 sj |
||
|
||
Tech: Spyware Problem?
|
|
|
Subject: Tech: Spyware Problem? From: Susan of DT Date: 21 Jan 04 - 08:52 PM I seem to have picked up some sort of bug: whenever I try to open a file on my C drive I get a dial-up connection screen. Twice. When I close it twice, my file will then open, slowly. I have Norton Antivirus and after this situtation got annoying, I talked to some people and downloaded SpyHunter, Spybot Search and Destroy, and Ad-aware. These found and eliminated 3 different sets of things, but the problem persists. Any suggestions? |
|
Subject: RE: Tech: Spyware Problem? From: Jeri Date: 21 Jan 04 - 09:51 PM Susan, what sort of file is it? If it's HTML or something you downloaded from the internet, it may have code that tells it to get something from a specific website or communicate with the site for some other reason. It could be something as innocuous as a hit counter. It could be that the file's opened with a program like Real Audio that automatically checks for upgrades. I HATE that, and there's no way to tell it to knock it off, but it's not trying to do anything terribly devious. |
|
Subject: RE: Tech: Spyware Problem? From: Bob Bolton Date: 21 Jan 04 - 10:02 PM G'day Susan, I have an unresolved ... but so far not (yet ... ?) harmful problem of the same sort. It appeared after I accessed a music site (a history about Percy French, the author of Mountains of Mourne). I have got rid of the most of the problem, but there is a file left in my registry (Win XP Home) called wwweasy.exe (and another wwweasy.~ file) - and it was trying to open the web as soon as I logged onto the computer ... and install itself as my home page - offering on-line gambling (and God knows what else ... !). It stills seems to launch a web connection box at startup. Running Norton Internet Security and Adaware seemed to get stop the active attacks, but it didn't get rid of those two files. I mean to collar a more knowledgeable IT type before I go any further in eradicating it - in case I take out something useful. Have a search for that file I mention above ... you could have the same gug ( ... trojan ... spyware ... ?). Regards, Bob Bolton |
|
Subject: RE: Tech: Spyware Problem? From: GUEST,.gargoyle Date: 21 Jan 04 - 10:02 PM Just re-format...and start over...and this time use a firewall.
They already have your last three-years Turbo Tax records and any credit card purchases made on the machine. <
Sincerely, |
|
Subject: RE: Tech: Spyware Problem? From: GUEST,.gargoyle Date: 21 Jan 04 - 10:07 PM Whooppsy....even more important!
Cancel your credit-cards, change your checking/savings accounts, and switch to "guest" status on all internet-bulletine-boards.
Sincerely, |
|
Subject: RE: Tech: Spyware Problem? From: The Fooles Troupe Date: 21 Jan 04 - 10:39 PM Doubtles, Gargoyle thinks he's a great wit - but he's only half right! |
|
Subject: RE: Tech: Spyware Problem? From: JohnInKansas Date: 22 Jan 04 - 12:44 AM There are a couple of virus variants that do, or attempt to do, a reset of your home page. One of the earlier ones was called Troj/JetHome, and is pretty thoroughly analysed on most of the AV sites. You AV will probably catch and disable the infections of this kind; but since they "invade" the registry, your AV alone may not be able to do a complete cleanup. If you have, or had, one of these, the instructions for cleaning almost any of them should give you a good guide to the steps to take, although not necessarily the exact "keys" to clean out of the registry. Nearly all of the MP3 "sharing" sites, with the possible exception of the new "pay for play" ones, require you to use their software for file transfers, and all known file share software is said to contain imbedded invasive spyware. A couple of them can be disabled, but a couple of the more popular ones will stop working if you remove the spy components. A couple have been accused of the homepage reset thing, but I haven't seen confirmation from a reliable source. There are a number of "free download" games that install spyware components in or with the game program. Most of these are less invasive, but they will often attempt to contact their "reporting" site every time you start the game. A couple of the less widely distributed ones have been found with homepage reset components. Almost any popup that you click on can potentially download spyware, malicious or otherwise, and bypass your AV, since by clicking you have agreed to an installation of software in the eyes of the "providers," and by clicking you inform your AV that it should "pass" the download. If you install it, it doesn't have to contain viral signatures to do almost anything the programmer chose to put in it. Your AV can't do much about spyware or other "malware" if it's part of something you agree to download, and even some nominally reputable people are not exempt from suspicion. Intuit (the Quicken guys) slammed an installation of a modified and very suspicious version of IE with the installation of their TurboTax a couple of years ago, on the pretense that "it was necessary" for them to do your income tax return. It was an obsolete version that had none of the security updates then current, but would replace your current version (and remove all your updates) if you installed their program. I'm still wondering what information they might need that wasn't in your return; but I would expect they know a lot more about anyone who used their stuff than they have revealed. Since you could, theoretically, install their program and do your mail-in return without contacting their website, the following year they imposed an "activation" key that you had to get from their site (while their program transferred all the data it had collected from your machine?) before the program would run. It will be quite a while before I'll consider using any Intuit program again. John |
|
Subject: RE: Tech: Spyware Problem? From: Escamillo Date: 22 Jan 04 - 01:07 AM All this nightmare would not exist IF Mr. Bill Gates was honest enough to protect his operating system from invasive software. Back in 1975 the DEC systems I worked with, were protected not only against invasive software, but also against programmer's errors which could damage the system area. Windows allows anybody to modify Windows Registry (the most intimate system files), install themselves as privileged tasks, connect to Internet, report your activity to their headquarters, disable your anti-virus software, etc. They don't destroy your disk because they want you alive, not because they can't. For the moment, use a firewall like ZoneAlarm, use AdAware, set your I.Explorer Security to High, block cookies, avoid Kazaa and similar music-sharing programs, avoid MS Messenger, don't allow your PC to act as a server, don't open unsolicited mail, and pray. Un abrazo Andrés |
|
Subject: RE: Tech: Spyware Problem? From: Susan of DT Date: 22 Jan 04 - 04:54 AM The 3 spy sniffing programs have not found anything after the first run. I almost never download anything (these antispy, Norton antivirus updates, Earthlink & Netscapes updates every couple of years, not much else) and I don't open strange email or attachments. I bought things from two stores I had not used before at about the time this started, so I suspect it is one of them. Jeri - It is all files - word, excel, whatever. It is not trying to go to any particular site, it just wants me connected. Actually the connection it wants me to make uses my regular earthlink number, but does not make a useful connection - can't use mail or netscape from there. |
|
Subject: RE: Tech: Spyware Problem? From: ChocolateLover Date: 22 Jan 04 - 07:32 AM Er - hi, hope you don't mind me butting in. I used ZoneAlarm to solve similar problems as everytime a prog tries to access the internet it asks me to give permission. If I refuse permission then it simply kills the program. I put it on all p.c.s that I build for friends/family now as it does such a good job as a firewall and a catch-all for those already on. There is also a free scan available at the ZoneAlarm site if I remember correctly, which can be quite handy. (goes back to lurk in the shadows) |
|
Subject: RE: Tech: Spyware Problem? From: JohnInKansas Date: 22 Jan 04 - 08:51 AM If you have one of the newer versions of Norton, and one of the more "modern" Windows operating systems, both can be set up to "auto-update," and will attempt to connect in order to "check for new files," often every time you boot the system, but at least periodically. It's quite possible that one of these is your culprit. Some (possibly most) versions of pdf reader will attempt to "connect to look for updates," but usually only when you open a .pdf file. The reader invariably asks if you want to check for updates, and offers a button that you have to click to do so, so it's obvious that it's the "originator" of the request. (Some sites that offer .pdf downloads have a "check for updates" popup that will come up when you click to open a .pdf - in addition to the one that may be in your reader.) Newer versions of Quicken and of Money will almost always attempt to "connect" when you open the program, although it's usually obvious that they're the source, since they'll whine about not knowing "which portfolio you want to check" if you haven't set them up to do something with the connection. It is apparently the "philosopy" of a number of software bulders that everyone wants to be "connected," all the the time. They may be correct that this is a majority view, based on the vast numbers of people who apparently believe that it's impossible to operate a motor vehicle without having a cell phone stuck in their ear. It is very likely that your unexplained attempts to connect originate from Windows, Norton, or some other "legitimate(?)" program function. It can be very difficult either to unambiguously identify or to disable this "function" - which is there "because everybody wants it.(??)" John |
|
Subject: RE: Tech: Spyware Problem? From: Willie-O Date: 22 Jan 04 - 09:47 AM Starting with the basics (assuming Windows 95 through XP, IE, 5.5 or 6), for unwanted dialup connectoids: (these procedures may not do it for your specific symptoms, but start with them anyway.) From IE menu line: Tools>Internet Options>Connections. 1. Ensure there is a dot beside "Never Dial a Connection". 2. In "Dialup and VPN Settings" window, are there connectoids listed there that you don't use? Delete them. Make sure that the correct Earthlink connectoid is set as the default. The connectoid that is always popping up, and doesn't work properly anyway, may have incorrect proxy settings listed. Call Earthlink tech support if you're not sure of what you're seeing. (If you have a high-speed connection, you don't need any dialup connection here, since the highspeed is a network interface and doesn't use the Dialup Networking at all. ) 3. Still in Internet Options, go to the General tab, click on Delete Files> check Delete All Offline Content>OK, when that's done click Delete Cookies, then OK. Another frequent culprit is Outlook Express. Tools>Accounts>Properties>Connections>ensure NO checkmark on "Always connect to this account using" line, if a dialup connection is selected and that box is checked OE will try to make a dialup connection even if you are already online with highspeed. Just a few of the usuals... W-O |
|
Subject: RE: Tech: Spyware Problem? From: Jeri Date: 22 Jan 04 - 09:55 AM John, that was my thought - that it might be a program checking for updates. If so, one of those things you bought from new stores is likely the culprit if they were new software or upgrades. You ought to be able to open Zone Alarm and see which program is trying to access the internet. My anti-virus is set to download updates daily, whenever I'm on line. The first time it did this, I saw something fairly large downloading and mildly freaked...until I checked Zona Alarm, saw that it was the AV's Instant Update, and remembered I'd told it to do that. That's the "Hey, everything's fiiiine" view. Now, for some paranoia: "...the connection it wants me to make uses my regular earthlink number, but does not make a useful connection - can't use mail or netscape from there." gives me the creeps. There are things out there which will link you to THEIR server through your connection. I don't know what that looks like when it happens, though. If your machine was ever infected with a virus, you would have had to not only delete the virus, but also undo the changes it had made. It doesn't sound like you ever found any viruses on your system, BUT I wonder if the same thing's true of spyware. (That it makes changes to your computer registry which you have to undo.) You also should check for updates of the Anti-Spy stuff regularly. |
|
Subject: RE: Tech: Spyware Problem? From: Stilly River Sage Date: 22 Jan 04 - 10:11 AM I occasionally visit old programs, and before I had DSL they were set to initialize the dialup connection when I started the program. I think I've finally removed those now. One way to avoid the automatic attempt to dialup is to limit what is even allowed to load when you start your computer. I tried several programs, and in the process lost more than I really wanted to as far as cookies, caches items, temporary files, etc. It took out some "rarely used" stuff that I had to reproduce. I have found that the little program called "StartUP" helped identify what should start and what should just sit there until I click on it. You'll find the program several places. I think I followed a link from Mudcat, or maybe found it at Tucows.com. http://www.mlin.net/ is a little freeware program (but it doesn't hurt to tip the author!). SRS |
|
Subject: RE: Tech: Spyware Problem? From: Susan of DT Date: 22 Jan 04 - 06:11 PM Thanx all. I will try Willie-O's suggestions. Programs I have been using for five years should not suddenly decide they want to sign on everytime I go to open a file. I will try Willie's suggestions and let you know if that worked. I don't think I'll buy anything on the net for a while... |
|
Subject: RE: Tech: Spyware Problem? From: Susan of DT Date: 22 Jan 04 - 07:21 PM Willie - I use Netscape rather than IE and don't use Outlook Express. I found similar settings in the computer's Control Panel. I tried the things I could find of what you suggested and so far it looks good. It is early to call it cured, but it looks good. What in the world do all those things on the Advanced tab of the internet connections do? I was afraid to touch most of them because I don't know what they would do. So maybe we have cured this. I thank you. Keep your fingers crossed that this stays fixed. |
|
Subject: RE: Tech: Spyware Problem? From: Bill D Date: 22 Jan 04 - 08:07 PM here is a program like SRS suggested http://www.mlin.net/StartupCPL.shtml just in case problems continue.. |
|
Subject: RE: Tech: Spyware Problem? From: Stilly River Sage Date: 22 Jan 04 - 09:36 PM Rule of thumb--keep yer thumb off of all of those buttons in the Advanced Tab if you don't know what they do! What version Netscape are you using? Could there be compatability problems with an old version? Did you update or install something new recently? SRS |
|
Subject: RE: Tech: Spyware Problem? From: nutty Date: 23 Jan 04 - 02:40 AM I have been having similar problems with Internet Explorer although I have a firewall and all kinds of other defences in place. I have a cable broadband connection which (fortunately) still works perfectly with Netscape, which is my primary browser but it appears that IE has lost access to this connection. The downside of the problem is the annoying appearance of the internet dial-up box and the fact that certain progs. (eg. real player) seem to need Internet Explorer to function properly. The upside, is the total disappearance of spam e-mails, although I am still recieving genuine ones without a problem. At the moment I'm not doing anything to change the situation as it is not affecting my use of my computer. |
|
Subject: RE: Tech: Spyware Problem? From: GUEST,petr Date: 23 Jan 04 - 04:25 PM one thing you could do is the ctrl-alt-del to see what is running on the system (and check them on www.answersthatwork.com) they usually tell you whether its a valid program or whether you can get rid of it. Id definitely use zonealarm firewall, ad-aware is handy too, and norton with auto-update. set your security settings to high on explorer as well, as there are java scripts, activex etc in some sites that may reset your homepage and the only way to get rid of them is to edit your registry. (using regedit - and check default pages etc) some programs actually require an internet connection so they can check that youre a valid user, also lookup foistware on google and you can find out about questionable stuff thats installed on your computer without your knowledge (typically any program you install may install a whole bunch of junk you dont need) I found out that onetouch multimedia keyboard was always checking my internet connection (because it has all these keys for sports shopping etc that I never use). THis was a default setting with hp pavilion computers, so basically everything you do on the net is redirected to hp.redirect.com (or something). A major violation of privacy as far as Im concerned. |
|
Subject: RE: Tech: Spyware Problem? From: GUEST,obnig hrobdog Date: 23 Jan 04 - 06:01 PM I have a similar problem on one computer, using IE 5.5, that has what seems to be an extension of the usual useless microsnot search stuff that keeps popping windows up to get me to search for a list of useless stuff like gambling, and can't be closed without finding something, then changing the address back to wehere you were, and doing a couple of control-alt-delete-emd-tasks to shut the stuff you did not want. It does not change the dialled connection. It seems to be called "hotsearch" and to hunt for files with a .pdp (I hope I've remembered that right) extension. |
|
Subject: RE: Tech: Spyware Problem? From: Folkiedave Date: 23 Jan 04 - 06:16 PM You might find http://www.newbie.org/help/messages/2307.html is helpful too. Dave. www.collectorsfolk.co.uk |
|
Subject: RE: Tech: Spyware Problem? From: Susan of DT Date: 24 Jan 04 - 02:22 PM It seems to be okay now. Thank you all. |
|
Subject: RE: Tech: Spyware Problem? From: harpgirl Date: 17 May 04 - 03:18 PM HELP! I picked up a spyware program that is so malicious it is not letting me do anything! It took over my home page, loaded porn, tried to load a game and when my Norton pops up and says "Malicious software" my computer goes dark and then back to the spyware. I don't know what to do because I can't use the internet without this shit taking over. Does anyone have any clues? |
|
Subject: RE: Tech: Spyware Problem? From: Stilly River Sage Date: 17 May 04 - 03:48 PM I've seen that described by others here at Mudcat. Good luck getting rid of it. I use Ad-Aware, and it will identify and quarantine programs like you are experiencing. You can get a free copy of Ad-Aware here or Spybot Search and Destroy. Here is an article describing what you probably have and how to fix it. My programs were running a bit slow this morning, and I recall one popup on the firewall saying a program was trying to access the internet. I'd just started something else, so thought it was the program I was using. Makes me wonder if these spy programs aren't bright enough to do just that, not make a move outward until they can piggyback on another program? Anyway, Ad-Aware found that nasty little spy ALEXA in my system. What's extremely disappointing is that Alexa is owned by Amazon. It seems redundant to sic a spyware program on me--I spend so much at Amazon anyway, they KNOW my Internet shopping habits! This is from their security statement:
Good luck, Harpgirl! In your shoes, first thing I would do is download Ad-Aware and let it get to work. You'll appreciate that cartoonish "sproing" sound it uses to announce that it is finished searching your computer! SRS |
|
Subject: RE: Tech: Spyware Problem? From: Stilly River Sage Date: 17 May 04 - 04:09 PM I came across some interestion stuff about Google and making it's cookie make your information anonymous. It looks like you have to save this thing as a bookmark and then go to a Google page before clicking on it, but Google will then be "anonymized." (Not to be confused with the Anonymizer program). Here is information about some of Google's operating techniques. SRS |
|
Subject: RE: Tech: Spyware Problem? From: harpgirl Date: 17 May 04 - 04:24 PM SRS I can't get to the internet to download a program because it has my computer at home inoperable with all the crap. I am not sure what to do. I am on my office computer at the moment. |
|
Subject: RE: Tech: Spyware Problem? From: Stilly River Sage Date: 17 May 04 - 04:47 PM Download a copy of Ad-Aware and the updates all onto a disk. You may have to try opening your computer in a "safe mode" to keep the malware from starting up before you can install and run the Ad-Aware. Take a look at the system message before your operating system kicks in. It usually involves pressing one of the "F" keys before the operating system starts up. While you're at work you might want to visit your computer manufacturer's pages or the Microsoft pages (assuming you're using a Windows product) and see what they say about opening in "Safe Mode." SRS |
|
Subject: RE: Tech: Spyware Problem? From: Stilly River Sage Date: 17 May 04 - 06:28 PM Or it might involve "control/alt/delete" early on after startup to bring up the task manager shut down some mal-tasks so you CAN get online. Where's John From Kansas when you need him? |
|
Subject: RE: Tech: Spyware Problem? From: mooman Date: 18 May 04 - 09:09 AM Susan, If the problem comes back, PM me with details of the windows that open including the name on the dial-up window. There are a few nasty variants of malware/spyware circulating that the usual Ad-Aware/Spybot programs will not eliminate. My computer is quite highly security-rigged (being systems manager for my organization on top of my "daytime" activities) but I still got a stubborn one that had to be painstakingly removed "by hand"! Peace moo |
|
Subject: RE: Tech: Spyware Problem? From: harpgirl Date: 18 May 04 - 09:09 AM Occam's razor worked! I loaded the games software without installing it from the company that also sent the pop-ups and warnings and then I could get to the Adaware and load it. The company did say it was a legitimate download and that the popups would stop if I did their bidding. Strange. Adaware rid me of 68 items that were gumming up the box. We didn't even need J in K! Girls (maggie) rule! |
| Share Thread: |