Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Getting and keeping spyware off your computer
me

Posted on 01/18/2003 8:49:27 AM PST by Sir Gawain

Just thought I'd give this little PSA since I'm such a nice guy.

Many of you are already familiar with Lavasoft's AdAware, but you may not be familiar with SpyBot Search & Destroy, which is actually more powerful and more up-to-date. Lavasoft hasn't updated their definition file since September because they're working on a new release, so it won't clean newer spyware creations like CommonName. I would keep AdAware however. It's still very useful.

SpyBot also has a lot of other cool functionality built into it, like a clean on startup in case you are unable to remove the spyware's .exe or .dll because they have processes running. Yes I realize you can just unregister the .dll then reboot and delete it, but not everyone knows how to do that.

Here are a few other cool (and free) tools to help keep the stuff off your PC:

SpywareBlaster:

(From website) "SpywareBlaster doesn't scan and clean for spyware - it prevents it from ever being installed.

How? By setting a "kill bit" for the CLSIDs of spyware ActiveX controls, it prevents the installation of any of them from a webpage. You can run Internet Explorer with Active-X enabled, but you will never even get a "Yes/No" box popped up, asking you to install a spyware Active-X control (Internet Explorer will never download or run it!). All other Active-X controls or plug-ins will work fine.

The SpywareBlaster database contains information on these known spyware Active-X controls. Make sure you run the Check For Updates feature frequently to get the latest database! (And make sure you check the new items to protect your system against them!)

As a side benefit, setting this "kill bit" will also prevent the spyware Active-X from running, in many cases, if it is already installed on your system.*"

SpywareGuard:

(From website) "SpywareGuard provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware! And you can easily have an anti-virus program running alongside SpywareGuard.

Features Listing: Fast scanning engine
Scans exe and cab files - the two most popular file types for distributing spyware
Signature-based scanning - for known spyware (list)
Heuristic/generic detection capabilities - some spyware programs can be detected even if the code undergoes significant changes
Small size - with a small size and small definition sizes, download and updates are quick
SG Control Panel - provides easy access to help and integration options
SG LiveUpdate - provides an easy updating solution
Spyware files are blocked before being opened or run - they are not simply shut down after they are loaded in memory (and after they have performed their tasks)
The full path to the spyware executable is provided on the alert screen
Once a spyware file is detected and blocked from running, the options are provided to either continue or to delete the spyware file
It's a free download

Most of this info and much more can be found at http://www.spywareinfo.com/


TOPICS: Miscellaneous; Technical
KEYWORDS: computersecurityin
Navigation: use the links below to view more comments.
first 1-5051-100101-111 next last
Yes it sounds like an infomercial, and no I don't work for these companies. These are totally free downloads. Have a nice day.
1 posted on 01/18/2003 8:49:27 AM PST by Sir Gawain
[ Post Reply | Private Reply | View Replies]

To: All
Do You Think He Wants You To Donate To Free Republic?

Tick him off. Donate Here By Secure Server

Or mail checks to
FreeRepublic , LLC
PO BOX 9771
FRESNO, CA 93794

or you can use

PayPal at Jimrob@psnw.com

STOP BY AND BUMP THE FUNDRAISER THREAD

2 posted on 01/18/2003 8:50:57 AM PST by Support Free Republic (Your support keeps Free Republic going strong!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Billthedrill; Cyber Liberty; dead; Victoria Delsoul; Fiddlstix; glock rocks; nunya bidness; ...
-
3 posted on 01/18/2003 8:51:14 AM PST by Sir Gawain (_|_)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Sir Gawain
Helpful. Thanks!
4 posted on 01/18/2003 8:52:54 AM PST by AntiGuv ()
[ Post Reply | Private Reply | To 1 | View Replies]

To: *Computer Security In
http://www.freerepublic.com/perl/bump-list
5 posted on 01/18/2003 8:53:31 AM PST by Libertarianize the GOP
[ Post Reply | Private Reply | To 3 | View Replies]

To: Allan
Bump
6 posted on 01/18/2003 8:54:53 AM PST by Allan
[ Post Reply | Private Reply | To 4 | View Replies]

To: All
Also realize that if you strip out the adware from certain programs, they might cease to execute properly. Imesh will still run correctly; it will just throw up an error at startup. I haven't stripped out the adware from Download Accelerator, so I'm not sure if it will still function correctly after you do.
7 posted on 01/18/2003 8:56:34 AM PST by Sir Gawain (_|_)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Sir Gawain
This must be deja vu. Last night I was doing a diagnostic check using pitstop and even though I have Ad Aware installed, I noticed that my pages were loading very slow. I got the results from my check and sure enough I have spyware playing games with me. I'll try your suggestion. Thanks
8 posted on 01/18/2003 9:00:26 AM PST by shadeaud
[ Post Reply | Private Reply | To 1 | View Replies]

To: Sir Gawain
good stuff. found a need for spybot last week at work, and it works as advertised. thanks SG.
9 posted on 01/18/2003 9:00:56 AM PST by glock rocks (only you can prevent fundraisers - become a monthly donor)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Sir Gawain
Some claim backdoors are in every Microsoft OS since 98 SE, from what I've seen of Windows I tend to agree with them.

If you're running XP some claim you have already granted administrative authority over your computer to Microsoft, they can access it as they please. Anybody read the license agreement on XP to verify this?

10 posted on 01/18/2003 9:04:14 AM PST by steve50
[ Post Reply | Private Reply | To 1 | View Replies]

To: Sir Gawain
I'm really glad you brought this up, Sir! I'm a real computer lightweight and recently installed AdAware.....after I scan, I'm in the dark as to what to do next.....I click here and there (even after reading the help topics), and remain unsure if I've accomplished anything.

Plain English tutorial?

11 posted on 01/18/2003 9:04:31 AM PST by ErnBatavia ((Bumperootus!))
[ Post Reply | Private Reply | To 1 | View Replies]

To: steve50
Backdoors? Huh? Who have you heard this from, or is this your own experience with 98 and or XP? What ports do you have open when you are connected? Oh wait, they must be invisible ports linking directly to Bill Gates' home. Do listen to lies. There are no "back doors" or connections in XP that yield control of your PC to a server, unless you allowed it on there.
12 posted on 01/18/2003 9:09:28 AM PST by RedBloodedAmerican
[ Post Reply | Private Reply | To 10 | View Replies]

To: steve50
AutoUpdate will try to communicate with Microsoft, possibly even if you disable it.

More info can probably be found here: www.windowsbbs.com

13 posted on 01/18/2003 9:13:22 AM PST by Sir Gawain (_|_)
[ Post Reply | Private Reply | To 10 | View Replies]

To: ErnBatavia
After AdAware gets finished scanning, right click on one of the items it found and select "Check All", then select Continue.
14 posted on 01/18/2003 9:14:13 AM PST by Sir Gawain (_|_)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Sir Gawain
Bump for later :)
15 posted on 01/18/2003 9:15:57 AM PST by Jennifer in Florida (Where it's FREAKING COLD!!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: steve50
Here's all you need to know:

OrgName: Microsoft Corp
OrgID: MSFT

NetRange: 207.46.0.0 - 207.46.255.255

Blackhole that netblock at your router!
16 posted on 01/18/2003 9:19:45 AM PST by proxy_user
[ Post Reply | Private Reply | To 10 | View Replies]

To: RedBloodedAmerican
A British research lab ran the story a couple months ago.
17 posted on 01/18/2003 9:20:08 AM PST by steve50
[ Post Reply | Private Reply | To 12 | View Replies]

To: Sir Gawain
Danke Schoen!
18 posted on 01/18/2003 9:20:31 AM PST by ErnBatavia ((Bumperootus!))
[ Post Reply | Private Reply | To 14 | View Replies]

To: steve50
http://www.windowsbbs.com/showthread.php?s=7ce73da18993ed68cdcc9f15d9048297&threadid=13442

"Read this on another site--thought it might be of interest to some folks.

XP Phone Home
I've mentioned my recent play with ZoneAlarm Pro, and while I don't use it heavily, I have left it to start automatically on one workstation where I do a lot of software testing. It's a fairly clean installation of Windows XP Pro, Office XP and a few other commonly used tools. Part of my routine with XP is to put a halt to the various automated procedures that it attempts to shove down my throat. This would include Automatic Updates most notably, but I also be sure to disable Windows Messenger, IE automatic updates and Error Reporting. Nothing should be contacting Microsoft without my knowledge as things are configured.

Imagine my horror when ZoneAlarm informs me that rundll32.exe wishes to contact 207.46.134.94:HTTP. I realize that spyware and viruses have posed as the legitimate rundll32.exe, but there are two things to consider. First of all, 207.46.134.94 is Microsoft's Windows Update site. Second, the version and date are identical to those of the rundll32.exe file on a different Windows XP Pro installation.

Nothing is launching from any of the startup registry entries or Startup Program Group using rundll32.exe explicitly, and there certainly isn't anything specific to Microsoft that is launching in those areas.

A service perhaps? Well, the process associated with rundll32.exe is executing under the context of my username, versus SYSTEM, which most services utilize unless configured to use different credentials. Speaking of services, both the Cryptographic Services and (gasp) Automatic Updates have been started by the operating system behind my back!

I have denied the access for now, but I have not forgotten. Next, I dig out a hub so I can sniff the packets as they wander by for clues regarding the suspicious activity. Not that I'm going to let it contact Microsoft, mind you. I also plan to fire up a full- blown hardware router to further isolate the machine from Microsoft, add a static route for the offending IP address, pointing it at a Windows 2000 server running IIS so there will at least be a session establishment attempt instead of the request being immediately stomped by the router and/or ZoneAlarm.

My suspicions at this point are not that Microsoft is being deceptive, collecting my hat size or preference in pain relievers for subversive use, but this lends weight to my very sincere believe that Microsoft is overstepping the bounds of reasonable respect to paying customers. Whatever XP is trying to do is likely trivial, but how it's being done is far from it. I'm plenty steamed, believe me."

19 posted on 01/18/2003 9:22:50 AM PST by Sir Gawain (_|_)
[ Post Reply | Private Reply | To 17 | View Replies]

To: Sir Gawain
Unbeknownst to me, my daughter downloaded Kazaa last night. Imagine my surprise this morning when Kazaa and Weather Bug and at least two other programs wanted permission to access the Internet!! (Thank goodness for ZoneAlarm!) I had to go throught and uninstall all of them. Then I had to run Adaware and delete over 100 files and about 40 keys that had been inserted in my registry!
While I don't use IE Explorer unles my arm is twisted, I do use Mozilla. Infinitely preferrable. Since IE is on my machine, thugh, I'm checking into the programs you've mentioned. Thanks for posting the info.
20 posted on 01/18/2003 9:22:53 AM PST by Clara Lou
[ Post Reply | Private Reply | To 1 | View Replies]

To: Sir Gawain
Ah, another LockerGnomie!

SpyBot works great.

21 posted on 01/18/2003 9:35:23 AM PST by FReepaholic
[ Post Reply | Private Reply | To 1 | View Replies]

To: Sir Gawain
You may just be seeing Windows Autoupdate. By default it's turned on in Windows XP, so it downloads Windows Updates in the background and just asks you if you want to install them after they've been downloaded. You can go in and turn off the auto function if you choose. I don't mistrust Microsoft, but I prefer to turn it off so it doesn't start downloading right when I'm trying to do something else.

Thanks for your list. You also might want to have a look at SpySites, a Shareware or Freeware program at Camtech:

http://camtech2000.net/Pages/SpySites_Program.html

Scroll down to the bottom for the freeware version. It provides a list of troublesome and extra-troublesome sites and can be used to enter these sites in your blocked sites list under IE Explorer Options. This is especially useful if you have kids who use your computer who may be drawn to some site that installs spyware on your computer.
22 posted on 01/18/2003 9:36:49 AM PST by Cicero
[ Post Reply | Private Reply | To 19 | View Replies]

To: Clara Lou
I have WeatherBug...Is that bad? I do not have the spyware,
but I have been watching the cookies.
23 posted on 01/18/2003 9:39:15 AM PST by AlexW
[ Post Reply | Private Reply | To 20 | View Replies]

To: Cicero
I just copied that post in #19 from another forum. I think the user was saying that Windows Update was trying to communicate with MS even after it was disabled.
24 posted on 01/18/2003 9:39:42 AM PST by Sir Gawain (_|_)
[ Post Reply | Private Reply | To 22 | View Replies]

To: Sir Gawain
I got a new XP box in the mail, planning to add a second HD for dual boot running a Linux or BSD(?) distribution. I have no idea if it will add any protection but don't see how it could hurt.

The article I read on this mentioned a NSA.dll file, of course the NSA part drew alot of attention from the less trusting. Think the story was up at voxnyc, which seems to be conspiracy oriented. Thanks for the info, don't know much about these things.
25 posted on 01/18/2003 9:39:51 AM PST by steve50
[ Post Reply | Private Reply | To 19 | View Replies]

To: Sir Gawain
Great info good Sir knight!

Just this morning I un-installed AdAware and installed SpyBot Search & Destroy based on info from this website:

Stop Using LavaSoft's AdAware!

I must say I am much more impressed with SpyBot Search & Destroy than AdAware. It does so much more, and recovery backups are automatic and give you file level granularity as opposed to AdAware's all in one shot recovery.

Keep up the good work getting the word out.

26 posted on 01/18/2003 9:42:32 AM PST by Bloody Sam Roberts
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bloody Sam Roberts
Well I won't jump the AdAware ship so fast. I think once AdAware 6 comes out, it will catch back up to SpyBot. I'll keep both.
27 posted on 01/18/2003 9:45:39 AM PST by Sir Gawain (_|_)
[ Post Reply | Private Reply | To 26 | View Replies]

To: Clara Lou; AlexW
Here's a link to download Kazaa Lite
Download version 2.02 English version.

It is Kazaa with all the spyware stripped out of it. Current revision is 2.0. It works great and has none of the extra crap!

28 posted on 01/18/2003 9:51:17 AM PST by Bloody Sam Roberts
[ Post Reply | Private Reply | To 20 | View Replies]

To: Bloody Sam Roberts
I downloaded the trial version of spyware, and it wouldn't install. Now I can't even find it so I can right-click on it and install it...I'm such an ignoramus, I have no idea where it could be...any suggestions?
29 posted on 01/18/2003 9:56:19 AM PST by Judith Anne (This space for office use only.)
[ Post Reply | Private Reply | To 26 | View Replies]

To: Sir Gawain

Thank you very much for the link. Adaware was not doing the job.
30 posted on 01/18/2003 10:00:39 AM PST by woodyinscc
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bloody Sam Roberts
My daughter thanks you for that link!
31 posted on 01/18/2003 10:25:01 AM PST by Clara Lou
[ Post Reply | Private Reply | To 28 | View Replies]

To: steve50
Thanks, I'll see if I can find the story. If you have a link to it handy, I'd like to know what the review was.

You can connect to the net and see what ports are open, then check to where (who) they connect to. And as for the auto update feature you can disable it in control panel and remove it from task manager. It does NOT control your computer in an attempt to contact MS when set up properly. The main problem with PCs running Windows is operator error.

32 posted on 01/18/2003 10:26:06 AM PST by RedBloodedAmerican
[ Post Reply | Private Reply | To 17 | View Replies]

To: AlexW
To be perfectly honest, I don't know if Weatherbug is "bad." It's just that Weatherbug is frequently included when you down certain programs (like Kazaa) with spyware. Maybe someone else here knows. I can't see that it really has any spyware beyond a cookie named "minibug," or something like that, that remained on my computer after I uninstalled the program.
33 posted on 01/18/2003 10:28:57 AM PST by Clara Lou
[ Post Reply | Private Reply | To 23 | View Replies]

To: Sir Gawain
Try running Fresh Download from www.freshdevices.com. Works great, no spyware.


http://www.freshdevices.com
34 posted on 01/18/2003 10:55:50 AM PST by Tennessee_Bob (Worship the comic http://www sluggy.com)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Sir Gawain
An anti-virus program scans files before you open them and prevents execution if a virus is detected -

A lot of people rely entirely on their virus scans. If it says the mail is OK they will open it. If it is a new virus your scan won't detect it. You have to use some judgement with suspicious mail.

A week or so ago I was one of the first people to be sent the W32 So Big virus. It went through my Norton scan allright but I got suspicious, because it had a file and I didn't recognize the sender big@boss.com.

I tried to bring up www.boss.com to see if it was a site that might be sending me a fishing file. I couldn't bring up the website so I deleted the e- mail without opening it.

I got it a couple of days later with a different file, I deleted it, and a few days after that it came again only this time Norton flagged it as a new virus the W32Sobig.

That old line "don't open the file if you don't know the sender is good advice."

If you are the first in your neighborhood to be sent a new virus you won't have any protection, and if someone targets you specifically with a virus, your a goner if they know how to write it to get by the generic virus updates.

Freepers stay alert; there are people out there who dislike us, and they are not above targeting us with viruses, or virii, as the more advanced would say. - Tom

35 posted on 01/18/2003 10:56:55 AM PST by Capt. Tom
[ Post Reply | Private Reply | To 1 | View Replies]

To: Sir Gawain
Need ShowBehind elaboration.

1st, just installed and ran SpyBot - it detected and destroyed mucho stuff that AdWare did not, and system performance greatly improved -- THANKS!

Now, about ShowBehind, which somehow got installed in /windows/sbnet directory on 11-14-02. I had been wondering why I was suddenly getting "popunder" ads, now I know, and SpyBot detected it and destroyed it (AdWare did not). However, since I do not open emails from unknown parties or those from known senders which contain attachments that were not specifically requested, I cannot understand how it got installed.

Can anyone elaborate on this program?

36 posted on 01/18/2003 11:11:48 AM PST by UScbass
[ Post Reply | Private Reply | To 1 | View Replies]

To: Clara Lou
for later reading!
37 posted on 01/18/2003 11:18:42 AM PST by Texas Tea
[ Post Reply | Private Reply | To 20 | View Replies]

To: Sir Gawain
Thanks much mi amigo.

The neatest part of the 'net is folks helping folks.

Hoo-ah
38 posted on 01/18/2003 11:21:18 AM PST by ASOC
[ Post Reply | Private Reply | To 1 | View Replies]

To: Sir Gawain
Thanks!
39 posted on 01/18/2003 11:22:01 AM PST by facedown (Armed in the Heartland)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Sir Gawain
It just removed my FR COOKIE!!! AAARRRGGHHHH HERESY! What a dastardly deed!
40 posted on 01/18/2003 11:32:11 AM PST by Quix (11TH FREEPCARD FINISHED)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Allan
Bump
41 posted on 01/18/2003 11:38:10 AM PST by Allan
[ Post Reply | Private Reply | To 1 | View Replies]

To: Sir Gawain
Mac friendly?
42 posted on 01/18/2003 11:42:57 AM PST by RnMomof7
[ Post Reply | Private Reply | To 1 | View Replies]

To: Sir Gawain
.
43 posted on 01/18/2003 11:44:37 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Sir Gawain
It's a free download

That's what I like about you, hehehe.

44 posted on 01/18/2003 11:57:39 AM PST by Victoria Delsoul
[ Post Reply | Private Reply | To 1 | View Replies]

To: Judith Anne
I downloaded the trial version of spyware...

I'm not sure what you are trying to install or find...surely not spyware? What is the exact (or approximate) name of the software you are looking for?

45 posted on 01/18/2003 12:30:05 PM PST by Bloody Sam Roberts
[ Post Reply | Private Reply | To 29 | View Replies]

To: Judith Anne
I downloaded the trial version of spyware...

I'm not sure what you are trying to install or find...surely not spyware? What is the exact (or approximate) name of the software you are looking for?

46 posted on 01/18/2003 12:30:05 PM PST by Bloody Sam Roberts
[ Post Reply | Private Reply | To 29 | View Replies]

To: Judith Anne
I downloaded the trial version of spyware...

I'm not sure what you are trying to install or find...surely not spyware? What is the exact (or approximate) name of the software you are looking for?

47 posted on 01/18/2003 12:31:01 PM PST by Bloody Sam Roberts
[ Post Reply | Private Reply | To 29 | View Replies]

To: Judith Anne
Sorry for the triple

triple

triple

post. I hate when FR burps.

48 posted on 01/18/2003 12:32:10 PM PST by Bloody Sam Roberts
[ Post Reply | Private Reply | To 29 | View Replies]

To: UScbass; Clara Lou
My daughters dowloaded Imesh and some other music shareware stuff.

After that, I know get these "Messenger Service" pop-ups or popup-unders very frequently. I cannot find where they are coming from. I unistalled the sharewares (geez i miss Napster) but this stuff still keeps coming. It took me weeks to get rid of that xupiter.com garbage.

Any hints would be appreciated.

I'm running XP and cable at home on a homemade pc. Here at work, on win98 and an older pentium II and dsl, I'm as fast and no garbage at all.

My panicware stopper works 100% at work but only partially at home.

Thanks
49 posted on 01/18/2003 12:43:38 PM PST by wardaddy (my advice as a novice....never buy an amd chip.....shakey and less precise)
[ Post Reply | Private Reply | To 36 | View Replies]

To: Sir Gawain
Bump for later.
50 posted on 01/18/2003 12:49:39 PM PST by StriperSniper (Start heating the TAR, I'll go get the FEATHERS.)
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-100101-111 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson