How can I get rid of spyware that just constantly reinstalls itself after I uninstall it and reboot after using Adaware scans, etc.? It's becomming very annoying and is lagging my computer substantially and sometimes there gets up to 200 processes at once of just spam!
Option 1: http://www.novell.com/linux/suse/index.html
OPtion 2: Boot to CD and grab a recovery console. Delete offending files. Reboot and remove registry entries.
You owe me $108.25
Quote from: Thing on December 10, 2004, 05:46 AM
You owe me $108.25
:)
Try other anti-spyware programs like Spybot Search & Destroy, and either disable ActiveX and Javascript/DHTML on IE, or switch away from IE (Firefox extremely recommended).
Before trying Thing's option #2:
Start->Run,
secpol.msc, Local Policies -> Security Options, and set
Recovery console: Allow floppy copy and access to all drives and all folders to Enabled.
Or maybe do it with Knoppix (I don't know how good the Linux NTFS drivers are nowadays - they sucked last time I looked, which was long ago).
My recommendation:
- Reinstall Windows
- NEVER use Internet Explorer
I was in shock at how fast spyware got onto my computer when I used IE for awhile, and it's impossible to get rid of.
Additionally, I've never seen spyware produce 200 processes of itself. You might have a virus on your hands -- especially since Ad-Aware SE Personal (I assume you're updated with the latest definitions etc -- if not, try that) didn't pick it up, so try a virus scanner such as Trend Micro's HouseCall (http://housecall.trendmicro.com) or Avast! 4 Home Edition (http://www.avast.com/eng/down_home.html) to eliminate that possibility.
If you're not using AAW SE Personal, get it (http://www.lavasoftusa.com) and try that. It seems to do a much better job at detecting and removing nasty infections than AAW 6 does.
I did use Ad-Aware Personal and rebooted to remove files that could only be removed when rebooting. But as soon as I reboot it just all comes back, and Ad-Aware detects ~120 critical objects (again).
There are so many places to hide malware on Windows (and any OS) that you can't hope to clean it once you're infected. Like viruses and rootkits, prevention is the only option. Once you are infected by a virus, a rootkit, or spyware, if it's well written, it's hopeless to fix. Reinstalling your Operating System and making sure you don't get it again is the key.
Of course, on a good OS all you have to do is boot off the cd, format your OS partition, and reinstall without worrying about losing any of your documents, settings, or installed software. But Windows has made it preventatively difficult to format.
Format computer.... > Mozilla, Fuck IE6 >.< > Kill updates :),
spoybot S&D + aww personal + mcafee/trend micro :)
Quote from: iago on December 10, 2004, 09:23 AM
Of course, on a good OS all you have to do is boot off the cd, format your OS partition, and reinstall without worrying about losing any of your documents, settings, or installed software. But Windows has made it preventatively difficult to format.
Actually, if you have an OS where applications and settings don't disappear with a reformat, a reformat won't be enough to get rid of spyware....
Quote from: Adron on December 11, 2004, 09:25 AM
Quote from: iago on December 10, 2004, 09:23 AM
Of course, on a good OS all you have to do is boot off the cd, format your OS partition, and reinstall without worrying about losing any of your documents, settings, or installed software. But Windows has made it preventatively difficult to format.
Actually, if you have an OS where applications and settings don't disappear with a reformat, a reformat won't be enough to get rid of spyware....
Hmm, good point. I guess then it depends on whether the spyware was installed by a user or Root. Since it's not likely that on Linux somebody would be using Root, to get rid of Spyware you'd just have to create a new user account.
Internet explorer is inherently bad because of its support of activeX controls. What I usually do is I look at the process in the task manager (like if I end a process and it restars its self, I have to poke and prod to test a bit), then when I find a process I do not like, I do a quick search for the file name. I copy down the path to the pos and then boot into windows (I dual boot) and get rid of it. If I am on a box that does not have linux I usually just use dos because sometimes I do not have a knoppix cd or something with me.
Quote from: iago on December 10, 2004, 07:26 AM
My recommendation:
- Reinstall Windows
- NEVER use Internet Explorer
I was in shock at how fast spyware got onto my computer when I used IE for awhile, and it's impossible to get rid of.
It's not just IE. After I got myself online using SP1, I fought an uphill battle getting the spyware off that just snuck on through holes in security. This time I just installed straight to SP2 before I installed the drivers for my wireless adapter, and I use IE -- no problems at all.
I've discovered that my Windows install has eaten itself. Considering I've used it for maybe a total of 5 hours, and it's fully patched (except for SP2), it's pretty annoying. I couldn't even boot because of some stupid spyware, and even after I deleted it all (I used clamav virus scanner to find/delete it from Linux -- note to everybody, ClamAV OWNS), it still wouldn't let me access my internet settings. So I give up, I'm just going to drop it and reinstall XP (or maybe 2003) for those rare instances when I actually need Windows.
Well, I was right about where the Spyware came from:
Quote/mnt/ntfs/Documents and Settings/Ron/Local Settings/Temporary Internet Files/Content.IE5/FS7Q6URS/WinTA[1].cab: Adware.Searchbar
/mnt/ntfs/Documents and Settings/Ron/Local Settings/Temporary Internet Files/Content.IE5/FS7Q6URS/WinTA[2].cab: Adware.Searchbar
/mnt/ntfs/Documents and Settings/Ron/Local Settings/Temporary Internet Files/Content.IE5/NUDIZJR6/WinTS[1].cab: Trojan.Downloade
/mnt/ntfs/Documents and Settings/Ron/Local Settings/Temporary Internet Files/Content.IE5/NUDIZJR6/WinTS[2].cab: Trojan.Downloade
I should have known better than to use Internet Explorer for anything :(
Why are you using IE5.0?
I installed Windows XP, then updated to the newest updates below SP1 right away. Why it's using the directory .IE5, I don't know.
Quote from: Mephisto on December 12, 2004, 02:01 AM
Why are you using IE5.0?
The directory name Content.IE5 is used in both IE 5 and IE 6. They just haven't bothered to update it, I guess (possibly for fear of backwards incompatibility).
I formatted my Windows partition today. Once I get SP1 installed and patched up, I'm going to dd it to a file on my USB drive so I can quickly pull the image back next time it blows up. :)