Getting and keeping spyware off your computer

me

[Sir Gawain]

Just thought I'd give this little PSA since I'm such a nice guy.

Many of you are already familiar with Lavasoft's AdAware, but you may not be familiar with SpyBot Search & Destroy, which is actually more powerful and more up-to-date. Lavasoft hasn't updated their definition file since September because they're working on a new release, so it won't clean newer spyware creations like CommonName. I would keep AdAware however. It's still very useful.

SpyBot also has a lot of other cool functionality built into it, like a clean on startup in case you are unable to remove the spyware's .exe or .dll because they have processes running. Yes I realize you can just unregister the .dll then reboot and delete it, but not everyone knows how to do that.

Here are a few other cool (and free) tools to help keep the stuff off your PC:

SpywareBlaster:

(From website) "SpywareBlaster doesn't scan and clean for spyware - it prevents it from ever being installed.

How? By setting a "kill bit" for the CLSIDs of spyware ActiveX controls, it prevents the installation of any of them from a webpage. You can run Internet Explorer with Active-X enabled, but you will never even get a "Yes/No" box popped up, asking you to install a spyware Active-X control (Internet Explorer will never download or run it!). All other Active-X controls or plug-ins will work fine.

The SpywareBlaster database contains information on these known spyware Active-X controls. Make sure you run the Check For Updates feature frequently to get the latest database! (And make sure you check the new items to protect your system against them!)

As a side benefit, setting this "kill bit" will also prevent the spyware Active-X from running, in many cases, if it is already installed on your system.*"

SpywareGuard:

(From website) "SpywareGuard provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware! And you can easily have an anti-virus program running alongside SpywareGuard.

Features Listing: Fast scanning engine
Scans exe and cab files - the two most popular file types for distributing spyware
Signature-based scanning - for known spyware (list)
Heuristic/generic detection capabilities - some spyware programs can be detected even if the code undergoes significant changes
Small size - with a small size and small definition sizes, download and updates are quick
SG Control Panel - provides easy access to help and integration options
SG LiveUpdate - provides an easy updating solution
Spyware files are blocked before being opened or run - they are not simply shut down after they are loaded in memory (and after they have performed their tasks)
The full path to the spyware executable is provided on the alert screen
Once a spyware file is detected and blocked from running, the options are provided to either continue or to delete the spyware file
It's a free download

Most of this info and much more can be found at http://www.spywareinfo.com/

[snooker]

Useful for windows users ... thanks.

snooker

[Bloody Sam Roberts]

net send [machine name] [message]

I just tried this syntax to send a message to the other PC on my home network and got the error message:
"The command SEND is unknown. For a list of valid commands, type NET HELP at the command prompt"

I did and the SEND option isn't in the list. Do you know if NET SEND is not available on a non-NT/Win2k platform like Win ME?

[1rudeboy]

bttt

[Sir Gawain]

I'm not sure. I know it ships with XP and NT.

[Bloody Sam Roberts]

Must be an NT thang. Oh well.

[Cicero]

If you disable automatic windows update in WinXP, it no longer goes ahead and downloads the updates automatically. But it still appears to go on-line to check the update site for critical updates, so it can notify you they are available. I don't think that function can be turned off. But I haven't been using my computer with XP on it very much, so it's something I've only vaguely noticed.

[Allan]

I just downloaded, installed and ran SpyBot.

I never have used any Spy removal software before.

I have a cable modem connection and I had noticed
that everytime I closed IE
the hard-drive would go mad
and when I pressed Control Alt Delete
I got the message that Explorer was not responding

Does anyone know what would cause this problem?

Anyway, I am relieved to see the problem seems to be gone.

[Sir Gawain]

Hey, I'm an expensive download.

[Victoria Delsoul]

Are you?.... since when?

[Victoria Delsoul]

Just kidding of course. LOL

[wardaddy]

Home now and on it....I'll let you i know how bad I screw it up.

Snowing again here and slightly below zero last night (fairly rare). Did you guys get any of it down there?

[djf]

Adaware has worked good for me, but I also recommend zonealarm. I just got done installing Mozilla to try it out, and as soon as I started it, ZA told me it was trying to act as a server. I didn't allow it, but allowed it standard access to the internet, and it seems to work fine.

[djf]

Something else most people don't know. As I browsed and browsed and browsed, my machine would get a little slower and slower. I would click on a page and my hard drive light would go on for what seemed forever, even though I was defragging often and purging my MSIE cache and history often.

Come to find out, MSIE always and forever keeps track of where ya been, there are files called "INDEX.DAT" in your cookie, history, and internet cache folders. Mine were getting upwards of 5 meg each. No doubt the guys in Redmond are sometimes browsing my history.

Purge the files. They have the (A)rchive attribute turned on, so ya gotta do it in DOS.
Happy browsing!!!

[wardaddy]

Spybot bagged 262 tags or infiltrators....Gator, Zulu, Xupiter, Net Tracker, some other goodies and a load of MS cookie stuff and codec thingies plus it moved a lot of IE and MS stuff to their SpyBot umbrella to make it harder to retrieve from the outside supposedly.

It cleaned out everything but a worm called "klez" under C/windows/system32/winkgzk.exe

It said it was a master data retriever and would require anti-virus activation to find it and kill it.

Does that mean anything to you?

Thanks for all your help.

[Clara Lou]

Do you have an anti-virus program? I have used Norton for two years. There's also a website that you can go to (I think it's a Norton site) and get Klez removed online. I'll go see if I can find it. I'll bet someone posts it before I find it, though.

[Clara Lou]

Well, I found it : http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html

Go here and follow the instructions. Good luck. Sounds like you've really "cleaned house."

[Las Vegas Dave]

Bump (for later read)

[wardaddy]

Thanks Clara...I've had AVG freeware anti-virus but it was not functioning properly.

I'll go the site you linked and try that out.

My speed has definitely picked up about 25% or better and it's smoother linking.

I'll do a Toast speed test later when all the dust settles and see how it's doing.

Thanks again to both you and Gawain.

Spybot seems to be very deft and user friendly for simpletons like me.

[wardaddy]

Clara, thanks for the link but I bugged out at the technicalities and just uninstalled AVG 6.0 freeware anti-virus and then went to their site and reloaded it.

Spybot had already killed everything but the klez worm and when AVG came back up, it pegged the worm pronto. I then did a complete check (15 minutes for a 6 gig hard drive (1.2 gig amd chip...I'm not crazy about that)as opposed to around 3 minutes for Spybot). AVG then whacked the klez worm upon completion of the test.

I then ran Spybot again and got the all clear.

I have both running now with updates and all that good stuff and with spybot due to kick in on every reboot plus instant notifications from AVG if anybody tries or does sneak in.

This computer is strictly for FR and fun but these little buggers are a pain. Thanks for all the help to you both....I'm a nube with this stuff obviously.

Do either of you think cable server are more prone to this than DSL/phone lines? I have none such obvious problems at work with a less powerful/antiquated giddy-up(win98/pentium II/1.4 gig hard drive.

I plan to do a spybot check at work on monday...we'll see.

I hope this stops things popping up here even when my browser is closed...for now.

Good Night.

[Squantos]

Thanks SG ! I have had Adware for a long time and if you say this spybot works better I'll give it a try. Downloaded and found three things already.....

Anything else I should be aware of with this program ? Do's and or Don't ??