Spy Ware

DNS server settings can be changed to allow a request for one url to be directed to a server that may appear to be serving that content, but is, in fact, not. E.g. a DNS server may be set up that correctly resolves all requests, except those for a bank (such as wellsfargo.com) when it returns the address of a server setup to present the same front end as the bank, but infact collects, and delvers to "bad people" the information you enter to log in. How can you prevent this? Make sure your DNS server settings are correct in network properties for the TCP/IP service.

The "Auto Search" setting in Internet Explorer may be hijacked to misdirect mistyped web addresses. Reset this to a valid selection in the registry keys:

• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search
  This gets activated when you put in a URL that fails to resolve through DNS (unless a SearchURL keyword is found infront of the URL)
  • "SearchAssistant" = a good example would be "http://www.google.com/ie"

• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search
  This one gets activated when you hit the View / Explorer Bar / Search
  • "Search Bar"

Also:

• AntiVirus
• Internet Explorer

See also:

• http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml Excellent utility for tracking down programs that are being started when windows starts. Can disable, delete, and lookup information (via google) on each program. Also checks the publishers certificate and can filter out known good programs from the list.
• http://www3.ca.com/securityadvisor/pest/ CA Spyware Information Center
• http://research.pestpatrol.com/HowTo/How_To_Clear_a_Hijack.asp How IE gets sent to point A when you wanted it to get to point B
• http://vil.nai.com/vil/content/v_100719.htm QHosts1 is an example... It makes a new, fake hosts file in the help directory with incorrect IP addresses for popular urls and sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters "DataBasePath" = %SystemRoot%\help so that IE uses this new hosts file.