|
|
Spencer Smith
Microcomputer Support Specialist
spencera@darkwing.uoregon.edu
In case you didn't already know, Spyware is a program that reports information about you and your Internet usage back to a central server, and adware are programs that cause the pesky pop-up windows to blare advertisements randomly every time you connect to the network. These programs can slow your computer to a crawl, and often redirect all your web browsing activity through their own servers to observe and catalog your Internet activity.
The load of spyware and adware grows the longer you browse the Internet; the current largest number of individual spyware components found on one machine brought to Microcomputer Services was 2100 items! This load of advertisements and background activity can take a fast computer and slow it to a complete stop. If you've noticed a lot of pop-up advertising while you surf the 'net and your computer has begun to crawl like molasses in January, you may be infested with Spyware.
There are several tools available to delouse your computer of its accumulated spyware and adware. Spybot (http://www.safer-networking.org/) and Ad-aware (http://www.lavasoftusa.com/support/download/) can scan for and eliminate these unwanted programs. However, eliminating the spyware can have other unwanted side-effects.
Some spyware modifies the Windows operating system, changing the way the TCP/IP connection is routed at a very low level. Removing the spyware can leave your Internet connection subtly broken; often it can send out information (good for the spyware people), but not receive information (bad for you).
The major symptom of this network stack corruption is the lack of a valid TCP/IP address. The WinSock2 stack can become so broken that it is unable to accept and decipher the information from the local network. When this happens, Windows gives up and assigns itself an address that looks like '169.xx.xx.xx', where 'xx' is some random number between 0 and 255. If you examine your IP address and it has '169' as its first parameter, your WinSock2 stack may be corrupted.
This default address can also indicate a lack of signal from your Ethernet connection. If you are on campus or connected to the campus network, this lack of address could also indicate that your network jack has been disabled due to a worm or virus infestation. Unless you've just scanned for and eliminated spyware on your computer, you should investigate the Ethernet cable, your network jack, and your Internet connection by calling ResNet (346-4223) for problems in the residence halls, or Network Services (346-4395) for all other Ethernet connections. They will be able to tell you if your Ethernet connection has been disabled, and why.
WinSock2 Fix: There is a tool available online that will fix this Registry/protocol corruption, and restore your Internet connectivity. If you can get to an uncorrupted computer, the WinSock2 fix (for Windows 98, ME and 2000) is available at ftp://public.uoregon.edu/software/Utilities/WinsockFix.exe
For Windows XP, the URL is ftp://public.uoregon.edu/software/Utilities/WinsockXPFix.exe
The tool is also included on the UO Security CD, available in Room 151 McKenzie Hall. Be sure to get the most current version of this CD; the problems, worms, and viruses it detects and disinfects changes constantly, and new revisions of the CD are being created frequently.
WinSock2 is a freeware tool written by Theron Skryba of Option Explicit Software. It comes with no warranty of any kind, but has appeared to work very well in all the trials we've given it here at Microcomputer Services.
Scanning for and eliminating unwanted spyware and adware programs should be a part of your ongoing, standard maintenance. Scan your computer at least once a week for spyware and adware. Scan for viruses at the same time; a weekly scan is recommended. Update your virus definitions and spyware definitions frequently. Norton AntiVirus, Spybot, and Ad-aware all have online updates integrated into their scanning programs.
If you have any questions about your Internet connectivity, or would like some help checking on your account's status, feel free to call Microcomputer Services at 346-4412. You can also reach us via email at microhelp@lists.uoregon.edu.