View University CalendarsView University DirectoriesSearch the SiteGo to the SitemapGo to the Homepage

Malware & File Sharing Information

Computer running slow? Popups appearing continuously? File-sharing software installed, like KaZaa, Limewire, etc.? Chances are you have Malware without knowing it.

These programs often tag along with free software, such as file-sharing programs that you have downloaded. Malware also come from "infected" web sites and links. Since so many free programs come with Malware, it is safe to say, "If it is free, it comes with Malware attached."

So What Exactly is Malware?

Malware is malicious software which includes any unwanted software such as Spyware, Adware, and Viruses.

Spyware is software installed on a computer without the user’s knowledge. It can gather information about the user using key loggers which record keystrokes such as passwords, credit-card information, and e-mail addresses. Spyware also logs online buying habits, computer hardware and software configuration, etc.

In addition to Spyware there is also Adware which often downloads with Spyware in the form of advertisements, either by way of pop-up windows, or through ad banners in ad-supported software. These may be offensive in nature.

As if this isn’t bad enough, with all the uploading and downloading, spyware can interrupt your network connection, slow down the performance of your computer, prevent legitimate software from working properly, or even prevent your machine from starting up.

Who Are The Main Purveyors of Malware?

Peer-to-peer programs (P2P) are some of the biggest Malware-spreading culprits. It is best to assume that all P2P programs have malware bundled with them. Here is a list of some known infected file-swapping software:

KaZaa Limewire
Audiogalaxy Bearshare*
Imesh Morpheus
Grokster Xolox
Blubster 2.x aka Piolet OneMX
FreeWire BitTorrent
* offers a Malware-free paid version, but you can still download Malware through the P2P applications

These programs have been tested by Spyware Info, http://www.spywareinfo.com, which recommends that you NOT use them.

Another concern is that your computer might be disclosing you Web surfing activities to a marketing company. A number of systems on the Lawrence campus running Microsoft Windows have been infected with spyware distributed by a company called Marketscore. We have blocked connections from Lawrence's networks to the spyware's home servers.

This malicious software directs all your Web traffic through the marketing company's servers, allowing them to view any information you send or receive through your Web browser. This includes any data that would normally be protected by encryption.

To protect campus systems against further spread of this threat, we have blocked connections from our network to the spyware's home servers. If your ability to view Web pages on the Internet has stopped, it may be because you were infected with this spyware. In this case, you would still be able to use other Internet services, such as e-mail.

New Approach To Malware

Until recently, Malware detection was only done after the fact by scanning for infections after they had occurred.

There is now Malware-detection software which constantly scans incoming files for potential Spyware and Adware. It uses the same scanning methods as anti-virus software (which, by the way, you also need).

Below are some currently-available, free Malware scanners:

Spybot—Search & Destroy
http://www.safer-networking.org/en/index.html
Lavasoft - Ad-Aware
http://www.lavasoftusa.com/support/download/

Spybot - Search And Destroy

This is a free utility that can locate and remove spyware or adware on your Windows computer. We strongly recommend using this program in conjunction with Lavasoft's Ad-Aware on non-Lawrence owned computers. Both are free.

    1. Download Sypbot, http://www.safer-networking.org/en/index.html.
    2. Double-click on the downloaded file and follow the instructions on the screen to install the program.
    3. Start Spybot, Start-Programs-Spybot-Search & Destroy.
    4. Click Check for Updates and wait while Spybot installs any new updates.
    5. Click Immunize and wait as Spybot adds the updates to the software.
    6. Click Check for Problems and wait while Spybot scans your computer.
    7. When Spybot finishes scanning, it will show you the items it found.
    8. Choose the items you wish to remove. Note, you can get more information about each by clicking on the item.
    9. Click the Fix Selected Problems button.
    10. Click Yes in the confirmation box.
    11. When the program is finished, close the program.

Lavasoft's Ad-Aware

Lavasoft's Ad-Aware is designed to provide advanced protection for Windows computers from known data-mining, aggressive advertising, parasites, scumware, selected traditional trojans, dialers, malware, browser hijackers, and tracking components.

    1. Download Ad-Aware, http://www.lavasoftusa.com/support/download/
    2. Double-click on the downloaded file and follow the instructions to install the program.
    3. Start Ad-Aware, Start-Programs-Lavasoft Ad-aware.
    4. Under Sections to Scan on the left, check the “My Computer” box, then uncheck the boxes for any removable drives.
    5. Click Scan Now.
    6. When Ad-aware finishes scanning it will tell you how many items it found. Click the Continue button.
    7. Right-click in the Detected components window and choose Check All. Click the Continue button.
    8. Click OK in the Confirmation box. Click OK when finished and close programs.

Removing File-Sharing Software

    1. Go to Start-Settings-Control Panel—Add/Remove Programs.
    2. Find programs you wish to remove (Kazaa, iMesh, etc.) in list and select them.
    3. Click Remove.

Updating Anti-Virus Software And Scanning Your Computer

If your personally-owned computer is still acting strange, it could also be infected with a virus. You should always keep your anti-virus software and virus definitions up-to-date. All Lawrence University-owned desktop computer systems have anti-virus software installed and updated on a regular basis.

Students with personal computers that are connected to the Lawrence network and are running Microsoft Windows can install a free anti-virus software program.

    1. Once you have anti-virus software installed either use your virus software’s built-in update feature to update the virus definitions, or go to the manufacture's web site to download and install the updates.
    2. After installing an update, start the anti-virus program and run a complete scan of all files on your hard-drive(s), including subfolders and compressed files. Lawrence scans your network space and keeps it virus-free, so you do not need to worry about scanning that area.
    3. If any viruses are found, have the anti-virus software clean them, delete them, or at least quarantine them. If the anti-virus software reports that it cannot clean a file, write down the file name and the name of the virus and contact the Helpdesk at ext. 6570.

A Word About File Sharing

Lawrence is committed to taking reasonable steps to avoid misuse of its campus network, including use of the campus network to violate the Copyright Law of the United States.

Peer-to-Peer (P2P) applications such as KaZaa or Gnutella make it easy for users to exchange files such as music and videos with others over the Internet. However, unless you have the explicit permission of the copyright owner to possess/distribute the material, you may be in violation of federal copyright law. It is best to assume that all material is copyrighted.

Most P2P programs automatically share files from the user's computer to other users worldwide, unless the user takes specific actions to prevent this. Sharing copyrighted materials without a license is quite likely to subject the user and the university to legal sanctions. Moreover, the traffic such sharing generates can degrade your computer’s performance and generate heavy traffic loads on the campus network. Both of these outcomes violate the university’s Acceptable Use Policy. The network is a shared resource and we all must use it responsibly.

Lawrence University cannot protect you from a copyright complaint. Federal law requires that the university take action when notified that someone on its network is distributing copyrighted materials. The university will not protect individuals who distribute copyrighted material without an appropriate license. The penalties can range from university sanctions to civil and criminal prosecution. You are not protected just because you received material at no cost or are distributing material without charge.

Since most P2P programs install with worldwide sharing turned on by default, it is very easy for users to find themselves in serious trouble with the university and with copyright holders. Your only protection is not to possess or distribute any unlicensed copyrighted material. If you are using P2P applications, you should consider removing the applications from your computer. If you choose not to remove these applications, you should immediately ensure that your system is set to prevent them from acting as providers of unlicensed materials to other users.

Lawrence University, PO Box 599, Appleton, WI 54912 (920) 832-7000 Contact Lawrence