I had alot of spyware/malware on my computers and thought I'd share with non-techies what another YW member suggested to me last week when I was having tech problems. Download, run and scan Adaware Personal, Spybot Search & Destroy from www.download.com. My computer is really fast now. Thanks, Ben. Haha.

Thanks Nola, Ive got that "homepage hijacker" thingy in my puter right now and it really sucks because when I connect to the web I have to stand over my machine and click one of my "favorites" before I get sent to some site that prompts me to "choose" something (grrrrrrr)

Ive tried adware and spybot with no luck so far.

Im trying to avoid going deeper and deeper into my machine but I think I may be force to "F" with my registry.

I don't want to do it but I might have to.

Im afraid I might do something that will cause my computer to end up like my avatar.

CC

You should also use hijack this (do a google.com search) and also use microsoft's spyware. thank ism : P he's the geek that helped me!

Thanks Nola, Ive got that "homepage hijacker" thingy in my puter right now and it really sucks because when I connect to the web I have to stand over my machine and click one of my "favorites" before I get sent to some site that prompts me to "choose" something (grrrrrrr)

Ive tried adware and spybot with no luck so far.

Im trying to avoid going deeper and deeper into my machine but I think I may be force to "F" with my registry.

I don't want to do it but I might have to.

Im afraid I might do something that will cause my computer to end up like my avatar.

CC

the most important thing to do is disable (either by renaming or deleting) all the .exe or .dll files that are hijacking your computer. but firstly you need to kill all the processes that are running that look like they don't belong, because those files replicate themselves. if you can bring up your task manager, you can look for a process that's running but doesn't look like it belongs, and then actually google the name of the process to see what comes up, like "crg32.exe" or something. usually others have ran into the same problems and have posted about them.

note that sometimes these worms would add itself as a service and as soon as you stop it from running, it'll start back up again. so you'll have to first go and disable those services.

if you have more information about what your computer is afflicted with, you can post it up here and some of us will try to help.

has there been an increase in spyware proliferation lately? in the last couple of days i was infected with at least 3 and had to spend time getting rid of them. one of them was particularly annoying because i think it was using system restore to write itself back into the registry after i delete its entries. i had to turn off system restore to kill it.

has there been an increase in spyware proliferation lately? in the last couple of days i was infected with at least 3 and had to spend time getting rid of them. one of them was particularly annoying because i think it was using system restore to write itself back into the registry after i delete its entries. i had to turn off system restore to kill it.

last week i had ZERO sypwares detected using ad aware and spyboot......

so for me, so far so good.

I don't know about proliferation, but the techniques are getting more aggressive. The past week I cleaned two clients' systems which both had a CoolWebSearch (I think, it was a browser hijacker) variant I hadn't seen before:

1) Multiple processes would cover for each other. Kill one, and a sibling brings the dead ones back. Plus, they killed Task Manager and Hijack This! as soon as you opened it.
2) Multiple files scattered throughout the system, with the hidden and system attributes, with randomized and difficult names (one was like iuqwemnbvc.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.d ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.d ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll). Some were trojaned versions of legit files like winlogon.exe.
3) The processes would be started via multiple methods -- Startup group, registry (AppInit), win.ini, and the trojaned files.
4) Processes would restore startup methods, would lock the files so you can't delete them. If you killed the process and deleted the files, a process would recreate the file under a new, randomized name.

So basically I:
Ran Spybot and AdAware to get rid of the easy stuff.
Used Process Explorer to list the hidden processes and figure out where the files were located.
Installed Registrar Lite to uncover the hidden registry keys and the AppInit keys.
Rebooted the computer with an XP CD to get to the Recovery Console (it was an NTFS filesystem).
Manually deleted each file I had found. Restored trojaned files.
Rebooted into the OS, used Process Explorer to verify that the processes were not running.
Ran Hijack This! to clean up the entries.
Used Registrar Lite to clean up the registry keys.
Installed MS Antispyware to prevent it from happening again and installed Firefox and recommended that Internet Explorer not be used ever again.

Thanks, dudes, Ima try these things.

I deleted 160 objects from the laptap and 300 objects from the desktop. They've been sitting in there awhile though.

I don't know about proliferation, but the techniques are getting more aggressive. The past week I cleaned two clients' systems which both had a CoolWebSearch (I think, it was a browser hijacker) variant I hadn't seen before:

1) Multiple processes would cover for each other. Kill one, and a sibling brings the dead ones back. Plus, they killed Task Manager and Hijack This! as soon as you opened it.
2) Multiple files scattered throughout the system, with the hidden and system attributes, with randomized and difficult names (one was like iuqwemnbvc.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.d ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.d ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll). Some were trojaned versions of legit files like winlogon.exe.
3) The processes would be started via multiple methods -- Startup group, registry (AppInit), win.ini, and the trojaned files.
4) Processes would restore startup methods, would lock the files so you can't delete them. If you killed the process and deleted the files, a process would recreate the file under a new, randomized name.

So basically I:
Ran Spybot and AdAware to get rid of the easy stuff.
Used Process Explorer to list the hidden processes and figure out where the files were located.
Installed Registrar Lite to uncover the hidden registry keys and the AppInit keys.
Rebooted the computer with an XP CD to get to the Recovery Console (it was an NTFS filesystem).
Manually deleted each file I had found. Restored trojaned files.
Rebooted into the OS, used Process Explorer to verify that the processes were not running.
Ran Hijack This! to clean up the entries.
Used Registrar Lite to clean up the registry keys.
Installed MS Antispyware to prevent it from happening again and installed Firefox and recommended that Internet Explorer not be used ever again.


damm!

For the average user:
Scan with these to get rid of easy stuff:
Spybot S&D (http://www.safer-networking.org/en/download/)
AdAware (http://www.lavasoftusa.com/software/adaware/) (Personal)
Hijack This! (http://www.spywareinfo.com/~merijn/downloads.html) (post logs here for further instructions, do not delete anything if you're unsure.)
Install this but turn off alerts until you have cleaned the system completely:
Microsoft AntiSpyware (http://www.microsoft.com/athome/security/spyware/software)

For the techies here (if you are unsure of what to do with this software do not use it, it can severely damage your system):
Process Explorer (http://www.sysinternals.com/ntw2k/freeware/procexp.shtml)
RegMon (http://www.sysinternals.com/ntw2k/source/regmon.shtml)
Registrar Lite (http://www.resplendence.com/reglite)

For Recovery Console:
boot off the XP CD
press R on the first screen
asks which install you want to log into. you need the username and password with administrator access. most home systems have Administrator with a blank password. In a worst-case scenario use NT Password Reset.

If it's a FAT16/32 filesystem then boot with any FAT-capable bootdisk.

thanks. Process Explorer will come in handy.
i haven't encountered anything as nasty as the one you described. the annoying one i got rid of today was ssk.exe, aka SurfSidekick. all the other ones were only a matter of disabling spyware services, killing processes, and cleaning up the registry. for those processes that start each other up, sometimes they'll go away if you kill the whole process tree.

i've done defragmenting already. but, now, i'm trying to use spyware and ad-aware.

but, when i've used spyware, it always finds the same 3 things including EBates. But, if its succesfully deleting and uninstalling them, why would I keep on finding them the next time I use spyware search and destroy.

now, i've tried ad-aware. but, the problem is that it finds a bunch of stuff, and i'm trying to delete them. but, it just seems frozen as the box titled deleting selection is still up and it doesn't seem to finish.

any suggestions.

www.google.com "flying penguin" that site helped me kill some adaware called "aurora" off of my friends computer last night.

Automated spyware removal tools aren't foolproof. Remember that spyware authors are very persistent, and a single spyware author can update their spyware faster than anti-spyware authors can update thousands of removal methods.

Also, spyware removal tools operate as the user within the context of the operating system, at the same privilege level of the spyware. This means they have equal power over each other -- the spyware could disable the anti-spyware as much as the anti-spyware can disable the spyware. Some spyware removal requires accessing the file system without actually loading the file system (via Linux bootdisk or something like WinPE) so the files can be wiped without being recreated by protection processes (and those processes need to be prevented from starting up in the first place).

The best way to deal with spyware is to not get it in the first place. Using tools that monitor registry and startup file changes are most effective. There's Panda's suite, Microsoft Antispyware is free, and I think Norton has one too. The free Spybot S&D has TeaTimer but it's pretty barebones.

There are instructions for manual removal of eBates here: http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453073593

Can't really offer much guidance without actually being there. Refer to previous spyware threads (http://www.google.com/search?q=site%3Aforums.yellowworld.org+spyware) for removal tools & utilities.

Automated spyware removal tools aren't foolproof. Remember that spyware authors are very persistent, and a single spyware author can update their spyware faster than anti-spyware authors can update thousands of removal methods.

Also, spyware removal tools operate as the user within the context of the operating system, at the same privilege level of the spyware. This means they have equal power over each other -- the spyware could disable the anti-spyware as much as the anti-spyware can disable the spyware. Some spyware removal requires accessing the file system without actually loading the file system (via Linux bootdisk or something like WinPE) so the files can be wiped without being recreated by protection processes (and those processes need to be prevented from starting up in the first place).

The best way to deal with spyware is to not get it in the first place. Using tools that monitor registry and startup file changes are most effective. There's Panda's suite, Microsoft Antispyware is free, and I think Norton has one too. The free Spybot S&D has TeaTimer but it's pretty barebones.

There are instructions for manual removal of eBates here: http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453073593

Can't really offer much guidance without actually being there. Refer to previous spyware threads (http://www.google.com/search?q=site%3Aforums.yellowworld.org+spyware) for removal tools & utilities.

Apparently, spybot and adaware aren't good enough to catch anything anymore. Or at least the more hardy variants of many spyware/trojans/adaware.

Did you hear how trojans are now none as spyware in order to avoid some kind of law?

Did you hear how trojans are now none as spyware in order to avoid some kind of law?The I-SPY Act and the SPY Act are the only legislation I've heard about, and while the news reports saythey target spyware, the legal wording would also cover certain trojans (in terms of transmitting personally identifiable information). The problem with this is if some malware complies with the letter of the law, but not the spirit, anti-spyware companies may be targetted for legal action.

Symantec's doing some proactive maneuvering, by asking courts to legally define hotbar's software as adware: http://www.theregister.com/2005/06/09/symantec_hotbar_lawsuit/

. but firstly you need to kill all the processes that are running that look like they don't belong, because those files replicate themselves. if you can bring up your task manager, you can look for a process that's running but doesn't look like it belongs, .

how do i bring up the task manager. i tried scanning my hard drive, but it was taking forever because something else was running or sending things to that program?

how do i bring up the task manager. i tried scanning my hard drive, but it was taking forever because something else was running or sending things to that program?


if you're using winXP just ctrl-alt-del and it'll come up

windows 98

right now, i'm at download.com. any opinions on new releases from thier sponsors like webroot spy sweeper and spyware doctor 3.2. i've never heard of these before.

No and no, try ...

http://forums.anandtech.com/messageview.aspx?catid=32&threadid=1601651&enterthread=y

and

http://theflyingpenguin.com/

here

what does 'beta' mean, when they're tallking about microsoft's spyware?

beta means that it's new, but not that new, try it out with microsoft.

Oh, man, antivirusgold is a nasty fucking little bit of spyware.

I ran Microsoft's and Lavasoft's product against it, and Lavasoft's AdAware did a better job of detecting its little "droppings".

do it in safe mode with networking, that usually helps me clear out everything.

i just ran avg, and it detected a virus along with 3 or 4 other things yet it wasn't able to quarantine or delete them. what does this mean, and what happened?

i just ran avg, and it detected a virus along with 3 or 4 other things yet it wasn't able to quarantine or delete them. what does this mean, and what happened?

porn sites are pretty nasty.

It means they're running right now. You have to turn them off before you can quarantine/delete them.

Hit ctrl+alt+delete and then find any suspicious programs and stop them. Then try deleting them using AVG.

For me, using Microsoft's Antispyware is the best solution. I own three computers and as of today I have never gotten a single virus or spyware due to it's superior protection. Just last night I was downloading something and it tried to install a worm into the system and Antispyware caught it and removed it for me automatically. I love this little sucker. It's the best antispyware program yet. I have tried all the others, but this one is all I'll ever need.

if you ever run spybot search and destroy, you'll see that there are some things that disable the microsoft antispyware.

When I start up my computer, I get the message from AVG:

C: Win. HTA could be infected start page.

Restart computer using operating system from virus free systerm disketter or CDROM, then use AVG Rescue DIsk and remove virus by healing.

But, umm.., I don't understand what that's saying. I don't think I have a rescue disk or whatever its talking about.

if you ever run spybot search and destroy, you'll see that there are some things that disable the microsoft antispyware.
Wow, I didn't know that, but is it really serious? I don't really see a delay in performance or any persistent pop ups...

Wow, I didn't know that, but is it really serious? I don't really see a delay in performance or any persistent pop ups...

I'm not sure, I just wanted to make sure you know about them. Update Spybot and immunize. Then run the scan. I found some that disabled the microsoft program.

I'm not sure, I just wanted to make sure you know about them. Update Spybot and immunize. Then run the scan. I found some that disabled the microsoft program.
Okay, cool, thanks for the tip.

PCworld reviews... (http://www.pcworld.com/reviews/article/0,aid,119572,pg,2,00.asp) puts SunBelt CounterSpy as tops.

i dl spyware doctor last month and it helped me clean up the nasty aurora adware. it was so annoying. but now a new thing has taken over and i used sd yesterday to clean it up. i's still getting the popups. i'm using firefox by the way.

i dl spyware doctor last month and it helped me clean up the nasty aurora adware. it was so annoying. but now a new thing has taken over and i used sd yesterday to clean it up. i's still getting the popups. i'm using firefox by the way.

aurora took me an hour and a half to clean up from my brother's computer. ugh.

PSA

If you're on comcast high speed cable, you get free mcafee.

Thought this was cute:

http://news.designtechnica.com/article9521.html

Microsoft released a beta of their new Anti-Spyware package last week, and guess what? It identified Norton AntiVirus as a password-stealing Trojan!

Monday, February 13th 2006 @ 10:00 AM PST | By Geoff Duncan | Staff Writer, Designtechnica News

...
Many security-conscious Windows users flocked to the Anti-Spyware beta, eager to see what Microsoft's own security product might offer compared to third-party applications.

However, some early testers of Microsoft Anti-Spyware were in for a surprise as the product identified installations of Norton AntiVirus as a password-stealing Trojan horse program. If users went along with Windows Anti-Spyware's recommendation and removed the "infection," Windows Anti-Spyware would happily cripple Norton AntiVirus on the computer, a problem which could apparently only be corrected via manual registry edits and re-installation of the Symantec software.

For its part, Microsoft clearly labels the current release of Windows Anti-Spyware as a beta release suitable only for feedback and testing purposes: Microsoft does not warrant the software to be free of major problems, warns users against installing it on critical systems, and does not provide technical support for Windows Anti-Spyware. (Although informal discussion via newsgroups is available.) Microsoft also quickly updated its definition sets to eliminate false identification of Norton AntiVirus as a Trojan: users with Windows Anti-Spyware installed are urged to choose File > Check for Updates to make sure they have the latest definitions.

Of course, the snafu had some sectors of the Internet cheering for a Microsoft product which "finally did something right." In recent years Norton AntiVirus has developed a reputation for consuming inordinate amounts of CPU and processing power, sapping performance from systems it allegedly protecting. Many technical users recommend (sometimes free) alternative security products as better-performing alternatives to Norton AntiVirus.

.
Been running Windows Defender side-by-side with Counterspy, and Counterspy will identify VNC, whereas, Windows Defender won't. Maybe VNC's nothing to worry about.

for viruses or spyware i would recommend you disbale system restore and get CCcleaner which cleans the registry of spyware reg. entries. Also i would recommend Bitdefender or Panda Titanium 2006. Also check your running system tasks and if you find and suspicious tasks running google the task name and it should tell u if its bad or good.

Can someone help me! I can't get rid of this bgates[1].exe, which is called Qlowzone15 trojan! I've tried methods posted on the internet but it is still here! IT JSUT WON"T LEAVE! I"M GOING INSANE!

Funny, with all these virues, one security company, Sophos, released their ..Security Threat Management Report Update. What do they recommend to home users? Switching to a Mac. :)

http://www.cio.com/blog_view.html?CID=22683

Funny, with all these virues, one security company, Sophos, released their ..Security Threat Management Report Update. What do they recommend to home users? Switching to a Mac. :)

http://www.cio.com/blog_view.html?CID=22683

I don't know why, but they're the only company that makes a virus scanner that I've seen for a mac.

Can someone help me! I can't get rid of this bgates[1].exe, which is called Qlowzone15 trojan! I've tried methods posted on the internet but it is still here! IT JSUT WON"T LEAVE! I"M GOING INSANE!

If you've google'd it, perhaps it is time for a reformat.

In the 5+ years of OS X, how many Mac viruses have there been in the wild? There have been proofs of concept, writings about vulnerabilities, but how many harmful viruses have successfully gone out into the public?

There may be some. Maybe a handful. Maybe. I can't think of one.

There are several Mac anti-virus programs. Norton, Virex, one free one, I think there's at least 1 or 2 more. But how many have needed them so far?

Do you hear Mac or Linux/unix people talk about getting viruses or spyware? It could happen. It will. But not yet. And Unix, Linux, and OS X have always had security in mind. They could always be better. But at least they think of it. Until recently, it's always been an afterthought for Microsoft. So you see the mess they are trying to clean up.

Yeah, it was interesting to note that there are more and more people developing mac anti-virus-ware. I wonder when they're going to release the malicious code to make it all worth it?

[smug mac user]

we don't have no stinking spywares or viruses here.

:cool:

[/smug mac user]

SpySweeper (http://reviews.cnet.com/security-and-encryption/spy-sweeper-5-5/4505-3688_7-32784958.html).

Found coolwebsearch and knocked it out for me.

I agree with The Bad on the review:
The bad: If you're not vigilant, Webroot Spy Sweeper 5.5 installs the Ask.com toolbar; doesn't provide a full-function trial; antivirus protection is $10 more; scans are slow.

are we allowed to endorse warez? hehe