PC Fear Factor: Official Gator Spyware Page

For those of you who are unfamiliar with the term, spyware is software that is installed on your computer without your knowledge and permission for some nefarious purpose.

Gator, like Xupiter, is spyware that can be installed on your computer without your knowledge if your Internet security settings are not set correctly. It can be installed when you visit a web site or click on an advertising link. Applications that install in this manner are also referred to as "drive-by downloads." (This term was probably derived from a similar term, "drive-by hacking", which describes a practice hackers employ to hack into wireless networks. In the case of spyware, the term "drive-by" is figurative; in the case of hackers, the term is literal.) Gator can also be installed when you install file sharing freeware such as KaZaA, iMesh, and AudioGalaxy.

Gator also goes by the name of GAIN, which is an acronym for Gator Advertising and Information Network.

Gator provides functionality that appears to be useful but in fact is quite dangerous. It provides you with the option of remembering the username, passwords, and credit card information you use to access web sites and perform e-commerce. This is a terrible idea because this information is stored on your computer. Although the information is encrypted, it can be accessed by Gator or by computer hackers. You should never, repeat, never allow any piece of software or web site to remember your passwords or other confidential information.

But that's not all Gator does "for" you. Gator also installs spyware called OfferCompanion that tracks the web sites you visit. Gator sells this information to advertisers, who in turn use it to target you with pop-up ads. These ads feature a competitor's products when you visit a web site. For example, the other day I was using a computer that had been "Gatored" and a half.com pop-up ad appeared while I was on the Amazon web site. The folks at Amazon can be none too pleased. A number of companies are suing Gator over such practices. For example, UPS is suing Gator because it displays FedEx pop-up ads on the UPS web site. This will make for an interesting court case.

If you see a pop-up window asking you if you want Gator to remember your password when you enter it on a web form, you have been Gatored:

If you see a pop-up ad that has GAIN in the banner, you have been Gatored. Below we see a uBid pop-up ad displayed over the Amazon web site. The implied message is, "Don't buy your electronics at Amazon, go to uBid instead."

Of course, the easiest way to determine if you have been Gatored is to check your list of Startup items in the system configuration utility. (Note: this utility does not exist if you are using Windows 2000.)

If you see Gstartup or Gator eWallet in your list of Startup items, you have been Gatored. Go to Start / Run, type in msconfig and click OK. Click on the Startup tab. Scroll down the list.

You can uncheck these items to keep them from loading, but that does not remove Gator from your computer.

Read our review of Cyberscrub and learn
how to protect your valuable information
when you sell your computer or take it in
for repair.

Another way to find out if you have been Gatored is to have a firewall like ZoneAlarm installed on your computer. Although a firewall cannot prevent Gator from being installed on your computer, it can detect the software immediately after it has been installed. ZoneAlarm monitors outbound communications between your computer and the Internet, as well as inbound communications. When a new program tries to access the Internet for the first time, ZoneAlarm pops up a program alert to ask you if you want the program to have permission to access the Internet. You will receive such an alert when Gator tries to access the Internet. For many people, this will be the first indication that they have been Gatored.

The reason that ZoneAlarm cannot prevent Gator from being installed on your computer is that it gets installed as a legitimate response to a communication that you initiated with a web site, and firewalls only stop "conversations" initiated from outside your computer.

Be careful in your selection of firewalls. Microsoft's Internet Connection Firewall, which comes bundled with Windows XP, will not detect Gator because it does not monitor outbound communications.

To prevent Gator from being installed without your permission, make sure that your Internet Security Settings are set properly. Go to Tools/Internet Options/Security and click on Custom Level. Under ActiveX controls and plug-ins, set the options as follows:

Of course, if you have already been Gatored, this will only prevent subsequent infections once you get it off your computer.

Even if you have your Internet security settings set properly, Gator will still attempt to sneak onto computer thusly: a pop-up window will appear on your computer, asking if you want to install something like Gator's Precision Time/Date Manager. If you respond "Yes" to any of these pop-ups, you will have Gatored yourself.

Fortunately, a pop-up stopper will stop these pop-up windows from appearing. (I am currently using PopNot, which should not be confused with a method of birth control.)

Like all spyware, Gator has no removal function, that is, it is not a program that you can remove through the Windows Add / Remove programs function.

There are a number of free adware / spyware detection and removal tools available on the web that can detect and remove Gator from your computer.

I use Lavasoft's Ad-aware, a free adware/spyware detection/removal utility. (The free version detects and removes spyware. There is another version, Ad-aware Plus, that claims to help prevent spyware from being installed on your machine. I have not tested Ad-aware Plus as of this time.)

To remove Xupiter from your computer, download and install Ad-aware. The current version is version 6.0, which was released on January 27, 2003. If you have an older version of Ad-aware installed it may not be able to detect Xupiter, so I suggest that you immediately download and install the latest version.

Once you have downloaded and installed Ad-aware, open the application and click on "check for updates now".

This will download and install the latest reference file. The reference file is analogous to the virus definitions file in antivirus software - it is what allows Ad-aware to identify spyware that has been installed on your machine. I suggest that you check for updates frequently to be certain you are protected against the latest spyware threats. Ad-aware does not currently automatically update your reference file, the way that antivirus software automatically updates your virus definition file when you are connected to the Internet.

Then, run Ad-aware. Ad-aware will scan your computer and detect all of the Xupiter files and entries to be deleted. (Note: The picture below is from version 5.83 of Ad-aware. However, the user interface is similar in 6.0)

Would you like to learn about how to prevent most computer disasters? Then purchase PC Fear Factor: The Ultimate PC Disaster Prevention Guide. This comprehensive, uncompromising guide to PC disaster prevention and recovery is written in clear, non-technical language that anyone can understand. It provides detailed, step-by-step instruction on how to prevent most computer disasters, and how to prepare for and recover quickly, easily, and completely from unavoidable computer disasters. This web site is funded by royalties from the sales of PC Fear Factor. We have no plans to charge for premium content. However, we do ask that you support this web site by purchasing a copy of PC Fear Factor if you have not already done so.
Read the Introduction	Learn More About the Book	Buy the Book