My brother's keeper

Got your own spyware horror story?

One day, I mindlessly let my brother use my computer. Usually, I don't let anybody use my computer with administrator privileges, but I already had been logged on as the administrator when I let my brother use it. When I came back later to do some searching, I started Internet Explorer and there was a big porn ad on my screen. I had no idea what happened, but when I continued searching, a sidebar appeared on the side of my screen. At the top, it was entitled ISTbar. As I cursed ISTbar, I saw new icons appearing on my desktop and new toolbars appearing in my browser. I wondered why my array of antispyware programs had not caught anything. I asked my brother what happened and after much discussion, I learned that the culprit was a drive-by download.

Drive-by downloads repeatedly ask you to install the spyware until you agree. My brother, giving in, finally had clicked the yes button on an ActiveX pop-up. I tried to remove it with antispyware software, but each time I rebooted, ISTbar reinstalled itself. I got a removal tool from Symantec, which finished the spyware off, or so I thought. A few days later, I went to check my e-mail, and ISTbar was back, fully installed. After spending days working on the problem, I backed up my data and reformatted my comptuer, swearing to get even with the greedy people who invented such a terrible program.

-Sam
Rocky River, Ohio, U.S.A.

Reply from the Download.com editors:

There are hundreds of these types of nasty spyware components out there and there's little evidence they're going away soon. Your brother is not alone when it comes to finally giving in to a trick pop-up. Spyware purveyors use this sneaky tactic because after you've seen enough of these annoying pop-ups, it would seem reasonable to click the yes button to find out if there's a way to get rid of it. Of course, as you and your brother found out, that was the worst thing he could do.

The best way to defend against these types of attacks is to download an antispyware program with real-time protection. This means the program detects spyware programs that are actively trying to get onto your system. Online Armor is one such program that has proven popular with users. Whichever software you prefer, a program with real-time protection against spyware would have notified your brother beforehand, enabling him to make the right choice.

For removing ISTbar on Windows Me or XP, users should likely take the step of disabling "System Restore" and starting Windows in Safe Mode before running the removal tool. Some malware can exploit the System Restore feature in Windows to continually reinstall items on your machine upon start-up. To be sure you've completely removed ISTbar, run a scan of Ad-Aware in Safe Mode and even check the HKEY_LOCAL_MACHINE:SOFTWARE directory of your Registry to see if ISTbar is still hanging around. However, do not edit your Registry manually unless you absolutely know what you are doing.

Another wise course of action, as you've already mentioned, is to never let anyone else use your computer with administrator privileges.