• Welcome to Valhalla Legends Archive.
 

Awful Spyware

Started by Mephisto, December 10, 2004, 01:25 AM

Previous topic - Next topic

Mephisto

How can I get rid of spyware that just constantly reinstalls itself after I uninstall it and reboot after using Adaware scans, etc.?  It's becomming very annoying and is lagging my computer substantially and sometimes there gets up to 200 processes at once of just spam!

Thing

Option 1: http://www.novell.com/linux/suse/index.html
OPtion 2: Boot to CD and grab a recovery console.  Delete offending files. Reboot and remove registry entries.

You owe me $108.25

That sucking sound you hear is my bandwidth.

Yoni

Quote from: Thing on December 10, 2004, 05:46 AM
You owe me $108.25
:)

Try other anti-spyware programs like Spybot Search & Destroy, and either disable ActiveX and Javascript/DHTML on IE, or switch away from IE (Firefox extremely recommended).

Before trying Thing's option #2:
Start->Run, secpol.msc, Local Policies -> Security Options, and set Recovery console: Allow floppy copy and access to all drives and all folders to Enabled.

Or maybe do it with Knoppix (I don't know how good the Linux NTFS drivers are nowadays - they sucked last time I looked, which was long ago).

iago

My recommendation:
- Reinstall Windows
- NEVER use Internet Explorer

I was in shock at how fast spyware got onto my computer when I used IE for awhile, and it's impossible to get rid of.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Stealth

Additionally, I've never seen spyware produce 200 processes of itself. You might have a virus on your hands -- especially since Ad-Aware SE Personal (I assume you're updated with the latest definitions etc -- if not, try that) didn't pick it up, so try a virus scanner such as Trend Micro's HouseCall or Avast! 4 Home Edition to eliminate that possibility.

If you're not using AAW SE Personal, get it and try that. It seems to do a much better job at detecting and removing nasty infections than AAW 6 does.
- Stealth
Author of StealthBot

Mephisto

I did use Ad-Aware Personal and rebooted to remove files that could only be removed when rebooting.  But as soon as I reboot it just all comes back, and Ad-Aware detects ~120 critical objects (again).

iago

There are so many places to hide malware on Windows (and any OS) that you can't hope to clean it once you're infected.  Like viruses and rootkits, prevention is the only option.  Once you are infected by a virus, a rootkit, or spyware, if it's well written, it's hopeless to fix.  Reinstalling your Operating System and making sure you don't get it again is the key.

Of course, on a good OS all you have to do is boot off the cd, format your OS partition, and reinstall without worrying about losing any of your documents, settings, or installed software.  But Windows has made it preventatively difficult to format.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


NocBrute

Format computer.... > Mozilla, Fuck IE6 >.< > Kill updates :),
spoybot S&D + aww personal + mcafee/trend micro :)

Adron

Quote from: iago on December 10, 2004, 09:23 AM
Of course, on a good OS all you have to do is boot off the cd, format your OS partition, and reinstall without worrying about losing any of your documents, settings, or installed software.  But Windows has made it preventatively difficult to format.

Actually, if you have an OS where applications and settings don't disappear with a reformat, a reformat won't be enough to get rid of spyware....

iago

Quote from: Adron on December 11, 2004, 09:25 AM
Quote from: iago on December 10, 2004, 09:23 AM
Of course, on a good OS all you have to do is boot off the cd, format your OS partition, and reinstall without worrying about losing any of your documents, settings, or installed software.  But Windows has made it preventatively difficult to format.

Actually, if you have an OS where applications and settings don't disappear with a reformat, a reformat won't be enough to get rid of spyware....

Hmm, good point.  I guess then it depends on whether the spyware was installed by a user or Root.  Since it's not likely that on Linux somebody would be using Root, to get rid of Spyware you'd just have to create a new user account.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


quasi-modo

Internet explorer is inherently bad because of its support of activeX controls. What I usually do is I look at the process in the task manager (like if I end a process and it restars its self, I have to poke and prod to test a bit), then when I find a process I do not like, I do a quick search for the file name. I copy down the path to the pos and then boot into windows (I dual boot) and get rid of it. If I am on a box that does not have linux I usually just use dos because sometimes I do not have a knoppix cd or something with me.
WAR EAGLE!
Quote(00:04:08) zdv17: yeah i quit doing that stuff cause it jacked up the power bill too much
(00:04:19) nick is a turtle: Right now im not paying the power bill though
(00:04:33) nick is a turtle: if i had to pay the electric bill
(00:04:47) nick is a turtle: id hibernate when i go to class
(00:04:57) nick is a turtle: or at least when i go to sleep
(00:08:50) zdv17: hibernating in class is cool.. esp. when you leave a drool puddle

MyndFyre

Quote from: iago on December 10, 2004, 07:26 AM
My recommendation:
- Reinstall Windows
- NEVER use Internet Explorer

I was in shock at how fast spyware got onto my computer when I used IE for awhile, and it's impossible to get rid of.

It's not just IE.  After I got myself online using SP1, I fought an uphill battle getting the spyware off that just snuck on through holes in security.  This time I just installed straight to SP2 before I installed the drivers for my wireless adapter, and I use IE -- no problems at all.
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

iago

I've discovered that my Windows install has eaten itself.  Considering I've used it for maybe a total of 5 hours, and it's fully patched (except for SP2), it's pretty annoying.  I couldn't even boot because of some stupid spyware, and even after I deleted it all (I used clamav virus scanner to find/delete it from Linux -- note to everybody, ClamAV OWNS), it still wouldn't let me access my internet settings.  So I give up, I'm just going to drop it and reinstall XP (or maybe 2003) for those rare instances when I actually need Windows.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


iago

Well, I was right about where the Spyware came from:
Quote/mnt/ntfs/Documents and Settings/Ron/Local Settings/Temporary Internet Files/Content.IE5/FS7Q6URS/WinTA[1].cab: Adware.Searchbar
/mnt/ntfs/Documents and Settings/Ron/Local Settings/Temporary Internet Files/Content.IE5/FS7Q6URS/WinTA[2].cab: Adware.Searchbar
/mnt/ntfs/Documents and Settings/Ron/Local Settings/Temporary Internet Files/Content.IE5/NUDIZJR6/WinTS[1].cab: Trojan.Downloade
/mnt/ntfs/Documents and Settings/Ron/Local Settings/Temporary Internet Files/Content.IE5/NUDIZJR6/WinTS[2].cab: Trojan.Downloade

I should have known better than to use Internet Explorer for anything :(
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Mephisto

Why are you using IE5.0?