Answer Line: Protect Yourself Against Application Sneak Attacks

Some program has installed itself on my computer, bringing up unwanted pornography. I have tried to remove it, but it just keeps coming up again. What can I do?

Teng Beng Koay, McAllen, Texas

First, check Windows' System Configuration Utility to see whether the uninvited program is renewing itself every time you boot. (Windows 2000 lacks this program, but users of that OS can download Mike Lin's free Startup Control Panel.)

Press Windows-R or select Start, Run. Type msconfig, and press Enter. Click the Startup tab and look for a suspect command or file path in the resulting list. Unfortunately, the program's name is not likely to be obvious. Be suspicious of commands that look like 'C:\Windows\regedit.exe/s C\Windows\System\x3z73t.tmp'. Such a command alters your Registry every time you boot. If you find a command similar to this example, uncheck it and then click OK. For good measure, delete the file that's mentioned at the end of the command--'C\Windows\System\x3z73t.tmp', in my example--too.

If you don't discover any dubious file names, uncheck various entries in the list of Startup items one at a time and reboot. If the problem goes away, you have found the troublemaker. If an important function (such as your antivirus program) disappears, recheck the item that you just unchecked.

Whether or not Msconfig identifies the problem application, it's a good idea to fix your Registry. Read "How Do I Restore My Windows Registry?" from my April column instructions on backing up and restoring the Registry. If you have a Registry backup from before the problem started, restore it from that backup.

If you don't have a useful Registry backup, be sure to create one right away. After the backup is complete, press Windows-R or select Start, Run. Type regedit and hit Enter. When the Registry Editor opens, press Ctrl-F and enter the name of the invasive program, the URL it points to, or any string of text that might refer to it. When you find a suspect key in the Registry, delete it with extreme prejudice.

There's a good chance that the offending program uses JavaScript, so consider limiting your browser's scripting capabilities. To do so in Internet Explorer, select Tools, Internet Options, Security, Custom Level. Scroll to the Active scripting section, and select either Disable or Prompt (see FIGURE 1

FIGURE 1: Turn off or limit scripts to avoid dangerous pornographic intrusions.
). Click OK twice. Note that disabling this feature blocks legitimate scripts as well as bad ones--and being prompted to allow each script case-by-case gets annoying fast.

There are two free programs that may help you find the miscreant: Lavasoft's Ad-aware and PepiMK's Spybot Search & Destroy.

You may have been the victim of a program that exploits Internet Explorer's Browser Help Object subsystem, which is intended to let plug-ins run inside the browser. Visit "Sneaky Apps Attack " for more information about "stealthware" applications--and how to combat them.

1 2 3 Page 1
Page 1 of 3
Shop Tech Products at Amazon