Display Confirmation Changes Before Doing Critical Changes: Using this option will ensure you are aware that changes are about to be made; you'll be prompted for confirmation.
  • Scan Priority: Most users will use normal scan priority.

Automation settings
Spybot has the ability to run whenever the system is booted and to detect and fix any problems automatically. Enable the following settings under the Automation section of the Settings tab:
  • Run Check On Program Start
  • Fix All Programs On Program Start
  • Rerun Checks After Fixing Problems
  • Immunize On Program If Program Has Been Updated.
  • Search The Web For New Versions At Each Program Start
  • Download Updated Included Files If Available Online

Expert Settings
The Expert Settings menu activates the Secure Shredder to run automatically when Spybot removes files. Because the Secure Shredder permanently deletes removed files, this tool should not be used automatically.

Selecting file sets
To make it easier to select file sets, go to the Settings tab. Under the Expert Settings menu, enable the following settings:
  • Show Expert Buttons In Results List
  • Show Expert Buttons In Recovery List

These settings activate a drop-down list in the Search & Destroy screen. This list contains an easy-to-understand description of the types of scans available.

The Directories tab
The Directories tab is used to specify where downloaded files are stored. Spybot will scan this directory whenever a check is run. The software in the specified directory will be scanned to see if any spyware or Trojans will be installed with the downloaded software.

To add a directory to the list, right-click in the blank under the Download Directory heading and select Add A Directory To This List. Browse for the folder you want to add to the list. At the bottom of the screen, select the Check Also Subdirectories Of The Above check box. Repeat the procedure for any additional folders you want checked by Spybot.

Running a Spybot scan
After configuring Spybot with the options you want, the next step is to run the scan of your system. Click on the Spybot-S&D tab and click Search And Destroy. Next, click on the File Sets button and select the type of scan to run. For this example, a Minimal Spyware Check was run. Click Check For Problems.

When the scan is complete, Spybot will display the results. Problems are divided into three categories. Red entries indicate spyware. Spyware problems are always selected to be fixed by Spybot. Green entries indicate usage trackers. You probably won’t cause any problems by removing these from your system. Black entries are system internals. Make sure you know exactly what areas of your system will be affected before removing any of these entries.

Spybot automatically selects spyware problems to be fixed, so the next step is to click on the Fix Selected Problems button. If there are any problems that cannot be fixed because a program is in use, Spybot will attempt to correct the program automatically the next time the system is rebooted, before the spyware program is started.

Now, click on the File Sets button and select Usage Tracks Check Only for the next scan. Click on Check For Problems, and Spybot will run a check for Internet usage trackers. To remove individual trackers from your system, click on the check box next to the tracker in the results, and then click on the Fix Selected Problems button. Spybot will remove the selected trackers from your system. To remove all usage trackers, click Select All Items and then click on Fix Selected Problems.

The same procedure applies when Spybot runs a check on your system internals. This check is looking for registry inconsistencies, broken desktop links, and bad paths to executables. When a check on system internals is run, make sure you understand the output. Removing reported registry problems, and other entries related to system performance, can cause problems for your system.

Other Spybot tools
The Tools menu controls several tools associated with Internet Explorer and services run at startup. One of the programs you'll notice here is the Resident tool, a continuously running security program. Presently, the Resident tool section provides a browser application for Internet Explorer that prevents downloads of known malicious software, such as spyware installers. To activate the Resident tool program, click on the Install button at the top of the screen.

The Active X menu displays a list of Active X controls currently installed on your system. Active X controls are categorized by color. Green entries are legitimate Active X controls. Red entries mark controls related to spyware. Black entries are not known to the Spybot database.

The BHOs tab displays information about Browser Helper Objects (BHOs). BHOs are small programs—often Active X controls—that extend Internet Explorer’s capabilities. Because they are integrated with your browser, BHOs have access to each Web site you visit. Green entries are legitimate BHOs; red entries are associated with spyware; black entries are unknown to Spybot.

If you have any concerns about a BHO in this list, you can easily disable it. Click on the BHO to be disabled. At the top of the BHO window, click on the toggle button. Disabled BHOs will then appear grayed out in the BHO list.

On the Browser Pages tab, Spybot also provides protection against browser-hijacking agents that can reset the start or search page in Internet Explorer. If your browser start page or search page is changed and cannot be reset through IE, the new URL will probably show up in this list.

To reset the offending URL and ensure the URL is added to the next Spybot update, click on the URL your browser has been redirected to. At the top of the screen, click on the Change button and enter the new URL. Mail the offending address to detections@spybot.info, and the URL will be added to the list of known bad URLs.

Spybotcomes with its own hosts file, which contains an extensive list of Web sites known for spyware; you can view this list on the Hosts File tab. When this file is installed, no content from any of the sites in it will be displayed. To install the Spybot hosts file, click on the Hosts File tab.

At the top of the Hosts File screen, click on Add Spybot-S&D Hosts List. The Spybot hosts file will now be used instead of your default hosts file. To remove the Spybot hosts file, click on Remove Spybot-S&D Hosts List.

Author's note
Using the Spybot hosts file can cause decreased performance. Read the FAQ included with Spybot to correct these problems for your version of Windows.

The Process List tab displays all processes running on your system. Although any process may be killed (stopped) through this tab, it is intended primarily as information for technical support. To kill a process in this list, select the process and click on the Kill button at the top of the window.

System Startup
The System Startup menu lists all programs that are started when Windows is launched. This menu allows the user to change the path to a Startup program or change the command used to execute the program. You can also delete any program from Startup or insert a program to be started with Windows.

To view any item in the System Startup list, select the item and click on the Info button at the top of the System Startup screen. To disable a program run at startup, or to allow a disabled program in this list to start with Windows, select the program and click on the Toggle button at the top of the screen. To change the path to a program run at startup, or to change the command options run with the program, select the program from the System Startup list and click on the Change button at the top of the screen.

One good feature of this menu is that it gives you the ability to add and configure new startup programs. To add a new program to the Startup list, click on the Insert button at the top of the screen. Make the program available to All Users On Startup or only to the Present User. Select how the program will be run. There are three selections available:
  • Run The Program As A Normal Program
  • Run The Program As A Service
  • Create An Autostart Group Link

Provide a name for the registry entry and select the path to the executable file. A new entry with the value you enter will be added to the list of programs run at system startup.

View Report
The View Report menu is used to generate a report of your system configuration, including the configuration used for Spybot. The results from a Spybot scan can also be included with this report.

Using Spybot Immunization
The Spybot Immunization function is controlled through the Spybot-S&D tab. It provides four very useful functions:
  • Permanently immunizing Internet Explorer from spyware
  • Preventing Internet Explorer from downloading known spyware installers
  • Preventing spyware from making changes to Internet Explorer configuration
  • Locking the hosts file

To provide immunity for your browser and hosts file, click on the Immunize icon under the Spybot-S&D tab. In the first configuration panel, titled Permanent Internet Explorer Immunity, click on the Immunize button to immunize Internet Explorer. The next panel is labeled Percent Running Bad Download Blocker For Internet Explorer. In the drop-down list, select Block All Bad Pages Silently. Click on Install.

In the third panel, Recommended Miscellaneous Protections, click in each of the three check boxes available to lock the hosts file and to prevent spyware from reconfiguring Internet Explorer when immunization is activated. Spybot blocks all entries that are in its database.

Stop spyware in its tracks
The growth of spyware, adware, and other methods of tracking and reporting your Internet habits makes privacy and security more of a problem than most Internet users are aware. Spybot is a great tool to start using if you’re concerned about your privacy. In this article, I covered the basics of using Spybot to remove software that can intrude on your privacy and affect your system performance. Spybot should be one of the first programs you install on any computer connected to the Internet.
0 comments