Spyware Monitor
"We used to call them nasty viruses, but now they all have more sophisticated names".
In good old days viruses used to be simple. They attached to your exe files and when you were taking coffee break they deleted your data, formatted disk or make your keyboard stutter. Nasty, yes, but ultimately preventable. There wasn't real benefit for the virus creator to make the virus except kudos from his peers (unless he was also selling anti-virus software). Then came internet and everything changed overnight. Including viruses. Deleting files or hard drive become way too uncool. New viruses installs backdors to get access to your computer, use your computer for Denial of Service attacks or try to get passwords to your banking accounts. But that is not enough. Since they mutate relatively slowly a good anti-virus software can still catch them in most cases. A new type of virus that is not exactly a virus was needed: Spyware, Adware, Parasites, Hijackers, Dialers and whatever else.
Yes, while a word Spyware or Parasite sounds less dangerous than a word Virus, Spyware is in fact able to do all above and much worse. The primary task of these "viruses" is to change your computer such way so the creator can benefit from it financially And they will do it by any means necessary. This includes collecting and selling your data, redirecting you to sites that use advertisement or phishing - redirecting you to sites that looks like front-door to your online bank.
Most people have the wrong idea that they are secure. You have firewall You never open any attachment. Never install any software from Internet. You use up-to-date antivirus. Hahaha. The makers of such spyware as CoolWebSearch are just laughing.
These new kind of parasites can be delivered and installed using security holes in Windows by merely going to a web site. You don't even know something is being installed. I guarantee you that if you try run some trusty anti-spyware tool you will find something wrong already sitting on your computer.
BTW, do you know that actually quite few Anti-Spyware are Spyware by themselves? Some sites will install a spyware on your machine that from time to time pop-up "Spyware Detected" type of message and redirect you to a paid spyware-removal tool that will often uninstall one spyware and install another one.
Spyware and Parasites are very serious issue, more than people think.
List of legitimate Anti-Spyware:
There are far too many of anti-spyware that are also spyware by themselves.
Download Spy-The-Spy application
If you see anything interesting on this site which you think would be worth for your friends to know, simply click this button:
The link to this page will be included automatically.
No SPAM! Neither you, nor your friend will become part of ANY mailing list.
|
|
|
Spy-The-Spy
One day I got really tired of my home page always resetting to coolwebsearch page, searching in google redirect to some X-google page etc. I lost a day of my work trying to remove these things from my computer. I think companies should really get together on a class-action lawsuit to held all known spyware accountable for the loss of time and revenue.
So I needed to Spy on Spyware. I don't have the time to build a database of spyware or try to figure out what registry belongs to parasites. There are many applications excellent in cleaning the mess - for example Lavasoft Ad-Aware or Spybot Search and Destroy and I use them regularly.
But I want to know the very moment something is being installed on my computer. It is sad that Windows while trying to be friendly is quiet about things that are being added. I don't care if it is legit application or not. Obviously if I am installing application, I expect it to add some files to Windows or Program Files. No surprise. But I am just browsing web and application is secretly added and run while Windows is fine with it?
Monitor my Windows
So I build an application that when it is running it simply monitors system folders for any new exe's or dll's being added or renamed: For example Windows and System32 folder is the main harbour for these bugs, but also Program Files or Documents and Settings.
Simple idea but the result surprised me big time. By going to some sites that I expected they add spyware through ActiveX I was shocked what was happening on my multistage-firewall and antivirus protected computer (ZoneAlarm, Norton AV, D-link Router with on-board Firewall and AlphaShield HW firewall - all running at once and none even beep). I could clearly see how a data from IE download folder has been renamed to exe and dll, obviously run, then copied to many places over my computer - to System32, Windows even DllCache folders. Then the exe was copied under different names few times.
The App
Spy-To-Spy sits in tray and watches folders you specified in settings.
The folders include subfolders so you really just need to set C:\Windows to monitor all additions to Windows and System folders. This is set by default.
Optionally if you are extra paranoid like me you can add also C:\Program Files and C:\Documents and Settings. (Some Parazits will copy itself here)
Now anytime exe is added, renamed or modified a message will appear.
Quarantine
You have the option to add selected files to Quarantine. It will brute force kill the processes quickly one after another to avoid watchdogs and move the exe file to a Quarantine folder.
System File Check
Additionally a button for SFC was added. This will run Windows Protection that checks all system files for changes and it will copy them from Windows CD if they are different.
Warning: On clear situation, like the one above where basically 3 spyware exe files were added by ActiveX, the Quarantine is a simple choice. But in case where system or IE Helper dll's are involved, forcing these files to Quarantine may make IE partially unoperational. Remember, Spyware use many methods to penetrate your system so if you are unsure then don't experiment. Just acknowledge some files were added and run anti-spyware! In any case run anti-spyware to clean up registry from the bugs.
Legit Files
Spy-The-Spy is a file monitor. It doesn't differentiate between real spyware and a legit file that has been added to watched folders. There are cases when such legit files are created:
- Windows may on startup replace some dll's in system folder from its backup
- Some virus and anti-spyware scan may create a temporary files to unpack zipped files. AdAware does this for example.
- Legitimate sites add dll's to your computer without any notification. Ebay does this for example.
Limitations
In general, this application doesn't replace anti-spyware but complements it.
- The software is a monitor, it doesn't deny access to the files. When you see warning, the files are already there running
- The software does not scan files. If you have previously spyware installed, Spy-The-Spy will not know about it
- The Quarantine doesn't clean the registry that the spyware may change only brute-force remove the file from its location.
|