Wednesday, June 21, 2006
By: Matthew Doucette
Somehow, my PC got infected with AdDestroyer, a spyware program!
I am very meticulous with my PC. I am careful with what software I install. I am careful with what websites I visit. And I always make sure my Windows (XP Home) system is up-to-date. Even still, I get bit by spyware every once in a while.
(This is now the second time I got bit, the first time was by 180Solutions' infamous 180 Search Assistant.)
Cleaning My System
After finally removing AdDestroyer off my system... (which I did manually, and I have chosen not to share my steps as I am not 100% certain I removed it the proper way. I would share my solution only if I knew it worked)... I decided to make sure my system was clean. I researched the top anti-spyware programs and came up with a top three list:
The Spyware Removers
I use three spyware removers now, all free:
- Ad-Aware SE Personal
- Spybot - Search & Destroy
- Windows Defender (previously known as Microsoft AntiSpyware)
(Incidentally, these three, and only these three, are listed on Microsoft's Windows XP's Antispyware Software page, as of the time of this writing. Also, Ad-Aware is a part of Google Pack. These are strong indications that these software products are worthwhile.)
I use three anti-spyware programs, instead of one, as I found each one detected items on my system that the others did not. This may or may not continue to be the case, as all three anti-spyware programs are continually being updated. However, to ensure ultimate safety from these nasty spyware programs, I highly recommend that you use all three!
Enough talk, here they are:
Ad-Aware SE Personal
"Ad-Aware Personal provides advanced protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This software is downloadable free of charge." - Lavasoft
Spybot - Search & Destroy
"Spybot - Search & Destroy can detect and remove spyware of different kinds from your computer. Spyware is a relatively new kind of threat that common anti-virus applications do not yet cover. If you see new toolbars in your Internet Explorer that you didn't intentionally install, if your browser crashes, or if you browser start page has changed without your knowing, you most probably have spyware. But even if you don't see anything, you may be infected, because more and more spyware is emerging that is silently tracking your surfing behaviour to create a marketing profile of you that will be sold to advertisement companies. Spybot-S&D is free, so there's no harm in trying to see if something snooped into your computer, too :)" - Safer Networking
There is one problem I must mention with Spybot. When you update it, it often gives bad checksum errors (shown on my computer as "!!! bad checksum !"). This is due to a problem covered in their FAQ: When updating, why do I get an error message that the "update is forbidden" / "bad checksum!!!"? Their solution is to try a different mirror when updating: "In order to overcome the problem for now, if you try (update) again, have a second look at the menu bar. It has a pull-down item to select a mirror. Click the arrow beside it, and select a different location, where you'll most probably have better chances to download." I tried this and failed multiple times, choosing a different location each time, before finally succeeding in downloading the updates with proper checksums.
Windows Defender (Previously Known As Microsoft AntiSpyware)
"Windows Defender (Beta 2) is a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. It features Real-Time Protection, a monitoring system that recommends actions against spyware when it's detected, and a new streamlined interface that minimizes interruptions and helps you stay productive." - Microsoft
I am really impressed with the tools that Windows Defender provides. It has a "Software Explorer" which allows you to explore the details of all the processes on your computer. You can sort them by "Startup Programs", "Currently Running Programs", "Network Connected Programs", etc. Very cool.
Conflicts of Running Multiple Anti-Spyware Programs:
Are there any problems with running multiple anti-spyware (spyware removal) software programs? Good question. There is one I have encountered, which is not really a problem, but is worth mentioning and clarifying:
Some spyware removers do not delete the spyware-infected files they find. Instead, they move them to a safe place. The purpose being, some files that you may ask a spyware program to delete, you may wish to undelete! Now, the problem:
It is possible that a spyware remover will detect the reminants of spyware inside another spyware removers's deleted files. In other words, running a spyware scan may find files a different spyware scanner has already found and "hidden away", usually in its own special location, for safety. This is ok. Just be aware that this is a possibility.
Does It Always Work?
After running all three recommended anti-spyware solutions in this article, I still have popup ads. I thought they were caused by AdDestroyer, and maybe they are, as I manually removed it and may not have performed the operation properly. Anything the anti-spyware programs found afterwards was removed. So it seems I did all that I resonably can. I will post any news on the matter here as I find it out.
If I cannot find a solution to these popup ads, I will have to wipe my computer and reinstall Windows.
June 28th, 2006 UPDATE: I was unable to remove the spyware that was causing my popups. I am unsure what spyware was causing it. It was popping up errorsafe.com, drivercleaner.com, and others. Those popups attempted to infect my computer further. Fortunately my anti-virus program, avast!, blocked the Win32:FakeAlert virus that was in effect. (I wrote details about in this thread.) So, I had to format my hard drive and reinstall Windows.
How Did I Get Infected?
180 Search Assistant, my first infection about two years ago, was loaded in with a free and unprofessional screensaver. The author had purposely hid 180 Search Assistant inside, as he/she made money off each successful 180 Search Assistant install. Unfortunately, I was unable to recall which screensaver it was and was unable to locate it again. I remember that the screensaver was horrible and I uninstalled it right away, but the spyware decided to stay forever until I manually eradicated it.
AdDestroyer... I am still unsure how I got infected by it. (If anyone else knows how they got infected with AdDestroyer, please contact me. I would love to hear from you.)
Anything To Add?
About the Author: I am Matthew Doucette of Xona Games, an award-winning indie game studio that I founded with my twin brother. We make intensified arcade-style retro games. Our business, our games, our technology, and we as competitive gamers have won prestigious awards and received worldwide press. Our business has won $180,000 in contests. Our games have ranked from #1 in Canada to #1 in Japan, have become #1 best sellers in multiple countries, have won game contests, and have held 3 of the top 5 rated spots in Japan of all Xbox LIVE indie games. Our game engines have been awarded for technical excellence. And we, the developers, have placed #1 in competitive gaming competitions -- relating to the games we make. Read about our story, our awards, our games, and view our blog.