WOTP F@##@$ing spyware!!!

[Grimsnipe]

Man, I REALLY hate this.. have all these damn spyware things I never agreed to be installed and can't seem to get rid of on my computer.  p**ses me off how there's so many f**kwads out there that seem to have nothing better to than design s**t to screw other people's computer.

Seems like nothing out there yet will completely eliminate all them, and despite all the reg editing and digging and deleting and restarting and rescanning some of them still persists.  

Are some company so f**king pathetic for people to visit their website they feel they need to make s**t like this?  Man, I hope there's a special circle in hell for people who design crap like this...

(sighs and goes back to try to clear out his computer...)

-grim

[trekgeezer]

I'm with you on the special place in hell for these pricks.  I work network support  at an educational institution and we have to keep watch on this crap constantly. McAfee the virus software that we use usually releases an update once a week for their virus definitions, this week they have  released five updates.

You need to turn adaware or spybot, (both have free versions) and make sure you update it at their website so you know it will detect the particular evil that is infesting your computer.  I have found some specific scripts for some of these just by doing a google search.

[AndyC]

What exactly is the spyware doing? From your comments, I'm guessing its a browser hijack of some sort. I had one last year that kept changing my homepage and putting shortcuts to online casinos on my desktop. McAfee couldn't fix it and neither could AdAware, nor any amount of digging for it on my own. Did a Google search for the name of the site that kept popping up, and eventually found a freeware program specifically designed to clean up that type of hijack. Can't remember what it was called or where I found it, but it worked like a charm.

Once it was fixed, I immediately downloaded all of the patches from Microsoft I'd been ignoring, and eventually switched to PC-cillin and Spybot. Haven't had a problem with viruses or spyware since.



Post Edited (03-26-04 09:06)

[Mr_Vindictive]

I'm with you Grimsnipe!

Spyware is becoming an insanely bad problem.  I work tech support for an ISP and you have no idea how many calls we recieve about browser hijacking and things of that nature.

As for people burning in hell, I would personally like to take out the person who created GATOR and the bastard who invented NEW.NET.  

As Trek_Geezer said, run both Adaware (http://www.lavasoftusa.com) and Spybot which you should be able to find at http://www.download.com.  I'm pretty partial to SpyBot myself as it is extremely in depth.  But Adaware will find things that Spybot misses.

[ulthar]

While visiting my in-laws back in Feb, I found over 200 spyware objects in 20 some add running processes.  Some had been installed unknown to the owners for nearly a year.  We only discovered it do to browser hijacking.

Adaware did a very good job of cleaning it up - except for Gator.  Gator was a pain to get rid of, and finally I had to 'outhack' the crackers who wrote it.  

Adaware would delete it, and on next reboot, it would reinstall.  Gator is a pain, and they are proud of it, as their web site seems to indicate.

In any case, don't give up.  A little patience (ok, a LOT of patience) will go a long way, and clean things as systematically as you can.  Once you get 'clean,' it will be easier to keep it clean.

Spammers, virus/worm writers, spyware.  All of 'em should be shot, imo.  The damage they cause is enormous.  We probably don't even know ALL the consequences yet.

[AndyC]

ulthar wrote:
> Adaware would delete it, and on next reboot, it would
> reinstall.

Exactly what was happening to me last year. Frustrating as hell.

I can't even imagine what kind of sick people write viruses, or just what kind of sleazy crook uses browser hijacking to boost traffic on his site. It's just unbelievable to me that people can be so...... I don't even have a word for it.

I'd like to see them all roasted over a cheery fire.



Post Edited (03-26-04 09:54)

[Mr. Hockstatter]

I had some stinkin' program download itself on my computer that everytime I did a Google search, this other program would open a new window, run a search on some other search engine site, and give that to me.  Then another stinkin' thing with "funny icons" that actually installed a toolbar right on my browser.  Usually if you do a search on the name of the program, you can find a way to delete it.

I use Spybot, but you have to be a little careful.  The first time I used it, I just let it delete everything it wanted to, which caused some problems.  I'd get these little dialog boxes with error messages, then another and another cascading diagonally across my screen.  Luckily Spybot has a restore feature.  Seems to work good now.  I pick of 50 or so programs every time I run it.

[Mr_Vindictive]

Do NOT run spybot on a machine that has a real copy of Kazaa on it.  It will remove the ad programs that come with Kazaa and you will lose the program.


Which might not be such a bad thing anyway.

[Ash]

Hey listen up all, there's a free program I found called SPYWAREBLASTER and it has been a total blessing!
Here's how it works:
"SpywareBlaster doesn't scan and clean for spyware - it prevents it from ever being installed.

By setting a "kill bit" for spyware ActiveX controls, SpywareBlaster can prevent the installation of any spyware ActiveX controls from a webpage. It does this while not interfering with "friendly" ActiveX controls - so your browser can work correctly and you can have peace of mind!

You won't get any more annoying "Yes/No" boxes popped up, asking you to install a spyware ActiveX control (which can increasingly be found in pop-up ads!). In fact, Internet Explorer will never even download or run the spyware ActiveX control!

In addition, SpywareBlaster can prevent many of these spyware ActiveX controls from running, even if they are already installed on your system.*

The newest SpywareBlaster version can even block spyware/tracking cookies!
And SpywareBlaster does not need to be running in the background to provide this protection!

The SpywareBlaster database contains information on these known spyware Active-X controls. Make sure you run the Check For Updates feature frequently to get the latest database! (And make sure you check the new items to protect your system against them!)"

I'm telling you, I have had almost no spyware, adware, malware or browser hijackers since I installed this many months ago.  
If you do install it, you'll want to make sure that you update it right away as there are several updates available.
Go here to get it:  

http://www.javacoolsoftware.com/spywareblaster.html

By using Spywareblaster and running Spybot S & D once a week, you'll pretty much wipe out spyware for good on your p.c.



Post Edited (03-26-04 16:17)

[Mr_Vindictive]

Ash, you sound like a salesman.  LOL

Does sound like a pretty awesome prog.  I'll have to check it out.

[JohnL]

I haven't had any kind of spyware install itself on my system since I told Explorer to prompt before running ANY ActiveX stuff. Of course it's a little bit of a pain because EVERY SINGLE COMMERCIAL WEB SITE ON THE PLANET uses ActiveX, even when there is no valid reason to and not allowing it to run doesn't change most of the web sites at all. Unfortunately Explorer is so stupid that after I tell it not to let the ActiveX control run, it tells me that the web page may not display properly, EACH AND EVERY TIME!

I also installed a little program called Cookie Wall, which will accept, delete or ask you what to do for every new cookie that pops up on your system. If you tell it to always delete a cookie, it will delete it whenever a copy ends up on your system. So far I have 559 cookies in my delete list and 6,719 automatic kills. It seems that virtually every site tries to send you at least one cookie and some will send you 3-5! Cookie Wall comes from AnalogX.

I also use a tiny little popup blocker called PopDown. Unlike popup blockers that keep lists of what windows to allow, PopDown blocks *ALL* popup windows unless you either disable it, or you hold down the Ctrl key when clicking a link that would normally open a popup window (like a help window). The only downside is that it occasionally seems to get disabled for no apparent reason and then it won't work again until you reboot.

[Ash]

I also occaisionally run a program called HijackThis.

It's primarily for more advanced p.c. users and here's why...

Here's the publisher's description:

"A general homepage hijackers detector and remover. HijackThis examines certain key areas of the Registry and Hard Drive and lists their contents. These are areas which are used by both legitimate programmers and hijackers. It is continually updated to detect and remove new hijacks.
Note: HijackThis does not target specific programs/URLs, just the methods used by hijackers to force you onto their sites. As a result, false positives are imminent and unless you are sure what you're doing, you should always consult with knowledgable folks (e.g. the forums) before deleting anything."


The trick is that you have to know what you're looking for in that list that may be spyware or a browser hijacker.  
HijackThis DOES NOT tell you what's what...you must look on that list and determine on your own what needs to be removed and what doesn't.

If you don't know what you're looking for and accidentally delete the wrong file...Whoops!  It's gone for good and you could end up messing up your p.c. pretty badly so be careful using it!  
As far as I can tell it does not have a restore feature like Spybot S&D does so if you erase the wrong file...you ain't getting it back.
Other than that, it's a pretty decent program and has helped me to get rid of 2 very troublesome browser hijackers that kept re-installing themselves on my p.c. after I thought I had disposed of them.
It's worth a try for advanced p.c. users only.

Here is the link to the main page:

http://www.spywareinfo.com/~merijn/index.html

And here is the link to directly download the zip file for it:

http://www.spywareinfo.com/~merijn/files/hijackthis.zip

Like I stated before, BE CAREFUL using this!
If you know what you're doing then you should have no problems.



Post Edited (03-26-04 19:07)

[ulthar]

Download your free copy of Mozilla Firebird and Mozilla Thunderbird and dump Internet Explorer and Outlook/OE completely.  You'll be glad you did.

www.mozilla.org

The spyware writers have gotten into the social engineering game, tailoring their products to look like something you want to have.   Specifically:

There was a recent (last month??) article I read about a pretty big list of anti-spyware programs that actually install spyware or other trojans on your computer.  I am not saying the one you mentioned is on this list, but it *IS* something to keep in mind.

So far as I know, the *ONLY* two spyware scanner/remover (and this does not include the software Ash mentions, since it is a preventer) programs that are known legitimate are Adaware and Spybot. Most admins 'in the know' recommend using both, as each will miss some that others catch.  Any others are best viewed with some skepticism.

[ulthar]

JohnL wrote:

>Of course it's a little bit of a pain because EVERY
> SINGLE COMMERCIAL WEB SITE ON THE PLANET uses ActiveX, even
> when there is no valid reason to and not allowing it to run
> doesn't change most of the web sites at all.

IMO, this is a serious problem with the mindset of too many web developers.  They *KNOW* that two big vectors for malware communication is active scripting and ActiveX on web sites...yet they still use them.  It is nonsense.  Before I switched to Mozilla FB, I ran IE with all active scripting, activex, java and cookies turned off, except for certain "Trusted Sites."  This is easy to do in IE, but it should not even be necessary.  All this ActiveX stuff, again imo, just makes a web site annoying when it works properly and gets a site 'closed immediately' when it doesn't.

The web is a giant client/server network, which means 'the work' should be done on the servers.  ActiveX, VBScript and JavaScript all put processing responsibilty on the client.  While useful for *some* things, and necessary for a few things that are in fact handy, this 'privilege' of running code on the client (user's) computer is very, very abused.   Not using these technologies should be the norm, which unfortunately is not the current state of the web.

> Unfortunately
> Explorer is so stupid that after I tell it not to let the
> ActiveX control run, it tells me that the web page may not
> display properly, EACH AND EVERY TIME!

IE is not W3C compliant, meaning you can have a site that meets the internationally recognized standards for web content, and IE may not know what to do with it.  All this garbage about 'This site designed for IE' means nothing; it would be better if developers designed for the standard, not some stupid browser that changes  A LOT even for minor revisions.

Again, Mozilla is W3C compliant; if a site does not render properly with Moz, it is an improperly designed site (if you take W3C to be the 'standard' all sites should follow).

>
> I also installed a little program called Cookie Wall, which
> will accept, delete or ask you what to do for every new cookie
> that pops up on your system. If you tell it to always delete a
> cookie, it will delete it whenever a copy ends up on your
> system. So far I have 559 cookies in my delete list and 6,719
> automatic kills. It seems that virtually every site tries to
> send you at least one cookie and some will send you 3-5! Cookie
> Wall comes from AnalogX.
>

I think IE can do this...I had my IE set up to accept cookies from 'trusted sites' and reject from all others.  You can even customize it further to allow only session cookies or permanent cookies.

Moz can do it as well.

Maybe the program you have is just easier to use (I admit I am not familiar with it) than using the built in IE feature.

> I also use a tiny little popup blocker called PopDown. Unlike
> popup blockers that keep lists of what windows to allow,
> PopDown blocks *ALL* popup windows unless you either disable
> it, or you hold down the Ctrl key when clicking a link that
> would normally open a popup window (like a help window). The
> only downside is that it occasionally seems to get disabled for
> no apparent reason and then it won't work again until you
> reboot.

I haven't seen a popup in so long,  I forget they still annoy many people.  Again, disabling active scripting or java altogether for 'untrusted sites'  fixed that little problem for me.   Since switching to Mozilla, I still don't see popups.


Sorry for the soapbox and diatribe...just more $0.02 for the kitty.

[JohnL]

>The web is a giant client/server network, which means 'the work' should be done
>on the servers. ActiveX, VBScript and JavaScript all put processing
>responsibilty on the client. While useful for *some* things, and necessary for a
>few things that are in fact handy, this 'privilege' of running code on the client
>(user's) computer is very, very abused. Not using these technologies should be
>the norm, which unfortunately is not the current state of the web.

I agree. So far, out of all the sites that use ActiveX, I've only found a few that need it to function properly. Mostly it seems that it's required (whether it truly is or not) for streaming video, or at least calling the Real Player plugin to play the video.

>I think IE can do this...I had my IE set up to accept cookies from 'trusted sites'
>and reject from all others. You can even customize it further to allow only session
>cookies or permanent cookies.
>
>Moz can do it as well.
>
>Maybe the program you have is just easier to use (I admit I am not familiar with it)
>than using the built in IE feature.

I believe it is. IE will prompt you to accept a cookie, but it doesn't remember if you tell it to not accept the cookie, so it will ask you every time you visit that site and it sends you a new copy of the cookie. You can use the trusted/untrusted options to allow/disallow cookies from different sites, but that's a pain in the neck.

Each time a new cookie is detected, Cookie Wall pops up and asks if it should always delete the cookie, always allow it or allow it for that session only. Once set, you won't ever get asked about that cookie again. That's if you have it set to prompt, you can also have it automatically allow or delete all new cookies. It also maintains editable lists of allowed/disallowed cookies and you can easily delete cookies from either, in case you decide you want that cookie and want CW to re-prompt you for what action to take.

>I haven't seen a popup in so long, I forget they still annoy many people. Again,
>disabling active scripting or java altogether for 'untrusted sites' fixed that little >problem for me.

I once tried turning ActiveX off completely because one site was using it on every single page. Explorer still popped up a warning that the page might not display properly every time the site tried to use ActiveX.

>Sorry for the soapbox and diatribe...just more $0.02 for the kitty.

No problem. I've got a ton of things about Explorer and Microsoft in general that really bug me. Why do I use it? Compatibility. Yeah, I know...  :-/