If you find you are debating whether to keep or remove questionable items that are tagged by antispyware software, follow the basic guidelines of "Just say no" or "When in doubt, throw it out." And be sure to follow these steps:
Identify the potential (or actual) culprit. Invariably, antispyware programs or forensic tools such as HijackThis will provide the name of a cookie, an executable file, a DLL or some other specific file or data object on your PC. Record that name in an accessible place, perhaps by cutting it from a spyware report and pasting it into a small text file.
If you use antispyware software to pick up these names, look for a hyperlink somewhere in the information page or window pane associated with individual items. Though placement and terminology differ from tool to tool, you'll usually find a link to the vendor's Web site where you can glean information about the items a tool can detect from the company's spyware and malware databases.
Visit your favorite search engine and use that name to look for more information about
Requires Free Membership to View
When you register you’ll also receive the latest news, advice and technical tips designed specifically for midmarket IT leaders like yourself. Our award-winning editorial team will give you immediate access to emerging business and technology trends.
Scot Petersen, Editorial Director, SearchCIO-Midmarket
- the item of concern. Often this will lead you directly to technical descriptions or threat assessments; sometimes it will lead you to cleanup and removal instructions.
If you use a forensic tool such as HijackThis, be sure to work through the log analysis programs and consult free tools such as Help2Go Detective or HijackThis Analysis to help you determine what's been found on any given PC. These tools also provide pointers to places where you can go for more information about suspect items as well.
Uniblue System's WinTasks Pro is a neat tool. Even more impressive is the maker's online database, the WinTasks Process Library. This database contains a comprehensive and up-to-date collection of known Windows process names, along with threat ratings for each one. This is quite useful when trying to determine if running processes could pose potential problems.
Other good sources of general spyware information and assistance may be found at SpywareInfo.com and MajorGeeks.com. The latter's HijackThis Area also includes some great forums and tutorials, as well as a good spyware tools listing.
It's OK to stop your research (unless you're just plain curious) as soon as you feel you have enough information for a thumbs-up or thumbs-down evaluation. The next step, of course, is removal and cleanup (which is also covered in some detail in Check IT List: How to detect spyware on PCs. It's a real learning adventure to figure out what's lurking on your users' PCs. But as troubling as it can be to observe how pervasive and tenacious spyware is, it's also satisfying to make it go away.
Ed Tittel is a full-time freelance writer and trainer based in Austin, Texas, who specializes in markup languages, information security and IT certifications.
This was first published in February 2006