Are you wondering whether your computer is infected with spyware? I am a spyware detective, and I deal with many infected machines. I have seen everything from malware to rootkits. I have grave concerns about future developments in software for criminal use.
Over the last two weeks I have serviced two computers that were riddled with viruses and spyware. Guess what? Both were running up-to-date antivirus software, one ran Norton 360, and one ran McAfee. The clients claimed not to have run e-mail attachments, or any unknown executables, although I have my doubts.
Neither McAfee nor Norton could detect the problems on their own systems, however the users reported problems connecting to the internet and browsing websites, and one could not access his control panels (they disappeared from the XP start menu!).
I run a triad of detection tools that I have found to be most effective: Lavasoft's AdAware, Spybot Search and Destroy, and AVG antivirus. AVG antivirus is very effective at rooting out problem viruses and even spyware that Norton and McAfee do not seem to detect. I had to run the tools repeatedly, because on both machines the active spyware was able to hide itself during initial scans, until I had disabled components of it, and restarted - of course it's best to go through the startup items, and disable any obvious spyware first!). After three cycles of all three detection tools, I had uncovered dozens of problems on the machines and corrected them.
The XP system running Norton was badly damaged. Norton's program structure had been disabled, and could not be uninstalled. Symantec does provide a Norton removal tool, but even that did not remove Norton completely. I chose not to reinstall it, because of its ongoing issues, and selected AVG antivirus (free for home users) instead. Although the Control Panels reappeared, there were damaged functions that required a full system restore. The user opted to purchase a new computer instead! Thanks a lot malware...
The McAfee machine is functioning normally, after the removal of one virus and several malware and spyware components.
The Norton machine had another symptom: The LMHOSTS file had been altered to prevent Norton from updating, and to prevent access to various spyware removal websites. That's a sure sign that a system is compromised.
I typically notice high CPU usage on seriously compromised machines, and high transmit rates when I am not browsing the internet. These would be other giveaways. If you are familiar with the XP system registry, check what is starting up. Some startup items only manifest in the registry! A malware process often has a unique registry entry.
Good luck with the malware investigation! If folks have to buy a new computer because of malware, that's a benefit for computer and OS manufacturers, but a huge burden on society. Of course, I always hint that users could switch to Linux!
Try installing Zone Alarm's free firewall as well, and deactivate the Windows firewall to test with Zone Alarm. You may see the names of program components as they try to register to communicate over the internet.
Good luck...spyware begone!
