Korean Job Discussion Forums

Ryst Helmut

Review: Testing anti-spyware programs
They clean -- but don't disinfect

By Matthew Fordahl
Associated Press
Monday, November 1, 2004 Posted: 11:22 AM EST (1622 GMT)

SALINAS, California (AP) -- Though less than a year old, the PC took more than five minutes to start up and never shut down without stalling on error messages. Attempts to Web surf generated at least a half-dozen pop-up ads and -- frequently -- system freezes.

Internet Explorer's home page was hijacked. Attempts to reach some sites, including eBay, were redirected to random search engines that only called up more ads. Google search results were altered. And the modem, without permission, tried to dial distant lands in search of porn.

Welcome to the nasty world of a PC infected with adware, spyware, dialers and their ilk, all of it installed without the knowledge of its owner -- my brother-in-law.

No sooner had he spent nearly $1,000 for the Dell Dimension 4600C than he lost control of it to advertisers and porn peddlers.

My brother-in-law, bless him, had committed the computing equivalent of running with sharp objects: Installing free software willy-nilly, clicking carelessly on misleading ads or spam and letting relatives (not this one) have free rein during visits.

But my job was not to judge. It was, rather, to make the violated system hum again. I agreed have a go at degunking it provided I could write about the experience. He agreed.

So I tested Webroot Software Inc.'s Spy Sweeper, LavaSoft's Ad-Aware, Tenebril Inc.'s SpyCatcher, Spybot Search & Destroy and Computer Associates Inc.'s eTrust PestPatrol.

To ensure fairness, I used Symantec Corp.'s Norton Ghost utility to make an exact copy of the infected hard drive before I tested any of the programs. Between each test, I restored the computer to its original sickly state.

Each program promised to remove spyware, and all -- except the one I found in a pop-up -- did so with varying degrees of success. Still, no single program could completely clean the PC. Strange behaviors -- whether sluggishness, pop-ups or a hijacked home page -- persisted.

I had the most success running two programs -- Spy Sweeper ($29.95 for a one-year subscription) and Ad-Aware SE Professional ($39.95) -- at the same time. Yes, it's a drain on system resources, but the tolls delivered a usable system with only slightly higher-than-normal pop-up activity.

Though the technology used to identify unwanted programs differs, all the programs seemed to work the same way. After installation, each connected to the Internet to ensure the program and collection of spyware signatures were up to date. Then the scanning began.

For my brother-in-law's computer and its 40-gigabyte hard drive, scanning took anywhere from 10 to 20 minutes. It's an intensive process so don't expect to be doing much on the PC in the meantime.

On its first scan, Spy Sweeper found 41 "spyware" programs and 6,923 "traces." Ad-Aware found 798 instances on its first try. Search & Destroy found 80 problems. SpyCatcher found 13 items. And PestPatrol, whose first scan took just 2 minutes, discovered 54 pests.

Obviously, definitions vary. Regardless of the numbers, I quarantined everything possible and often had to reboot so that anything that was running in the first scan could be cleaned.

In all cases, the PC was far from totally disinfected. Internet Explorer's home page was still hijacked, some sites -- notably those of legitimate anti-spyware companies -- were inaccessible and pop-up activity, though more restrained, was higher than you'd find on a clean computer.

Taking a cue from the back of a shampoo bottle, I opted to rinse and repeat, repeat and repeat.

I also uninstalled software like the file-sharing programs BearShare and Kazaa, both which ship with adware. (When I had launched Kazaa after a scan, it informed me that the software had been disabled and that it had reinstalled it for my convenience. Lucky me.)

Spy Sweeper and Ad-Aware had the most success of the programs I tested, with each reporting fewer and fewer problems after each scan. Though I was never able to run scans that came up with zero problems, the PC's behavior grew closer to normal.

I also tried combining the two, and that helped rescue my home page.

Of course, there was still something lurking in the PC. But in the end, I got some control back, even if I still felt a bit dirty.

The others didn't fare so well -- at least on my very infected system. The free Spybot Search & Destroy, running alone, didn't make much of a dent despite numerous attempts.

PestPatrol ($39.95) did its initial scan in about 2 minutes, which itself was suspicious. It caught dozens of "pests" and supposedly eradicated them. But my system still wildly misbehaved. Setting PestPatrol to scan more thoroughly found more pests. Still, though, I had no access to anti-spyware Web sites, and Google search results had a weird habit of repositioning themselves after a few seconds and displaying -- surprise -- ads at the top of the list.

SpyCatcher ($29.95) also took a shorter-than-usual time to scan the system, and it reported finding just 13 items. Another scan found 1. And a third found zero. Yet the sick PC was hardly cured.

With my mixed success, I decided to deploy the biggest weapon in my arsenal. I booted the system using the original Windows installation disk, formatted the hard drive and started from scratch. I installed antivirus software and all of Microsoft's security patches.

This time, I decided it might be wise to have protection from the start and I chose Spy Sweeper for its simple interface and good defensive shields.

Finally, in a fit of stupidity, I downloaded the free version of Kazaa and installed it despite its warnings that it was installing adware.

Sure enough, Spy Sweeper warned me and I blocked what it suggested. Still, some Web sites became inaccessible, more pop-up ads appeared and there seemed to be an epic battle between good and evil running in the background of the system.

When idle, half of the processor's resources were being used somewhere, though a restart fixed that problem.

Still, neither Spy Sweeper nor any other software could completely shield me from a really dumb decision. I'll soon be reinstalling Windows for a third -- and hopefully final -- time or else tell my brother-in-law to start saving for a Macintosh computer.

Copyright 2004 The Associated Press. All rights reserved.This material may not be published, broadcast, rewritten, or redistributed.

Dalton · Joined: 26 Mar 2003

Good article.

Some observations: I found Spybot's Teatimer option and SpyWareguard Both immediately warn me with pop ups if anyone tries to change my IE home page options. There are about 4 related things (like default search page) That I am warned about. Teatimer also gives a pop warning for any attempted registry changes or additions. These progs do this when you install things or make changes as well.

CWShredder is a free program totally devoted to ridding one's computer of HiJackers like Coolweb search(it get's it's name from this).

Hijack This gives a list of programs running on your PC. It also lists progs that load at start up.

The last three times sometime attempted to hijack my PC I was notified immediately. I said no to the attempted changes on the pop-up notices from Teatimer and SpywareGuard-4 notices from each prog. This sequence of pop-ups will recurr every 2-3 minutes. Those hijackers were persistant.

I update and run Hijack This first. This tells me what I am dealing with by telling me what's running on my PC. At least one prog is obviously the hijacker. Often the hijacker will have installed many versions of itself with lots of registry entries. Like cockroaches. You have to kill every single one to win. Each undiscovered prog and reg entry can lead to the hijacker reinstalling itself whenever you reboot.

I updated and ran AdAware, I have to keep saying no to changes. Then I updated and ran CWShredder. Still having to decline changes attempted by the hijacker. Finally I restarted(always restart after CWShredder).

I learned that sequence-AdAware then CWShredder by trial and error. Other combos followed by restarting had me facing the same hijacking attempts upon reboot.

Then I update and run all my security stuff-Spybot, anti-virus, adaware and cwshredder again. Finally I do a search or go to cexx.org to see if I can find the virus according to info from HiJack This.

Use preventative software and keep everything updated. Run your cleaning stuff once a week or at once a month. Then Defrag.

IMHO.

FUBAR · Joined: 21 Oct 2003 Location: The Y.C.

I found the same success as the author. After my pop-up blocker failed to stop popups, I ran the combo of ad-aware and then spyware doctor. After that, I rebooted and did the combo again. Now everything runs smoothly.

Spybot killer seemed to mess up some programs after using it. Probably b/c I am not an expert at computers (only intermediate level). Think I will stick with Ad Aware/Spyware Killer + Regular Anti-virus scans.

gajackson1 · Posted: Tue Nov 02, 2004 7:18 am Post subject:

SpywareBlaster is an excellent freeware program; pay to support it, and updates are automatic, but you can just do it yourself if you are feeling cheap.

MOST of those programs can be set to run at system close-down, or right upon boot, BEFORE things have a chance to go.

As for the 'browser hijacking,' most of those also have options to prevent that from happening.

Your computer should not be treated all that much differently than a home or car in the sense of security.

Regards,

Glen