Malsua
Since Jan 18, 2003
|
|
Malsua
Since Jan 18, 2003
| |||||
|
| ||||||
The Trans Asian Axis - Exposing the negative geopolitical influence of China and Russia
My private gaming website. Freepmail me if you're interested: The Well Rats :: Seasoned Online Gamer's Community
Now Playing--> LORD OF THE RINGS ONLINE! Beautiful game!
I was recently asked "What the heck is bokeh, is that some kind of a typo?" Well, no it isn't. It's an image that has a well focused subject and a blurred background. Don't ask me where that came from, probably a transliteration from Japanese. Anyway, I was in Disney in Oct 2007 and stayed at Disney's Animal Kingdom Lodge. It has Giraffe's all over. I took a picture of one outside my window with my Digital SLR at a low F-stop and got great Bokeh. Check it out. Giraffe Bokeh
--- I work with computers every day and have for the past 25 years. I've pretty much done it all. I've worked with small systems, large systems, Unix, Linux, Dos, Windows, OS/2, OS9, OSX, PCs, Macs, PowerPC, NT domains, Novell NDS, Active directories, Notes, Cisco routers, etc. I write programming code in many different languages including but not limited to C++, C#, VB.net, Perl, Java, Ladder logic and the list goes on. Hardware, Software, Firmware. I can build circuits, do mechanical engineering, run a lathe/milling machine and rebuild engines in my sleep.
Now that I've bloviated on what I can do, I just want to offer some advice on the insidious creep of the net. Spyware
UPDATE 8/22/2006
Microsoft has released its spyware tool. I've run it on many many machines so far. It has been mostly successful, although some rather nasty trojans that had an adware component were unfixable with this tool. Even on those though, it was able to prevent additional harm it was simply unable to clean it. My suggestion at this point is to download it and install it FIRST before doing anything else I've listed below. If you've got a cracked/haxxored version of windows, you're on your own, who knows what this tool might do to you.
Download the tool here: Microsoft Windows Defender
End of Update
10-20-2005
Found a good article about removing trojans/spyware/malware. It can be found here: How to remove a Trojan, Virus, Worms, or other Malware
One of the best things found on this page is reference to and instructions on this cool tool Autoruns. Very very comprehensive, best I've ever seen. Definately get it and run it, most you won't understand, I know I don't but it will allow you to root out the source of your problem.
back to the original article.
The following information is showing it's age. I originally wrote it as a narrative on how to, now it's just tips and tricks. It's been so highly modified over time, it barely makes a whole lot of sense as written. The links are good for the most part so wade through it for now, I'll tighten it up later.
TIPS and Tricks to Avoiding or removing Spyware/Adware/Trojans
The first thing I suggest everyone do is to switch to Firefox instead of using Internet Explorer. Mozilla Firefox . You don't have to do this, but if someone is jamming a stick up your rump, you don't have to pull it out either.
Most utilities can be run and will be more effective if run in safemode. To enter safemode hit F8 during the boot process
First, download and Run Spybot Search and Destroy and Adaware SE. You can find them at download.com. Make sure you update and then use the full scan options and all the immunize options
Next, get CWS shredder, Hijackthis and bugoff. All are Found here: Merijn's spyware site. For starters run Bugoff and Disable everything.
Update:(12/19/04) CWShredder was acquired by the folks at Intermute. I used Ad-Subtract(an intermute product) for two years, but AdMuncher is better. You won't go wrong with either though. The Link for CWShredder is here: cwshredder. You can download with or without spysubtract. It can't hurt to run Spysubtract, it's a solid program. It's got a free trial. I've also found that Webroot's Spy Sweeper to be a good addition to the toolchest, also a free trial. I suggest you run it after Spybot and Adaware. It can be found here: Spy Sweeper
for this little update, I'd also like to add I ran across another very cool tool. It's a damage cleanup tool from the good folks at Trend Micro. They also have a free online Virus Scanner, found here Free Online Scan. Only do the free online scan once all the rest of your issues are solved or you if you are stuck. It uses IE(doesn't work with Firefox) so unless you've cleaned out your pests, you could re-infect yourself . The tool I'm talking about is their "Damage Cleanup Engine"
Get it here: Damage Cleanup Engine. That will pull some garbage out if you've been comprimised. You can run it from windows and it will generate a log folder in whatever folder you unzipped it to. If it comes back with a "found" be sure to run it again after a reboot to make sure it killed whatever it found.
Continue on...
END Of UPDATE
Run CWS Shredder to completion. Run Hijack this and SCAN, the real important items are ones listed in RUN and BHO. Spybot will have added a BHO called SDhelper. Leave that one, delete other BHOs that either have oddball names or sound like something related to sales (keen value, Valushop, etc).
You can safely delete everything listed in Hijackthis and not "break" internet explorer, BUT it will make internet explorer stop doing something for you that you might want. I run my IE So clean there are only 12 entries in the list. If you've got pages and pages, consider cleaning it out if it doesn't have a known purpose. If you do clean it, it just means you might have to install some stuff again.
IMPORTANT--> Next, go to download.com again and grab spywareblaster. Get latest updates and Enable all protections.<---IMPORTANT
Make sure you are up to date with Windows Update. All the critical patches. Then go to GRC and download the three musketeers and run them all. Disable UPNP(not to be confused with plug and play, it's totally different), disable DCOM with Dcombobulator and shoot the messenger.
Run MSconfig and go to the startup tab and uncheck anything in there that looks strange. You can always add it back if something breaks.
I've never had a single machine I haven't been able to bring back from the depths of spyware hell. I've had some so bad they simply won't function at all. Hopefully soon microsoft closes these spyware holes(See the update at the top of the page) Firefox is _STILL_ the way to go.
Minor Update:(9/15/04) some infections redirect you to certain pages by adding entries to your hosts file.
Hosts can be opened with notepad and is located in:
Windows 95/98/Me c:\windows\hosts
Windows NT/2000/XP Pro c:\winnt\system32\drivers\etc\hosts
Windows XP Home c:\windows\system32\drivers\etc\hosts
The file should look something like this:
-------------
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
--------
Make sure you scroll down. If there are pages of pages of redirects which are usually added after a couple pages of whitespace, delete them and save hosts. Make sure that notepad doesn't add a .txt extension to the file. Just do "Save" not save as.
Spybot Search and Destroy has an option to "add sites to hosts". Switch to advanced mode, click on tools, click on hosts and you can add or remove protection there. It's not a bad idea
Update(12/1/04) Welp, folks, I've met one finally that took me hours and hours to get rid of. This bastard runs in Safe Mode and self protects it's files and registry entries. It's a Varient of VX and it's dug in there very deeply. Frankly, I'm stumped as to how it starts itself, but I know it does so via legacy support somewhere. I simply couldn't find it. It randomly names two DLL files in the windows/system32 folder and locks them down. It shows up in the task manager as rundll32.exe. Rundll32.exe can load legitimate programs, however, when you delete it and it returns in 30 seconds, you know you've got a live one. I'll tell you how I killed it in a moment.
I'm also running across another disturbing trend where windows services are being installed that are simply spyware. Windows Net Logon is one of those that I'm seeing now. Sounds like a legitimate service doesn't it? It's not. You can disable these rogue services in the administrative control panel, but to remove it requires some registry editing that is simply beyond the scope of this page. Always check your services, if something doesn't look right, it could be spyware.
As to how I killed this unnamed Spyware that wouldn't let me delete the files? Well, I was working up to getting the VX killer add-on for AdAware, but a thought struck me and I never went through with it. You may be able to kill this one using that. It's found here. VX plugin for Adaware SE. What I did was something more radical. I pulled the drive out, slaved it in another computer, opened the file system there, deleted the malware, replaced the drive in the original computer, All done! That's not an option for everyone, so I'm going to continue to research this one. Be cafeful folks. Make damn sure you got spyware blaster updated and don't download and install free garbage on the net, it will only lead to problems.
UPDATE (3-12-05)
I found a utility that will kill files that refuse to be deleted. It's called Killbox. Only use it as a last resort and on files that are known malware. You could trash your entire OS if you killbox critical system files. The tool can be found here: Pocket Killbox
Also, another method to removing locked files is that you can insert your original CD and boot to the repair console. If you don't know how to navigate using dos commands, don't bother, use killbox.
I've also discovered where many of these attacks are focused on. They install legacy services inside of the windowsNT trunk in the registry. Google on haxdoor open32.exe and Horseserver if you want the gritty details.
End of Update
GOOD LUCK FREEPERS! SLAY SOME SPIES!
Note on ZOMBIES(defined as trojaned or running particularly malignant spyware)
The quick way to tell if your computer is a Zombie? Shut off all programs and watch and listen. Is the hard drive light blinking? Can you hear the disk going click click? How about the lights on your network card? Blinking when no one is using the internet? You might be a zombie. Don't confuse traffic lights on the cable modem though. That just means someone in your neighborhood is prolly downloading porn(your card generally shouldn't be blinking though). If you're on a DSL or dialup, when you're not working, nothing should be happening. If it is...you might have a spyware problem or a zombie trojan spamming the world with emails and no, your email program doesn't need to be on. The trojan starts its own little smtp server.
One good place to check your running programs in your task list(ctrl-alt-delete) is here: Answers that work. It has most of the tasks list entries and what they do. If you see some oddballs in there, you should endevour to get them stopped.
UPDATE:(8/1/04)I recently found the best Ad remover program going. It will help to stop spyware infections as ads can be a vector and you browse the internet without annoying ads. I used Ad-subtract for 2 years and I've tried many of the other freebie ones. Ad Muncher is head and shoulders above the rest. It's a layer 3 program. That means it's looking at the traffic before it comes to your browser. You don't need to configure proxies or anything else. Just install and you're done. It's got a 30 day free trial, give it a shot. It's Awesome.
My private gaming website. Freepmail me if you're interested: The Well Rats :: Seasoned Online Gamer's Community
