Security

Survive and recover from malware with Spybot and Ad-aware

Malware is a malicious and destructive form of Web browser hijacking. Combating such an attack requires patience and a set of specific tools, references, and resources. Prepare yourself with this guide.

According to the Webopedia, malware is defined as:

A noun, short for malicious software; software designed specifically to damage or disrupt a system, such as a virus or a Trojan horse.

According to Wikipedia, malware (a contraction of "malicious software") is software developed for the purpose of doing harm.

The key words in those definitions are damage, disrupt, and harm. Malware is an example of the worst the Internet and World Wide Web can offer. Detecting, destroying, and removing spyware has been the subject of many TechRepublic articles, including Spyware Detection and Removal, but the plague remains.

Now, it's personal

Once upon a time, I blew off any concerns about malware as a problem for the novice users of the world who didn't follow the most basic rules of security—don't open attachments and don't agree to install unsolicited software from Web sites. My blissful ignorance was shattered on July 20, 2004, when I became a victim of a malware hijacking.

The fact that I could be hijacked by merely clicking a link on a Google search page seems, even now, to be the surreal reality of someone else. How could such a thing be allowed to happen?

The whole concept of malware is lost on me. Are we supposed to believe that hijacking someone's system to install unasked for and unwanted software is somehow going to induce that victim to become enamored with the products that are featured in the subsequent force-fed advertising? Does that ever really happen? I don't believe it.

It is much more likely that the person violated in this unwelcome scenario will have a reaction much more like mine, in which one is motivated to stop this from happening to anyone else ever again. I defy any malware purveyor to jump in the article discussion and justify malware as a good business practice. And I don't mean the usual rationalization that it makes them money. I'm talking about justifying it ethically. I say there is no justification—prove me wrong!

Removal

Fortunately for all of us, the combination of malware, spam, and spyware has raised the cockles of more than just a few inspired and talented individuals and application developers. Over the past few years, TechRepublic has written several articles describing how to remove spyware and malware from infected systems. Many of those articles have mentioned the remarkable cleansing power you can bring to bear with the combination of Spybot Search & Destroy and Ad-aware. In my case, those two were extremely effective in removing the infestation.

For those TechRepublic members looking for a refresher on the general implementation of these applications, here is how the combination worked for me.

Firefox to the rescue

First, I borrowed a utility CD-ROM from a colleague. The utility CD had a copy of the latest version of Mozilla Firefox, which I quickly installed. Because most of the malware was tuned to the start of Microsoft Internet Explorer, I was able to access Download.com using Firefox—a normally simple thing made nearly impossible by the vindictive software I was trying to remove.

From Download.com, I acquired the latest versions of Spybot Search & Destroy and Ad-aware 6.0, which I quickly installed on the infected system. The initial Spybot routine found 79 questionable objects. After removing those offensive tidbits, I updated the reference file for Spybot and ran it again. This updated cleansing operation found another 25 objects to remove.

Figure A

Spybot Search & Destroy

So far so good—but I still had problems with pop-up advertisements and frustratingly slow Web browsing, so I knew that I had not eliminated the entire infection. Like heeding your doctor's warning about taking the entire series of an antibiotic treatment, I needed to continue to fight the infection by running Ad-aware 6.0 with an up-to-date reference file, which netted an additional 171 objects. While most were innocuous advertising trackers, several were nasty bits of code and registry key combinations that begged to be destroyed.

Figure B

Ad-aware 6.0

Running the latest versions of Spybot and Ad-aware, including the latest reference files available, completely removed the offending malware and gave control of my computer back to me. The key to this success was the use of a Web browser other than Internet Explorer. That's when I began to ponder the larger meaning of this unpleasant experience.

Recovery kit

Trying to find a silver lining in this incident, I decided I should create a recovery kit and burn it on a CD-ROM. On this CD are the installation files for Firefox, Spybot Search & Destroy, Ad-aware 6.0, and a copy of the AVG Anti-Virus software. These applications would have been good enough to fix my problems, but I'm wondering if there should be more applications saved to this disk. For example, I'm thinking perhaps I should make the CD bootable for those occasions when I need to at least get to a command prompt.

In the past, many of us tech-types have created recovery disks—first it was 5.25-inch floppies with DOS and command-line utilities, then 3.5-inch diskettes with perhaps an antivirus application, and now it is CD-ROMs or thumb drives with the capacity for all kinds of applications.

This is where TechRepublic members can help: What should be on the modern recovery/utility disk? Because of the size of the media these days, we should be able to get a multitude of applications on a single disk. I started a discussion to get your feedback on this question. Once we get a consensus, I'll post the list of applications so everyone can have it as a reference.


Additional links to informative Web sites

Concern grows over browser security

The Internet Fraud Complaint Center

Stop Scum

Symantec Security Response

The World Wide Web Security FAQ


Legislation and regulation

When I started to research how I came to have this little misadventure, I came across the Web site of U.S. Representative Jay Inslee and noted his efforts to pass the Computer Software Privacy and Control Act, H.R. 4255. My immediate response is to support any legislation that will criminalize the hijacking of computer systems and the unapproved installation of unsolicited software. However, the cynical part of me also wants to make sure the legislation is properly written and does not place an extraordinary burden on Web sites.

That may seem paranoid to some, but when Orrin Hatch is trying to ramrod legislation through the U.S. Congress that would make it illegal to participate in a P2P network, I think some paranoia is justified.

Another excellent source of information is the United States Computer Emergency Readiness Team (US-CERT), which contains a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported. To underscore the seriousness of the problems caused by malware, it is interesting to note that the US-CERT is governed by the Department of Homeland Security's National Cyber Security Division (NCSD) and the National Strategy to Secure Cyberspace.

If you or your users suffer the misfortune of a malware hijacking, I encourage you to notify the US-CERT about the offending Web site. However, the unfortunate reality of the current situation is that the offending Web site itself is probably a victim of a hijacking, and the Webmasters are likely unaware of the infection they are spreading. This trickery means that most malware pushers are escaping the long-arm of the law—at least for now.

The future is now

The prevalence of malware is a problem that we must address. And by "we," I mean IT professionals. The current situation, where a user's system can be compromised simply by visiting a Web site, is intolerable. Network administrators, Webmasters, system designers, application developers, and the numerous other IT professionals responsible for Internet security and infrastructure should tackle this malware problem head on and now.

Perhaps it is time to make Spybot and Ad-aware, or similar applications, an integral part of normal network security. Of course, that would mean that we would have to pay for these tools, which are now generally free to use. But I think that small bit of investment is well worth the cost, especially when you consider the time spent trying to remove malware.

Perhaps your company has already adopted a network policy on those applications. Help your colleagues here at TechRepublic establish their own policy by explaining how your policy regarding malware-prevention software is working. What problems have you had to overcome, and what benefits have you derived from this policy?

Technology is key

Malware is more than a nuisance; it is an epidemic that costs us all time and resources. While criminalizing the hijacking of PCs and browsers will prevent some of this activity, we cannot count on that legislation to actually become law. Instead, it will ultimately be technology itself that will find a way to prevent this insidious behavior. But until the technology of prevention catches up to the technology of infliction, we will have to pay a price for access to the World Wide Web. It's a shame that that price is constantly being raised by the darker side of human nature and the scourge of malware.

About

Mark Kaelin is a CBS Interactive Senior Editor for TechRepublic. He is the host for the Microsoft Windows and Office blog, the Google in the Enterprise blog, the Five Apps blog and the Big Data Analytics blog.

0 comments