Anyone know how to identify malicious files or spyware?

[Joe the Destroyer]

I had a friend crash at my place a couple nights ago, as he just showed up in town randomly without a place to stay.  All he did all night was screw around with my computer.  The next day, I notice that he changed my display settings, messed with all my internet settings, downloaded a bunch of programs I don't want, and the last thing I noticed was under my add/remove software was a bunch of questionable files.  All in all, I would say it's my fault as well as his.  I should know better than to let people on my computer without any discretion, but at the same time he should know better than to just screw around with stuff on computers that don't belong to him.

I ran AVG Anti-Spyware, but that didn't grab all of them.  I've tried using Google, but it's tough to say what is actually malicious based on that and what's actually supposed to be there.  The only two files I've been able to find out that were malicious were Bufferchm and Trayapp.  I've since downloaded CCleaner and successfully killed those two files, but I still don't know about the rest. 

[Andrew]

There are enough malicious programs that trying to manually identify them is not recommended.  Using something like Symantec or McAfee is a good idea, ditto for AdAware by Lavasoft.  If he managed to get you rootkitted, you have even more of a problem.

Lavasoft's page (the personal version is free):
http://www.lavasoftusa.com/

Microsoft page about Rootkit Revealer:
http://www.microsoft.com/technet/sysinternals/Utilities/RootkitRevealer.mspx

Unfortunately, in the case of a compromised computer, the best way to be safe is to reload the operating system.  Quite a few vendors provide recovery CDs/DVDs that will wipe it clean and return it to the state it was in when you bought the computer.

[Joe the Destroyer]

I don't think it's quite that serious, yet, although I do think I should check it out. 

[Susan]

you have to be careful, some spyware hooks into your registry and people shouldn't mess with that who don't have the knowledge. I've exorcised quite a few demons on my pc. I recommend the hijackThis program

http://www.spywareinfo.com/~merijn/programs.php

it runs a scan on your pc and then you can copy the results to castlecops.com on one of their boards, usually those people are helpful in looking over what you've got running to determine if you have anything of concern

adaware is ok but it's def files are no longer updated unless you manually go look for one. I also use Spywareblaster as well as the spybot. Spybot has never found anything, therefore i think it's inferior..lol

[LilCerberus]

I've always preferred Spybot Search and Destroy.
I've found that it runs more quickly than MacAfee or Norton, & usually with better results at finding & eliminating junk I don't want.

[Ash]

Spybot has never found anything, therefore i think it's inferior..lol

I have to agree.

I'll run AdAware and it'll find a ton of unwanted tracking cookies on my pc.
When I run Spybot first though, it never finds anything.

And thanks for that Rootkit link Andrew.
I had never heard of rootkits before.

I ran the program and it found a bunch of stuff.
Unfortunately, the help text file for Rootkit Revealer doesn't really help you all that much.

It uses a lot of technical terms that may as well be Greek to the layperson.
I wasn't sure what to do when it revealed these items on my pc.
And as far as I know, it doesn't tell you how to get rid of them as it does not have a cleaning tool.

If I post my results here, do you think you could look at them and tell me what needs to be deleted and what doesn't?

[Susan]

PS: i think this helps as well if you use internet explorer
go to Internet Explorer - Tools - Internet Options - Advanced

Scroll down to Enable Install on Demand (Other) and take the check out of that box

this will prevent crap from automatically installing on your PC when you visit a site. Then i'd read up on other things you can do such as your firewall settings, your cookie settings, security settings, etc. There's a lot you can do to your own PC without having to get 'cleanup' software to arm it.

I've never once had an issue at home with spyware/adaware and i surf all over the damn place. Now i had an issue ahwile back at WORK with a nasty worm, but then our pc's are recycled so i had to clea up what was already there and then change the settings. The thing is if you get a really ugly worm it can be excruciatingly difficult to remove without advanced knowhow of registry cleanup

[Andrew]

I ran the program and it found a bunch of stuff.
Unfortunately, the help text file for Rootkit Revealer doesn't really help you all that much.

It uses a lot of technical terms that may as well be Greek to the layperson.
I wasn't sure what to do when it revealed these items on my pc.
And as far as I know, it doesn't tell you how to get rid of them as it does not have a cleaning tool.

If I post my results here, do you think you could look at them and tell me what needs to be deleted and what doesn't?

It is definitely intended for an adminstrator.  Sure, I can take a look at it.  Do scan the output before posting it, just in case something personal or sensitive is in there.  For example, I don't want to know that you have a file named "me_getting_f**ked_with_broom.jpg" (you laugh, but I've seen stuff along those lines).

[Ash]

I don't want to know that you have a file named "me_getting_f**ked_with_broom.jpg" (you laugh, but I've seen stuff along those lines).

Now I'm afraid to post my results!   LOL!!