Spybot Anti Spyware
-
Upload
hossam-el-hamalawy -
Category
Documents
-
view
463 -
download
3
Transcript of Spybot Anti Spyware
Spybot - anti-spyware
Spybot Search & Destroy is used to detect and remove different kinds of malware, adware and spyware from your
computer. It offers free updates and lets you immunise your Internet browser against future infection by known malware.
Homepage
www.safer-networking.org/en
Computer Requirements
All Windows Versions
Version used in this guide
1.6.0
License
Freeware
Installing Spybot
Follow any program-specific directions in theGuideIf there are none, simply click the link belowand choose a location to save the installerFind the installer on your computer anddouble-click it
Spybot:
Required Reading
How-to Booklet chapter 1. Protecting your Computer from Viruses, Malware and Hackers
Level: 1: Beginner, 2: Average, 3: Intermediate, 4: Experienced, 5: Advanced
Time required to start using this tool: 20 minutes
What you will get in return:
The ability to remove different kinds of malware and/or spyware
The ability to immunise your computer system before it becomes infected with malicious problems and threats
1.1 Things you should know about this tool before you start
Spybot S&D is a popular free program used to detect and remove different kinds of adware, malware and spyware from
your computer system. It also lets you immunise your system against adware, malware and spyware, preventing them
from infecting your computer once Spybot is installed.
Adware is any software which displays advertising material on your computer. Certain kinds of adware function
remarkably like spyware and can be invasive of your privacy and security.
Malware (e.g. trojans and worms) is any kind of program designed to harm or hijack the operation of your computer
without your consent or knowledge.
Spyware is any kind of program that collects data, observes and records your private information and tracks your
Internet habits. Like malware, it frequently runs on your computer secretly. As such, installing a program like Spybot will
help you to protect your system and yourself.
Spybot also installs an additional application called TeaTimer. This will protect your computer from new malware
infections.
Note: Windows Vista has its own built-in anti-spyware program called Windows Defender. However, Windows Vista
seems to allow Spybot to work without any conflict.
Getting Started
There are basically two steps involved in using Spybot effectively:
Updating the Detection Rules and Immunization databases with the most recent and relevant updates fromSpybot.
Running Spybot. This involves immunising your system with the detection rules and immunisation databases or
updates you have previously downloaded, then checking your system for spyware infestations and removing
them.
Note: For a brief overview of key advanced options, please refer to section 3.0 Advanced Options.
Spybot - anti-spyware 06/03/2009 01:18
http://en.security.ngoinabox.org/book/export/html/158 1 of 17
2.1 How to Use Spybot for the First Time
After you have completed the installation and set-up process, Spybot will automatically launch itself and display theLegal stuff screen as follows:
Figure 1: The Legal stuff screen
Note: To launch Spybot the next time, either double-click the desktop icon or select Start: All Programs >
Spybot - Search & Destroy > Spybot - Search & Destroy.
Step 1. Click the OK button to activate the Spybot Wizard and the Create registry backup screen as follows:
Figure 2: The Spybot-S&D Wizard Create registry backup screen
Note: You are strongly advised to create a backup of the registry. The Windows Registry is explained in the CCleaner
guide, in the section called 'The Windows Registry' .
Step 2. Click:
Step 3. Click the Next button to activate the Spybot - Search for Updates screen.
Step 4. If you are connected to the Internet, click: and go to section 2.2
How to Update the Spybot Detection Rules and Immunization Databases. Otherwise, click the Next button.
Step 5. Click the Next button in the Immunize this system screen that appears, then click:
in the screen that follows.
You have now completed the initialisation process and Spybot automatically launches itself as follows:
Spybot - anti-spyware 06/03/2009 01:18
http://en.security.ngoinabox.org/book/export/html/158 2 of 17
Figure 3: The Spybot - Search & Destroy main screen
2.2 How to Update the Spybot Detection Rules and Immunization Databases
Important: It is absolutely vital that you keep Spybot up to date with the latest definitions.
Step 1. Click: in the left-hand menu bar.
Step 2. Click: when the Spybot - S&D Updater screen is active to begin updating Spybot with the latestdetection rules and immunisation databases.
If you have recently updated your detection rules, a pop-up screen appears, advising you that No newer updates
are available.
If you have not updated your detection rules, the Spybot-S&D Updater screen appears, listing a number ofservers from which to download the updates as follows:
Spybot - anti-spyware 06/03/2009 01:18
http://en.security.ngoinabox.org/book/export/html/158 3 of 17
Figure 4: The Spybot-S&D Updater screen
Step 3. Select the location nearest to your country of residence, then right-click on it and choose Set this server asthe preferred download location.
Step 4. Click the Continue button.
Figure 5: The Spybot-S&DUpdater screen displaying detection rules, help files and immunization databases
Step 5. Check all the options presented, then click: to begin downloading these updates.
Note: If an error occurs while downloading these updates, Spybot will offer you an opportunity to re-try it. After
performing a successful download, you will be prompted to immunise your system and check for problems.
Step 6. Click: after the files have been downloaded successfully.
You will return to the Spybot - Search & Destroy main screen
Spybot - anti-spyware 06/03/2009 01:18
http://en.security.ngoinabox.org/book/export/html/158 4 of 17
Note: You can also run the Spybot update process at any time by Selecting: Start > All Programs > Spybot - Search
& Destroy > Update Spybot -S&D.
2.3 How to Immunise Your System
Spybot helps shield your computer from known spyware by ‘immunising’ it. This is like receiving a vaccination against
infectious new diseases.
To immunise your computer system, follow these steps:
Step 1. Click: in the Spybot-S&D sidebar to automatically begin the immunisation process and
activate the following screen:
Figure 6: The Spybot - Search & Destroy screen with the immunisation process in progress
Note: You may need to maximise your window to view all options on this screen.
Step 2. Click: and wait until the program finishes the process.
Your system is now immunised against all known new threats.
Note: You can reverse or undo the immunisation process if you suspect that immunising your system has negatively
affected the overall performance of your computer.
Step 3. Click: to reverse the immunisation process and restore your system to its previous state.
2.4 How to Check for Problems
Reminder: Before you begin checking for potential threats, please update the Spybot Detection rules and Immunizationdatabases.
Spybot - anti-spyware 06/03/2009 01:18
http://en.security.ngoinabox.org/book/export/html/158 5 of 17
To check for problems and threats, follow these steps:
Step 1. Click:
Step 2. Click: to begin scanning your system for threats (if you have a lot of data, files,
programmes etc. this could take 20 minutes to an hour).
Figure 7: The Spybot - S&D program checking for problems
After the scan has been completed, the number and kinds of problems will be listed in the pane as follows:
Spybot - anti-spyware 06/03/2009 01:18
http://en.security.ngoinabox.org/book/export/html/158 6 of 17
Figure 8: The Spybot - S&D screen displaying possible problems or threats
Step 3. Check only the items that you want to delete. Some of the found items may be marketing software that you
would like to keep (for whatever reason).
Tip: Any item displayed in red lettering is generally treated as a problem or threat. Any item displayed in green lettering
is keeping track of your Internet usage. To keep a particular item, un-check the check box associated with it, and it will
not be deleted.
Important: Before you either delete or ignore the malware you have found, it is strongly recommended that you look up
each item's behaviour and origins.
Step 4. Click: in the right-hand side of the Spybot results window to reveal more information about that item. If
nothing is displayed, you can also research it on the Internet. Find out how it operates, and how it may compromise your
system's integrity and security. Better knowledge and information about problems and threats leads to more privacy and
security for you.
Spybot - anti-spyware 06/03/2009 01:18
http://en.security.ngoinabox.org/book/export/html/158 7 of 17
Figure 9: The Spybot - S&D Show more information pane
Step 5. Click: to activate malware deletion.
A confirmation dialogue box appears asking you if you would like to delete all the problems which have been found.
Step 6. Click the Yes button if you would like to delete them.
Note: It is generally a good idea to scan your system for problems every week.
2.5 Resident TeaTimer
The Resident TeaTimer is a Spybot program that is constantly running in the background (that is, even when you are
not actively using Spybot). It constantly monitors important system processes to ensure that any possible threats are
not changing critical system configurations or settings. TeaTimer alerts users whenever it detects a known malicious or
suspicious process, and lets you either Allow or Deny that process (should it prove to be a malicious one). An exampleof such a pop-up screen appears as follows:
Figure 10: The Spybot - S&D Resident TeaTimer alert, displaying the Allow / Deny change screen
Given that many programmes (both necessary and malicious) require access to the system's internal processes,
TeaTimer will frequently query you to Allow or Deny changes. In this example, Skype is being deleted from the Windows
Spybot - anti-spyware 06/03/2009 01:18
http://en.security.ngoinabox.org/book/export/html/158 8 of 17
Start menu. This will usually happen when you have uninstalled a program (and this doesn't necessarily occur at startup
time only). In this case, this is a valid request to change a small system setting and you can allow it.
Tip: If you are unsure about what you are being asked to do in a TeaTimer window, Click the Info button for moreinformation.
Figure 11: The Spybot - S&D Resident information screen
It is safer to deny a request if you are not sure of its effects. However, if you are sure that the request is valid, check
the Remember this decision box and Spybot will not display this alert again.
Note: You will often see the TeaTimer activated when you install a new program and it tries to add itself to the startup
process. The same will happen when you uninstall a program.
Tip: It is strongly recommended that you update TeaTimer whenever an update is available.
2.6 How to Use the Recovery tool
The Recovery tool allows you to recover or retrieve any previously deleted or repaired item. This can happen becauseSpybot will create a backup for every item it has previously deleted. If a deleted piece of malware causes your
computer to malfunction, it is possible to restore it using the Recovery tool.
To recover a previously deleted item, perform the following steps:
Step 1. Click: to activate the Recovery screen as follows:
Spybot - anti-spyware 06/03/2009 01:18
http://en.security.ngoinabox.org/book/export/html/158 9 of 17
Figure 12: The Spybot Search & Destroy - Recovery screen
Step 2. From the list of previously deleted items, check the items you would like to recover, then click:
A confirmation dialog box is activated as follows:
Figure 13: The Confirmation dialog box
Step 3. Click the Yes button to recover the selected items.
Step 4. Alternatively, click: to remove all checked files completely. However, be aware that
purged items are not recoverable.
Advanced Mode
Spybot operates in both Default and Advanced modes. The Advanced mode lets you access program settings andadditional tools.
Step 1. To activate Spybot in Advanced mode, select the Mode > Advanced mode option from the menu bar as
follows:
Figure 14: The Mode menu options
Step 2. Click the Yes button to confirm this mode.
Spybot - anti-spyware 06/03/2009 01:18
http://en.security.ngoinabox.org/book/export/html/158 10 of 17
In Advanced mode, the sidebar in the Spybot main screen appears with more options:
Figure 15: The Spybot Search & Destroy - Advanced mode screen
Step 1. Double-click Settings to view descriptions of various items and options in a display pane as follows:
Figure 16: The Settings screen
Step 2. Double-click Tools to view tools that will help you identify spyware not detected in normal scanning processes,and rescan your system.
Spybot - anti-spyware 06/03/2009 01:18
http://en.security.ngoinabox.org/book/export/html/158 11 of 17
Figure 17: The Tools screen
Step 3. Double-click Info & License to display general and licensing information about Spybot 1.5.2.
3.1 Advanced Mode Tools
Advanced users will appreciate the following advanced options provided by Spybot: IE tweaks, Shredder, SystemInternals and System Startup.
3.1.1 IE tweaks
The IE tweaks option is used for Internet Explorer configuration. It lets you set a couple of important Internet Explorersecurity settings, especially in situations where more than one person is using a system.
Spybot - anti-spyware 06/03/2009 01:18
http://en.security.ngoinabox.org/book/export/html/158 12 of 17
Figure 18: The IE tweaks screen
You should leave the first option checked, as shown in the example above.
3.1.2 Secure Shredder
This is an excellent option for permanently deleting (wiping) temporary Windows and Internet browser files. For more
information about wiping and temporary files, please see Booklet Chapter 9, How to Destroy Sensitive Information.
Figure 19: The Secure Shredder screen
Step 1. Click the little black triangle next to the button, to activate a drop-down list of temporary file
locations as follows:
Figure 20: The Temporary drop-down list in the Secure Shredder screen
Step 2. Select an option from the list to activate that program's temporary file list.
Spybot - anti-spyware 06/03/2009 01:18
http://en.security.ngoinabox.org/book/export/html/158 13 of 17
Figure 21: The Secure Shredder screen
Now you need to set the number of 'shreds' in the deletion process.
Step 3. Use the option at the bottom of the window to set a number (between 2 and 5).
Step 4. Click: once you have set the number of times this document will be shredded.
Spybot will permanently delete these unnecessary temporary files from your computer.
3.1.3 System Internals (Advanced Users Only!)
The System Internals tool will search for inconsistent and incorrectly named files within the Windows Registry. The
Windows Registry is explained in the CCleaner guide section, 'The Windows Registry.
Spybot - anti-spyware 06/03/2009 01:18
http://en.security.ngoinabox.org/book/export/html/158 14 of 17
Figure 22: The System Internals screen
Step 1. Click: to begin searching for problems in the Windows Registry.
Step 2. After the scan is completed, click: to correct all problems found during the scan.
3.1.4 System Startup (Advanced Users Only!)
The System Startup tool displays in sequence all programs loaded by Windows upon starting up your computer. It lets
you decide which are necessary and which are not essential.
Tip: Removing unnecessary items from this list means that Windows will start up faster.
Spybot - anti-spyware 06/03/2009 01:18
http://en.security.ngoinabox.org/book/export/html/158 15 of 17
Figure 23: The System Startup screen
Step 1. Click: to activate the information pane.
In this information pane, each highlighted item has its behaviour and function described. Read these descriptions
carefully before you decide whether an item needs to be loaded when starting up Windows.
FAQ and Review
Both Elena and Nikolai find Spybot to be a comprehensive and easy-to-use program. Its critical function--keeping a
computer free from spyware--is performed automatically. Although they are a little nervous about allowing or denying
changes in response to different TeaTimer queries, they both feel that they will learn to distinguish real processes from
malicious ones as they gain experience.
Q: What happens to the spyware programs Spybot has found in past searches if I uninstall the program? Do they remainon my computer in 'quarantine', or have they actually been removed?
A: When you uninstall Spybot, it will delete all items held in quarantine as well.
Q: Nikolai, I keep losing some cookies and trackers I find useful. How can I prevent them from being fixed or removed?
A: Don’t worry. There are a couple of ways to protect useful cookies and trackers. First, after Spybot has scanned yoursystem, it will list all the problems and threats it has detected there. Click on each one to reveal more information abouteach item, and to help you decide what you want to either delete or keep. Alternatively, launch Spybot and then selectMode > Advanced > Settings. Here, you can specify with greater accuracy which items you would like to omit fromyour search and destroy missions.
Q: Is Spybot difficult to uninstall?
A: Actually, it’s pretty easy. Simply Select > Start > All Programs > Spybot – Search & Destroy > Uninstall Spybot
S&D.
Q: I have a slow Internet connection. How can I optimize the download speed for the detection rules and immunizationdatabase?
A: Make sure you select the database updates that correspond to your area or region of the world where you live. No
Spybot - anti-spyware 06/03/2009 01:18
http://en.security.ngoinabox.org/book/export/html/158 16 of 17
point updating a database located on a server based in Asia when you’re living in Europe, if you cannot spare thebandwidth. The regions are clearly marked by flags, and so you should be able to identify the server nearest to you quiteeasily.
Q: How come Spybot doesn’t automatically update its detection rules and immunization databases when I open it?
A: Automatic updates happen on the network and professional versions of Spybot. Given that you are using a freeversion, some features are unavailable. Still, manually updating Spybot's detection rules and immunisation databases isrelatively easy. Here is a handy Flash animation to show you how to update your system manually: http://www.safer-networking.org/en/howto/update.hs.html
4.1 Questions with which to test yourself after completing the guide
What is malware and how can it infect your computer?1.
What is the purpose of TeaTimer?2.
When you delete something with Spybot, is it possible to recover it later?3.
Apart from looking for and destroying malware, what are Spybot's other functions?4.
Spybot - anti-spyware 06/03/2009 01:18
http://en.security.ngoinabox.org/book/export/html/158 17 of 17