Tracing The Sites That Infect You With Spyware

I once read that it was possible to trace what sites had put spyware on your computer. Could someone explain to me how you would go about doing that?

 

No takers, huh?

 

Also, contrary to what Insomniac believes, my computer has not been recently infected with spyware from porn sites. Although, I would like find out which sites that I recently visited, put the spyware on my computer.

 

Does this mean that no one knows the answer, or that this question needs to be put in another forum, or that know one doesn't like me anymore?

 

You could download and install SpywareBlaster and SpywareGuard both downloadable from the Spyware section from this site. This will go some way to preventing further infection. You could also download a hosts files to divert your computer away various questionable URLs.

In terms of tracking your history, you need only look at the browser history (either via the browser or directly via Windows Explorer) and correlate this with whatever "spyware" that you are infected with. For example, run AdAware or Spybot Search & Destroy after visiting questionable web sites, if it detects spyware then use your browser history to determine where to narrow your search to the culprit.

 

Thanks for the reply, Maxwell. I already have SpywareBlaster and SpywareGuard(among others), therefore, my concern is not about preventing further spyware. Also, what I was inquiring about was a specific way to trace the sites that infected you with spyware opposed to viewing your browser history and guestimating which sites probably infected you with spyware. The method that I am inquiring about(and which I once read about) involved going to your anti-spyware/adware control panel and looking at the registry( the registry is still new to me, therefore, I'm pretty much lost) of the items that you have blocked. Somewhere in the registry(?) of the items you have blocked, you can use that information to trace back to the actual site that gave you the spyware/adware. Perhaps no one here has ever heard of this. I have this same thread posted at another "help" forum and I've gotten no replies there also.

 

I Googled and Yahooed and some of the results that I found sounded similar to what I was talking about. Take a look:

http://www.google.com/search?source...41,GGLD:en&q=tracing+spyware+through+registry

http://search.yahoo.com/search?p=tr...hoo!+Search&fr=FP-tab-web-t&toggle=1&ei=UTF-8

I'll admit that I don't fully understand what is being discussed in the results from the searches, but I'm hoping that someone else more knowledgable would.

 

I think what you are asking for is how to determine from the the spyware that may have infected or attempting to attach to or attack your computer where it came from, e.g., from a questionable site, questionable downloads, installation of questionable products, CDs, Floppys, trojans, viruses, etc.

Not all spyware comes from just visiting a web site, e.g., installation of a desktop theme from an executable could very well install some obnoxious toolbar but there is no direct cause from the web site and thus you would have to use some form of deduction. Such a questionable download or installation may even come via an e-mail, which are a typical source of malware, including viruses. Basically, there are many sources from where spyware can come from.

A resource to help you diagnose typical installation locations of spyware is the tool HiJackThis: http://forums.majorgeeks.com/showthread.php?t=38752 and http://forums.majorgeeks.com/showthread.php?t=26149 You can see here that HiJackThis lists various locations where spyware can be found and moreover not all of these are in the registry.

Ideally, I think what you would like is similar to a Firewall that logs your on-line activities (both browsing, e-mail, chat tools, IRC, etc.,) and the attempts to infiltrate your computer but dedicated to spyware attempts to take over your machine.

With the prevention tools such as SpywareBlaster and SpywareGuard, there is no log for the former but there is a log in the latter when it detects one of three rules that spyware typically use via Real-time scanning, download protection and browser hijack protection. However, SpywareBlaster is designed not to act as a executable running program since (like Firewals and Anti-virus scanners) these would take up valuable resources on your computer.

In conclusion, some deduction is necessary in order to determine precisely where an infection came from and it is very similar to the infection routes take by viruses.

 

First of all, thanks for all the information, Maxwell. Second of all, how do you download a hosts files to divert my computer away various questionable URLs? Third of all, since I made my last spyware scan with AOL's Spyware Protection a few days ago, I just made a scan just now and AOL's Spyware Protection detected a Keylogger with the name of Activity Logger2.0. When I clicked on details, this program was decribed as, "A keylogger is any program that decribes every detail of what is done on your computer down to the keystrokes on your computer....Keyloggers can record information such as passwords, credit card information, and personal information numbers... " (By the way, this post is being recorded because I haven't disabled the program yet because I wanted to post the information about it in this thread first.) Okay, lately, I haven't consciously visited any questionable sites and I just checked my IE broswer history, but I don't have a clue as to which site may have infected me with the keylogger.(By the way, AOL's Spyware Protection software is good. It consistently cathces spyware programs that the freeware and Microsoft's AnitSpyware program doesn't catch.)

 

See here: http://forums.majorgeeks.com/showthread.php?t=25959 and http://www.mvps.org/winhelp2002/hosts.htm

Note it is possible for trojans and spyware to modify this file and divert you away from bona-fide web sites to clones, as in the example of phishing

Also, download from here the following:

SpywareBlaster 3.3
SpywareGuard 2.2
SpyBot-Search & Destroy 1.4 RC2b
Ad-Aware SE Personal 1.05

The first two are protection to prevent changes that could result in spyware. Spybot S&D has a immunise function that is also a preventative. The latter two are scanners which can be used to supplement the AOL scanner. Once downloaded and installed, update them and run the latter two scanners to supplement the AOL scanner.

Not every scanner is 100%, as you've found out, but it is useful to scan with different ones so that what ever one misses another may pick-up.

Finnaly, follow these instructions to clean out your system of your keylogger: http://forums.majorgeeks.com/showthread.php?t=25834
http://forums.majorgeeks.com/showthread.php?t=44525

Hopefully your Firewall isn't disabled or tampered with so that the keylogger is allow to send information.