How to create a joke virus using notepad. Outstanding representatives of free complex spies. Simple and highly relevant spy

Trojans in Chinese irons: why customs does not give the go-ahead Andrey Vasilkov Published on October 28, 2013 Last weekend, the Vesti.Ru website published an article about how Russian customs officers found spy stuffing in a batch of irons from China.

Trojans with a Claim of Copyright: How Not to Do Hidden Bitcoin Miners Andrey Vasilkov Published on December 20, 2013 Criminals in literary works are evil geniuses who pose an intellectual challenge to justice and the best minds

Viruses, spies and dialers: who, why and how

I think that if today any schoolchild is asked what lavsan is, he will not tell you about "synthetic fiber obtained by the polycondensation of ethylene glycol and an aromatic dibasic acid". No, his answer would be something like this: "Lo-vesan, aka msblast, infiltrating Microsoft Windows NT operating systems using a vulnerability in the Microsoft Windows DCOM RPC service." I'm afraid to guess what associations will be with the word doom after a while. Obviously not only with the game of the same name.

As you could understand from the title and introduction, today we will talk about viruses and others like them. Before moving on to the answers to the questions posed in the title, I would like to go directly through our today's "guests". Here, an answer will be given about how all this gets to our computers.

Viruses
Viruses are programs that carry some destructive consequences. And it doesn't matter what they are: everything can be here - from a banal replacement of file permissions and damage to its internal content to disruption of the Internet and the crash of the operating system. Also, a virus means a program that not only carries destructive functions, but is also capable of multiplying. Here is what one smart book says about this: "A mandatory (necessary) property of a computer virus is the ability to create its own duplicates (not necessarily the same as the original) and embed them into computer networks and / or files, computer system areas and other executable objects. At the same time, the duplicates retain the ability to further spread "((c) Eugene Kaspersky." Computer viruses "). Indeed, in order to survive, viruses need to multiply, and this has been proven by science such as biology. By the way, it is precisely from those very biological viruses that the name computer comes from. And they themselves fully justified their name: all viruses are simple and, nevertheless, despite the efforts of antivirus companies, whose costs are calculated in huge amounts, they live and prosper. There is no need to look far for examples: take at least such a virus as I-Worm.Mydoom.b. How many times have they said that you cannot open attachments from unknown persons, and you should be wary of messages from well-known persons, especially if you have not agreed on this. In addition, if the text of the letter contains something like the following: "Check out the cool photo of my girlfriend", then it should be sent to trash immediately. But if in the above example the text still makes sense, then the content of emails infected with mydoom is rather strange.

The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment sendmail daemon reported: Error # 804 occured during SMTP session. Partial message has been received. The message contains Unicode characters and has been sent as a binary attachment. The message contains MIME-encoded graphics and has been sent as a binary attachment. Mail transaction failed. Partial message is available.

The letter contains a file with 9 options for the name of the attached file and 5 options for the extension. Two variations came to my box. The first is a zip archive with a supposedly doc file, and the second is a simple exe with an icon replaced with a notepad icon. If in the second case any user can notice a catch by looking at the permission, then in the first it is more difficult to do it. in the first case, I tend to attribute the greatest number of infections. What does this virus do, I will not tell, because it has already been said many times in print publications and Internet resources. On the example of Mydoom, we got acquainted with the first method of spreading viruses - through email.

Let's look at the next method using the example of Worm.Win32.Lovesan (also known as msblast). What is so remarkable about this virus, and why did the infection become widespread? This individual is remarkable in that, in principle, it does not in any way affect the performance of the system as a whole. A computer infected with it simply cannot function normally on the Internet. After a while, a sign pops up with an RPC error message, after which the computer restarts. How does the infection happen? This virus exploits a vulnerability in the DCOM RPC service in Microsoft Windows 2000 / XP / 2003 and reaches the user's computer through port 135 of a specific IP address. How does an attacker find out exactly your address? It's very simple. Nowadays, so many IP scanners have been written that even a preschooler can easily find out the IP addresses and see the open ports through which the virus can be downloaded to the computer. For clarity, I will demonstrate how the infection occurs directly with the Lovesan virus. The worm scans IP addresses for open and unprotected ports. The process is shown in the diagram:

20.40.50.0
20.40.50.1
20.40.50.2
...
20.40.50.19
----------- pause 1.8 seconds
20.40.50.20
...
20.40.50.39
----------- pause 1.8 seconds
...
20.40.51.0
20.40.51.1
...
20.41.0.0
20.41.0.1
and continues in the same spirit and further.

The worm chooses one of two methods for scanning. Method one: scan a random base address (A.B.C.D), where D is 0 and A, B, C are randomly selected from the range 1-255. The scanning range is as follows: ... 0.
Method two: the worm determines the address local computer (A.B.C.D), sets D to zero and selects C. If C is greater than 20, then the worm selects random number from 1 to 20. If C is less than or equal to 20, the worm does not modify it. So, the second method of spreading viruses is through unprotected computer ports, using holes in the software.
The third method is via the Internet, when you download files (in a desirable or undesirable option). Again, I will explain with examples. An example of the desirable. You download some new joke, or a program, or a game from the Internet, and it is infected with a virus. After downloading, the program / game / joke starts, and - voila - you are the owner of the virus. What can I say here? Be vigilant, regularly update your antivirus databases, check all programs with antivirus and do not forget at least the basics of computer security. Someone may say: "Why should I, for example, scan programs that could not be infected with a virus?" I would like to ask: "What kind of programs are these?" Any programs can be infected, especially if they are downloaded from warezniks or sites of hacker groups.

Now let's move on to the unwanted download. I would single out two types of such loading. The first is when the user does not even suspect that something is being downloaded to his computer. This download is performed by executing scripts. The second type of unwanted download is when the wrong download is being downloaded. Let me give you an example. At one time, one site with cracks immediately before downloading the file suggested installing either "Free XXX bar" or "100% Internet crack". If the user agreed with this (and I am sure that there were such, because I still remember the question of the month in "Virtual Joy" about "one hundred percent Internet crack"), then a Trojan or a virus was downloaded. The difference is, in principle, small. However, this is still not the most interesting thing: if such a tempting offer was rejected, a sign popped up with an inscription similar to the following: "Site error" and an OK or Continue button, by clicking on which the Trojan was downloaded, however, without the user's knowledge. And only a firewall could save from this.
What side effects, in addition to the main destructive functions, can viruses carry with them? One of " free apps"- DOS (Denial of service) function of attacks on any sites. In most cases, the victims are the sites of antivirus companies, anti-spam sites and - how could it be without it - the site of the long-suffering Microsoft company. Another side effect is the installation of a backdoor component due to why the attacker gains full control over the user's computer It is not difficult to guess what this threatens.

Spies
The next group includes spyware, including ad modules. The main way to distribute programs of this type is to install them as a component, often inseparable, in any program. In addition, there is unwanted download (see descriptions above) and download of tracking cookies.
What are these individuals doing? Let's start with the common spyware and adware modules. Both types collect information about the user and his computer, monitor his actions, a type of spy - reyloggers - also record everything that you typed on the keyboard to a file. Your activity on the Internet is also tracked: what you visit, where you stay most After collecting the data, all the information is sent to the owner. And then the paths of spies and ad modules diverge. After collecting data by ad modules, the information is often resold to a third party, who carefully studies it. After that, at best, an Internet policy program is drawn up third party type: what to offer, where to post your advertisement But this is at best, and at worst - mega / kilo / tons of spam messages will just start pouring into your mailbox.

What is the difference between spies? After examining the data of the same reylogger "and an attacker can find out your personal strictly confidential data, which he can later use for blackmail. And there have been such cases. In addition, he can find out the user's passwords, and also find weak spots on the system in order to use it all to install Trojans and backdoor components. Read above for what it threatens.

Dialers
The methods of their penetration do not differ from those described above. Therefore, we will immediately proceed to consideration. Here it is necessary to make a reservation that there are quite peaceful dialers, popularly called "dialers". These programs are used to help dial-up users "a get through to the provider and, if possible, maintain a stable connection with him, even on old or" modernized "lines. The ones we will talk about have a different name - battle dialers. in the operating system, and sometimes due to the negligence or naivety of users (see above about 100% Internet crack), these programs replace the provider's phone with the phone of a telecom operator from some exotic country. And in most cases, the good old phone of the provider remains in the dialing window Also, dialers prescribe in the scheduler the task to call at a given time. And it's good if the user has a habit of turning off the modem or he has an external one and yells so that mommy does not grieve. And if the modem is quiet and built-in? Here I am about that. about his grief only on the arrival of such a phone bill.

Who
It's time to tell about who writes and launches all this muck on the Web. Here I will try to classify those groups of people who are engaged in this unseemly business. It will not talk about so-called "white" hackers here. Let me explain why. This variety does not pose a danger to society and rather benefits it. It is they who most often write antivirus viruses to neutralize especially harmful individuals. Why viruses? These programs spread by the same mechanism as viruses. Why anti? Because they block or remove a certain type of virus from the computer. Their main difference from viruses is also self-destruction after completing their task and the absence of any destructive functions. An example is a similar virus that appeared on the Web some time after the Lovesan relapse "a. After downloading the antivirus virus, Lovesan was removed, and the user was prompted to download updates for Windows. White hackers also find gaps in software and computer systems, after which report bugs to companies Now let's move on to our classification.

Type one: "children of scripts". They call themselves no other than 37717 (00 | _ HaCkeR-rr, read the magazine "Hacker", do not know a single programming language, and create all "their" Trojans and viruses by downloading ready-made programs from the Web. (To avoid raids, I will make a reservation, that the magazine "Hacker", in principle, is not bad, and the material in it is presented in a rather simple form - in some places, it is true. But in a simple form for people who already have some kind of knowledge base. And they give the material wisely - they do not tell everything to the end - so as not to attract them anywhere, one must think.) These "hackers" usually, after they send someone a Trojan downloaded from somewhere, and the latter works, they immediately start yelling on the forums about their coolness, etc. , etc. For which right there and then they quite rightly receive a bunch of hard-hitting statements in their address, because this is not the case. Since you have played a dirty trick, you better keep quiet. These individuals do not represent a particular danger, because on a more or less large-scale case they simply do not have enough experience or (in some cases) brains.

Type two: "beginner". This species is a direct descendant of the first. After a certain period of time, some of the representatives of the first type begin to understand that they are not as cool as they thought, that it turns out that there are some programming languages, that you can do something and after that do not yell at the whole world about what a fine fellow I am. Some of them in the future may turn into a representative of the pro class. These people begin to learn a language, try to write something, and a creative thought begins to wake up in them. And at the same time they begin to pose a certain danger to society, for who knows what a horrible work such a representative of the class of virus writers can write out of inexperience. After all, when the code is written by a professional, he still realizes that some things do not need to be done, because they can play against him. A beginner does not have such knowledge, and this is why he is dangerous.

Type three: "pro". They develop from the second type. "Profi" are distinguished by deep knowledge of programming languages, network security, versed in the depths of operating systems and, most importantly, have a very serious knowledge and understanding of the mechanism of work of networks and computer systems. Moreover, the "pros" not only learn about security gaps from company bulletins, but also find them themselves. They often form hacker groups to improve the quality of their "work". These people are mostly secretive and not greedy for fame; when carrying out any successful operation, they do not run to report it to the whole world, but prefer to peacefully celebrate success with friends. Of course, they pose a great danger, but since they are all knowledgeable people, they will not take actions that can cause a global collapse of any system - for example, the Internet. Although there are exceptions (not everyone has forgotten about the Slammer "a).

Type four: "industrial hackers". The most dangerous for society are representatives of the hacker family. They can rightfully be called real criminals. It is on their conscience to write most of the dialers and hack networks of banks, large companies and government agencies. Why and why they do it, we will talk below. "Industrialists" do not reckon with anything and with anyone, these individuals are able to do everything to achieve their goals.

Now let's summarize what has been written. "Children of scripts": young and green and inexperienced. I would like to show that you are the coolest, and only Cool Sam is cooler than you.
"Beginner": there was a craving for writing something independent. Some of them, fortunately, after trying to master the intricacies of Internet protocols and programming languages, give up this business and go to do something more peaceful.
"Pro": if suddenly the state of "realized his guilt, measure, degree, depth" occurs, then a representative of this type becomes a highly qualified specialist in computer security. I would like more pros to move to this state.
"Industrialists": nothing sacred. Popular wisdom speaks well of such people: "The grave will fix the hunchback."
This is a rough division into types of representatives of the class of computer intruders. Now let's move on to the question of why they do it.

What for
But really, why are viruses, Trojans, dialers and other evil spirits written? One of the reasons is the desire for self-affirmation. It is typical for representatives of the first and second types. One just needs to show his friends that he is "kind of real, a tough kid", the second - first of all, to raise the level of self-esteem. The second reason is gaining experience. Typical for beginners. After writing your first masterpiece, naturally, you want to experience it on someone. Not on myself, in fact. So a certain number of new, not always very dangerous, viruses appear on the Web. The next reason is the spirit of competition. Have you ever heard of a hacker competition? The last one I know took place in the summer. The Brazilian hacker group won (it turns out that not only football is strong for them). The task was as follows: who will break the most sites. But I am sure that there are competitions for the most sophisticated virus and the best keylogger. Adrenaline is another reason. Imagine: night, monitor light, fingers running across the keyboard, yesterday a breach in the security system was found, today you need to try to access the system and show your fellow administrator who is the boss. This reason is followed by the next one - romance. And what, who likes to watch the sunset, who likes to see the stars, and who likes to write viruses and deface sites. How many people, so many tastes. The reason is the following - political or social protest. For this reason, most government websites, websites of political parties, print and Internet publications, as well as large corporations are hacked. You don't have to go far for examples. Immediately after the start of the war in Iraq, attacks were made on American government websites by those dissatisfied with Bush's policies, as well as on the website of the Arab newspaper Al-Jazeera and a number of other Arab resources from the opposite side. And, perhaps, the last reason is the ubiquitous money. For their sake, industrial hackers are mainly working, so to speak. By breaking into bank networks, they gain access to customer accounts. It is not difficult to guess what will follow this. Collecting information about any Internet user through spyware, they further engage in banal blackmail. The actions taken by the "industrialists" can be listed for a very long time, I just want to say once again that they are full-fledged computer criminals, and they should be treated like criminals.

In order to avoid angry letters addressed to you on the topic: "What, the rest are so kind and fluffy that you protect them so?", I will say the following. I was not going to protect anyone, and none of the representatives of the four described species is an angel in the flesh - they all carry a certain evil. But hackers periodically let us know that not everything is perfect in this world. Let me give you an example. The Slammer virus, which temporarily paralyzed the Internet, used an error that Microsoft had discovered and posted a patch three months earlier. But remember that this example is an exception. Therefore, it is necessary to observe at least the basics of computer security.

Andrey Radzevich
The article uses materials from the Great Virus Encyclopedia, viruslist.com

When using the Internet, you should not think that your privacy is protected. Ill-wishers often monitor your actions and seek to get your personal information with the help of special malware - spyware. This is one of the oldest and most widespread types of threats on the Internet: these programs penetrate your computer without permission to initiate various illegal actions. It is very easy to become a victim of such programs, but getting rid of them can be difficult - especially when you do not even know that your computer is infected. But don't despair! We will not leave you alone with threats! You just need to know what spyware is, how it infiltrates your computer, how it tries to harm you, how to eliminate it, and how you can prevent future spyware attacks.

What is spyware?

Spyware history

The term "spyware" was first mentioned in 1996 in a specialized article. In 1999, this term was used in press releases and already had the meaning that is assigned to it today. He quickly gained popularity in the media. A little time passed, and in June 2000, the first anti-spyware application was released.

"The first mention of spyware dates back to 1996."

In October 2004, the media company America Online and the National Cybersecurity Alliance (NCSA) conducted a study of this phenomenon. The result was incredible and frightening. About 80% of all Internet users have experienced the infiltration of spyware on their computers in one way or another, approximately 93% of computers had spyware components, while 89% of users did not know about it. And almost all of the users affected by spyware (about 95%) admitted that they did not give permission to install them.

Today the operating windows system is the preferred target for spyware attacks due to its widespread prevalence. However, in recent years, spyware developers have also turned their attention to the Apple platform and mobile devices.

Mac spyware

Historically, spyware authors have seen the Windows platform as their primary target because it has a broader user base than the Mac platform. Despite this, the industry experienced a significant upsurge in Mac malware activity in 2017, with the majority of attacks carried out through spyware. Spyware for Mac have a similar behavior to spyware for Windows, but password stealing and backdoor programs prevail among them general purpose... The malicious actions of software belonging to the second category include remote execution malicious code, keylogging, screen capture, random file uploads and downloads, password phishing, etc.

"The industry experienced a significant upsurge in Mac malware activity in 2017, with the majority of attacks being carried out through spyware."

In addition to malicious spyware, so-called “legitimate” spyware is also common on the Mac. These programs are sold by real companies on official websites, and their primary purpose is to control children or employees. Of course, such programs are a classic "double-edged sword": they allow the possibility of abuse of their functions, since they provide ordinary user Access to spyware toolkit without requiring any special knowledge.

Spyware for mobile devices

Spyware does not create a shortcut and can remain in the memory of a mobile device for a long time, stealing important information, such as incoming / outgoing SMS messages, incoming / outgoing call logs, contact lists, e-mail messages, browser history and photos. Additionally, mobile spyware can potentially track keystrokes, record sounds within range of your device's microphone, backgroundas well as track the position of your device using GPS. In some cases, spyware even manages to control the device using commands sent via SMS and / or coming from remote servers. Spyware sends stolen information via email or communication with a remote server.

Keep in mind that consumers are not the only targets of spyware cybercriminals. If you are using your smartphone or tablet PC in the workplace, hackers can attack your employer's organization through vulnerabilities in the mobile device system. Moreover, cyber security incident response teams may not be able to detect attacks originating from mobile devices.

Spyware usually infiltrates smartphones in three ways:

• An unsecured free Wi-Fi network that is often installed in public places such as airports and cafes. If you are registered in such a network and transfer data over an unsecured connection, attackers can monitor all the actions that you perform while you remain on the network. Pay attention to warning messages displayed on the screen of your device - especially if they indicate a server identity authentication failure. Take care of your safety: avoid such unsecured connections.
• Operating system vulnerabilities can create preconditions for the penetration of malicious objects onto a mobile device. Smartphone manufacturers often release updates to operating systems to protect users. Therefore, we recommend that you install updates as soon as they become available (before hackers try to attack devices on which outdated programs are installed).
• Malicious objects often lurk in seemingly ordinary programs - and the likelihood of this increases if you download them not from the app store, but from websites or through messages. When installing applications, it is important to pay attention to warning messages, especially if they ask for permission to access your email or other personal data. Thus, we can formulate the main rule of security: use only trusted resources for mobile devices and avoid third-party applications.

Who does spyware attack?

Unlike other types of malware, spyware developers do not seek to target their products to any particular group of people. In contrast, in most attacks, spyware spreads its networks very wide in order to target as many devices as possible. Consequently, each user is potentially the target of spyware, because, as the cybercriminals rightly believe, even the smallest amount of data will sooner or later find its buyer.

“In most attacks, spyware spreads its networks very wide to target as many devices as possible.”

For example, spammers buy email addresses and passwords in order to send malicious spam or act as someone else. As a result of spyware attacks on financial information, someone can lose funds in their bank account or become a victim of scammers who use real bank accounts in their machinations.

Information obtained from stolen documents, images, videos and other digital forms of data storage can be used for extortion.

Ultimately, no one is immune from spyware attacks, and hackers don't really think about whose computers they infect in pursuit of their goals.

What if my computer is infected?

A spyware that has infiltrated the system tends to go unnoticed and can only be detected if the user has sufficient experience and really knows where to look. So many users continue to work, unaware of the threat. But if it seems to you that a spyware has penetrated your computer, you must first of all clean the system of malicious objects so as not to compromise the new passwords. Install a reliable antivirus that is capable of adequate cybersecurity and uses aggressive algorithms to detect and remove spyware. This is important, because only aggressive actions of the antivirus can completely remove spyware artifacts from the system, as well as restore damaged files and violated settings.

After clearing the system of threats, contact your bank representative to alert you to potential malicious activity. Depending on what information has been compromised on the infected computer (especially if it is connected to the network of an enterprise or organization), the law may require you to inform law enforcement agencies about the facts of penetration of viruses or to make a corresponding public statement. If the information is sensitive or involves the collection and transmission of images, audio and / or video files, you should contact your law enforcement representative to report potential violations of federal or local laws.

Last but not least, many anti-theft vendors claim that their services can detect fraudulent transactions or temporarily block your credit account to prevent harm from malicious activities of unwanted programs. At first glance, blocking credit card Is a really sane idea. However, Malwarebytes strongly recommends that you do not purchase anti-identity theft products.

"Many anti-theft vendors claim that their services can detect fraudulent transactions."

How can I protect myself from spyware?

Best protection from spyware, as well as from most types of malware, primarily depends on your actions. Please follow these basic guidelines, thanks to which you can ensure your cybersecurity:

• Do not open emailssent by unknown senders.
• Do not download files from unverified sources.
• Before clicking on a link, hover your mouse cursor over it to check which web page it will take you to.

But as users gained experience in cybersecurity, hackers also became more cunning, creating more sophisticated ways to deliver spyware. That is why installing a proven antivirus is extremely important to counter the latest spyware.

Look for antiviruses that provide real-time protection. This feature allows you to automatically block spyware and other threats before they can harm your computer. Some traditional antiviruses and other cybersecurity tools rely heavily on signature-based detection algorithms - and such protection is easy to bypass, especially when it comes to modern threats.
You should also pay attention to the presence of functions that block the very penetration of spyware onto your computer. For example, it could be anti-exploit technology and protection against malicious websites that host spyware. The premium version of Malwarebytes has a proven track record of providing reliable anti-spyware protection.

In the digital world, dangers are an integral part of the Internet reality and can lie in wait for you at every step. Fortunately, there are simple and effective ways to protect yourself from them. By maintaining a reasonable balance between using antivirus and taking basic precautions, you can protect every computer you use from spyware attacks and the attackers behind them.
You can see all our reports on spyware

Almost all users are now familiar with viruses and the consequences of their impact on computer systems. Among all the threats that are most widespread, a separate place is occupied by spyware that monitors the actions of users and steals confidential information. Further, it will be shown what such applications and applets are, and will consider the question of how to detect spyware on a computer and get rid of such a threat without harm to the system.

What is spyware?

To begin with, spyware, or executable applets, commonly referred to as Spyware, are not, in the usual sense, viruses per se. That is, they have practically no effect on the system in terms of its integrity or performance, although when computers become infected, they can constantly reside in RAM and consume some of the system resources. But, as a rule, this does not particularly affect the operating speed of the OS.

But their main purpose is precisely tracking the user's work, and, if possible, stealing confidential data, replacing e-mail with the aim of sending spam, analyzing requests on the Internet and redirecting to sites containing malware, analyzing information on the hard drive, etc. It goes without saying that any user must have at least a primitive anti-virus package installed for protection. True, for the most part neither free antiviruses, let alone a built-in firewall Windows full they do not give confidence in safety. Some applications may simply not be recognized. This is where a completely natural question arises: "What then should be the protection of the computer from spyware?" Let's try to consider the main aspects and concepts.

Types of spyware

Before proceeding with a practical solution, you should be clear about which applications and applets belong to the Spyware class. Today there are several main types:

• key loggers;
• hard disk scanners;
• screen spies;
• mail spies;
• proxy spies.

Each such program has a different effect on the system, so let's see how spyware penetrates the computer and what it can do to the infected system.

Spyware penetration methods into computer systems

Today, due to the incredible development of Internet technologies The World Wide Web is the main open and weakly protected channel that threats of this type use to penetrate local computer systems or networks.

In some cases, spyware is installed on a computer by the user himself, no matter how paradoxical it sounds. In most cases, he doesn't even know about it. And everything is banal and simple. For example, you downloaded from the Internet like interesting program and started the installation. In the first stages, everything looks as usual. But then sometimes windows appear suggesting the installation of some additional software product or add-ons to the Internet browser. Usually all this is written in small print. The user, in an effort to quickly complete the installation process and start working with a new application, often does not pay attention to it, agrees with all the conditions and ... as a result, gets an embedded "agent" for collecting information.

Sometimes spyware is installed on a computer in the background, disguising itself later on important system processes. There may be plenty of options here: installing unverified software, downloading content from the Internet, opening dubious email attachments, and even simply visiting some unsafe resources on the Web. As is already clear, it is simply impossible to track such an installation without special protection.

Impact consequences

As for the harm caused by spies, as already mentioned, this does not affect the system as a whole in any way, but user information and personal data are at risk.

The most dangerous among all applications of this type are the so-called key loggers, or, in other words, they are precisely able to monitor the character set, which gives the attacker the opportunity to obtain the same logins and passwords, bank details or card pin codes, and that's all- what the user would not like to make the property of a wide range of people. As a rule, after determining all the data, they are sent either to a remote server or by e-mail, of course, in a hidden mode. Therefore, it is recommended to use such important information special encryption utilities. In addition, it is advisable to save files not on the hard disk (hard drive scanners can easily find them), but on removable media, and at least on a flash drive, and always together with the decoder key.

Among other things, many experts consider it the safest to use onscreen keyboard, although they recognize the inconvenience of this method.

Tracking the screen in terms of what exactly the user is doing is dangerous only if confidential data or registration details are entered. The spy simply takes screenshots after a certain time and sends them to the attacker. Using the on-screen keyboard, as in the first case, will not give any result. And if two spies work at the same time, then in general you will not hide anywhere.

Email tracking is done on the contact list. The main goal is to replace the content of the letter when sending it for the purpose of sending spam.

Proxy spies do harm only in the sense that they turn a local computer terminal into a kind of proxy server. Why is this needed? Yes, only to hide behind, say, the user's IP address when committing illegal actions. Naturally, the user does not know about it. Let's say, someone hacked into the security system of a bank and stole a certain amount of money. Tracking actions by authorized services reveals that the hack was made from a terminal with such and such an IP located at such and such an address. Special services come to an unsuspecting person and send him to jail. Isn't there anything good about it?

The first symptoms of infection

Now let's get down to practice. How to check a computer for spyware if, for some reason, doubts about the integrity of the security system crept in? To do this, you need to know how the impact of such applications manifests itself in the early stages.

If for no apparent reason a decrease in performance is noticed, or the system periodically "freezes", or refuses to work at all, first you should look at the use of the load on the processor and RAM, and also monitor all active processes.

In most cases, the user in the same "Task Manager" will see unfamiliar services that were not previously in the process tree. This is only the first bell. The creators of spyware are far from stupid, so they create programs that disguise themselves as system processes, and it is simply impossible to identify them manually without special knowledge. Then problems with connecting to the Internet begin, the start page changes, etc.

How to check your computer for spyware

As for the scan, standard antiviruses will not help here, especially if they have already missed the threat. At least some kind of portable version like or Kaspersky Virus Removal Tool (or better - something like a Rescue Disc with a system check before it boots).

How do I find spyware on my computer? In most cases, it is recommended to use highly targeted special programs of the Anti-Spyware class (SpywareBlaster, AVZ, XoftSpySE Anti-Spyware, Microsoft Antispyware, etc.). The scanning process in them is fully automated, as well as the subsequent removal. But here, too, there are things worth paying attention to.

How to remove spyware from your computer: standard methods and used third-party software

You can even remove spyware from your computer manually, but only if the program is not disguised.

To do this, you can go to the programs and components section, find the application you are looking for in the list and start the uninstallation process. True, the Windows uninstaller, to put it mildly, is not entirely good, since it leaves a bunch of computer garbage after the process completes, so it's better to use specialized utilities like iObit Uninstaller, which, in addition to removing in a standard way, allow for in-depth scanning to find leftover files or even keys and entries in the system registry.

Now a few words about the acclaimed Spyhunter utility. Many call it almost a panacea for all ills. Let us disagree with this. It still scans the system, although sometimes it gives a false alarm. This is not the problem. The fact is that uninstalling it turns out to be quite problematic. For an ordinary user, from all the number of actions that need to be performed, his head is spinning.

What to use? You can protect against such threats and search for spyware on your computer, for example, even using the ESETNOD32 package or Smart Security with activated function "Anti-theft". However, everyone chooses what is best and easier for him.

Legalized espionage in Windows 10

But that's not all. All of the above referred only to how spyware penetrates the system, how it behaves, etc. But what to do when espionage is legalized?

Windows 10 in this regard has distinguished itself not for the better. There are a bunch of services here that need to be disabled (data exchange with remote microsoft servers, using identification to receive advertisements, sending data to a company, determining a location using telemetry, receiving updates from multiple locations, etc.).

Is there 100% protection?

If you look closely at how spyware penetrates your computer and what they do afterwards, you can only say one thing about 100% protection: it does not exist. Even with the use of the entire arsenal of means in safety, you can be sure of 80 percent, no more. However, on the part of the user himself, there should be no provocative actions in the form of visiting dubious sites, installing an unsafe software, ignoring antivirus warnings, opening email attachments from unknown sources, etc.