Russ Harvey Consulting - Computer and Internet Services

Malware Detection & Removal

Malware Removal | What is Spyware? | Keyloggers
See also: Antivirus Protection

Everyone is collecting information about you

What is Malware?

Malware is software designed with malicious intent. It secretly gathers information about you (sometimes called spyware) or your private communications and attempts to gain access to restricted or secure systems. It then forwards this information to the malware's owner.

Malware often results in the slowing down of the computer, one indication that you're infected. Antivirus software cannot deal with malware unless it contains special anti-spyware/anti-malware components and maintains a current database of malware and how to remove it.

Potentially Unwanted Programs

Brand Name Computers with Bloatware

Some software that comes with name-brand computers is called Potentially Unwanted Programs (PUPs). While you've agreed to install these programs (accepted the computer vendor's license) in most cases you want to remove such programs as they are bloatware in the very least and likely a threat to your privacy or worse.

Addons to Free Software

PUPs such as McAfee Scan, Yahoo! Toolbar, Google Chrome, etc. can be installed along with downloaded free software. This is a method many developers use to “pay” for software they provide for free.

These programs can usually be deselected either prior to download or during the install. Rather than simply clicking through the various download and installation screens, ensure that you understand what you're actually installing. If you're unable to deselect the unwanted software you may not wish to install that program.

Malware is Profitable

Unlike viruses, malware is extremely profitable.

Stealthily redirecting hundreds to sites, they can take advantage of increased advertising rates for the ads on those sites because of increased, albeit unwarranted, traffic.

Malware Removal

Security suites are strongly recommended because only such suites can deal with the multifaceted threats facing computer users today. Such suites should contain software for removing malware and spyware from your system and to protect you from future infections.

Ransomware

Ransomware is special form of malware which encrypts the files on your computer and holds it for ransom. Beginning with CryptoLocker and evolving from there, this class of malware cannot be recovered except by paying the ransom and hoping the thieves don't simply walk away with your money.

You can only hope to prevent ransomware infections. Recovery is seldom possible except by wiping the computer and restoring your data from (hopefully) recent backups.

ZoneAlarm Recommended

I recommend ZoneAlarm Extreme Security.

Windows Defender

Microsoft's Windows Defender provides decent (but not excellent) anti-malware protection (much better than its anti-virus protection). Most security products will work along side it.

Other Safe Solutions

However, running more than one alternative anti-malware product at a time may cause a conflict (they can fight each other rather than the malware).

I recommend the following stand-alone products and services to deal with malware infection, especially if you don't have a suite with built-in anti-malware protection:

Beware of Fake Malware-removers

There is a disturbing trend of placing ads on websites that appear to “find” malware on your system. They offer to remove the infections if you purchase their product.

Don't fall for these tactics. Most, if not all, are rip-offs or fakes.

  • Usually such displays include very large numbers of “infected” files. This is designed to scare you into immediate action before you have a chance to realize you're being scammed.
  • Their placement is not always controlled by the site you've visited (many sites use external services to display ads) but their presence should deter you from visiting the site again (and certainly from purchasing anything there).
  • If you buy the subscription, you're likely to get a call trying to up-sell you on other products (you've demonstrated that you're not savvy about what quality software looks like).

A similar tactic is to place prominent alternative Download buttons leading to malware and spyware software in addition to the less prominent one that links to the download you're seeking. You're best to download only from the developer's site where possible.

  • Hovering over (NOT clicking on) any link in a browser should show the address it will take you to. Be wary of links that take you off-site or to mysterious domains. See How to Tell Fake Links to learn more about how website links work.
  • You can search WHOIS records to determine who owns the site. Be wary of recent or short-term domains.
  • How to avoid fake Download buttons provides more information.

Obtaining More Information About Malware Removal

Unfortunately, many of the resources formerly linked from this page are no longer maintained.

Return to top

What is Spyware?

Spyware is ANY SOFTWARE which employs a user's Internet connection in the background (the so-called “backchannel”) without their knowledge or explicit permission. — Steve Gibson, Gibson Research Corporation

The term “spyware” has been mostly replaced with the term “malware” and includes any program that has harmful or malevolent intent or purpose, even if it is disguised within an apparently useful program.

Your Personal Information For Sale

Internet companies, whose apparent “business model” is the exploitation of consumer trust and ignorance, are sneaking their spyware systems into our machines for their own purposes. —Steve Gibson

See Your Privacy At Risk for more.

Big Names Don't Necessarily Mean Safety

The extent of this secret information collection may shock you and is an attack on personal privacy.

Free email services like Gmail began the trend, followed by cell phone services. Unfortunately, privacy has all but disappeared as corporations seek to know anything and everything about all of us.

Uncle Sam Gets Involved

Edward Snowden revealed a huge spying network organized by the NSA and other U.S. government agencies (and their counterparts virtually everywhere on the planet) involving the largest ISPs and software companies. George Orwell must be rolling in his grave.

Company policies change and often do change. In many cases, short-term profits have proven to be more appealing than long-term loyalty to these companies.

Windows 10's New Revenue Model

Now Windows 10 seeks to know more about us than previous Windows versions (a trend that started with Windows 8), seeking the private information it accused Google of harvesting.

Windows 10 collects personal information and displays ads within your system based upon that information while claiming Windows 10 is the most secure Windows ever.

Spyware Tactics

Microsoft also used spyware-like tactics in forcing Windows 7 and 8 users to upgrade to Windows 10:

  • Windows Update was used to install the GWX nagware which downloaded the files to the user's computer without permission.
  • When it self-activated the Windows 10 upgrade, the program “interpreting” the user's closing of the offer with the red X to mean permission to install (the opposite of what it has meant on computers, including Windows systems, since the very beginning).
  • To stop the upgrade you had to click next then decline the license agreement — hardly an intuitive process.
  • Many users found themselves unexpectedly restarting their computers running Windows 10. In the case of one client, the update failed TWICE, requiring a clean install of Windows 7 because the computer could not recover from the uninvited upgrade.
  • Microsoft also installed ads promoting Windows 10 as part of “security fixes” for Internet Explorer.

Many consultants recommended disabling Windows Update because Microsoft was deceptive in what was actually being installed (“updates to Windows”).

As a result of such tactics, I refused to upgrade to Windows 10 and recommended that my clients don't either.

Learn More About Spyware

Return to top

Keyloggers

Spyware isn't the only method of stealing information. There is also keyloggers.

  • Keyloggers come in software and hardware varieties.
  • Each has its advantages, depending upon the circumstances.

There are also software keyloggers. Software like ZoneAlarm Extreme Security will detect keylogger software.

Hardware Keyloggers

The hardware keylogger is a small device about the size of an AA battery that is plugged in-line with your keyboard in order to record your keystrokes.

Work Computers

Keyloggers may be installed by your employer. Courts have recognized the right of an employer to monitor the use of a company-owned computer.

Hardware Keyloggers

Since hardware keyloggers aren't software their operation is not detectable using software.

Identical Connectors?

The connectors look the same it MAY be a keystroke logger.

Different than Keyboard Adapters

Don't mistake a older keyboard adapter for a keylogger.

Such an adapter would have a different connector on each end.

Keyboard adapters were used to connect an older keyboard to a new computer or a newer keyboard to an older computer. These are rare today.

Public Access Computers

You need to be very careful about using public-access computers (like the ones at Kinko's or in an Internet Café).

A New York man collected over 450 bank account passwords in Kinko's stores using a software keylogger.

Assume Zero Privacy

Assume that your computer activities are being monitored, and avoid providing user names and passwords or credit card information on these connections.

Clear the Cache

You might wish to ensure that you can clear the cache before you use these to enter user names and passwords.

Don't Enter Sensitive Information

You cannot ensure there is no keylogger device or access to the data you enter, so you may wish to reconsider the need to access banking or other sensitive information.

Use Virtual Keyboards

Some systems offer a virtual keyboard that uses the mouse to select input.

Look for the little virtual keyboards beside the user name and password entry like this LastPass example:

Virtual keyboard in LastPass

You can also see a live example on the login page for Islandnet.com.

Return to top

Related Resources

Related resources on this site:

or check the resources index.

Return to top


If these pages helped you,
buy me a coffee!


www.RussHarvey.bc.ca/resources/malware.html
Updated: August 1, 2017