 sj |
||
|
||
Tech: Unwanted 'Spyware Remover' (& cat)
|
|
|
Subject: Tech: Unwanted 'Spyware Remover' From: Joe Offer Date: 20 Feb 08 - 07:29 PM A week or so ago, I found an icon in my Internet Explorer "favorites" for a spyware or adware removal tool. I clicked it to check it out, and a window opened on my computer, wanting to install something. Names of files kept flashing past, like it was scanning my computer. There were grey buttons to click to cancel installation, but I didn't trust them - so I clicked on the "x" on the upper-right corner of the window and closed it. I used Norton to scan my computer for malware, and found nothing. A few days later, I found a link to the same "utility" on my desktop. I wish I could remember the name of the thing - it was some official-sounding name that was supposed to clean dangerous things off my computer. I Googled the thing at the time, and found no negative information about the program through Google or Symantec. Nonetheless, I think it's highly suspicious because of the way it wants to do its thing without my being able to control it. Is anybody aware of this program? How did it come to install links on my desktop and "favorites"? How can I stop it from doing this? My boss at the Women's Center found the same thing on her computer today, and it keeps wanting to run. I'm trying to talk her through the removal so I don't have to drive the 40 miles to Sacramento to fix. Any hints? Here's a page that has an interesting list of "rogue anti-spyware": http://www.spywarewarrior.com/rogue_anti-spyware.htm -Joe- |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: artbrooks Date: 20 Feb 08 - 07:33 PM Need the name, Joe. |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Joe Offer Date: 20 Feb 08 - 07:48 PM I had to search my Recycle bin, but I found it - the link was titled Online Security Guide, and it led to asafetyguide.com/soft, which then tried to install something on my computer. As far as I can tell, I was able to stop it from installing anything. -Joe- |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: artbrooks Date: 20 Feb 08 - 08:02 PM It is apparently a clone of a spyware program called "aprotectionguide.com". More here from McAfee, including a test to see if you really stopped it |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Leadfingers Date: 20 Feb 08 - 08:07 PM I had a 'Free Computer Check' thing a year or so back that decided it was going to sit on my Puter and demand I buy the whole rig ! I finished up E Mailing the vendor and asking how to get rid ! They sent the info by return ! Cant remember the name but it was some kind of security thing |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: JohnInKansas Date: 20 Feb 08 - 08:38 PM I don't find anything with Google that is really incriminating, but a couple of threads at malware removal sites show HiJackThis logs that have the asafetyguide.com site listed in the browser "Trusted Sites" list. The logs were posted for removal of specific malware programs, and the experts didn't make reference to the browser list; but presence there means that the person running the computer had deliberately added the site, or that they were "surreptitiously added" by malware. IE Tools|Internet Options, Privacy tab, Sites button should show you whether something has added the website to your "approved" list. If it's there, I'd delete it, or block it specifically - and while there make sure mudcat.org1 is on your list. 1 If mudcat.org isn't on the list, and your computer keeps its cookie, you're probably running at a lower security level than you should really be using, or you're using an obsolete version of IE that should be updated. The site for rogue software shows a last update May 2007, which is much too old to be really useful(?). The info appears pretty good, and would help if a bad thing is on the list; but things change too fast to use a list that old to indicate that something it doesn't list isn't bad. John |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: JohnInKansas Date: 20 Feb 08 - 08:42 PM Cross-posted with others. The McAfee page does provide incriminating info. John |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Rapparee Date: 20 Feb 08 - 09:04 PM Having my computer and my wife's repaired and malware removed cost me danged near $400 last December. This and I also had Norton 360 installed on both machines! Since then I've switched to Zone Alarm and free AVG antivirus and antispyware. It's harsh to say, but I no longer trust Norton. |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Joe Offer Date: 20 Feb 08 - 09:10 PM Yeah, I was surprised that neither Norton Internet Security nor McAfee picked this up (Norton at home, McAfee at work). McAfee's Website says something about it, but not really much (and not by the name that appeared on my computer). If it's not a threat, I'd be surprised. It is far too aggessive to be benign. -Joe- |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: JohnInKansas Date: 20 Feb 08 - 09:47 PM Antivirus programs can't do anything about something that isn't a virus. The current most common things are phishing scams, that entice you into clicking something. When you click, you've given permission to install a program, even if the button says something else. YOU are the MASTER OF YOUR COMPUTER, and the AV/AntiMalware/AntiSPAM program that you have installed CANNOT REFUSE TO DO WHAT YOU TELL IT TO DO. If you click, and the click means "install," you override all your protections. The website found in your bin is listed as a "clone site" at the McAfee page, so everything said probably applies to the one you had (or have). Aggressiveness is not an indicator of "evil intent." Not all nastiness is technically illegal. It may just mean they want to trick you into giving them your money. If that's a surprise, you haven't tried to buy a used car lately - or talked to a politician face-to-face. John |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Stilly River Sage Date: 20 Feb 08 - 09:49 PM The Kerio free firewall is doing a fine job, along with AVG, Spybot Search and Destroy, Spyware Blaster, and a new little program that Bill D. (my hero!) recommended called WinPatrol. Woof! SRS |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: GUEST,.gargoyle Date: 20 Feb 08 - 10:30 PM JOE
Your recent clown-clones have not been nice.
Perhaps, they placed me, along with thee on ice.
Sincerely sorry
I also, have cleaned shop.
Gargoyle
nasty, nasty, stuff - In public places (showers, Ireland, Madcow UK, South America) everyone was once disinfected. |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Bill D Date: 21 Feb 08 - 03:18 PM wooof...woof....*pant, pant* (WinPatrol is a winner! IT is the hero, but you may pat my head...) |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Stilly River Sage Date: 21 Feb 08 - 09:21 PM It's funny--poke the icon and it "roofs" at you when it opens. :) |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Joe Offer Date: 21 Feb 08 - 09:29 PM Ah, but John, this program placed links on my desktop, and in my browser "favorites." As far as I can tell, it isn't installed on my computer. But leaving links on my computer is far more than simple aggressive advertising. That's downright malevolent. How did that happen? I'm surprised that Norton Internet Security allowed it. -Joe- |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: GUEST,EuGene Date: 21 Feb 08 - 09:46 PM Norton is so porous that it lets all kinds of stuff through its supposed "protective shield". I would almost classify Norton as a virus whose mission is to facilitate the downloading of all sort of green meanies onto innocent computers. |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Cluin Date: 21 Feb 08 - 09:58 PM Norton USED to be good software. Unfortunately, no longer. I now use AVG for virus protection with ZoneAlarm as a firewall and Spybot S&D (use the "Immunize" feature) & Ad-Aware for spyware protection/scanning. But the best defence is common sense. Don't fall for phishing emails, don't download scads of free software and demos just to "try them out", don't click ANYWHERE on pop-up windows and keep everything updated. |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Joe Offer Date: 21 Feb 08 - 10:53 PM "Don't click anywhere on pop-up windows." That's the best advice I've seen yet, Cluin. From the popups that appeared on my computer, I could guess that I didn't even want to click the "cancel" button. I clicked the "x" button on the upper-right corner of the window to close the popup, and then I closed my browser and rebooted the computer. -Joe- |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: GUEST,.gargoyle Date: 22 Feb 08 - 01:37 AM Symantic - On Line - Free Scan - is SO thorough it picks up pieces of truncated code removed years before.
If you understand "Reg Edit" and yes Joe you do .... it is an interesting half-day refresher coarse.
Even more interesting - after a thorough purge and scrub - is the FIND by Date for the last one, two, three, days.
Sincerely,
Joe get a handle on your clones - No problem if they remove half of tonight's postings (I was mean to AZZI and should not have been - she has her own row to hoe) However, Joe, you have some wicked folk ridin this gospel train. |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: JohnInKansas Date: 22 Feb 08 - 02:03 AM Joe - There are many different kinds of threats out there. Norton (and any other Anti-Virus/Anti-SPAM/Anti-Adware/Anti-BrownRailroadTracksInYourShorts program) can only protect you against the kinds for which the program is designed. An icon on your computer is not necessarily a virus or other malware. The most likely source is that somewhere, sometime, someone actually "clicked" on something that made them curious, and the click was rigged to appear to do something innocent but actually did something unexpected. In this case, it probably said "save icon to desktop" and/or "add link to webpage." If your Anti-everything software prevented you from telling it to save something from the web to a file (including to your desktop) your computer would be pretty useless. A shortcut that connects you to a web site is a very normal thing, and doesn't have to contain anything that distinguishes it from any other shortcut on your computer - except possibly the destination. Some programs, including recent Norton, have lists of suspect or known-malicious destinations, and can even try to warn you about that, but until we have a complete list of every actual person and website who "doesn't play nice" there can't be complete protection. Your burglar alarm can detect when someone jimmys open a window and tries to sneak in; but it's probably useless if they knock on your front door and talk you into inviting them in. If they happen to pick up the keys to all your treasures while they're there having a cool one with you even the cops may tell you that it's not a "reportable crime" since they were an "invited guest." If your Internet Security is pre-2007 or so, you may not have the "Fraud Monitoring" plugin, and some of the Adware extensions are "extras" but all the anti- guys are trying to protect you. The problem is that MOST OF THE CRUD in circulation now is phishing, and no software can protect you from (intentionally or inadvertently) being "taken in" by a good con game. You have to do it yourself. As to aggressive, doesn't anybody remember when Sony said it was okay to put a rootkit on your computer, to track every bit of music you played, if you played one of their CDs? Or the year that TurboTax replaced your Internet Explorer with their own version, modified to collect and send all your financial data to them if you used their tax prep program? Perfectly legal(?) if you do it "in the name of profit" and if you can convince the one driving the computer to "insert the disk" or "click the button" or "open the door and let me in." John |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: GUEST,Acorn4 Date: 22 Feb 08 - 04:04 AM I've got strong suspicions that I've got a similar bug to the one described on my machine and various anti-virus/anti spyware programs haven't been able to detect it - apparently there is a new wave of bugs which enter via "Java", which the anti-virus people haven't been able to get on top of yet - if you disable Java in the browser and just enable it for trusted sites, this prevents further nasties getting in -presumable the anti-virus/spyware people will get on the case soon, and just keep making sure to download updates regularly. |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Pete_Standing Date: 22 Feb 08 - 06:21 AM My son had something like this on his computer recently. Some security type icons appeared on his desktop and some windows kept on popping up saying his computer was at risk. I know those were rogues because I would identify all the AV/Spyware stuff I had installed - Norton, Adware and Spybot. However on the advice of my brother in law I had recently started switching over to AVG anti virus/protection. This identified and removed all the junk on my son's computer and it is now fine. When all the Norton subscriptions in the house are up, we will be an AVG shop. |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Bee Date: 23 Feb 08 - 01:04 AM Speaking of AVG, someone on a thread here recently said they no longer offer free basic protection. This is not true - they do, it just takes a bit of looking through their site. Here's the limk - free offer at page bottom. http://www.grisoft.com/doc/download-free-anti-virus/ca-en/crp/2 |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Stilly River Sage Date: 23 Feb 08 - 01:27 AM You load the AVG software and if you don't pay you select the button to use it for free. Easy. I went in and told it to stop all of the reporting on the bottom of my incoming and outgoing email. It can scan it, just don't tell me about it. I was seeing emails go back and forth on discussion lists ending up with yards of AVG messages at the bottom. Here is a message I sent to the others on that list about how to turn off the footers: Did you know you can make AVG stop sending the footers on your email? -Open AVG (a four-color box on your quick launch bar) -Click on "e-mail scanner" or the "properties" button. -Select "configure" button -On "e-mail scanning" you can leave it to scan mail but not announce it in a footer. -To remove the footer, uncheck the box to "certify mail" under incoming and/or outgoing mail columns. -To change the message leave the "certify mail" box checked but click the "details" button at the bottom to find the message text box. -Click "OK" to exit. There was a report on the news today about the arrest of some folks in Canada and elsewhere who were trying to attack American computers very recently. It must have been a pretty ham-handed attempt, but I saw evidence of it on my own. I had my modem straight into the computer for a while when I was troubleshooting some router stuff. I had several hits that Kerio caught from a Canadian IP address. Same one my aunt uses in Calgary (her email). I blocked it, but it came through every so often, until I got the router back online. I bet it was them. SRS |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Bee Date: 23 Feb 08 - 11:53 AM I have no idea why, but in all the years I've been online, even when I had, for several years, no anti-virus protection at all, I've been extremely lucky and only once had a trojan invade my computer. Other than that one instance, no anti-virus program has ever recorded anything at all. Of course, my online habits are pretty clean, and I'm not addicted to exchanging cute or jokey emails with all my correspondents - one of my relatives is still a little miffed that I refused to accept her constant stream of glurge, prayer chain letters, multi-forwarded jokes and other junk. |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Amos Date: 23 Feb 08 - 01:17 PM Complicated lives, you folks live. My OSX seems to take care of itself. I always check the source of any ambiguous email, and can spot a fraudulent http link readily enough. I have several good filters that move things to junk. And, I guess, I use an OS only enjoyed by ten per cent (or is it more now) of the WWW. A |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: GUEST,Chicken Charlie Date: 23 Feb 08 - 01:17 PM Joe--Thanks for starting this thread! Joe and other contributors--Again thanks. Lots of good info. Bee--I envy your luck, and I know where you're coming from on "glurge," which has endeared its way into my vocab list. Just last week, I told somebody to please cut out the "you must past this on to 15 friends in five seconds or you're not a decent human being" type of feel-good chain junk. Glurge. Has a real ring to it. Anybody have any opinions/experiences with Brave Sentry or Bullguard? I'd love to hear, before I install any more apparently useless "security" programs. Chicken Charlie |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Bee Date: 23 Feb 08 - 02:13 PM Chicken Charlie, I just routinely admit to not being a decent human being on that front. BTW, for anyone interested, as my free Norton trial ended last night, I installed AVG Free on my Vista Home Premium this afternoon with no obvious problems or conflicts or compatibility issues. |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: GUEST,Jon Nix Date: 23 Feb 08 - 02:42 PM To minimise risks of many of these bugs, try using Mozilla Firefox browser. It is totally free to download and really easy to use. Most of the internet spam & viruses are written to invade Microsoft IE, but are easily blocked by Firefox, which is Linux based. I have been using Firefox for a few years now, with AVG (free) antivirus and use AdAware (free) anti-spyware. I have not had any serious infection since, though I had several whilst running Microsoft IE. |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Amos Date: 23 Feb 08 - 03:29 PM ...or buy a Mac. A |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: GUEST Date: 23 Feb 08 - 04:00 PM The MAC OS is based on *nix, so very similar to Linux John |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: SINSULL Date: 24 Feb 08 - 01:07 PM I keep getting a pop up telling me that "BackWeb Plugin is out of date. Please click OK to install". It is titled BackWeb PlugIn. It's not Norton GoBack. Any ideas? Sometimes clicking the X doesn't make it go away. Very persistent. |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: bobad Date: 24 Feb 08 - 01:22 PM Some info on Backweb Plug-in here |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Gulliver Date: 24 Feb 08 - 04:04 PM Like Bee I went for years without an anti-virus program or firewall, and had very little trouble--about 3 instances of malware in 4 years, which were removed after locating information on Google. But I did disable some Internet option when surfing dodgy sites (I think it might have been activeX) which meant I was prompted whenever a site tried to download anything onto my computer. The reason I didn't use the anti-virus software was that, when I installed it, it slowed down my computer. I got a new (well, second-hand) computer a few months ago (which isn't very fast) and installed some freebee programs that came with it: AVG, Sygate firewall, Spamfighter and Spybot. AVG still seems to slow down my computer, for example wants to run checks on every word doc and spreadsheet, and probably HTML file, as well as the email (which is protected by Spamfighter) so I'm thinking of disabling as much as possible and just running it intermittently, along with Spybot. Don |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: GUEST,Joe Offer, at the Women's Center Date: 03 Mar 08 - 07:35 PM OK, so now the Women's Center has something called "Malware Alarm" and another called "Advanced Cleaner" that want to install themselves, and keep displaying ominous warnings to get you to agree to install. So far, I haven't been able to find specific information about "Malware Alarm" and "Advanced Cleaner" at Symantec, McAfee, or any Website I trust. Also, on bootup I get a messages saying Rundll has an error loading windows\system32\nqsdjkdt.dll - and Google won't tell me what the *.dll file is. Advice? Thanks. -Joe- Oh, and the other thing is that while I'm doing this, the Women's Center cat is very interested in the process, and keeps walking across the keyboard, and sniffing around and purring and making herself a general nuisance. I admit that the cat is very good for the well-being of all the staff and guests here, but she sure is a nuisance when I'm doing computer work. When I was working on the Website and before I had a chance to back it up, I was scared to death she was going to walk over the keyboard, hit CTRL-A and "delete." this cat is too smart for her own good. The only animal I want near a computer is a mouse.... |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' From: bobad Date: 03 Mar 08 - 07:44 PM Joe, if you Google Malware Alarm" and "Advanced Cleaner" you'll find that they are something known as "rogue antispyware" which is installed via Trojans and other computer exploits. It would probably be a good idea to give this computer a good clean out. |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: GUEST,Joe Offer, STILL at the Women's Center Date: 03 Mar 08 - 09:05 PM So, I ran McAfee, and it came up with nothing malicious but cookies. The "Malware Alarm" sales pitch comes up every time I open Internet Explorer. -Joe- |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: bobad Date: 03 Mar 08 - 09:21 PM Try "Spybot" and/or "Ad-Aware" they may do it. |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: JohnInKansas Date: 03 Mar 08 - 09:36 PM Picked from Google: Sophos shows a "Malware Alarm" as a "potentially unwanted application" and appears to say that it's anticrud program will remove it for you. I'm not familiar with Sophos programs so can't say which class of program they're suggesting. Symantec also identifies it as a "serious threat." The Symantec response references Symantec AntiSpywareShield, which possibly indicates that this is something not typically detected by antivirus programs. (You need "Internet Security" or "Norton 360" for this kind of stuff.) The recommendation that you "visit the Symantec Security Response website" is vague (they've been taking lessons from Vista), since there ain't no such button on their header; but a search at Symantec gets me to Security Response Weblog where there's a button on the right to run the "Symantec Security Check" which might be helpful. John |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: GUEST Date: 03 Mar 08 - 11:35 PM I love using Firefox, but it does make me wonder about the use of Symantec. Last time I checked, their online scan didn't work with Firefox. I've got kerio, adaware, spybot and avg, so it doesn't really matter, I just think it's too bad they don't include it. kat - accidentally dumped my cookie |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: JohnInKansas Date: 04 Mar 08 - 12:44 AM The kind of malware described isn't a virus and quite probably was downloaded to the computer when someone "clicked something" giving permission for it to be accepted. Common AV programs simply have no way of objecting if the operator requests a download, or installation of a program. More advanced antispyware and antiphishing programs can give some help via temporary blocking and/or warnings, but a terminally-unaware operator can override the warnings. The cat is probably hangin' close on the assumption that someone is going to try to name him/her/it as the guilty one. "The cat did it" is a well known alibi, although it's usually the dog that comes forth with that one. (Sometimes the cat did do it; but you have to know if the dog can be trusted before filing charges.) John |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: Joe Offer Date: 04 Mar 08 - 02:02 AM Well, I gave up for today. Guess I'll have to drive back to Sacramento tomorrow, or whenever I find a really good way to remove this nasty thing. This particular computer is used by all the staff, our college interns, and Lordy knows who else - so it has had some really dumb things loaded on it at times. It's also the computer used by Madame Executive Director, so it's important to get it back in operating condition (even though she uses it mostly for solitaire - we give her a hard time about that, but Sister Judy has a much better attitude if she can play solitaire...) As for the cat, I can't really complain. Since I am surrounded by women and the cat is also female, I have to be on my best behavior. -Joe- |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: Joe Offer Date: 04 Mar 08 - 05:18 PM You know, I have to say I'm a bit disappointed. I was ruse somebody here would be able to tell me how to remove these things - Malware Alarm" and "Advanced Cleaner." There have been some solutions mentioned, but nothing that sounds completely credible. I'd like to remove this without getting a new program to replace McAfee (although I was disappointed that McAfee didn't find this problem and that its Website offered no solution). I'm off to the Women's Center to see if I can fix it. -Joe- |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: The Fooles Troupe Date: 04 Mar 08 - 09:23 PM I'm sure the women will fix you Joe... |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: JohnInKansas Date: 04 Mar 08 - 09:36 PM Malware Alarm appears to give a pretty thorough description of this crudware, and instructions for removal. The instructions may leave some guesswork to be done in identifying everything that needs to be removed. I can't tell without a "sample" to see if the filenames given are actually what appears when you're infected. The site includes a "commercial" for a program that it says will do the removal for you, but also includes manual removal guidelines. Note: I haven't heard of either this site or the program it pushes, so I can't vouch for them. They appear to be "up front" but of course so do lots of scam sites. This looks like a reputable site. The only things I find for "Advanced Cleaner" are at blog/discussion group sites. My impression of these sites is that the advice is frequently "ill-informed," but with the problem in front of you, you may be able to judge whether one might be helpful. Best of the lot: Yahoo: smitfraud (Note the suggestion to go to the same 411-spyware.com site as for the link above.) PC World: RogueRemover John |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: GUEST,Joe Offer at the Women's Center Date: 04 Mar 08 - 11:59 PM Well, I installed and ran Spybot - Search and Destroy three times before the scan came out clean. I'm still getting new browser windows sending me to unwanted Websites, even though the browszer is set not to allow popups. So, I'm still working. It's 9 PM and I'm in the tough part of town, but there's a fence around the car so I guess I'm safe. -Joe- |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: JohnInKansas Date: 05 Mar 08 - 07:36 PM Joe - If Spybot S&D finds new stuff on a second run, assuming you haven't been browsing and pickup something new between the runs, it's likely that something that Spybot removed has been reinstalling itself. This would be most likely to happen with a reboot. Some spyware/malware can do this by putting an "install file" in the Startup folder - the launch platform for stuff that's loaded at each reboot. It can also come from a Registry entry that calls for a reinstall. System Restore can be very helpful if needed, but can reinstall malware at reboot in some cases. When you boot, the Registry is examined for changes, and if something has been removed that's "needed" (a file that's set to run asks for it?) the system looks for a backup Registry copy made by System Restore and puts the Registry entry, and sometimes the file, back in place. To avoid "comebacks," when trying to remove seriously embedded malware, it's necessary to TURN OFF SYSTEM RESTORE before going through the motions to try to remove stuff. When you turn off System Restore, all prior Registry copies it's made are DELETED so they can't be used to put the malware back. The usual recommendation is that you make a manual backup of the Registry somewhere so that you can (manually) restore from it if everything turns to shit. Then turn off System Restore to remove any other possibly infected copies so the system can't automatically reinstall the malware every time you reboot. The "MalwareAlarm" link above at 04 Mar 08 - 09:36 PM tells you what to delete for one of the problems you've probably been fighting with. Note that you can't delete a program that's running so you may have to fight with using Task Manager to turn things off, or may have to resort to a Safe Boot to be able to get rid of some things. Also note that when searching for files in Win Explorer you need to turn on the "Search Hidden and System Files" in the "Advanced" section of the search input. If you can delete enough of the files the malware uses to get it crippled, and can prevent System Restore from putting them back, you may get "Registry Errors" saying something like "File Not Found" when you reboot. An accurate identification of the "missing file" usually will let you search the Registry for the entry that's calling for it, so you can clean up the Reg files, if that's also needed. Even if the cat did it, she's probably too subtle to tell you how or to offer help. (Even waterboarding is generally ineffective for cats, and more likely will cause injury to the interrogators.) John |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: GUEST,Murphy Date: 06 Mar 08 - 06:27 AM I recently had a spate of these, each one telling me that my PC was infected and trying to sell me their wares. I could not eliminate any of them and eventually I tried "System Restore" which is accessed via "System Tools". This enabled me to restore the PC to a date preceding the Trojan Invasion and it worked for me. Presumably they are still hiding somewhere in my PC but I live in hope. |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: Jim Martin Date: 06 Mar 08 - 06:48 AM Have tried to open Spybot prog since downloading but cannot, anyone know possible reason/s why? |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: Roger the Skiffler Date: 06 Mar 08 - 11:53 AM I guess you're safe any way, Joe, I always see you as a "Jack Reacher"* kind of guy! **BG**. I got "Access Denied" again today when I tried to access Mudcat a couple of hours earlier. Now I got in with no problems! AOL? Probably! RtS (*you all read Lee Child don't you?) |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: Joe Offer Date: 06 Mar 08 - 01:00 PM Hmmm. Jack Reacher? (also here) Well, I guess that's OK, but I'm 12 years older than Jack, and getting a little crochety. I never have problems like this with my own computer, so sometimes it's hard for me to figure out how somebody else got a computer so Profoundly Screwed Up. This particular computer is used by a number of people, but particularly by the wonderful woman we jokingly call Madame Executive Director (more often, I call her Sister Mary OCD). I told her that this stuff was most likely installed by somebody who clicked on the wrong thing, and she said she never does that - and then proceeded to click away wildly at things she didn't want on her screen. Her method of dealing with popups is to click madly all over until they disappear. Aaaaargh! Obsessive-compulsive people should not be allowed to use computers. Such things should be left to us calm, methodical types. Good thing I like her. -Joe- |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: JohnInKansas Date: 06 Mar 08 - 07:27 PM Joe - madly clicking away may be OC, but "calm, methodical" suggests AR. Never thought to accuse you of that. Basic AntiVirus simply isn't sufficient for a computer that gets "public" use. You need a "full suite" system that integrates AntiVirus, AntiSpyware, Popup blocking, and the newest - FRAUD MONITORING. It can be done by "patchwork" assembling of free/low-cost systems; but an "integrated" setup - protection suite - from one of the major sellers is probably cleaner. Even if you have a "full suite," features to protect against newer and most popular forms of threats may not be included or added by updates. So far as I can find, Norton didn't add their Fraud Monitoring prior to Internet Security 2007. It may have been in an earlier version of Norton 360, but I haven't looked. Most of the major suppliers do now have complete suites that, for current versions would be appropriate. Full protection features are almost never included in "free" versions. This may not be a problem for an individual user who observes good browsing practices, and/or who is willing to search out separate "special purpose" additional programs; but is NOT sufficient for a communal-use machine. (note: opinion) In fairness to your "nice lady" a possible way for the kinds of junk seen is for a "rogue" site to simply search for open connections, which often can be found on machines that are connected, whether or not the computer is even being used. A Norton (or other) Security Scan will tell whether an individual computer is properly "cloaked" - with NO PORTS VISIBLE from the outside. Win2K cannot be cloaked as it's based on a "server technology" that requires at least one port to be open and visible, but WinXP and later should be invisible to anyone attempting to find the machine from the outside. If you've run into something that's seemingly impossible to remove, there are several websited that offer "expert help." The routine is described at the rather dated 'cat thread: Spybot Thread You generally: 1. Update and run your AV program. 2. Update and run AdAwareSE 3. Update and run Spybot S&D 4. Reboot 5. Update (if necessary) and run HiJack This, and save/export the HiJack This result. 6. Post the HiJack This result at one of the help sites. 7. Wait for the reply, and then read and follow exactly what they recommend. The post at the thread link gives two sites that can be trusted (IMO) and both are still active, althought the site name for the Tom Coyote has been changed due to an "acquisition" by a reputable (probably) other outfit. This isn't an "instant fix" but is the most reliable and comprhensive way to attack a really puzzling problem. Do be sure to read and follow all the instructions if you really want them to help. Since different sites may prefer different versions of the listed programs, and some sites may also have added or replaced one with a different "analysis" program, you should get the links to download (and update) the programs needed from the site you pick. John |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: Big Al Whittle Date: 07 Mar 08 - 02:33 AM Its got into my computer. Its very subtle. I was googling myself for reviews etc) and I saw some new mentions of my album. One was with someone of the same surname. Aboard it jumped and I can't get rid of it. Anybody with a definitive idea of how to get shut of it? Its a brandnew computer with newly installed MacAfee. I have run the scan but it doesn't seem to have any purchase on it. |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: Joe Offer Date: 07 Mar 08 - 02:56 AM Hi, Al - well, I htink I have it licked, although I had to make the 1-hour drive to Sacramento three times this week to do it. I'd suggest Spybot Search and Destroy. McAfee doesn't seem to detect adware - I guess maybe they think it's proper capitalism and lave it alone. As shown above, John in Kansas suggests also scanning with AdAware. -Joe- |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: JohnInKansas Date: 07 Mar 08 - 03:04 AM weelittle - See post immediately above (06 Mar 08 - 07:27 PM) if you reach desperation stage. The "protection" that comes with new computers usually is basic AntiVirus only, and the crud people are seeing here is not a virus, so the free-trial stuff seldom helps much with it. (It does help the the few hundred other things you might have without it.) If you don't reboot often, a System Restore may be able to pick up a backup prior to when you got the sickness. If you restart daily, all of the backups in System Restore may be infected, and you'll need to turn off Sys Restore to DELETE them. If you do find one old enough to clear things, after starting with the restored version you need to IMMEDIATELY turn off System restore to get rid of other infected ones, then turn it back on if you want. (You'll probably want to leave it off until you're sure you've cleaned things up.) If you can't find an old enough backup, you can make a manual backup to be safe - that Sys Restore won't put back - using Regedit before or after you turn off Sys Restore to get rid of infected ones that reinstall themselves; but your manual backup will probably contain the infection so it's only for last-resort use. Get as accurate a record of the program name and any files that are identified in the popups as you can. (Alt-PrtScn and paste into Word if nothing else is handy, if you can. Some popups close if you try to copy them that way.) Search the 'net to see if anyone has worked the crud you have already. Check Start and Startup folders for strange stuff, especially with filenames resembling what's in the messages. If you're confident about getting in there, search the Registry (Regedit again) for any words, word fragments, or filenames from the popups. Assuming you're WinXP SP2 or later, visit Microsoft update (microsoft.com and search for "update" and/or "security") and make sure you're getting the Microsoft Malware Remover program. It's not really too thorough, but gets what's currently a problem for most people. (If three 'catters have it, at least 100,000 less cautious people probably do have the same thing.) Other than that, without hands-on with your computer, there's not much to suggest short of going to one of the HiJack This sites and asking them for help. That probably will take a couple of days - or more - by itself. John |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: JohnInKansas Date: 07 Mar 08 - 03:15 AM Minor point. You can't delete a file that's open, and neither can Spybot or Ad-Aware. Either program can be run from Safe Mode, making it much less likely that a piece of crud will be running; but you may need to visit the sites to find details/recommendations on how to run them from command line for best results. John |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: Stilly River Sage Date: 07 Mar 08 - 08:49 AM There is a kind of ass-backward way to get rid of some of this stuff. Download the newest versions of Spybot and any of those other programs you plan to use and put them on a thumb drive or someplace out of harms way. Clean up the disk (system cleanup and defrag) just because you should sometimes, then take the computer off of the internet connection. Then you're going to go through Add/Delete programs and get rid of anything that doesn't belong in there. Uninstall spybot and dump your cookies. Check IE and dump any permissions. You can see where this is going--you're now going to install spybot from your thumb drive and reconnect the internet and let it update itself. You're going to run the scan, then you're going to start every program that is there and give it permission to load and run. You might even have to help people with regular programs or sites they run. You need to be sure to deny access to the programs you don't want to load. Use IE and Spybot to do the blocking. Tedious, but it does work. Either that or try system restore. SRS |
|
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: Big Al Whittle Date: 07 Mar 08 - 09:47 AM A friend (who knows about these things) came and did Murphy's procedure for me and tried installing powerzone and updating my MacAfee. The thing is quietened down, but it jumped out when my wife went to the Heanor Local History Site. As you say, it lurks! A treacherous foe! |
| Share Thread: |