Spyware Infection Symptoms

Dennis Faas's picture

Below you will find some of the most common indicators of malware infection. Should you be experiencing any of these symptoms, I strongly suggest you run your anti-virus scanner, along with your anti-spyware scanners. A combination of more than 2-3 of any of these symptoms could mean a major clean up is in order.

-The homepage of your browser is changed suddenly, and you have no clue as to how it happened. This is commonly called a browser hijack, and one of the most notorious of these infections is CoolWebSearch.

-You suddenly notice an 'extra' toolbar on IE and once again you didn't install it. Toolbar infections are of a wide variety, coming in many forms and names.

-Your firewall alerts you to an unknown program trying to access the Internet. This usually means something has already gotten by your defenses and you need to take action, and in many cases most infections rarely travel alone. Another firewall indicator is that it is actually turned off by the malware. Many aggressive malwares target multiple av\anti-spyware applications.

-New shortcuts appear on your desktop or your task bar, or even your system tray that you didn't put there nor know what they are.

-New entries appear in your favorites folder that you didn't put there.

-Your computer starts acting sluggish and slow with massive CPU numbers. This could also be from any number of unrelated reasons too, so this symptom in and of itself, may not be an indication of malware problems.

-Excessive popup windows, unable to stop or close. One famous infection which had this symptom was a plague over this past summer was the Bube Trojan. It required a special, detailed fix to remove. I had the pleasure of trying to remove one of these nasty infections, and it was beyond my abilities, and I had to call in the cavalry. This was while the experts were still trying to fine tune the fix with several applications.

-If you have AdAware or Spybot S&D, should either one open, and appear for a few seconds, then disappear without scanning, more than likely, it's a variant of CoolWebSearch infection. Yes, that's right, as the popularity of these two applications is so high, the malware writers wrote code to specifically turn these two applications off if found to be present on the machine.

-Every time you do a search, you wind up at the same unusual and unknown web site-search engine, or you get 1-3 pages of unrelated search results, before getting to your actual search. Typically referred to as a 'search page hijack'. This too is a common symptom of CoolWebSearch.

-There is a new program or multiple programs in the Add/Remove Programs section of your control panel. If you're lucky, they will remove via Add\Remove, but more times than not, this does not work.

-You're unable to access any of these: task manager, regedit, MSCONFIG, they just pop up and disappear. The idea behind this little trick is to prevent you from being able to access key sections of your computer for removal of the infection. Usually a special registry merge is required just to fix this part.

-Your desktop has been changed to a web page or some type of notice that your PC is infected and you cannot change it.  There are several alleged anti-spyware applications which actually do this. Imagine, claiming to remove infections, when in fact they cause them!! The most noted are PSGuard, RazeSpyware, World AntiSpy and SpyTrooper.

-You get a lot of returned emails from people you don't know. This could be a sign of your machine being a zombie.

You can find more detailed precleaning instructions on this page or you can drop me a line for some more info to assist in removal. If your uncomfortable trying removal of an infection, please post a HijackThis! logfile in my forum.

Surf Safe and Surf Secure!

Rate this article: 
Average: 3 (2 votes)