Spyware/Trojans Multiple Attacks

[Jaded God]

ERRR I am getting so tired of Spyware and Trojans!! I use Ad-Aware 6.0 and Spybot Search + Destroy all the time. I also run AVG virus scan and these get rid of all the trojans and spyware, but then I will still get shit.

Last night I had a huge infection of trojans. I have the damn lycos sidebar search come up when I search on a search engine like google. And I lost notepad.exe again which I can fix but its annoying. What the hell can I do to prevent this or fully get rid of this stuff.

Recently I would delete my temp internet files and history and click the history folder and make sure they were gone and they were. Then I would close Internet Explorer and open the history folder and THEY ARE ALL THERE AGAIN. Won't let me delete my history blah blah. God Im tired of this shit.

 

[antime]

The patient says "Doctor, it hurts when I do this." "Then don't do that!" the doctor replied.

 

[axelblazeadam]

Just move away from Internet Explorer then. I got much less spyware once I moved to Mozilla Firefox. I only use IE for Windows update and the odd incompatible website now.

 

[slinga]

Patch your machine regularly, and move away from IE as axel says. Also, do you run your comp as administator? Try making a regular user account for yourself, and logon as that. What type of firewall are you running? Try out Zone Alarm, it's not bad for the price (read: FREE). Last tip, try out different antivirus tools. Give trendmirco's online virus scan a shot, it solves most of my problems.

 

[ExCyber]

And the "odd incompatible website" is getting rarer and rarer. I'm a big fan of Jamie Zawinski's take on such beasts:

Too-clever-by-half sites that don't work at all. Usually these sites come up with a completely blank page, and if I do ``View Source,'' I can see the nature of their evil. Less frequently, the page will come up with some snotty admonishment, blaming me, the web, Netscape, or God for the fact that I can't see their page: blaming, basically, everyone but the designer, who is the only person whose fault it is.

But that's just fine -- because sites that do this invariably ALSO DON'T HAVE ANY CONTENT ON THEM. So this is a great litmus test that saves me lots and lots of time! If the site uses all the latest crap, then it means that whoever's site it is is more concerned with appearance than content, and the only reason for that would be that their content is crap. If they had worthwhile content, they wouldn't have to dress it up in gaudy trappings to get people to think that there's something there.

 

[Curtis]

You do have a firewall on that big fat broadband internet connection, right Jaded?

 

[Jaded God]

No because I know how firewalls give other people I know problems with downloading and stuff... Guess I should put one on eh? You guys recommend some to me.. Or is Zone Alarm good?

 

[CrazyGoon]

Why bother with all that Ad-aware, Zone-Alarm crap - Spyware and trojans do nothing to your computer. You have all been tricked into thinking they are the devil. I wouldn't have a clue to what spyware, trojans are on my computer, and I don't give a shit either, cause my computer runs fine. The best thing to do in regards to trojans and worms finding themselves on your computer is to set up a firewall.

My rule of thumb: Unless your antivirus software says remove it, then remove it.

 

[Pyrite]

Good firewalls are Sygate Personal Firewall or Agnitum Outpost. Its either you visit often porn/warez sites or you have some p2p intalled like kazaa or grokster.

 

[Jaded God]

no porn or p2p.

 

[ExCyber]

No because I know how firewalls give other people I know problems with downloading and stuff

Until IPv6 gets widely deployed, learning to deal with such problems is a good idea. NAT gateways have similar problems and ISPs are starting to deploy them on their own for people who have multiple computers now that they realize that most people won't pay $10/address/month.

Its either you visit often porn/warez sites or you have some p2p intalled like kazaa or grokster.

It's not just a matter of porn/warez/p2p, it's a matter of trustworthy vs. untrustworthy, which covers the spectrum of subject matter. Granted there are a few more dodgy porn/warez/p2p sites than other stuff, but only because those are popular subjects that scammers/attackers can use to get more targets. The bulk of spyware actually masquerades across the board as relentlessly-advertised utility software, especially browser toolbars like Hotbar, MyWebSearch, New.Net, Gator, and others, but also attached to otherwise legit software installs - always do custom installs and check for this kind of crap, because it's sometimes completely optional. Often bad software:

1) Is advertised via popups, especially popups crafted to look like Windows error messages. Avoid this stuff like the plague; if you install it you only have yourself to blame.

2) Is advertised in banner rotations or popups and warns you about spyware/trojans. Often this stuff is actually spyware itself. Use a reputable scanner such as Ad-Aware or Spybot.

3) Pops up with an ActiveX installation dialogue without you clicking on anything (Gator is infamous for this tactic).

4) Seems to have a website for just the software, with no substantial information about the person, company, or organization producing it. In particular if there's no contact info, or the contact info takes an unusual amount of effort to find, that's not good.

5) Makes lots of vague claims about "enhancing your computing/browsing/Internet experience" without mentioning any particular features.

6) Claims to be software or a crack/keygen/patch for software that isn't actually released. Check with authoritative sources.

7) Has a filename that is only a description, no title or version number

8) Is much too small for what the file is labeled as

9) Is distributed as an unpacked .exe via email or P2P nets, especially when what it's labeled as shouldn't need an integrated installer.

 

[Alexvrb]

As I already tried to explain in a previous thread, a halfway normal firewall will *Not* interfere with your programs. It will ask for permission, but if its something you need/recognize, you can tell it to remember. Now on the other hand, routers CAN interfere. But just a software firewall causes no problems. Combine that with a good AV program, a patched up OS, and careful browsing habits.

Or just live with the viruses and spyware in peace and harmony (until they cause your install to go sour and die).

 

[Pearl Jammzz]

I am always onP2P networks and stuff andh avey et to get a virus, I get the occasional spyware but it's usually just cookies/WMP trash. Nothin serious yet ever.

Another kind of site that just adds and adds to spyware and such is ones like ebaum, where they have tons of flash/funny pics and such. My friend used to get em all the time, can't remember the sites though. WHen I redid his PC I blocked them via IE and told him that his PC found them unsafe and blocks em, so he doesn't even try now. He went from havin a PC FULL of it and havin to reformat every month to hardly having any at all and been reformat free for awhile now.

Just watch yerself and you should be good. Hope this helps...

 

[IceDigger]

Steps to make sure you do not get any more spyware.

1. Buy a hardware firewall, software firewalls are crap. This will run you about $50

2. Make sure you update and use Adaware/Spybot/Hijack This every WEEK

3. Download AVG anti-virus, much more effective then Norton or MCaffee and it's free too

4. Uninstall IE and use Mozilla Firefox

This will decrease you chances of getting spyware by ALOT.

 

[schi0249]

Originally posted by CrazyGoon@Sep 17, 2004 @ 01:54 AM

Why bother with all that Ad-aware, Zone-Alarm crap - Spyware and trojans do nothing to your computer. You have all been tricked into thinking they are the devil.

Allowing trogans on your PC is not smart. I work for an ISP and shut people down all the time. Frequently Trogans are used by spammers. The person you get the trogan from will use your PC for directing spam through. That is easily traced to the ISP. And when I find you, I kill your connection, at least if your in Minneapolis area. The company I work for does this on a national level as well. Many broadband ISP are doing this these days.

 

[it290]

I was hoping CrazyGoon's post was sarcasm.

About the hardware firewall thing, it's all a matter of setup, IMHO. Software and hardware will both offer you a decent level of protection, but neither one will help you if they're not configured correctly. A couple of suggestions from my end:

1. I assume you're already using a NAT router. If so, make sure your computer IS NOT set up as the DMZ. If you really need individual ports forwarded, go ahead and forward them.

2. Close ports that you're not using. This tool will close all the opened ports on a default Windows install. You may need some of these for certain things (SMB for home networking, for example), but the fewer ports you have open, the better.

3. I have noticed a lot of people mentioning IE, and I agree, it's not fun to use, but additionally, don't use Outlook. Find some other e-mail client if you're using Outlook.

4. If you're already infected with a bunch of crap that you can't clean, reformat and reinstall. There's no point in trying to secure a machine that's already inherently insecure.

 

[Quadriflax]

Let me take this opportunity to beat a point to death (because it is that important). If nothing else, for the love of God, STOP USING INTERNET EXPLORER.

I use Netscape (yeah, I know, I know.. I'm just used to it from back in the day) on a regular basis, and I get very few bits of spyware. And most, if not all, are ad tracking cookies. When my brother came home for a week, he used IE to play some "free" online games. I came home one day and had HUNDREDS of bits of spyware on my computer, including Lycos Searchbar or whateverthefuck it was. I banned his ass from using IE and since then haven't had any issues.

I also helped clean my g/f's parent's computer of spyware. We're talking THOUSANDS of detections from Ad-Aware (and they wondered why their computer was running so slow). I gave them a stern lecture in why this "free" stuff isn't free, and installed Netscape on their computers. They still don't have a clue what they're doing, but their occurances of spyware have decreased dramatically since.

Again, if nothing else, please move away from IE. It really is the devil.

 

[Krelian]

Use ADVERT Stinger to get rid of most mainstream Trojans/Worms.

It has a nice small footprint and is quick to boot.

http://vil.nai.com/vil/stinger

First go to preferences and set it to include both your BOOT SECTOR and ALL FILES in the scan.

~Krelian

P.S.: Another free and highly effective program for REMOVING Viruses/Trojans/Worms is Trend-Micro's Sysclean, been very impressed with it actually.

 

[ExCyber]

Software and hardware will both offer you a decent level of protection, but neither one will help you if they're not configured correctly.

Note that part of "configuring" a software firewall correctly is to not use an administrator account all the time. Basically the rule is this: if you can disable/configure the firewall without switching accounts, so can a worm/trojan (I haven't heard of any that are designed to, but it's got to be in the pipeline with SP2 integrating a software firewall). Basically any program can send Windows events to any other program, and the Win32 API doesn't provide any real way for the receiving program to verify the source of the event message. Even if the firewall is totally sealed against buffer overruns and event hooks, the trojan could probably still send it a series of mouse/keyboard events to turn it off.

 

[Alexvrb]

Can you secure program access with a hardware firewall? If not, it might be best to have both. A decent software firewall won't interfere with anything, so it can't hurt. Also, I know ZoneAlarm tells you when something is trying to shut it down, so you'd need a pretty advanced trojan. Assuming you have a good virus scanner and firewall, and are careful, hopefully you won't get one in the first place. But if you did, it should be pretty obvious something is wrong when it kills your firewall.

Oh, that reminds me. I read somewhere that an unpatched WinXP install has like ~30 mins or something before it is compromised by spyware/viruses. Good thing you can slipstream service packs.