Blarxin' frackin' spyware...

[Bungleau]

I was at a customer site yesterday, and when I booted my laptop and connected to their network, I had advertisements popping up all over the place. Killed IE (yeah, I know) and ran Spybot, which came up with a host of spyware that was in there (and which I'm not certain how it got there). Bargain Buddy was the one that attracted my attention, but it was not alone...

Thing is, I generally don't do much "outside" activity with this machine, so I'm not sure how this stuff got on there. I don't have any of the things that are listed on various web sites as its delivery mechanism.

Anyway, one site listed a virus as being a possible delivery mechanism, so I'm scanning with TrendMicro right now.

Just wanted to pass along the joy and happiness of life in today's spyware-infested world...

[CerebroDragon]

Hey Bungleau,

I share your derision and I'm sure many others do aswell for the nasty adware/spyware's of the world. In many forums I visit there's at least one thread about rampant spyware somewhere!
It is seemingly very easy to become infected.

Recently I scanned my home PC with AVG and come up with some fairly astonishing insights.
I had something like 40 infected files! Thankfully many of these were able to be healed quickly (half of them were DOS based in fact) yet still, 6-8 or so Trojan Horses remained.

So I had to pull up my sleeves, grit my teeth and delete the files manually. I'm using Mozilla now as a result of some security concerns with IE.

I think there is a very strong movement in Australia to make unsolicited material being downloaded to one's machine without strict permission, illegal - although I don't know how successful one would be in implementing such a law on a wider scale. Too many issues, loopholes...

[ 06-09-2004, 03:24 AM: Message edited by: CerebroDragon ]

[Dedzy]

I agree with CerebroDragon, there need to be some laws to track down these cybercriminals and lock them up. Since a lot of these crimes are committed in nations with unsophisticated electronic commerce regulations, I think the only recourse we have is to revamp the internet communications with a new protocol that is more secure and has basic authentication.

[philip]

My dad's got some very annoying stuff. No matter how many times I delete it and get it out of the registry it's back in 2 seconds.

[Bungleau]

Well, Trendmicro found one Trojan virus, so I blew it away. Now I'm re-scanning with the company's *official* virus scan software (and recently updated, too). So far, it's passed through 124,000 files and counting...

Philip, are you running Spybot and Ad-Aware on your dad's PC? IF not, you should... if the stuff is back in two seconds, that means that you didn't clean it up completely. Spybot and Ad-Aware can take care of that for you...

*shakes head* I'm all for making spyware a crime... but the folks who do it try to get you to agree to it. Once you've agreed, are they really in the wrong?

*checks again* 129,000 files now. Gotta remember to empty the browser cache before scanning next time...

[philip]

Quote:

Originally posted by Bungleau: Philip, are you running Spybot and Ad-Aware on your dad's PC? IF not, you should... if the stuff is back in two seconds, that means that you didn't clean it up completely. Spybot and Ad-Aware can take care of that for you... *shakes head* I'm all for making spyware a crime... but the folks who do it try to get you to agree to it. Once you've agreed, are they really in the wrong?

Yep spybot, adaware, spysweeper, 2 registry cleaners, a virus scanner, firewall to catch suspicious files, and myself going through system and system32 folders deleting anything suspicious. Both spysweeper and spybot keep catching 2 programs in the registry (adaware doesn't) but no matter how many times I delete the keys they keep coming back though I cleaned everything else except for the domain history and normal history in the registry as those were empty. I disabled system restore, went through all folders, deleted everything suspicious, cleaned backup files of spybot adaware and spysweeper, reset the homepage, but as soon as I went on the internet it was back almost immediately. I should still install google toolbar to block some of the popups, but that's like my last resort. I don't know what to do if that doesn't work, probably format or something.

edit BTW I hear sometimes instead of deleting files it helps to overwite them so they won't come back. WOuld that be possible in the registry as well?

[ 06-09-2004, 12:21 PM: Message edited by: philip ]

[Cloudbringer]

I really love Spybot and Adaware! I know they don't get everything but they do a good job on the bulk of that garbage!

[Bungleau]

Philip,

To add another one to the list, have you run HijackThis on it? It gives you a list of suspicious stuff, and it found the critter (at least one critter) that wasn't getting picked up. Also, are you running current versions? Spybot released version 1.3 last month... I've just upgraded this machine to it, and am about to reboot and rescan.

And here I thought I was so clean...

[philip]

Quote:

Originally posted by Bungleau: Philip, To add another one to the list, have you run HijackThis on it? It gives you a list of suspicious stuff, and it found the critter (at least one critter) that wasn't getting picked up. Also, are you running current versions? Spybot released version 1.3 last month... I've just upgraded this machine to it, and am about to reboot and rescan. And here I thought I was so clean...

Í'm downloading HiJackThis now [img]smile.gif[/img] Thanks for the tip! Everything was updated, I downloaded all the programs another time to make sure. But the problem is not that they don't find it. They just can't get it deleted properly or it's just in my homepage (probably not, at least I hope the ISP isn't putting this stuff in their site). I might have found another culprit [img]smile.gif[/img] Kazaa, stupid program anyway and I don't use it so I won't lose anything by deleting it.

[Mack_Attack]

I just did a scan and came up with 3 items two are in the cookie folder I went and deleted them and did a re-scan and they are now gone. But I have one more left in the registry keys.

it says: vendor: Alexa Category: Data minor

Then it says the object which is a big long line of stuff I imagine this is where it is located. It also says it is a minor threat. What should I do delete it?? I am just not sure what I should do.