| Spyware: find it + remove it ! | 
Web |
Index |
Is my PC INFECTED you ask ?
Q. ARE YOU RECEIVING LOTS OF SPAM EMAILS?
Q. HAVE YOU DOWNLOADED MUSIC FILES FROM THE INTERNET?
Q. HAVE YOU INSTALLED ANY FREE PROGRAM FROM THE INTERNET?
Q. DID YOU USE ANY P2P (FILE SHARING) PROGRAM?
Q. HAVE YOU EVER CLICKED ON RANDOM POP UP ADS?
IF THE ANSWER IS YES TO ANY OF THE ABOVE THEN YOUR PC HAS A 95% CHANCE IT'S INFECTED WITH AD WARE AND SPY WARE
What is Spyware & Adware ?
Spyware & Adware are files that are installed on your computer that secretly
gather your personal
or your organization’s and relay it to advertisers, third parties or
other interested parties without your authorization or knowledge.
Spyware & Adware employs your Internet connection in the background (the so-called 'backchannel') without your knowledge or explicit permission.
Spyware & Adware allow companies to monitor your Internet browsing patterns and even allow companies to SPAM you with those annoying "pop up" ads!
If you've started getting those annoying ads popping up on your screen, you've been infected with Spyware and/or Adware!
Onlineeye can't prevent a program doing that, put it shows you all programs with open connections with their destination address in the internet. That gives you the possibility to stop the program and indentify the spy, because with the destination address and Whois you can find the owner of the destination.Step 1: Find suspect Programs
| Type | TCP or UDP, for details go to „Protocols“ |
| PID | Process Id, it's the same that you can see if you open the Windows- Taskmanager, each running process has its own identifier. |
| Port | This is the local port that the process is using.
Details to all known ports can be found here: http://www.neohapsis.com/neolabs/neo-ports/neo-ports.html |
| Process | This is the process or service that is accessing the internet or local network |
Now that you know the programs that access the internet without your permission
you can kill them, delete them from the hard disk or delete their entries
in the windows registry.
Strange Registry-Entries
Find out wich programs get started during the windows startup: http://www.sysinternals.com/files/autoruns.zip
Now we know who is talking at home, but where is their homebase ?
With "Show active connections“ you can see all active connections
from and to your computer, you can see the source and destination port and
adress. The standard settings show only the "Established“ connections.
+ "Show all connections" : OE shows also all inactive connections,
that wait for reconnection and are listening to open ports
+ "Do not resolve Hostname from IP-Adress": no Name resolution,
you can see just the IP-addresses
| Type | TCP or UDP, for details go to „Protocols“ |
| Status | + Established ... active connection + Listening ....... a connection is waiting + Closed ........... a connection is closed |
| Local | Source address .. your computer |
| Local Port | Source port ....... your computer |
| Remote | Remote address |
| Remote Port | Remote port |
Now we have also the destination address and port, but what's next? How can
we get the name of the company who is responsible for all this. OE has two
other utilities to get this information, they are „Trace“
and „Whois“.
Traffic-Monitor - monitors network traffic on the chosen network interface and displays it continuously. It could be used for locating suspicious network traffic or to evaluate current utilization of the network interface. Details -> „Traffic Monitor“
