Spyware problem...

The geek forum. PHP, Perl, HTML, hardware questions etc.. it's all in here. Got a techie question? We'll sort you out. Ask your questions or post a link to your own site here!

Spyware problem...

Postby MasterDias » Mon May 31, 2004 10:54 pm

Alright, here's the deal.
I have a very annoying problem with some spyware that I can't seem to delete...

The IE browser keeps getting hijacked whenever I restart the computer, plus pretty soon after, it adds some... unwanted links to the favorites menu.

I've run Spybot and managed to delete some stuff. Unfortunately, every time I run a scan with Spybot it lists the same few Spyware problems that it claimed it deleted/fixed in the previous scans.

Does anyone have any solutions?
-----------------------------------------
"Always seek to do good to one another and to all."
1 Thessalonians 5:15

"Every story must have an ending." - Auron - Final Fantasy X

"A small stone may make a ripple at first, but someday it will be a wave." - Wiegraf - Final Fantasy Tactics
User avatar
MasterDias
 
Posts: 2714
Joined: Tue Jun 03, 2003 4:56 pm
Location: Texas

Postby skynes » Tue Jun 01, 2004 3:31 am

If you use Kazaa, get rid of it. Kazaa is infected with Gator spyware.

Get Ares instead, does the same thing, but installing spyware is optional and won't be forced upon you.

Spyware gets onto your PC when you access certain sites.
Take a look at some of the sites accessed on your PC. There are some in partidular such a Newgrounds, EBAY etc that are riddled with spyware.

Some sites ask your permission before downloading, however others are not so courteous and download without telling you so watch out for that.
I am the Reaper of Souls... and it's harvest time.

Image
User avatar
skynes
 
Posts: 742
Joined: Mon Mar 01, 2004 8:39 am
Location: N Ireland

Postby MasterDias » Tue Jun 01, 2004 6:56 am

I don't use Kazaa so that is not an issue.

The current problem is not avoiding Spyware. The current problem is how to get rid of what's on the computer.

Spybot isn't apparantly working, or at least a general scan with it isn't. The same Spyware that it deleted on previous scans keeps coming up.
-----------------------------------------
"Always seek to do good to one another and to all."
1 Thessalonians 5:15

"Every story must have an ending." - Auron - Final Fantasy X

"A small stone may make a ripple at first, but someday it will be a wave." - Wiegraf - Final Fantasy Tactics
User avatar
MasterDias
 
Posts: 2714
Joined: Tue Jun 03, 2003 4:56 pm
Location: Texas

Postby skynes » Tue Jun 01, 2004 7:27 am

There is another one called Adaware or something thats supposed to be better but I don't know where to get it.
I am the Reaper of Souls... and it's harvest time.

Image
User avatar
skynes
 
Posts: 742
Joined: Mon Mar 01, 2004 8:39 am
Location: N Ireland

Postby uc pseudonym » Tue Jun 01, 2004 9:31 am

Well, if you want to go the hard route, you can always use regedit. Look for it in the computer's Find function, then find the folder with the file name of the programs that continually come back. That will get rid of them. Just be careful when doing anything within regedit.
User avatar
uc pseudonym
 
Posts: 15506
Joined: Tue Jun 10, 2003 4:00 am
Location: Tanzania

Postby ssj2gohan61 » Tue Jun 01, 2004 3:18 pm

programs i use are spybot s&d ad-aware 6.0 hijackthis--(be sure you know what your deleting and make backup) and Xoftspy use all those lol i say best advice to do is download hijackthis http://www.spywareinfo.com/~merijn/files/hijackthis.zip then run that and save your log file.. then copy it and make a post here http://forums.spywareinfo.com/index.php?showforum=18 saying you need help getting rid of spyware browswer hijacking etc.. copy and paste your logfile into your post and they will help you eventually they helped me alot in the past and best thing about it is you dont have to register
User avatar
ssj2gohan61
 
Posts: 769
Joined: Sun Apr 04, 2004 10:09 pm
Location: New Mexico

Postby madphilb » Tue Jun 01, 2004 6:27 pm

Also, look for a URL file in your "Startup" folder (Start -> Porgrams -> Startup) and make sure it isn't there re-loading the URL on startup (this was happening to my sister).

I'd also highly recomment you 1) make sure you have all the updates from Microsoft for all the security patches and 2) get rid of IE and get a copy of one of the Mozilla browsers (Firefox is my personal recommendation, not only does it block popups, and in a smarter way than some other pop-up blockers, but you can install the Adblock plugin and kill off some of the banner ads and whatnot as well).

Also there is a "Shredder" program that you can usually find sitting alongside where you'll find HiJack this that will kill off some of the harder to remove adware/spyware /viruses junk.
PHIL

Image
Member of P.I.E. -- Pictures of Inkhana for Everyone!! Join the fight!!
Image
User avatar
madphilb
 
Posts: 1057
Joined: Thu May 29, 2003 1:46 pm
Location: Sunny St. Pete, FL

Postby Spencer » Tue Jun 01, 2004 6:33 pm

I think Ad-Aware 6 is your best bet software-wise. I think if you just google lavasoft ad aware that'll give you a link to download it.
:)
User avatar
Spencer
 
Posts: 597
Joined: Fri May 30, 2003 4:00 am
Location: Texas

Postby MasterDias » Tue Jun 01, 2004 6:58 pm

I've had AdAware for awhile. Between that and Spybot, most of the Spyware is usually history but there were a few that were giving me a hard time. I did download the CWShredder program and I believe that it took care of the Spyware that was causing me problems.

The only Spyware left is something that's called a "Common Hijacker" by Spybot, but it isn't apparantly messing with this computer presently. I do probably need to do some Windows updates.

As for Mozilla, I have Firebird installed and I generally like it. I use it whenever I visit a site that I know has automatic popups. I haven't really gotton used to it however as I've been using IE for so long...

So, yeah, I think that the problem is pretty much fixed now...
-----------------------------------------
"Always seek to do good to one another and to all."
1 Thessalonians 5:15

"Every story must have an ending." - Auron - Final Fantasy X

"A small stone may make a ripple at first, but someday it will be a wave." - Wiegraf - Final Fantasy Tactics
User avatar
MasterDias
 
Posts: 2714
Joined: Tue Jun 03, 2003 4:56 pm
Location: Texas

Postby ssj2gohan61 » Wed Jun 02, 2004 12:05 pm

thats good to hear
User avatar
ssj2gohan61
 
Posts: 769
Joined: Sun Apr 04, 2004 10:09 pm
Location: New Mexico

Postby redkorn » Wed Jun 02, 2004 3:26 pm

i have that ad-aware it help but the next day i still have like 100 some spyware stuff in my pc, all the pop-ups X.X most of them are those "hate pop ups well buy this"
User avatar
redkorn
 
Posts: 270
Joined: Wed Nov 26, 2003 7:45 pm
Location: near Pittsburgh,PA

Postby uc pseudonym » Wed Jun 02, 2004 4:46 pm

redkorn wrote:i have that ad-aware it help but the next day i still have like 100 some spyware stuff in my pc, all the pop-ups X.X most of them are those "hate pop ups well buy this"


While I feel for your problem, I must say that the irony is very nice. There is a certain message that says "Warning: Your computer has security leaks. These leaks allow outside computers to access your basic files and create system errors. These errors could be used to spam your computer or create pop up messages... like this one."

As far as I can tell it doesn't actually do any harm.
User avatar
uc pseudonym
 
Posts: 15506
Joined: Tue Jun 10, 2003 4:00 am
Location: Tanzania

Postby madphilb » Wed Jun 02, 2004 9:32 pm

MasterDias wrote:As for Mozilla, I have Firebird installed and I generally like it. I use it whenever I visit a site that I know has automatic popups. I haven't really gotton used to it however as I've been using IE for so long...

2 words.....

Cold Turkey


Just give it up... you'll be happier for it later. I had been using Opera and wasn't sure I'd like Firebird when I loaded it, but I got used to it quick enough.

Be aware that even ifyou switch to FireFox, you'll still have to keep a close eye on your windows system... esp. if you use Outlook for e-mail or Windows Media Player for playing, well, anything.

Semi-perfect M$ Windoze system:

FireFox - browser
Pegasus - e-mail
XNews - Newsgroup browser
WinAMP - Audio player
Sun Java VM - Java VM
all WinUpdates installed
ActiveX disabled (with the possible exception of use for WinUpdate)
PHIL

Image
Member of P.I.E. -- Pictures of Inkhana for Everyone!! Join the fight!!
Image
User avatar
madphilb
 
Posts: 1057
Joined: Thu May 29, 2003 1:46 pm
Location: Sunny St. Pete, FL

Postby Sephiroth » Sat Jun 05, 2004 9:23 am

One more thing if your still having trouble, use the search function, and if you find stuff you can't delete, or it keeps coming back, corrupt the files by saving them with a changed file extension, example: Spyware.exe, change to say Spyware.zzz
it will tell you it may screw up the file if you continue, say continue, then delete the file. (btw you need show file extensions option enabled)
Largo (Megatokyo): "Its this thing... and its like, cool... and it does things... cool things!"

Ph34r t3h Cu73 0n3z!
User avatar
Sephiroth
 
Posts: 631
Joined: Fri Feb 20, 2004 9:04 am

Postby uc pseudonym » Sat Jun 05, 2004 12:14 pm

Just a general tip for anyone doing it manually (the previous post reminded me of it). Use Ctrl+Alt+Delete to open Program Manager and write down all the running program that aren't supposed to be there (ie not Explorer, systray, poproxy, etc). This both helps you identify programs and lets you keep tabs on them... some like to dissappear when you try to mess with them.
User avatar
uc pseudonym
 
Posts: 15506
Joined: Tue Jun 10, 2003 4:00 am
Location: Tanzania

Postby madphilb » Sat Jun 05, 2004 7:38 pm

Harruin wrote:Also whats the point of disabling ActiveX if you're using Firefox?

Because there are other things that use ActiveX, starting the the OS itself if it's active... then there are programs like MSN Messenger and Windows Media Player (as well as any other program that uses the HTML renderer).
PHIL

Image
Member of P.I.E. -- Pictures of Inkhana for Everyone!! Join the fight!!
Image
User avatar
madphilb
 
Posts: 1057
Joined: Thu May 29, 2003 1:46 pm
Location: Sunny St. Pete, FL

Postby susuki » Mon Jun 28, 2004 5:56 pm

all I did to get rid of my spyware was try out norton anti-virus(it worked great by the way) then after the trial, buy it.(but thats just me)
(quote)Who beside me has been chosen to survive the ruthlessness of the world...(quote)
An assassin of sorts. I give no mercy to my opponent. My path is my own. My vocation is my own and means nothing to you. Do not bother me, and I shall not bother you.

Image
User avatar
susuki
 
Posts: 70
Joined: Thu Mar 11, 2004 1:38 pm
Location: America

Postby uc pseudonym » Mon Jun 28, 2004 6:54 pm

Assuming you have no software to counter such things or something slips through, remember this tip (which I just had to use to help clean up my grandmother's computer): some files bury themselves in the normal C: drive, not Program Files. They can launch themselves from there in bulk unless they're deleted... but I wouldn't recommend deleting anything from said folders unless you know what's supposed to be there.
User avatar
uc pseudonym
 
Posts: 15506
Joined: Tue Jun 10, 2003 4:00 am
Location: Tanzania

Postby Mithrandir » Mon Jun 28, 2004 7:01 pm

madphilb wrote:Because there are other things that use ActiveX, starting [with] the the OS itself if it's active...(as well as any other program that uses the HTML renderer).


It should be noted that quite a few programs do this, btw. I believe Kazaa and a few other programs that some of you may use do this. And AOL's HTML redering engine is built on some of this code. Don't ever use that browser if you can avoid it.
User avatar
Mithrandir
 
Posts: 11071
Joined: Fri Jun 27, 2003 12:00 pm
Location: You will be baked. And then there will be cake.


Return to Computing and Links

Who is online

Users browsing this forum: No registered users and 56 guests