Bowco Computer Services

Guardian Programs

Spyware and adware are both pains in the behind. When you realize you have spyware on your computer, the first thing you do is try to remove it. That can be difficult, depending on what spyware you got stuck with. It can take many hours and the use of three or four different spyware scanners to put a good dent in the number of malware programs installed on your system. Often within a day or two, you notice a changed homepage or increased popups - meaning the spyware has returned. You're ready to strangle someone. Preferably the tech who "fixed" your computer.

This problem usually happens when you are infected with a type of spyware that installs a guardian program on your system when it installs itself. Since the makers of spyware know you're going to delete the program as fast as you can, they create this guardian program to make it a lot more difficult. The guardian's first function is to reinstall spyware if you delete it. It's second function is to make it as difficult as possible to find and delete the guardian program itself.

A guardian constantly checks your computer (using up memory) to make sure you haven't deleted the spyware it's supposed to protect. It "polls" your computer, asking it if the program is still there. If the computer answers yes, it waits a few seconds and asks again. If the computer says no, it begins reinstalling the spyware program. All this happens without you even knowing it.

So, you say, delete the guardian program! Not as easy as it sounds. The names of guardian programs are usually randomly generated. The code inside them may not say "Reinstall xxx program" - it may say, "Head out to the internet and find the program - instructions to follow", or something else atypical. Antivirus and spyware scanners are able to work because they look for something specific in a virus or a spyware program. If the code is never the same twice, it makes it very difficult for a scanner to find it.

It also uses many programming tricks to make sure it stays alive. It is it's own guardian. To be it's own guardian, it always has to be running. It uses a trick that tells the computer "Hey, if you notice I'm not running, turn me back on!". And it uses another trick that tells the computer that it MUST be the first program to start when you turn on your computer. Some antivirus and spyware programs will tell you at some point that it couldn't delete something and asks if it can be the first program to start when you turn your computer back on. This gives the remover program an edge over what it's trying to delete. It's running first, so it "controls" the whole computer. But what if it's not really the first? If the spyware program starts first, the spyware deleter program can't delete it. Pain, huh?

If you have a good idea that you have spyware on your computer, you can do yourself a big favor by having it removed. You'll notice a big difference once it's gone. Just make sure that whoever works on your computer deletes any and all guardian programs. If you limit your surfing and file sharing activities and the popups re-occur* or your homepage changes again within a day or two of getting your machine back, it's quite possible they missed one… give us a call, we'll find it.

 

*some web pages create popups within their code. Not all popups are caused by adware programs

 

Return to Main Page