I thought CWS was the be all and end all of Evil Spyware...

But Today we had an incident at work that puts any single SpyWare app to shame.

In Win98... if you have NOTHING running.. when you hit control Alt Delete.. only TWP processes will be shown. (Explorer and Systray)

Well.. we had a computer at work that was so infested with Spyware that there were THIRTY SIX processes running! :shock:

All but the above two were spyaware doing god knows what.. (the PC had of course slowed to a crawl and IE was usless due to all the popups and new toolbars)

Since I could not USE IE (needles to say by now I have unplugged the network cable) I burned a CD of Adawre and Spybot (and Mozilla) on another pc...

Here the kicker.. Windows will via software prevent you from opening a CD-tray if there is software actively accesing data on the CDR drive...

Well.. on of these Spyware apps actually runs a script that maintains a constant call to the CD-rom drive.. making opening it impossible!

I had to resort to a paperclip and force it open fighting the "close" motor the whole way!

It took 4 passes of Adaware, 4 of Spybot,.. and an hours worht of manual deletion (try searchinjg for all .exe files in the windows directory and then delete all the ones that were created in the last three days... there were about 50 of them)

Before I would even get to the point of reconnecting the network and downloading the updates.. ran them all again.

All told.. 706 spywares the first run of Adaware.. with an averadge of 20-30 critters found thereafter in each succesive pass untill I got the new updates.. and then had to do the manual erradication I describe above.

Nasty... Oh,. and Trend Micro house call found two full blown viruses,..

Now were are back to "Explorer" and " Systray"

:?

what kind of internet sites are you going to? :wink:

And THAT is why I will never use internet explorer again. Not at all blaming it directly, but i have noticed a considerable difference since i started using Mozilla Firefox instead.

Firefox rocks.

Wasn't my PC

...it was a work PC where were not supposed to do such surfing.. :roll:

...unfortunately the kid using this PC needs to have interenet access because of some Box Office stuff he needs to do on the net... :x

Needless to say.. now that I know the creep can't be trusted the PC is locked down tight.. running Firefox of course. :wink:

Still.. you have to respect the CD-ROM script.. that's just the devil's work through and through :twisted: :twisted: :twisted:

Still.. you have to respect the CD-ROM script.. that's just the devil's work through and through :twisted: :twisted: :twisted:


I wonder if the prick who wrote it knows he could be making far far more money writing ligetimate software that might actualy help people?
But then its possible he does, and just writes spyware and virusis in his spare time. Hey, for all we know it could have been Bill Gates himself playing in his lunch break :D


When I first installed and ran Spybot S&D I think I found about 20 odd malicous things that wern't ment to be there, Now I clean out about a 1 or 2 a month when ever it gets updated.

Maybe its time I had a look at Firefox.

I wonder if the prick who wrote it knows he could be making far far more money writing ligetimate software that might actualy help people?
But then its possible he does, and just writes spyware and virusis in his spare time.

There have been guesses from time to time that some of the people who write virus programs are the same people that work for the anti-virus software companies. It would be a little like a doctor who makes a patient sick and then knows how to cure him and makes his money that way. Strange.

---Bob Gross---

I often wondered the same thing, I never had a problem untill one of the big worms hit at the end of the last year.
I got infected, and so purchased Norton just to be on the safe side.
Since then Iv get attacked on a regular basis, and the number of virus containing emails Iv got has more than doubled.

However, not long after I also got ADSL, and "upset" (i.e. banned) a few members of another forum who I believe might have submitted my email to a few spam lists. And of course the fact that its visable to any search engine in a variety of places on the net dosn't help either.
There are plenty of other reasons why I might have a greater need of Norton now that I did back then, however I do wonder sometimes if Symantic configures Norton to show a higher than needed rate of false positives.

Needless to say.. now that I know the creep can't be trusted the PC is locked down tight.. running Firefox of course. :wink:

Oh, it's not running W98 any more then?

I do what I can with the tools the non profit can afford... :roll:

Anyway.. none fo these issues would have been prevented with XP.

use hijackthis to remove spyware along with spybot and adaware.

I also reccomend the Maxthon browser. www.maxthon.com



http://gallery.mikestrong.net

General Service Announcement:

1. Adaware
2. Spyware S&D
3. Spybot

All three are exceptional tools but are ineffective against the truly buggerous in their default config. Running each in default may well produce clean results but tweak SS&D's advanced settings a tad when you're familiar w/the options and you'll dig up a whole graveyard of hooks that don't come out to play when the canned config contemplates. Even at a clean "advanced" scan, running SS&D or similar startup log reports may well show startup progs that aren't yet tagged by current defs. (as always, back up your registry and DON'T delete references that you aren't certain you don't need)

Regarding Maxthon. It used to be MYIE2. Neat functionality there; having 'Zilla functions on an IE core. But that's what it is, IE. You go the route of Maxthon if you like IE and want the extensions 'Zilla runs. You go the route of 'Zilla if you want the nifty extensions plus a less compromisable browser.

Regarding XP. The XP Shell conducts business in an entirely different way than 9x OS's, especially w/XP SP2 in place. XP-SP2 warns/prompts when you or something else tries running a prog that wants to change system shell extensions. You can terminate individual processes (not just app tasks) with much less of a chance of crashing your system. You also have greater flexibility over manually starting/terminating processes (not just current apps) than previous OS's, even Win 2000 pro. With 9x OS's sans 3rd party app you're not going to see, much less find all of the compromised extensions in the CTRL-ALT-DEL app list. XP's task manager, Administrative Services and Event Viewer tools allow you to not only see which apps are processing but walso view what resources are being allocated.

Last but not least, a properly configured Firewall be it Hardware or software goes a long way toward preventing unkind infiltration and or propagation. But even the best programs aren't worth squat if they're not configured properly.

Even for the most careful, most knowledgeable, 'nix & 'Zilla or cough Mac oriented Marsupial it's not a matter of "If" you're ever hi-jacked or infected but "When". IE can be just as secure as the rest if you know what you're doing with it. Arguing that one doesn't want to have to 'learn' how to configure IE to be safe is an almost moot argument. You're already learning how to use the alternatives and configure them thusly to accomplish all that IE does and more.

I'm a 'Zilla appreciator myself; though I also use IE. I also use the top three apps at the beginning of this reply and run just about everything far from default so when a person or two deride a particular app for this or that canned 'shortcoming' I tend to jump on the "it just depends on where you want to apply your learning curve" train.

Glad you got er ironed out CDS. Not fun stuff! Thanks for taking the time to give us a glimpse into what we're in for if we don't take care to safeguard our surfing!

Cheers.

Had some problems on my brother's computer...we fixed it with help from
http://forums.spywareinfo.com/ . Those guys are fast and very helpful.

Also cleaned a buddy's computer with help from this site and my sister's
computer as well. So far mine has been relatively clean. :?

God love spyware! I used to find it frequently on my system when I'd do a check with Spybot, then I switched to Opera for my browser instead of IE 6, and haven't had any spyware problems since :D

The day I figure out how to run photoshop, and the games I play on linux, is the day I kiss Microcrap Os's goodbye

I agree that the spyware is annoying. But you still cannot bestow the virtue enough of the old adage, "An ounce of prevention...".

I have been running Windows OS for ages and have yet to see a single spyware on my PC (and not for lack of trying, beleive me).

I always make sure that my patches are up to date, my firewall is locked down as tight as possible without killing my users productivity, and all "new hires" go through a mandatory, IT training session on simple internet security. 1st offence written up. 2nd offence, retraining. 3rd offence loss or monitored internet use.

I am not saying that Spyware does not infest our network, but with a lot of preventative measures it can be reduced.
CDS, I had a company laptop come to my desk with about 65 search bars (Pest Patrol scan revealed over 200 spyware products and a multitude of "phone home" virii. It was so bad that 3/4 of the screen was search bars and the rest was the search window. I told him to back up his stuff and be prepared for a reformat as I was not going to "attempt" to remove all the junk as I was a)not in the mood to spend all day fixing this disgrace and b)not going to let him get away with "Chris will fix it, so I will just wait until I am seriously annoyed with the situation"

The laptop was rebuilt with extreme security in mind. What was happening was he was taking the laptop home at night and allowed the kids to surf the web on it, with no regard for anything. Not going to happen twice I tell you that much. :D

I thought CWS was the be all and end all of Evil Spyware
It took 4 passes of Adaware, 4 of Spybot,..


CDS,
WOW! What a MESS! Glad to hear you got it sorted.

Now, A friend said that He heard from another site that "Adaware" actually has spyware. Has anybody else ever heard this?

This would be a shame, because I use and depend on Adaware. :shock:
-Bruce

All of our installed applications here have to be run through an installation logging mechanism that tracks registry changes and writes to the hard drive. When I was testing Adaware, I did not see anything suspicious during the installation.

Made Dir: C:\Program Files\Lavasoft\Ad-Aware SE Personal
File Copy: C:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE
RegDB Key: Software\Microsoft\Windows\CurrentVersion\Uninstal l\Ad-Aware SE Personal
RegDB Val: Ad-Aware SE Personal
RegDB Name: DisplayName
RegDB Root: 2
RegDB Key: Software\Microsoft\Windows\CurrentVersion\Uninstal l\Ad-Aware SE Personal
RegDB Val: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
RegDB Name: UninstallString
RegDB Root: 2
File Copy: C:\Program Files\Lavasoft\Ad-Aware SE Personal\license.txt
File Copy: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
File Copy: C:\Program Files\Lavasoft\Ad-Aware SE Personal\alert.wav
File Copy: C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File Copy: C:\Program Files\Lavasoft\Ad-Aware SE Personal\manual.chm
Made Dir: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Lang
File Copy: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Lang\default.awl
Made Dir: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins
File Copy: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask
Made Dir: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Plugins
File Copy: C:\Program Files\Lavasoft\Ad-Aware SE Personal\unregaaw.exe
Shell Link: C:\Documents and Settings\All Users\Desktop\Ad-Aware SE Personal.lnk
Made Dir: C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft Ad-Aware SE Personal
Shell Link: C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft Ad-Aware SE Personal\Ad-Aware SE Personal.lnk
Shell Link: C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft Ad-Aware SE Personal\Ad-Aware SE Manual.lnk
Shell Link: C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft Ad-Aware SE Personal\Uninstall Ad-Aware SE Personal.lnk
Made Dir: C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer
Made Dir: C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\Quick Launch
Shell Link: C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Personal.lnk
File Tree: C:\Documents and Settings\cneilson\Application Data\Lavasoft\Ad-Aware
RegDB TREE: SOFTWARE\Lavasoft\Ad-Aware SE
RegDB Root: 1
RegDB TREE: SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ad-Aware
RegDB Root: 2
RegDB TREE: SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ad-Watch
RegDB Root: 2
RegDB TREE: SOFTWARE\Classes\Drive\shell\Scan with Ad-Aware
RegDB Root: 1
RegDB TREE: SOFTWARE\Classes\Directory\shell\Scan with Ad-Aware
RegDB Root: 1
RegDB TREE: SYSTEM\CurrentControlSet\Services\Eventlog\Applica tion\Adwatch
RegDB Root: 1
File Tree: C:\Documents and Settings\cneilson\Application Data\Lavasoft\Ad-Aware
File Tree: C:\PROGRA~1\Lavasoft\AD-AWA~1
Execute Program: C:\PROGRA~1\Lavasoft\AD-AWA~1\unregaaw.exe
RegDB Key: Software\Microsoft\Windows\CurrentVersion\Uninstal l\Ad-Aware SE Personal
RegDB Val: http://www.lavasoft.de
RegDB Name: HelpLink
RegDB Root: 2
RegDB Key: Software\Microsoft\Windows\CurrentVersion\Uninstal l\Ad-Aware SE Personal
RegDB Val: Lavasoft
RegDB Name: Publisher
RegDB Root: 2
RegDB Key: Software\Microsoft\Windows\CurrentVersion\Uninstal l\Ad-Aware SE Personal
RegDB Val: C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe,-0
RegDB Name: DisplayIcon
RegDB Root: 2
RegDB Key: Software\Microsoft\Windows\CurrentVersion\Uninstal l\Ad-Aware SE Personal
RegDB Val: http://www.lavasoft.de
RegDB Name: URLInfoAbout
RegDB Root: 2
User Rights: Admin

That is not to say that the program itself is not spyware, however, our firewall logs show no "phone home" type practice of any extra writes to the drive that seemed unnecessary.

All of our installed applications here have to be run through an installation logging mechanism that tracks registry changes and writes to the hard drive. When I was testing Adaware, I did not see anything suspicious during the installation.


That is not to say that the program itself is not spyware, however, our firewall logs show no "phone home" type practice of any extra writes to the drive that seemed unnecessary.

Chris, Thanks for taking the time to post this. I feel better now. :D
-Bruce