Help. Life is being ruined by spyware

Discussion in 'Off-Topic Discussions' started by Tom57, Sep 13, 2004.

Loading...
  1. Tom57

    Tom57 Member

    To all you IT savy posters. My computer at work has been literally overrun by spyware, browser hijackers and the like. I can get the situation under control by continual running of anti-spyware software. Currently running Spybot, Adaware, McAfee antiSpyware, and Spysweeper.

    Unfortunately, after rebooting, or launching IE, the problems start all over again. It seems there is some process lurking on the machine that just restarts the whole mess.

    Anyone have success with other anti spyware software or more serious fixes? Any decent sites that have step-by-step instructions?

    The whole problem started when I was out for a few days, and some high school/college kids who have been helping out here helped themselves to my computer. I don't even want to know what sites they visited. ;)

    Thanks for any help. The problem is so serious, that if a conservative can offer a solution, I may consider switching partys and vote for Bush. ;)
     
  2. Khan

    Khan New Member

    Tom:
    You need a firewall man. McAfee or Norton are good.
     
  3. plcscott

    plcscott New Member

    If you will quit being like Clinton and stay away from the porn sites you would not have these problems. :D

    Sorry, I couldn't resist. I agree you need a goof firewall. I just purchased eTrust ezArmor complete internet protection from Best Buy, and it helped straighten out a lot of these problems. I also still run Adaware and Spybot. The ezArmor seems to work much better than the Norton and McAffee I have used in the past.
     
  4. Michele

    Michele New Member

    Spybot S&D

    Try this fabulously free piece of software, once you get your system running:

    http://www.spybot.info/en/index.html

    If you are wary (and you should be) just do a search and look up information & recommendations for this "spybot search & destroy" download - it's recommended by reputable sources as a great piece of software to prevent/protect your computer from those darn spyware/ad programs.

    I also concur with the need for the firewall. I recommend the Norton Internet Security package.

    Good luck!

    ~Michele
    MS - professional counseling - Capella Univ.
    PhD Candidate - Marriage & Family - Capella Univ.
     
    Last edited by a moderator: Sep 13, 2004
  5. -kevin-

    -kevin- Resident Redneck

    Tom,

    first place to start is in your add/remove programs. Find any that are questionable and don't belong and remove them. Secondly, some won't show up under this area but will show up under your programs menu and should have an uninstall function. There are some that actually will require going to their site to uninstall the program.

    A firewall won't protect you from software that you (your helpers)opt in. Depending on your system you can have administrator rights unavailable per user and prevent others from downloading and installing software in your absence.

    Some of these programs will still keep small executable files in the registry even after you unistall them, once the internet is sensed they go back out and reinstall themselves. So, you will probably have to have your registry looked at by someone.

    Plenty of sites that will assist but be I don't recommend these sites unless you are well versed in registry editing.

    Good luck,
     
  6. Ian Anderson

    Ian Anderson Active Member

    Here's what I do

    I am running Windows XT based PC.

    Here's what I did/do to protect my computer (after several years of virus', pop-ups, etc.

    I installed Norton Anti-Virus (around $15 after rebate); it checks for updates every time I turn on my computer (it also flashes a message when it blocks a virus). This program also scans my computer at a fixed time every week (and also when I request it)

    I installed Ad-aware 6.0 (free download) and run it frequently.

    I keep my PC free of cookies etc as follows:
    (a) Open Internet Explorer
    (b) Click on Tools/Internet Options (you will see a box).
    (c) Click on "General" tab
    (d) Click on "Delete cookies"
    (e) Click on "delete temporary files"
    (f) Also I set history at zero days and click on "clear history".
    (g) Click on OK and exit Internet.

    On desktop:
    (a) Click on Start/Search/All files and folders: type "cookies" (without quotes) in "All or part of file name". Click search button.
    (b) Review each folder in turn and delete any cookies you do not recognize (dont worry about deleting any important cookies – they will regenerate every time you log on to a site. If you delete one to sites where you use a password (such as degreeinfo.com) you will be asked to register when you try to post.

    I hope this helps.

    PS: my windows XP automatically retrieves updates from Microsoft.


    All this info can be found in various places on the Internet.
     
  7. Viruses...

    My experience is that most, if not all spyware, is some form of a virus that can be caught and exterminated by any of the leading anti-virus software products on the market.

    On the other hand, if you are too cheap to spring for Norton, try this nice freeware from http://free.grisoft.com/freeweb.php/doc/2/

    I installed it on one of my older computers (Windows 98 machine), and it completely eliminated the spyware problem - found about 50 viruses that showed up after the original Norton license had expired.

    Nice product, works great, and costs nothing other than your time to install it.
     
  8. SteveFoerster

    SteveFoerster Resident Gadfly Staff Member

    More ideas

    A good firewall is ZoneAlarm, and the personal edition is free.

    IE is a menace, and there are free alternatives. Consider switching to Mozilla as your browser and email client. It's free and doesn't have all those security holes. Moreover, it has tabbed browsing, which is cool.

    -=Steve=-
     
  9. dcv

    dcv New Member

    Spybot S&D and AdAware (along with deleting temp files) were the best pieces of advice you got.

    That antivirus programs will get spyware was by far the worst.

    Along with running Spybot (after you update it), you should also run (after updating it) AdAware and Cwshredder. All of these are available for free download from www.download.com

    I recommend that you update these programs, then reboot and run them in safe mode.

    After you get your system relatively clean, go here and follow the instructions to edit your host file. Once you do that, you will be amazed at the reduction in popups/popunders.

    Good luck. :)
     
  10. decimon

    decimon Well-Known Member

    Sounds like it's the server that's infected. You reboot - the server sneezes - you catch cold.
     
  11. tcnixon

    tcnixon Active Member

    Re: More ideas


    Very cool. I've recently started using Firefox which has tabbed browsing. I have a favorites folder for "Daily Reads." Click on that and it opens all of them at once and I easily work my way through them. Very nice.



    Tom Nixon
     
  12. Jack Tracey

    Jack Tracey New Member

    Thanks to all who have answered and thanks especially to Tom for posting the original question. I've had similar problems, compounded exponentially since I got DSL service a month or two ago. One problem I've had is the apparent conflict between security programs. I was running Norton Internet Security and something grabbed ahold of it and put it in a box somewhere so that I couldn't even open it and scan for anything. I went out and bought a McAfee Security program and ran that through my computer. It freed up the Norton program sufficiently so that I could uninstall it but after several attempts, I can't get the Norton to run anymore (reinstall, try, uninstall, scan, reinstall, try, etc.) Because of this I'm a bit wary of just downloading more software, thinking that it's all going to get jammed up together. At the same time, I think there's still something in my computer (due to slower download rates and some semi-permanent wall paper on my start page. As you can probably tell, this is not an area of expertise for me so any/all advice is welcome.
    Thanks,
    Jack
     
  13. Lawhopes

    Lawhopes New Member

    My suggestions

    I totally agree with Steve on using Mozilla's FireFox browser. It does not have nearly as many security holes as does IE. I started using it 5 months ago, and am quite addicted. I never have any spyware problems now. But I had to learn everything the hard way. Also, spybot is cool, but annoying. I use SpywareGuard and SpywareBlaster (both free) at www.javacoolsoftware.com. The SpywareGuard is a monitoring software similar to an antivirus, only it scans for...tah dah!...spyware. The SpywareBlaster is a nifty little creature that sits in the background and monitors your internet connection to prevent tracking cookies and a whole bunch of other things. Then personally, I use ZoneLabs firewall and Panda antivirus. Had a horrible experience with Norton twice. On two different computers with two different product years, Norton Antivirus screwed up my registry royal. I will never do that again. I have no problems now.

    Etienne
     
  14. Lawhopes

    Lawhopes New Member

    BTW

    BTW, this humble self is a conservative. muuuahahahaha

    Etienne
     
  15. DaveHayden

    DaveHayden New Member

    Hi Jack

    Perhaps, just a little more advice. I belong to a group of about 400 IT techs. Among them Norton has a bad reputation because it is not nearly as effective as some of the free choices and somtimes causes problems. It does have a loyal following among consumers despite this.

    As previously stated, running Spybot, Adaware, and HighjackThis in both regular mode and safe mode usually takes care of 90%+ of this stuff. These are all available as free downloads. Beyond that you are looking at modifying the Registry Keys that the spyware has entered. It might be a lot easier just to back up all important files, format, and reinstall. Otherwise you are looking at about $100-200 to have a pro come in and do it for you.

    Using Mozilla/Firefox is extremely effective not because it is more secure, but because 90%+ use IE. If you are going to design Malware is it going to be for the vast majority of people or the upcoming browser most have never heard of? As to the most effective AV SW, the consensus in my group is Panda AV and AVG. Both offer free versions for home users that is better than any of the paid consumer sw and easier to work with.

    I hope this is at least somewhat helpful.
     
  16. DaveHayden

    DaveHayden New Member

    P.S. Here is the short list for Spyware removal put together by Mike Whalen. You don't want to see the long one! :) Also probably wise to bring in a tech to do this.

    Spyware Removal & Prevention Process

    Programs Needed

    1.Spybot – Search and Destroy
    Available at: http://www.safer-networking.org/index.php?page=download

    2.Adaware
    Available at: http://www.lavasoftusa.com/

    3.Hijackthis
    Available at: http://www.spywareinfo.com/~merijn/downloads.html

    4.CWShredder
    Available at: http://www.spywareinfo.com/~merijn/downloads.html

    5.SPHJFIX
    Available at: http://www.trojaner-info.de/cgi-bin/download.cgi?file=sphjfix

    6.TheKillBox
    Available at: http://download.broadbandmedic.com/

    7.BetterInternetFinder
    Available at: http://download.broadbandmedic.com/

    8.PV.zip
    Available at: http://tools.zerosrealm.com/pv.zip

    9.An alternative browser
    Available at: http://www.mozilla.org/firefox
    Available at: http://www.opera.com

    10.Two forms of anti-virus software: one online and one on the system

    11.SpywareBlaster
    Available at: http://www.javacoolsoftware.com/spywareblaster.html

    12.Big list of protective addresses for HOSTS file
    Available at: http://www.mvps.org/winhelp2002/hosts.txt

    13.IESPY-AD
    Available at: http://www.staff.uiuc.edu/~ehowes/resource.htm


    Process

    1.Restart system in Safe Mode
    Whatever the Microsoft-based operating system, you should reboot into Safe Mode.

    2.Set system to show hidden files and folders
    This is slightly different on each version of Windows, but you can generally do it this way: Double-click on My Computer. Select the Tools menu and then “Folder Options.” (This may be under the View menu0.in Windows 9x/ME.) Click the VIEW tab at the top of the Folder Options window. Turn on the options to show hidden files and folders, to show system files, and to show extensions.
    3.Manually delete all Temp and Temporary Internet Files
    Locate the temp folder(s) and delete any files in there. On Windows 9x/ME, there can be two TEMP folders: one at C:\TEMP and another at C:\WINDOWS\TEMP. On Windows 2000/XP, you will want to delete the contents of C:\TEMP, C:\WINDOWS\TEMP, and the Temp and Temporary Internet folders of each user's directory.

    4.HiJackThis
    Run HiJackThis to determine what is hooking into Internet Explorer, what is starting during system boot, what Downloaded Program Files (DPF) are set to launch when Internet Explorer launches, etc. Remove any entries that seem suspcious such as search engines that aren't Yahoo, Google, MSN, etc., processes that consist of randomized filenames (kksuya.exe, for instance). The most dangerous part here is that you can accidentally remove a good application's startup entry.

    5.Run SPHJFIX
    Run the SPHJFIX. This targets a specific variant of the CoolWWW spyware. It will check for certain registry entries and their associated .DLLs. Double-click on it then click “Start Disinfection.” If there is an infection, the system will immediately reboot. FOR THIS REASON, you do not want to be running anything else when you start SPHJFIX.

    6.Reboot into Normal Mode
    At this point, the system will likely be stable enough to operate enough so you can install and use Spybot and Adaware and run two virus scans.

    7.Perform a virus scan
    Use the user's anti-virus software to perform a virus scan. Make sure the software is up-to-date. If it isn't, then either update it, purchase the software necessary to update it, or perform a virus scan with an online virus scanner like Trend Micro's Housecall. Remove or quarantine everything found.

    8.Install Spybot and Adaware
    Install these two programs and run their updaters to download the latest detection rules/definitions. Do not run either scan just yet. Note: Spybot will ask you if you want to enable immunization and/or TeaTimer. Enable both, BUT do NOT start up TeaTimer. (Why? It will complain every time you fix something with Adaware, Spybot, MSConfig, etc. You'll enable it after the next reboot.)

    9.After the first virus scan, run Spybot
    Spybot will first give you a wizard. You can cancel it if you want, but part of this wizard is to enable immunization. Do that. Run a scan with Spybot. Remove everything Spybot finds. If Spybot reports it can not remove certain items and wants to run at startup, choose “No” at this time.

    10.Run Adaware
    Remove everything Adaware finds. If Adaware reports it needs to run at startup, choose “Yes” to allow it to do so.

    11.Run a second virus scan
    My preference is to run a local virus scanner first, then an online scanner that can grab spyware and trojans. Generally I use Trend Micro's Housecall, but Symantec's, or Kaspersky's are just as good. Remove or quarantine everything found.

    12.Reset IE security settings
    Many spyware components alter the security settings for IE. After the second virus scan, go to Control Panels and open the Internet Options control panel. Reset the security settings to Default:High or Default:Medium. Then, check the Trusted Sites zone for entries. There shouldn't be any in there unless you know the customer wants something there. If you know the customer doesn't have anything there, I would remove any sites listed, THEN reset the security level to Default:High or Default:Medium. Reset the Restricted Zone to Default:High. Finally, restore the Defaults on the Advanced tab.

    13.Install new HOSTS file
    Go to C:\Windows\System32\Drivers\Etc\. Make a copy of the HOSTS file there. (Note, there is no TXT extension on it.) Open the HOSTS file with Notepad and copy and paste the list from http://www.mvps.org/winhelp2002/hosts.txt into the opened HOSTS file. Save the file.

    14.Install SpywareBlaster
    Install SpywareBlaster, download the udpates for it and click the Enable All Protection link.

    15.Install IESPY-AD registry entries
    Unzip the IESPY-AD downloaded entries, go to the directory and double-click on the registry files to load the restricted sites into the registry. You'll want to install the ADS and ADULT registry files.

    16.Run TheKillBox and CWShredder
    Use TheKillBox to search for ABetterInternet. If found, remove it. Run CWShredder. Un-check the box that says to move the bad files to the recycle bin instead of deleting them. CWShredder will remove CW and variants automatically.

    17.Restart the system
    Reboot the system normally.

    18.Re-Run Adaware and Spybot
    Note: If you set Adaware to scan after a reboot, it will automatically scan at startup. If so, run Spybot after the restart and remove everything found. If Adaware didn't run, re-run both applications.

    19.Launch Internet Explorer and zoom around for a bit
    Try to see if any unwarranted pop-ups occur. Only go to sites that you KNOW do not launch pop-up ads. It makes it easier to diagnose. If you see a pop-up or two, or, worse, TeaTimer complains about settings changes, it's likely you still have ABetterInternet hooking into Explorer via registered DLLs. Go to Step 19.

    20.Run PV.ZIP
    LAUNCH INTERNET EXPLORER then unzip the PV.ZIP file. In there will be a batch file called “RUN ME.” Run that and a notepad window will launch with a list of open DLLs. You will have to do a little detective work here. One of the DLLs is likely a spyware component. Do a Google search on them and see what you come up with. You will use TheKillBox to remove the DLL by selecting the “Delete on Reboot” option, adding the file you want to delete, then the “Process and Reboot.”
     
  17. Tom57

    Tom57 Member

    thank you, all, for the great advice. I have printed out this thread. I started using Mozilla yesterday. Wow, what a difference, and a nice piece of software too.

    I knew there was lots of great expertise out there.

    And thanks to the conservatives too. We may disagree about the invasion of Iraq, but not about the invasion of spyware, registry keys and the like. :)
     
  18. Anti-Virus IS in fact, the best advice....

    Well, after I installed AVG freeware / anti-virus software on an old Win98 machine, it found about 50 viruses, and of those almost all were some sort of "downloader" crap related to spyware. After it killed those off, the machine purred like a kitten.

    Therefore, I disagree with you that recommending anti-virus software as a cure and preventor of spyware is the "worst advice". It is, in fact, the BEST advice. None of my computers that have Norton running have ever had a spyware incident. Period. Plus a lot of those spyware killer products like AdAware, etc. take FOREVER and a day to run through the registry, and if you don't kill the underlying virus you have the crap right back in the registry again after a few browses.

    Agree that FireFox is another cure, but it is more of a symptom avoider than a cure - personally I prefer IE secured with a firewall and anti-virus software smart enough to catch spyware intrusions.
     
  19. dcv

    dcv New Member

    Re: Anti-Virus IS in fact, the best advice....

    I can tell you that I do this for a living, and you are quite mistaken. Nothing personal.
     
  20. Re: Re: Anti-Virus IS in fact, the best advice....

    LOL - nothing personal at all. The fact that I'm a CIO probably explains why I gave the "worst advice".... management weenie that I am....
     

Share This Page