Community Newsletter: Q&A: 4/1/05 Removing malware that just won't die!

Honorable mentions

by Lee Koo (ADMIN)  - 3/31/05 5:29 PM

In reply to: 4/1/05 Removing malware that just won't die! by Lee Koo (ADMIN) 

****Honorable mentions****



Answer:

Hi Tom - Chances are, you are dealing with a combination of several spyware infections, along with at least one (probably more) trojan horse(s). Spybot and Ad-Aware do quite well with spyware/adware but don't do much with viruses and trojan horses. The good news is that you can likely eradicate your daughters malware infection, and not spend a dime in doing so! Here are some steps to follow:

Step one: (if not done already) You need to turn on the computer's firewall. Xp2's firewall is an improvement over SP1 and quite easy to use. To enable the firewall, simply click the SP2 Windows security icon in your system tray (bottom right), then click recommendations, and click enable now. Don't see the security icon? Then click start, then My Network Places, then View Network Connections (upper right) then right click on the connection you are using. Click properties, then advanced, then settings and turn the firewall on. This will limit most inbound connections, and will make it easier to clean the computer. For a more powerful and user configurable firewall, check out Zone Alarm Free available at www.Zonelabs.com

Step 2: Turn off system restore. To do this, right click on the My Computer icon on your desktop and select properties. Select the system restore tab and put a check in the box that says turn off system restore on all drives, then click the apply button. The reason to do this is that system restore mirrors the current state of your system, and once your system is infected, system restore will restore the malware on each new boot up.

Step 3: Scan your system with a good online virus scan. My favorite is by Trend Micro, and is available at: http://housecall.trendmicro.com/.
Click the scan now, it's free button, tell them what country you live in, and be sure to click the auto clean button after the virus definitions have downloaded. The reason to do an online virus scan is because sometimes your own anti-virus software can become compromised when your system gets infected.

Step 4 A. If the Trend Micro scan cleans every infection it finds go to step five, else go to step 4 B.

Step 4 B: If the online scan couldn't delete some files, make careful note of their name AND their location. Reboot your computer into safe mode with networking, and navigate to the location of every file found and delete them. The reason that you couldn't delete the files in normal mode is that they were currently in use, and XP won't always let you delete a file that is in use - booting into safe mode allows only protected operating system files to run.Afterwards, it might be a good idea to run another virus scan in safe mode, just to be sure.

(To reboot into safe mode, restart your computer by clicking the start button, then turn off, then restart. Hit the F8 button repeatedly on boot up, and it should take you to a screen with several boot up
choices.)

Step 5: To ensure that you have cleaned everything - you need to hit the triple play of free anti-spyware software.

1: Run a full system scan with the latest version of Ad-Aware (available at
www.Lavasoftusa.com)

2. Run a full system scan with Spybot Search and Destroy (available at: www.Safer-Networking.org/en/index.html)

3. Run a full scan with CwShredder (available at:
http://www.Intermute.com/spysubtract/cwshredder_download.html) It is
critically important that you update each product before you scan as anti-spyware products have definitions that need to be updated just like anti-virus software does.

Step 6: Chances are, you should be clean by now. Now it's time for some preventative measures. First, go to www.windowsupdate.com and install the latest security patches (Microsoft has released several since Sp2) Then go to www.Javacoolsoftware.com and install the latest version of Spyware Blaster, which is a great tool for preventing Spyware from ever getting on your system. Finally, go to www.toolbar.google.com and install Google's free toolbar, which includes a pop-up blocker, among many other nifty tools.

And there you have it - a cleaned up and well protected system, and you didn't have to spend any money on software or a computer technician.

I very much hope this helps!


Submitted by: Chase T.


***************************************************************************

Answer:

Hi Tom

It is hard to tell. A person has to be really observant as to where they went and when they first noticed the pop up, the change of home page, so on, so forth. You did not say as to what browser type you are using (such as I.E. and what version, Mozilla, Firefox, Opera, etc). Most of the spyware/adware comes from downloads, you know those little freebie applications, they do not cost anything other then allowing the sponsor of the software to inserting their little "report back to sponsor" routine, so we can pop up an ad at the most inopportune times and some porno sites as well, I will bet.

I hate to say this, but this is a problem that one has to go to an area I fear to go to myself, that is the dreaded registry. But before you do that back up the registry, then identify the problem, that is find out what of the spyware it is. This is so that you can go to your favorite search engine and type in the identified culprit and get the registry removal instructions from a site that is set up for removing spyware. I used "spyware remove" to find a couple of sites listed below.

PC Hell: http://www.pchell.com/

And as strange as it may be Microsoft is a good source of advice: http://www.microsoft.com/athome/security/spyware/default.mspx

As a temporary stop gap measure you could put in an app that is called a Pop up stopper. I have used the software below myself and it works. The main object though is to remove the offending pop up's.

Panicware free Pop up stopper download:
http://www.panicware.com/product_downloads.html (but you have to hunt it down on the download page)

There is something else that I have a feeling about, is that your daughter does not have a firewall on her computer. ZoneLabs has a free firewall download (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?lid=dbtopnav_za). The reason I am suggesting this firewall is that if spyware tries to report back ZoneAlarm will give you the option to deny the software access to the net, deny it unless you know why it is trying to again access to the web.

I hate to say this but the best way to avoid having spyware/adware in the first place is not to download game apps or any kind of application unless two things are done:

Read closely the warnings, End user license or any other thing pertaining to the use of the software, what they (the software sponsor) can do with your computer.

Do I really need this software, am I willing to put up with the aggravation that might ensue?

And the third unwritten rule is; Only deal with downloads that you know is free of spyware/adware.

Hope this helps, Rick B.

Submitted by: Rick B.

***************************************************************************

Answer:

Answer:
First, get rid of Spy Doctor, supplement Spybot and Ad-Aware, then follow up with a full antivirus scan, install a firewall program, and finally double-check to see if you have any spyware-loading applications.

To explain:
Check http://www.spywarewarrior.com/rogue_anti-spyware.htm for a list of products that claim to be anti-spyware, but are frequently part of the spyware problem. SpyDoctor is on this list, which is why I suggested you get rid of it.
Recent studies ( http://windowssecrets.com/050127/ -- go to "Anti-adware misses most malware" ) have shown that the Spybot/Ad-Aware combination only catch a little more than half of the spyware out there, which means you still have a near 50% chance of infestation.
What to supplement with? Microsoft's Anti-spyware (currently available for free download from Microsoft, but still a beta version), Webroot's Spy Sweeper (MSRP US$29.95, http://www.webroot.com/ ) and/or Sunbelt Software's CounterSpy (MSRP US$19.95). Another free application, "HijackThis" is available from http://www.tomcoyote.org/hjt/ . Reports indicate that a CounterSpy/HijackThis combination will catch 100% of spyware. However, CAUTION!! HijackThis is for advanced users only!
Read all documentation carefully before using it, and if you're uncomfortable about it, don't use it. Think of it as a surgical tool:
when used properly, it can cure a patient, but if used improperly, it can cause even more damage.

Now, spyware (and a close relative: adware) is not the only threat to your computer. I could go on and on about viruses, but suffice it here to say that you need a good antivirus program. My current favorite is AVG AntiVirus ( http://www.grisoft.com/doc/1 ) for two reasons: it's available for free, and more importantly, it works. For an initial scan, however, you may want to consider backing it up with a scan from a completely different vendor. Housecall by TrendMicro ( http://housecall.trendmicro.com/ ) offers a very powerful online scanner (and their retail anti-virus package is also top-rated).

The firewall supplied with Windows XP is insufficient; it only scans incoming data. But if your computer is already infected, the malware can "phone home" and download even more stuff. You need something that scans both incoming and outgoing traffic. For this, I recommend ZoneAlarm ( http://www.zonelabs.com/ ).

The question did not indicate how old the daughter is, but I'll assume that she's of the age that does not yet have the experience which grants wisdom in certain things, enjoys being social, and probably likes to share certain information, which may include file sharing. As such, she may entertain the thought of P2P (Peer-to-Peer) software.
This enables people to share files across the internet, downloading the files directly from each other. However, some software contains spyware. See http://www.benedelman.org/spyware/p2p/ for more information on this potential threat. P2P usage should be generally discouraged anyway. IM (Instant Messaging) software (such as AOL or MSN instant messengers) isn't completely safe either. Hackers seem to be concentrating on exploiting these to plant spyware on your computers. I'm not saying that you shouldn't use IM, but be careful, keep them up-to-date, and watch for security buletins from their respective makers.

As a final note, it's always a good idea to perform general maintenance on the computer: run Scandisk and Defrag on a regular basis (weekly to monthly), keep the above-mentioned tools up-to-date, and run Microsoft's Windows Update service on at least a monthly basis.

Good luck!!


Submitted by: Michael B. of Taylorsville, Utah, United States

***************************************************************************

Answer:

Tom,

Some of the most heinous spyware hide little programs that automatically start up with Windows when you boot up. You can manually go through your startup items using Windows' own tools, but if you have Spybot Search & Destroy, you may find the 'System Startup' tool far easier to use, and more informative! Here’s what to do:

1. Leave your infected computer unplugged from the cable modem.

2. Boot up the computer, and run Spybot S&D again. It will no doubt find spyware that reinstalled itself during the boot up. Allow Spybot to clean the infection by clicking on ‘Fix selected problems.’

3. If Spybot is not in Advanced Mode, switch to it (on the menu bar, click on ‘Mode,’ then ‘Advanced Mode’).

4. In the left-hand pane, click on ‘Tools,’ that is now displayed.

5. Click on ‘System Startup.’ This will open a display in the right pane of all the items that are currently set to start up with Windows.

6. If you do not see a yellow information pane on the far right, click on the button on the right edge of the window that has two left pointing arrows. You can now see any known details on each of the startup items as you click on them.

7. Starting at the top, click on each of the startup items in turn. The information pane will help you to determine what is a legitimate startup file, and what is not. If an item shows “No information available,” it may not necessarily be spyware. For example, IMONTRAY is a non-essential utility from Intel, that allows monitoring the operating conditions of an Intel mother-board. If you like it, leave it running – if not, simply uncheck the box. The file is not deleted, and you can choose to re-enable it by running through these steps again.
8. When you find an item that is definitely spyware, you can choose to uncheck it to prevent it from starting up, or you can delete it entirely by clicking on the ‘Delete’ icon.

9. If you run across an item that you just don’t know is spyware or not, go ahead and uncheck it. If it turns out to be for a program that you regularly use, you can always turn it back on. Note that most programs DO NOT need to be loaded at startup! You can always access them from your Programs menu, or from shortcuts. Typically, programs are loaded at startup that you want to have monitor your system or load a service you use (i.e., antivirus programs, MSN or Windows Messenger, etc.). Other programs simply load an icon onto your taskbar tray (next to your clock) so you can have yet another way to access the program – not only unnecessary, but also cluttering your taskbar and hogging your system resources. Turn off what you don’t use.
10. When done, plug your cable modem back in, and restart your computer. If you were successful, the scores of popups that you were seeing should be gone. Launch Spybot again, download the latest detection updates, and check for problems again to find even more spyware!

To help guard against malicious spyware, I would also recommend enabling Spybot’s Resident active blocking features. Click on ‘Tools,’ again (you must be in Advanced Mode). Then click on ‘Resident.’ Put checks in the boxes for SDHelper and TeaTimer. TeaTimer is especially useful to prevent malicious websites from making changes to your system registry. I use another freeware active blocking program called SpywareBlaster (recommended by Spybot, www.javacoolsoftware.com). The site is supported by donations, and you can also pay for automatic update subscriptions – or you can just run the program, and download the updates manually for free.

If you are using Internet Explorer as your web browser. Know that it is the most common browser, and therefore the one that has the most exploits written for it. Consider downloading Mozilla or Mozilla Firefox
(www.mozilla.org) or other 3rd party browser. You don't have to give up IE entirely (which you will still need for visiting Windows Updates, and some online purchasing sites), but you can use the new browser for most of your surfing. I love the Mozilla products for their use of Tabs - you can open web links in the same browser window, in tabs that you can click between.
Much better than cluttering your desktop with dozens of browser windows! You can even save entire collections of tabs in one bookmark - very useful if you are researching something, or are always visiting the same group of sites!

Finally, remember that you can not make yourself immune from spyware (short of canceling your internet access subscription)! You can only slow your rate of infection, minimize its damage, and clean it off regularly. I would recommend running Spybot and SpywareBlaster no less than once a month. I hope this advice helps!


Submitted by: Hung W. of Portland, OR

***************************************************************************

Answer:

Cleaning out hard drive after a mass infection from my experience is not easy; almost better to reformat and start all over. But I did help two people with such but it requires dropping down to DOS for the capability to delete some .exe's that Spybot and other such programs could not clear out of memory with even a reboot. One particular program would recreate itself within the registry at every boot so even a DOS delete did not get rid of the program. Only with a System Restore could I go back before she had downloaded the program to take the registry recreation out of the registry then I go to the offending .exe and finally delete it since it no longer had the registry to tell itself to remake itself.

To find the troublemakers I used Spybot only, that worked for me, though using other programs as well never hurts to double check. Once I had the ID of the .exes that the spy program identified, I wrote them down and I did not use Spybot to try to delete it since it can't do everything. Instead I went to the search option, making sure that for WindowsXP the hidden files are shown. That can be done through the Windows Explorer program, going to Tools then down to Folder Options (WinMe and 98 also). On the View Tab make sure all the display choices are checked and the Show hidden files and folders is dotted, then take away any checkmarks from the Hide choices. (You can always go back and put a checkmark back to hiding the system files when done). This will
cover any file from being hidden. With WindowsXP's search option go to
the All Files and Folders and when that box is open go to the More advanced options, clicking on that option to bring up more choices and make sure the Search hidden files and folders is checked. Then go looking for the .exes that the spyware programs have found and look each one up with the search option and once found highlight it and delete the program. The programs that you can't delete will leave you with other options.

You can try Safe Mode first by hitting F8 a few times during reboot at the boot screen right after the memory is checked and the hard drives are recognized, before the system boots itself into Windows. Once you get to the Boot Menu you can go to Safe Mode and once loaded find those .exes the same way and see if you can delete them from there. If not you'll have to go to DOS and see if you can delete. With WinMe and 98 that is easier by using a floppy boot disk to take you to a pure DOS state as you boot with the floppy. In your board's bios can you find the boot options, (there is no set place to look under, advance options from the setup menu is the more common place to find the boot options) Once there you can chance the first boot to a floppy or a CD, depending if you use WinMe, 98 or the CD option for XP. You can make all of the boot options to floppy or all to CD if you want to be sure you'll do nothing but boot where you want to go. You can always change back once finished. (This is also done from the boot screen by hitting the delete button or F1 key, depending on what the boot screen tells you how to enter setup). Once you are into a pure DOS screen it will leave you at the A:\. There you can type C:\ to go to your hard drive then type the CD command to go to the folders where the .exes are located. For
example: C:\Program Files\NNN\ is the path of a particular folder that contains the offending .exe. Once you are in that folder you can delete the .exe. Windows XP is a little tricker with having to boot using your WinXP CD, making sure the boot option is for the CDROM first if not all. Once XP boots up its setup program go to the second option by using the 'R' key. This will take a process to load up to the so call Restore configuration which is basically back to a pure DOS screen.
This will take you to the C:\ drive instead of the A drive, from the C:\ drive you can CD to the path you need to find the .exe location. Once there you can use the same commands to delete the .exe (either del or delete).

Of course when you boot up and the program recreates itself and starts all over again you can go to the registry and figure out how the program is telling itself to remake itself and delete those keys but this is beyond my experience so instead I went to System Restore and went back to a date that I knew before they had that trouble with the certain spyware and restored the registry back before the time of infection and got rid of that registry entry creating the problem. Then I went back to the search option and finding that recreated .exe, deleted it once and for all since it no longer had the registry to back it up and it wasn't being loaded anymore. The tricks they use are getting amazing. The only other option if you can't restore to that point of no infection is to reformat the hard drive and start over from scratch. (That's another quite a few paragraphs). The system restore can be considered first since it will clear out your registry but you will have to still go through the search and delete those .exe's afterwards since that will still be on the hard drive though powerless without the registry. I just delete them anyway to get rid of 'em. \

Afterwards I have updated to the newest Spybot that now offers browser protection before infection and still use Zone Alarm (that keeps popups from just going through the internet and finding an uncovered port, some do not need an .exe planted on the hard drive and Zone Alarm also tells me when a certain .exe is trying to access the internet that I don't want to access the internet). The best antivirus I have found is through CNET's recommendation is Trend Mirco since it also offers real time scanning and prevention. Using all three of these programs I feel more secure until of course they figure out to write over all of these. Least we can always reformat and zap them all.


Submitted by: S.

***************************************************************************

Answer:

Tom,

Sometimes the spyware fixing software cannot fix all the problems it finds, for example DSO Exploit. For these, additional work, usually registry edits, will be required to be done manually.

here is the fix for "DSO Exploit"

http://groups.google.com/groups?q=%22dso+exploit%22&hl=en&lr=&selm=k%23N
pk74kEHA.2516%40cpmsftngxa10.phx.gbl&rnum=7

In severe cases it may be necessary to reformat the hard drive and reload Windows and all your apps. To facilitate this I recommend using a drive imaging software, such as PowerQuest Drive Image Pro. This way you can quickly and easily load a pristine image that contains all your OS and applications ( and anything else on the hard drive). You will also want to back up your data periodically, so you can easily put that back after restoring the disk image to the hard drive.

If you are really tired of battling spyware and viruses, you probably want to switch to Linux or the Mac OS, though the latter may require purchasing new harware.

Submitted by: Eric R.


***************************************************************************

Answer:

What you are experiencing has driven my business for the past six months, however, it is the type of problem that can make us fear just how time saving using the computer really is? The solution can really depend on how much time you want to spend. Many hours could be spent finding each one or you could do as we have for so many of our clients when coming to us for this problem. We locate all the data files and download to our server. In your case you might just back up on disk, CDrom, DVD, all the data files you wish to keep to be put back in when you're ready. Next, you need to have your operating disk ready to reinstall your operating system. Each install disk has its own way of reinstalling the operating system so be very cautious and read each option before proceeding. From XP Pro to XP Home to Win2000P to whatever operating system it may be there are certain questions to be answered to properly reinstall. If it asks if you wish to delete the partition, say yes and then change the number of megabytes by any number other than that which is stated. And if it asks if you want "NTFS" or "FAT 32" I would encourage you to make it "NTFS". After these decisions follow instructions carefully and you should be about an hour or two from success.

Now you will need all your applications (software programs) to reinstall, afterwhich, you can then copy and paste all your data files, folders, etc.
into My Documents or wherever you wish but keep it siimple and contained. By the way, if your drive is 2-3 years old, you had better think about your data dissolving without warning so better back up frequently because your drive is about to find its way to drive heaven. I know, because over the past twenty years of doing data recovery not one drive manufacturer shows up lasting longer than another. Some last two weeks and some two years and longer but how long is a guess. The many factors which affect hard drives are so varied there are no substantial reasons for each failure but some can be reasoned from location and electrical appliances such as air conditioners and refrigerators. This is another article, though, relating to electrical sags and spikes.

Submitted by: Steve K.


***************************************************************************

Answer:

Typically, I have found, when a computer is that severely infected with Spyware then the best bet is to backup the data, wipe out the hard drive and reload the system. In some cases this is not an option, especially if you do not have the original system disks or the disks for all of your software.

In this case, go to "Add/Remove" and remove any program that could be spyware. If you are unsure, check with http://www.spywareguide.com/product_list_full.php or another spyware listing website to check before uninstalling. And, if you feel that you are qualified, go to Start>Run>MSConfig, click on the startup tab and remove any programs that do not need to startup with your computer.

Then, try and download Microsoft AntiSpyware Beta version from www.giantantispyware.com, run several scans to see if you can eliminate additional spyware files. If MS AntiSpyware does not work, download Hijack This from http://www.tomcoyote.org/hjt/. This program logs every process running on your computer. It is very important that you show this log to a computer technician that can interpret the data and tell you exactly what processes to eliminate. One forum to post the log for feedback is www.annoyances.org, I have found this site to be particularly helpful. If your computer will not. allow you to get on the Internet to download these programs, you can download the install patch from another computer and install it from the CD-Rom drive.

It is also important to eliminate the possibility of viruses on the system. Most likely you are dealing with a combination of viruses (trojans) and spyware. A good source for scanning your computer online is www.antivirus.com which will redirect you to Trend Micros website. Click "scan your computer for free" and walk through the various screens to scan your computer for both viruses and security problems.

If a combination of all of these things still does not fix your computer, you have two choices; one, remove the hard drive (assuming this is a desktop computer) and install it as a slave drive in a clean computer, scan using the tools of the clean computer to hopefully wipe out the problem or two, back up your data and rebuild.

Make sure your daughter knows not to click on anything that says it is "free" ~ you will pay for it in spyware and viruses. Also, make sure she knows not to chat with anyone that she does not know. It is also helpful to set Instant Messenger so that it does not start each time your computer starts.

I hope this helps.

Submitted by:
Peaches D.

***************************************************************************

Answer:

Tom:
First of all, let me start by saying there is too many types of spyware to ensure that I am covering all the bases here, but I will try.

First of all, SpyBot, and SpyDoctor are not two of the better respected AS programs out there. Ad-Aware is good, but not the end all of spyware. Microsoft
AntiSpyware (http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en) is actually one of the better ones out there right now. This was formerly known as Giant Antispyware, and it was one of the better ones (more info from http://www.giantcompany.com/)

However, even combining the efforts of Ad-Aware and the Microsoft AS it won't get rid of it all so now it's time to get a little more technical.

Open up MSConfig by clicking Start > Run, type MSConfig and click the ok button. Click the startup tab in the window that opens and un-check anything that doesn't look familiar. Please note that AntiVirus software, as well as Audio and Video drivers may load from here so be careful. This will
(hopefully) disable the startup of a lot of the spyware. Also note that if need be, running the MS Antispyware, and Ad-Aware in safe mode will often remove much more spyware then running windows in normal mode. If you're unsure how to start into safe mode see this.
http://www.pchell.com/support/safemode.shtml

Now assuming it's clean (or noticeably cleaner) we should make sure to remove programs that are famous for spyware/ad-ware distribution.

- Remove Kazaa/Morpheus/Grokster and other P2P programs as they often have security holes that spyware will enter through.
- Stop using Internet Explorer, Try Firefox, Mozilla, or Opera instead.
- Remove any "search helpers" or toolbars for Internet Explorer since these are always spyware. (Note: Google Bar, and MSN Toolbar are the ONLY
exceptions) These can often be removed from Add/remove programs in control panel or by removing "BHO" objects in MS Antispyware

These tips should get you a lot closer to a clean system. Other things to try is to continue to remove things from startup using MSConfig, but while in safe mode, and do a full scan while you're there. Sometimes as a spyware program is shutting down (with windows) it makes sure that it's going to start up next time, it can't do this in safe mode usually.

For a deeper comparison of two dozen different Anti-Spyware programs check out a comparison from spyware warrior at http://spywarewarrior.com/asw-test-guide.htm
The also have a list of some of the better AntiSpyware programs available on their site. http://spywarewarrior.com/asw-features.htm

Hope this Helps
Shawn

Submitted by:

***************************************************************************

Answer:

Tom,

Welcome to Capitalism 101....the Internet.
It appears that you have some adware on your daughter's machine that connects to a number of sites every day, whereupon the author gets a fraction of a cent for every connection. A fraction of a cent isn't much but it adds up.

So, how to eradicate it. Spybot Search & Destroy and AdAware are both good programs and, used together can eradicate as much as 80% of known spyware and adware. However, you also mentioned that you use Spy Doctor. Spy Doctor is listed on the Spyware Warrior list of Rogue/Suspect Anti-Spyware Products list (http://www.spywarewarrior.com/rogue_anti-spyware.htm). You may wish to consult the list and perhaps uninstall it.

Your next best bet is HijackThis (http://www.majorgeeks.com/download3155.html). It's a free download and quick install that will analyze your computer and display a list of installed software. Don't take it upon yourself to analyze the list, leave that to the experts. HijackThis is a dangerous tool in the wrong hands. Save the list and post it to one of the many free HijackThis log analysis blogs on the web. Lockergnome (http://www.lockergnome.com/) is a good one but there are a number of others. Here's a perfect opportunity to let the power of the Internet combined with the altruism of true geeks help to rid, or at least thwart one of the worst type of parisites.
Let me pre-empt your next question and make a suggestion or two regarding how to prevent infection next time. First, use the 'Immunize this computer' option in Spybot. It blocks over a thousand known adware sites. Second, install the free Microsoft Windows Anti-Spyware Beta (http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en). It's contains a very good spyware blocker. Third, install a toolbar with a popup blocker like the Google Toolbar (http://toolbar.google.com/?promo=mor-tb-en). It can effectively block the few remaining popups on the Internet. Lastly, it would be easy to tell you to never install any free downloaded software or visit any suspicious web sites but that's impractical and just plain boring. So, tell your daughter that, whenever she gets a popup asking to install something, don't click yes, don't click no, instead, close the dialog by clicking on the X in the upper right corner.

Good luck and don't blame your daughter, it happens to the best of us.

Submitted by: Don P