SEARCH

How-To Geek

How Does Spyware, Malware or Crapware Get on My Computer?

Have you ever wondered how malware, spyware, scareware, crapware, or other undesirable software might get on a computer? First we’ll illustrate how easily your system can be infected, and then we’ll show you how to clean it up.

Our example system, running Windows 7, was set up from a worst case scenario point of view: Someone who was only interested in quickly getting to all the “fun stuff” on the internet with absolutely no concern for personal or computer security.

Freshly Installed – Pre Malware

Here you can see the number of processes (and type) that were running on our freshly installed Windows 7 system. The install was so fresh that the only protection that this system had was the Windows Firewall and Windows Defender to keep the malware and virus hordes at bay.

infested-01

How Some Malware Gets On Your Computer

Malware, spyware, and other junk software makes it onto your computer for a number of reasons:

  • You installed something you really shouldn’t have, from an untrustworthy source. Often these include screensavers, toolbars, or torrents that you didn’t scan for viruses.
  • You didn’t pay attention when installing a “reputable” application that bundles “optional” crapware.
  • You’ve already managed to get yourself infected, and the malware installs even more malware.
  • You aren’t using a quality Anti-Virus or Anti-Spyware application.

Watch Out for Insidious Bundled Crapware

Editor’s Note: One of the biggest problems recently is that the makers of popular software keep selling out, and including “optional” crapware that nobody needs or wants. This way they profit off the unsuspecting users that aren’t tech-savvy enough to know any better. They should be ashamed.

On our example system we installed Digsby Messenger, a very popular “reputable” application. This was the regular install version and as you can see in the following screenshots, there are attempts to get you to install undesirable software or make “not so good” changes on your computer. If a person is not careful, then their system becomes infected.

Here you can see the attempt to add the “My.Freeze.com Toolbar” to your browser(s)…definitely not good! Notice that while it does state that the software may be removed later, some people may 1.) Not notice it (lack of attention), 2.) Be in too much of a hurry to install the software to notice, or 3.) Not be familiar or comfortable with removing the software after it is already installed on their system.

The real trick with Digsby (and other software that is set up with the same installation style) is that clicking on “Decline” still allows the installation of Digsby itself to proceed. But can you imagine how things can end up for those people who may think or believe that the only way to get Digsby or similar software installed is to click on “Accept”? It has a really deceptive style!

Note: For more, read our article on avoiding crapware when installing Digsby.

infested-02

A very obvious attempt to make “My.Freeze.com” the new homepage for your browser(s). Once again the “Decline” versus “Accept” dilemma combined with a checkmark selection choice…

infested-03

If you have many programs that attempt to install “value-added” software like this on your system, you will quickly find that the majority (or all) of your operating system’s resources are being used up by malware (i.e. background processes). You are also likely to find that you will have unstable or very sluggish browser response, and are likely to have your personal and computer’s security compromised.

Just How Quickly Can a System Become Infected?

It only took 2.5 hours to reach the level described in our article…simply surfing wherever for “whatever looked interesting or different”, downloading things like screensavers, file-sharing applications, and installing questionable software from advertisements.

The possibilities for becoming infected with viruses or malware were rather high with little to no protection or forethought given concerning what was installed or for the websites visited. Searches for various “less than desirable” pictures, screensavers, clicking on ads, etc. made it very easy to find trouble…perhaps the better way to phrase that is that it was very easy for trouble to find our example system.

Here you can see a screenshot of the desktop of our example system. Notice that there are icons for file sharing programs, fake anti-malware programs, icons for various screensavers, less than nice websites (possible additional infection vectors), and a virtual dancing woman. Nothing good here!

infested-04

Here is a look at the Start Menu…notice that some of the malware has obvious shortcuts in the Startup Folder, but there were plenty on our example system that were not shown in this folder.

infested-05

A quick look at an over abundance of toolbars plaguing Internet Explorer 8…by this point the browser was already having some problems starting properly (very slow), some episodes of crashing, and some browser hijacking had occurred.

infested-06

Taking a peek at the Program Uninstall Window shows a variety of malware and undesirable software types that were on our example system.

Note: These are the ones that actually bothered with listing an entry in the Uninstall Registry.

infested-07

A Good Look at Scareware

What is scareware? It is software that once installed on your system will try to trick you into believing that you have a highly infected system with some very high “numbers of infections” found. These programs will constantly bother you to register and purchase the software in order to clean up your computer system.

Here you can see two examples of well known scareware. SpywareStop and AntiSpyware 2009. Do not be surprised if you notice that these two “separate” softwares seem to be extremely alike in looks, style, and operation. They are exactly alike…the same wolf just different sheep skins. This is a common practice to stay ahead of legitimate anti-malware and anti-virus software and not be deleted before hopefully being purchased by unsuspecting computer users.

A good look at the two screens that appeared every time we started our example system…absolutely no hesitation to “remind us” how infected our computer was and that we should register the software now. Disgusting!!

Note: The SpywareStop website was presented to us courtesy of a browser hijacking…and of course we were encouraged to install it.

infested-08

The main window for SpywareStop…oh so quick to try and encourage you to remove the infections.

infested-09

The System Tray pop up window for SpywareStop…

infested-10

What do things look like if someone went to register the software and purchase it? The registration starts with a request for basic information including an e-mail address. Chances are the addresses harvested in this manner will be sold to spammers…the potential for a little extra income will definitely have an appeal.

infested-11

Notice that additional services and software are readily available! Nothing like an opportunity to make even more easy money once they have someone this far in…and of course you can use your credit card. How convenient for them…

infested-12

The ever wonderful cousin to SpywareStop…the infamous AntiSpyware 2009 (also very well known with the 2008 designation).

infested-13

And the wonderful System Tray pop up window for AntiSpyware 2009…the fun never stops!

infested-14

What about registration for this one? Take a good look at these two screenshots and compare them with the two shown above. There is so little difference…yet another sign that these are identical scareware programs with altered user interfaces and alternate websites.

infested-15

How nice! More additional software available for you to buy and the ability to use that credit card and PayPal!

infested-16

Some Other Things That Come with Malware

Here is another irritating feature of some malware. Nice pop up windows harassing you to take surveys or do other things. This was an additional “gift” from one of the programs installed on our example system.

infested-17

A Look at the Processes Running After Infection

Compare the screenshot of running processes shown at the beginning of the article and then the running processes shown here. You can already see a significant increase. Not good for you or your computer!

infested-18

Conclusion

While nothing super horrible got onto our example system within those 2.5 hours, it is still easy to see just how quickly a system can start to become a mess. Imagine a system that has been exposed for a much longer period of time and is heavily infected! The best approach is to avoid trouble from the beginning. But if you find yourself or someone you know with an infected system then take a look at our upcoming series on removing malware from an infected computer.

Note: By the time the short “infestation period” was finished on our example system, the Windows Firewall, Windows Defender, and the Security Settings for Internet Explorer had all been either 1.) Turned off or 2.) Set to the lowest possible settings. In addition, no legitimate anti-virus or anti-malware software was installed. This system was totally unprotected in exchange for so-called “speed and convenience”.

Next Up: Removing the Spyware

Stay tuned, as tomorrow we will show you how we cleaned up the crapware-filled computer with Spybot Search & Destroy. And then later this week, we’ll show how well Ad-Aware and MalwareBytes performed against the same set of spyware.

Akemi Iwaya (Asian Angel) is our very own Firefox Fangirl who enjoys working with multiple browsers and loves 'old school' role-playing games. Visit her on Twitter and .

  • Published 08/3/09

Comments (37)

  1. Nils Geylen

    Great writeup. I’ve endlessly ranted against this kind of horrible consumer scamming – which is what it is.

    While it’s not exactly viruses or malware, these things do make a mess of anyone’s system. And then it’s up to us to get rid of it all. Clean install is always my answer but that often doesn’t seem to go in well.

    Hopefully a lot of readers will be forwarding this article to their friends and family who are often tricked by this.

  2. Martha

    This is one of the best articles I have seen in a long time! Kudos to you for writing it! I will post this link to my Yahoo Groups and hopefully the members will read it.

    Thank you, thank you!

    Martha

  3. jonny Smith

    I had the same issues when installing the notorious AceFTP ftp utility a couple of months ago. The utility comes bundled with the VMN toolbar that hijacks the default search provider in IE and adds a nasty toolbar on top of both IE and Firefox. When i re-installed the app on a different machine with BitDefender activated, it announced me that it had blocked a hidden installer and the VMN toolbar was prevented from installing.

  4. Brice L. Korte Sr.

    Hello, I have Broadband service from my local server, Dell three (3) months ago, completely cleaned my computer, and had to download all my programs. I also downloaded Uniblue, and just added a program that is suppossed to let me know what programs are causing problems, but so far, it still is slow and sometimes it just freezes…..frustrating!! I called a few local service stores, but their services start @ $75.00 hour, a little much for a Soc.Sec Disability income. I get your newsletter daily, but sometimes it is ‘ to technical’ for this ole’ coot !! The program I downloaded was “Uniblue Process Scanner”. Currently use Kaspersky Internet Security, latest upgrade. I sincerel pray you can assist me, in Dummy terms, please !!

  5. BSR

    Great article! I can point my customers here instead of giving them a 20-minute lecture. Thanks!

  6. drlalitv

    terrific article!!keep it up! :)

  7. vtzete0

    @ Brice L. Korte Sr.
    You can always find a technician online for a fraction of the cost and have the person use a remote client such as CrossLoop. Since you’ll be on the phone with the individual, you can have the technician explain the tweaks to you and learn in the process.

    http://www.howtogeek.com/howto/the-geek-blog/the-official-how-to-geek-crossloop-client/

    http://www.howtogeek.com/howto/the-geek-blog/how-to-make-money-from-home-using-your-tech-skills-with-crossloop-marketplace/

  8. Brandon C.

    People can save themselves a lot of money by just paying attention a little more. They are too trusting of the net. The average user doesn’t know about basic computer maintenance. This post sheds a lot of light on everyday internet risks.

  9. Ben

    Great article!

  10. Camilo Martin

    One of the problems to overcome is, that at the current rate of technological advances, many people did not have the time to understand what a computer is, and think of it more like some sort of TV with a keyboard, just an entertaining medium that also can be used to work. But those people don’t realise that their entire personal life may be acessible by who knows what kind of people, just for relying on luck.

  11. Jeff

    Outstanding!

    I would have to say in my 12 years of professional computer repair experience this is the best article I have ever seen or read regarding this garbage, written so that a novice user could understand. I’m going to share this article (link) to my clients so they can get a better understanding on how they place themselves at risk by downloading things and not paying attention to what they are clicking on. We all need to pay close attention to the questions the installation program is asking, I only want the program I’m downloading not the additional bundled garbage or toolbars. When in doubt CANCEL OUT!

    I commend you for this exceptional article.

  12. thesun

    looks great
    looking forward to this week’s articles about this

  13. Billy

    Very nice article as always.
    Thanks Asian Angel.

  14. David

    Great article! I have to agree the worst part is that users generally do not pay attention and allow just about any program to be installed without realizing the impact. Enjoyed the screenshots as well.

  15. stan monday

    Great article, it reminds me why I decided to install BitDefender Internet Security 2009 in the first place; it actually does everything for me, and I’m particularly pleased with the Wi0Fi management module, which allows me to keep my wireless network safe. Anyone can get a 30 days free trial from here: http://www.bitdefender.com/

  16. Sheryl Pfrimmer

    Dear Sir;

    I recently bought a Vista Home Premium Computer . I would like to know if someone can use the the computer even though they don’t have a User Account? Would having 2 computers in the house connected through a wireless router make a difference, so that the other person can see what you are doing on your computer? How often should a person have to sign in using their User Account information? Everytime or Daily?
    I hope you can help me out and Thanks for your time.

    Yours truly
    Sherral Pfrimmer

  17. tomr

    Great, great article… all too often, nobody wants to go through the hassle of setting up a machine to work properly. Thank you for putting it all together so nicely. I will be using it to teach others – with your permission, and yes, you will be acknowledged properly.

  18. tiniki

    Such a long article,but very useful, thanks!

  19. calebstein

    This is a great article but the fresh install screenshot is not fresh, you had to install the process explorer.

  20. Sonja Mack

    I need instructions for connecting to the office network with Vista step by step

  21. Sonja Mack

    what are the instructions for connecting to the office network with Vista

  22. Jeremy

    Great article, brings back bad memories of when I was a kid. Nowadays, I’m actually quite paranoid about security, but not to the extent of ruining my system because of conflicts.

    I do wonder why there was no mention of the UAC though. Not that I’ll keep it (using a more comprehensive and smarter HIPS instead).

    Thanks for taking your time writing and idiot-proofing it, I just hate explaining things like this to unwilling newbies, this article should open their eyes.

  23. Chris Mazza

    Thanks for the very informative article. Hopefully it will help some inexperienced computer users and web surfers keep their systems safe and clean.

  24. Haresh

    Loved this! Ironically, most of those who need this info badly won’t read this article :-/

  25. cm

    good one

  26. P Neyman

    Thank you. Your passion is great and taking action on it by putting up stuff for the rest of us is super great. Plus you can write!

  27. PEM59

    Another reason to go to Linux. No virus / malware problems.

    I am posting this on Ubuntu Linux.

  28. Billy

    I use Avast Pro and Malwarebytes, AntiMalware and have never had a problem.

  29. Steven Torrey

    These sound like that virus called “System Security.” That virus essentially freezes up your computer, demands $39.99 to get rid of.

    And in reality it takes all of 10 minutes to get off your computer. I’m surprised you didn’t indicate how to get rid of it here in this article; though I do note there is a link to how to get rid of these types of viruses.

    I have read nonsense about changing the name, etc, etc, etc. When in fact it is as simple as opening the computer in safety mode. 2) going to all programs 3) look for the title of the virus 4) delete 5) delete recycle bin. 6) look for other folders that seemed to have been created at about the same time as that virus was noticed on the computer, delete them. 7) still in safety mode, do a search of the virus title; when the virus folders show up–delete. 9) Check Autoruns for any changes to the registry–delete what looks to be the virus–check for dates of entry/change. 10) Be sure to delete recycle bin to prevent them from re-infecting. While it may be more complicated than this, this is what I did to get rid of “System Security” and another virus.

    I suppose when you’ve been infected with these viruses, people soon learn the intricacies of their computer and what to look for; but for the novice–or the idiot surfining porn channels–these viruses can be overwhelming. In the end, a good anti-virus program is worth the price to protect from these nuisances. I never did figure out how to get rid of ‘redirecct virus’ which was particularly annoying.

  30. stans

    I’m impressed with your atical as always.
    I use 2 programs both free from Rising %1 Rising PC Doctor #2 Rising antivirus. both brilliant programs in adition I use a Keylooger #spyshelter personal free.
    as I use the web sometime one or either ‘I don’t know which’ flicker the screen so fast it’s hardly noticible whatevr was trying to get on my pc was blanked……….

  31. Bronwyn Gilchrist

    Fantastic article. I kept getting re-directed to a site called freeze.com whilst trying to log in to my email or purchase movie tickets and through a bit of google searching I think I’ve kind of worked out what it is, but this article is by far the best and most informative that I’ve found and understood. I’m not that computer savvy so I appreciate the effort you have made to inform those of us that aren’t computer ‘geeks’ about potential hazards out there on the net. I am still not sure if I have a problem or not though and am a bit hesitant about doing any internet banking since the freeze.com thing. I have the free avast antivirus software installed on my computer but it has not picked up any problems. I never actually downloaded anything when I was redirected to freeze.com in fact I hit the back button straight away as I was suspicous about it from the beginning. I found the program in the add/remove program section of my computer and have removed it and after reading the comments here I have now deleted my recycle bin. What I want to know is will this be enough? or might there still be some spyware/malware operating in my computer? I tried purchasing movie tickets the same way as before after I removed the program to test it out and I am no long redirected to the freeze.com page but I am still unsure if I have removed it completely. Your help would be very much appreciated in this matter. Sorry for the length of this comment.

  32. Joe

    i been workingon computers for quite awhile now. Didin’t know all this info though i was familiar
    with some. didn’t kno w how to remove them. look forward to that article if its not already out.
    Thanks tons, your GREAT to share your knowledge. :)

  33. Rui Pinto

    The best article ;) thanks a lot

  34. Lester Grav

    Thanks for such a [GREAT} article. I have experienced the pop-ups that would keep blocking everything until I bought the Anti virus program ($39>95 but buy now for only $29.95). Unfortunately, my DVD drive was inoperative; so I could not install anything from a CD/DVD. I could not access anyone to do a remote 'fix'. So I bought the software. Just as you said, the 'system' ran two pages of 'fixes'. Then information came up that said "To continue and remove the last 25, I would need to purchase the aforementioned product at the aforementioned price. The computer is STILL TOO SLOW for words. My computer knowledge almost ends after turning it on. So, Thanks again for this great article [That even I was able to understand].

  35. EZ Writer

    Just want to help some people out who are waiting (patiently?) for answers.

    If you have a question about a particular problem, FIND the right FORUM and/or AREA for your post & post it THERE — on a HELP board.

    Tho’ not necessarilly true of ALL articles (& their authors), when an article is written like this one,
    “How does Malware… Crapware Get On My System…?” (Or how to solve registry issues; buy the right ‘puter for your needs; keep your files organized…” etc.) It’s an *info* post — i.e., the author is writing to INFORM ppl about something and moves onto something else.
    While SOME writers might return to their articles to see what people felt about it (if they liked it; what they wish the author *had* talked abt, but didn’t; arguments/disagreements w/ a statement/opinion offered by the author, etc. — similar to an actor reading his/her reviews, etc.) many if not *most* may never return to their article.

    So if you have a question about something — find an area w/ questions similar to yours & post it *there*.

    Brice got lucky &* got an answer (BTW, Brice, there are MANY boards where wonderful non-pro but experts, regardless, will help u fix ur PCs w/OUT charge. PCpitstop; bleepingcomputers; 7forums (for Win 7 users) etc., are all WONDERFUL sites w/ ppl who’ll stay WITH u until ur prob is solved.)

    On the other hand, Sheryl & Sonja & Bronwyn have yet to have the same luck.

    Steve? U MAY have gotten everything but many of the rogue programs are BEYOND the measures u used. Some BACKdate the dates of the changes they make to your system — 2009 seems particularly popular — but were you to delete everything w/ a 2009 date you’d most likely be risking deleting programs your System NEEDS.
    Many of them morph so quickly, it’s taking ALL the resources of the anti-vi companies in an attempt to keep up w/ the rogue/scare-/mal-/& spyware attacks. (Over 4 THOUSAND new threats were developed last year, alone!)
    (So don’t be so quick to condemn other’s “nonsense” posts. “One person’s ‘nonsense’ amy be another’s demise…”)

    One last piece of advice to all the newbie users out there? Above all, STAY CALM and keep your head. You can always run a virus scan on something BEFORE u download anything or do a google search & see if there’s any info already posted by others about a program or (so-called) “free” offer.
    Just like you’d never open your door to a total stranger or leave a CC lying outside on your porch- swing, think of programs & businesses & pleas for help on the internet the same way. And if you DO have a 1/2 way decent anti-virus, anti-malware & anti-spyware programs (yes, you SHOULD have all 3) on your system (you can google reviews for them as well and pick the FREE versions that seem to fit YOUR particular needs (one may be better for gaming, another for emails, etc.), should you get a pop up telling you you have several hundred to 1000+ of ANYTHING on your ‘puter (‘cept pix of ur kids/grandkids), it’s more than likely a scam!
    New technology will never win out over good old common sense!

  36. david boring

    use linux. problem solved.

  37. NEIL

    And I thought I was a computer geek thinking my pc was well protected but even still got infected and was quite skocked to find whatever ”ANTI” software I ran most got turned off before they could do their push button job out five of the ”ANTIs” I tried with fingers and everything crossed even my frowend brow a frre KESPERSKY tool worked best gradually and Spy bot search and destroy worked upto a point I am having to remove manually what is left! Did a search after getting firefox broswer to work ‘cos IE8 and Chrome would not work even turned off by nasty mall-ware, eventually found this great site and article got really excited reading and then said wait till tomorrow DOH!! Here I am waiting
    Thanks and Regards

Get Free Articles in Your Inbox!

Join 134,000 newsletter readers

Email:

Go check your email!