Task 3.4: Using a Spyware Checker

Spyware is much like adware except that it has the ability to track your activities as you move about the Internet, as well as capture your keystrokes. This information can be returned to hackers or advertisers, who use it to track your visits to specific sites and to monitor your activity. Spyware programs have become increasingly intelligent. Many have the capability to install themselves in more than one location, and like a malignant disease, removing one piece of the malicious code triggers the software to spawn a new variant in a uniquely new location.

Spyware is capable of changing Registry entries and forcing a system to reinstall itself when the computer reboots. What are some of the worst spyware programs that you might be exposed to? Well, Webroot (www.webroot.com) has compiled a list, and its top 10 includes titles such as KeenValue, a program that collects user information to target them with specific pop-up ads. PurityScan is another; it advertises itself as a cleaner that removes items from your hard drive. Finally, there is CoolWebSearch. This program is actually a bundle of browser hijackers united only to redirect their victims to targeted search engines and flood them with pop-up ads. As a security professional, dealing with these types of programs is something you will be faced with many times.

Scenario

A coworker believes their computer is acting strangely and may be infected with spyware. You have been asked to investigate.

Scope of Task

Duration

This task should take about 30 minutes.

Setup

For this task, you will need a Windows computer, access to the Administrator account, an Internet connection, and the ability to download files.

Caveat

Although spyware-removal programs are quite efficient, you must be careful when asked to remove programs or components, since doing so can cause a required component to lose functionality.

Procedure

In this task, you will learn how to install and run Spybot-S&D.

Equipment Used

For this task, you must have:

  • A Windows computer
  • Access to the Administrator account
  • An Internet connection

Details

This task will show you how to install and run Spybot-S&D. This program will allow you to remove spyware and other types of malicious software. It has the ability to do a thorough examination of your system, hard drive, Registry, and system RAM for known malicious programs.

Installing and Running Spybot-S&D

1. Once you have accessed your Windows computer and have logged in as Administrator, open your browser and go to www.safer-networking.org/en/download/index.html. Once you download the program, execute it from the folder to which it was saved. This will start the installation process.

2. During the installation you will be prompted to accept the licensing agreement. You must accept to complete the installation. Continue with the setup and accept all other default settings to complete the installation. Once the installation is completed, Spybot-S&D will start.

3. Upon startup, Spybot-S&D will launch a wizard that will ask you several questions, including whether you would like to make a backup of your Registry settings. While this is not necessary, it is a good idea because it can offer an added level of protection should the program remove a component that another program needs. Spybot-S&D will also list programs installed on your computer that may be incompatible; Lavasoft Ad-Aware will appear on this list if you have it installed on your system. You can click Ignore and continue scanning.

4. At the main menu of the program are five options on the far-left side of the application:

Search & Destroy This option searches for spyware and other malicious code.

Recovery This option allows you to undo any changes made.

Immunize This option blocks known spyware and adds some preventive measures against malicious code.

Update This option looks for program updates.

Donations As the program is provided freely, you can choose whether to make donations to the creator.

image
image

With any antivirus, spyware, or malicious-code scanner, you should always make sure you have the most current version.

5. From the main menu, begin the scan by selecting Search & Destroy and then clicking Check For Problems. The scan will start at this point.

image

6. Once the scan is completed, you will have a list of the problems detected. Spend time looking through these. As you review each item, you will be offered more details. This should give you what you need to make an intelligent choice about whether to remove or keep the item.

image

7. The final step in this process is to click the Fix Selected Problems button to check the items you wish to remove.

image

When working with a system that is infected, you may find it necessary to use several antispyware tools to remove the infection.

image

Criteria for Completion

You have completed this task when you have downloaded Spybot-S&D, installed it on a Windows system, and scanned the system for spyware programs.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.118.120.206