Another favorite spyware trick is to fill up your hosts file with invalid entries for valid Web sites. When you type a URL (Uniform Resource Locator) into your Web browser, such as http://www.cnet.com, the Windows network stack uses various methods to resolve the FQDN (Fully Qualified Domain Name, for example www.cnet.com) into an IP address.

The first method Windows uses is to interrogate the hosts' file. This is a plain-text file, shown in Figure 2-2, stored deep within the Windows directory structure that contains a list of FQDNs and the IP addresses to which they resolve.

If you use Windows NT or 2000, the hosts file is named "hosts" and can be found in c:\winnt\system32\drivers\etc. If you use Windows XP, it can be found in c:\windows\system32\drivers\etc. For Windows 98 and ME, it's in the c:\Windows directory.

Figure 2-2: Windows hosts file.

If spyware adds the FQDN of a Web site to your hosts file along with an incorrect IP address, you cannot access that Web site. This could be a real problem if the Web site in question is www.download.com, and you need to download a spyware removal tool. Under normal circumstances, a hosts' file has one 127.0.0.1 entry as in Figure 2-2; if yours has a lot of entries for Web sites, something suspicious may be going on.

Locating Bad Processes

If spyware is running, it will invariably show up as a process on your computer. Fortunately, the filenames and Registry keys used by all but the newest spyware are well known -- thanks to the efforts of antispyware researchers. A quick way to determine whether any spyware processes are running is to view the current task list through Windows Task Manager, as in Figure 2-3.

Figure 2-3: Processes in Windows Task Manager.

As mentioned previously, the only sure-fire way to know if a rogue process is on your system is to gain experience in which processes are harmless and common. If you do spot a suspicious process, make a note of the process name and use the End Task button to kill it. Next, use the Windows Search function to locate the file on your hard drive. Don't delete it immediately though -- it may be an innocent system file!

Windows ME is a hybrid operating system that Microsoft acknowledged has many flaws. One annoyance is that it lacks a proper task manager. There are lots of third-party, free task manager utilities available on Download.com; it's just a matter of finding one you prefer! Security Task Manager has already been reviewed by CNET.