How to remove SpyBoss Pro from your computer
For the last week I have been seeing a lot of people visiting my blog looking for information about a program called SpyBoss Pro. Apparently, they have discovered it on their computers and don't know how to get rid of it. Let's learn a few things about the program and how it can be removed.
First of all, this is not your typical piece of malware. It is a commercial keylogging application, selling for $25 and up, requiring a license to use it after 30 days. It is distributed by a company in Ohio and is actually targeted at company security departments, to track employees' use of the Internet, or to allow concerned parents to track where their children go and what they type in chats and IMs. According to the manufacturer, here is what it is designed to do.
Records chats, instant messages, emails, web sites visited, what is searched for, what is done on MySpace.com, pictures posted and looked at, keystrokes typed, the programs run and more.
If you have discovered this program on an office computer you should tell your superior. It may or may not have been installed by your company. If it was you are being monitored officially. If not, somebody may be stealing confidential company information. If you find it on your home computer and did not knowingly purchase it, it was installed by stealth by persons up to no good. They may have used trickery to get this program onto your computer for two reasons. First, they might be affiliates earning commissions for every installation containing their affiliate codes. Second, they will be able to capture logins to your banks and other financial institutions where they will steal your money, or sell your information (and identity) to the highest bidder.
How to remove SpyBoss Pro.
You're gonna hate it when I tell you that since this is a legitimate program, albeit misused by hackers and overzealous affiliates, it comes with a standard Windows Uninstaller. Go to Start > Settings > Control Panel > Add/Remove Programs. Look through the list of programs until you find SpyBoss Pro and uninstall it using the "Remove" button, then reboot. This is assuming that the program hasn't been tampered with (cracked), but in case it has been altered by hackers, you should download, install and update Spybot Search and Destroy, then "immunize," then "check for problems." If the uninstaller failed to remove all or any of SpyBoss Pro - Spybot will finish the job for you. Best of all, Spybot S&D is free, supported totally by donations from grateful users. The latest definitions already detect and will remove this keylogger.
It is good practice to turn off Windows System Restore when disinfecting a PC, because many infectors hide their components by modifying critical system files, or registering their files as system files. Those files are backed up in the System Restore folder and tend to be reinstalled if fond to be missing, on the next reboot. That's why some viruses and spyware keep coming back; they were backed up in your System Restore folder. If the uninstaller does remove SpyBoss Pro and Spybot doesn't find any further instance of it, you're probably good to go. But, if it still lurks after running the uninstaller, turn off System Restore, disinfect the computer, scan again, then turn on System Restore, when all is clear.
Follow-up actions
Since you know that there was an unwanted keylogger on your computer you need to change the login passwords to any banking, payments companies, auction sites, or online store accounts that you may have used while the keylogger was active. Check all balances and report any discrepancies to the fraud departments of these companies you do business with. You may have to cancel your debit or credit card and have a new one issued. If you cannot login to an account which you could before, go to the home page and search for contact information. They probably have a phone number you can call to report that you have become the victim of a keylogger. Many banks and payment portals will reverse any fraudulent transfers and get your money back, after you prove you are really you.
How did it get on your computer?
I don't know how you acquired the SpyBoss keylogger, but if you don't know either it is fairly safe to surmise that it came in through one of the following means:
- It may have been bundled with a free program, which you accepted the EULA for without reading every word.
- It may have been disguised as a movie or mp3 file that you downloaded from a peer to peer filesharing service.
- It could have been downloaded without warning and installed, using a hidden script on a compromised website. This happens a lot lately, using iframes and JavaScript redirects to download malware without any warning, for people using Internet Explorer, or Safari browsers.
- It might have been installed by somebody you know, or who had access to your computer and wants to spy on you, or steal your logins.
- It may have been installed as a component of a program you got on a CD or DVD, or thumbdrive, that was purposely infected.
How to prevent unwanted malware installations.
There are several steps you can take to lock down your computer, assuming you own it (don't mess with your office computer - let IT take care of disinfecting it). Here is a rundown of the best procedures you can follow.
- Don't run as an administrator! From your normal account, open Control Panel > Users and Passwords (whatever) and create a new Computer Administrator level account, with a strong password. Log off the normal account and into the new administrator level account (with the new password), then open Control Panel, find the Users and Passwords (whatever) icon and open that utility. Find your normal account by name and double-click to open it for editing. Change the "type" of your normal account from Computer Administrator to Limited or Power User. Save the changes. Log off the Administrator level account and into your regular account. You'll keep all of your personalized files and settings, but won't be as much at risk from Internet threats as you'll no longer have permission to alter system files and folders, or to install services like keyloggers or rootkits.
- From this point onward only use the Administrator level account to run Windows Updates, or to perform disk management, or to install or uninstall programs requiring administrator privileges. Read my blog article about how reduced user privileges protect PC users from malware.
- Install a commercial anti virus and anti-spyware security program that has regular automatic updates and which monitors files as they are downloaded, or opened, and which scans all incoming and outgoing email for threats, and which scans web pages as you access them for hostile content, or scripted redirection exploits. I recommend Trend Micro Internet Security 2008 (a.k.a. PC-cillin). In fact, I have a discount coupon available from the good folks at Trend Micro. Save 10% Off a 1 year subscription to Trend Micro Internet Security 2008. Use Coupon Code: TrendIS08.
- Install a software firewall like ZoneAlarm Personal Firewall.
- Stop using Internet Explorer for your daily browsing and switch to Firefox. It is more secure, especially since it doesn't use or run ActiveX controls. Much of the automatic malware being installed by stealth occurs via ActiveX exploits, in Internet Explorer. Firefox can import your IE Favorites, which will become "Bookmarks" and your saved cookies (with you logins). Firefox is a tabbed browser, with links opening in new tabs instead of new windows.
- Set Windows Updates to Automatically download and install, but check manually, from your Administrator level account, on the second Tuesday of every month, which is known as Patch Tuesday, at Microsoft.
- Use extra caution regarding any links in emails, especially unsolicited messages from unknown senders. Many of them lead to Trojan downloads that may make your computer a member of a Botnet. Be especially wary of "phishing" scams that try to scare or trick you into clicking on a link to "update" your information, supposedly from your bank, or Ebay, or PayPal. By hovering your mouse over the link in an email you can read the destination in the status bar, at the bottom. Still, many phishing scams include huge amounts of characters, making it difficult to ascertain the actual destination domain in the link. It is always best to login directly from your browser and see if indeed there are any messages awaiting you, at your financial institution.
- Scan for viruses, spyware and other malware threats that may be lurking in downloaded files, or your browser's cache, every night.
- If you can't afford a paid anti virus program try AVG Free Anti Virus, or Avast! Home Edition (free).
- If you can't afford a commercial anti spyware program get Spybot Search and Destroy. You will have to check for updates manually, every Wednesday or Thursday (Spybot is updated weekly, mostly on Wednesdays), using the separate Spybot updater link, then immunize, then check for problems. It's not nearly as effective as a commercial program that gets updated automatically on a daily basis and scans in real time, but it is better then nothing at all and does remove much of the malware in the wild.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.