Valhalla Legends Forums Archive | General Discussion | Awful Spyware

AuthorMessageTime
Mephisto
How can I get rid of spyware that just constantly reinstalls itself after I uninstall it and reboot after using Adaware scans, etc.?  It's becomming very annoying and is lagging my computer substantially and sometimes there gets up to 200 processes at once of just spam!
December 10, 2004, 7:25 AM
Thing
Option 1: http://www.novell.com/linux/suse/index.html
OPtion 2: Boot to CD and grab a recovery console.  Delete offending files. Reboot and remove registry entries.

You owe me $108.25

December 10, 2004, 11:46 AM
Yoni
[quote author=Thing link=topic=9853.msg91772#msg91772 date=1102679216]
You owe me $108.25
[/quote]
:)

Try other anti-spyware programs like Spybot Search & Destroy, and either disable ActiveX and Javascript/DHTML on IE, or switch away from IE (Firefox extremely recommended).

Before trying Thing's option #2:
Start->Run, secpol.msc, Local Policies -> Security Options, and set Recovery console: Allow floppy copy and access to all drives and all folders to Enabled.

Or maybe do it with Knoppix (I don't know how good the Linux NTFS drivers are nowadays - they sucked last time I looked, which was long ago).
December 10, 2004, 11:52 AM
iago
My recommendation:
- Reinstall Windows
- NEVER use Internet Explorer

I was in shock at how fast spyware got onto my computer when I used IE for awhile, and it's impossible to get rid of.
December 10, 2004, 1:26 PM
Stealth
Additionally, I've never seen spyware produce 200 processes of itself. You might have a virus on your hands -- especially since Ad-Aware SE Personal (I assume you're updated with the latest definitions etc -- if not, try that) didn't pick it up, so try a virus scanner such as Trend Micro's HouseCall or Avast! 4 Home Edition to eliminate that possibility.

If you're not using AAW SE Personal, get it and try that. It seems to do a much better job at detecting and removing nasty infections than AAW 6 does.
December 10, 2004, 2:37 PM
Mephisto
I did use Ad-Aware Personal and rebooted to remove files that could only be removed when rebooting.  But as soon as I reboot it just all comes back, and Ad-Aware detects ~120 critical objects (again).
December 10, 2004, 3:00 PM
iago
There are so many places to hide malware on Windows (and any OS) that you can't hope to clean it once you're infected.  Like viruses and rootkits, prevention is the only option.  Once you are infected by a virus, a rootkit, or spyware, if it's well written, it's hopeless to fix.  Reinstalling your Operating System and making sure you don't get it again is the key.

Of course, on a good OS all you have to do is boot off the cd, format your OS partition, and reinstall without worrying about losing any of your documents, settings, or installed software.  But Windows has made it preventatively difficult to format.
December 10, 2004, 3:23 PM
NocBrute
Format computer.... > Mozilla, Fuck IE6 >.< > Kill updates :),
spoybot S&D + aww personal + mcafee/trend micro :)
December 10, 2004, 8:29 PM
Adron
[quote author=iago link=topic=9853.msg91792#msg91792 date=1102692222]
Of course, on a good OS all you have to do is boot off the cd, format your OS partition, and reinstall without worrying about losing any of your documents, settings, or installed software.  But Windows has made it preventatively difficult to format.
[/quote]

Actually, if you have an OS where applications and settings don't disappear with a reformat, a reformat won't be enough to get rid of spyware....
December 11, 2004, 3:25 PM
iago
[quote author=Adron link=topic=9853.msg91922#msg91922 date=1102778735]
[quote author=iago link=topic=9853.msg91792#msg91792 date=1102692222]
Of course, on a good OS all you have to do is boot off the cd, format your OS partition, and reinstall without worrying about losing any of your documents, settings, or installed software.  But Windows has made it preventatively difficult to format.
[/quote]

Actually, if you have an OS where applications and settings don't disappear with a reformat, a reformat won't be enough to get rid of spyware....
[/quote]

Hmm, good point.  I guess then it depends on whether the spyware was installed by a user or Root.  Since it's not likely that on Linux somebody would be using Root, to get rid of Spyware you'd just have to create a new user account.
December 11, 2004, 6:34 PM
peofeoknight
Internet explorer is inherently bad because of its support of activeX controls. What I usually do is I look at the process in the task manager (like if I end a process and it restars its self, I have to poke and prod to test a bit), then when I find a process I do not like, I do a quick search for the file name. I copy down the path to the pos and then boot into windows (I dual boot) and get rid of it. If I am on a box that does not have linux I usually just use dos because sometimes I do not have a knoppix cd or something with me.
December 11, 2004, 11:12 PM
Myndfyr
[quote author=iago link=topic=9853.msg91781#msg91781 date=1102685175]
My recommendation:
- Reinstall Windows
- NEVER use Internet Explorer

I was in shock at how fast spyware got onto my computer when I used IE for awhile, and it's impossible to get rid of.
[/quote]

It's not just IE.  After I got myself online using SP1, I fought an uphill battle getting the spyware off that just snuck on through holes in security.  This time I just installed straight to SP2 before I installed the drivers for my wireless adapter, and I use IE -- no problems at all.
December 12, 2004, 12:05 AM
iago
I've discovered that my Windows install has eaten itself.  Considering I've used it for maybe a total of 5 hours, and it's fully patched (except for SP2), it's pretty annoying.  I couldn't even boot because of some stupid spyware, and even after I deleted it all (I used clamav virus scanner to find/delete it from Linux -- note to everybody, ClamAV OWNS), it still wouldn't let me access my internet settings.  So I give up, I'm just going to drop it and reinstall XP (or maybe 2003) for those rare instances when I actually need Windows.
December 12, 2004, 4:14 AM
iago
Well, I was right about where the Spyware came from:
[quote]/mnt/ntfs/Documents and Settings/Ron/Local Settings/Temporary Internet Files/Content.IE5/FS7Q6URS/WinTA[1].cab: Adware.Searchbar
/mnt/ntfs/Documents and Settings/Ron/Local Settings/Temporary Internet Files/Content.IE5/FS7Q6URS/WinTA[2].cab: Adware.Searchbar
/mnt/ntfs/Documents and Settings/Ron/Local Settings/Temporary Internet Files/Content.IE5/NUDIZJR6/WinTS[1].cab: Trojan.Downloade
/mnt/ntfs/Documents and Settings/Ron/Local Settings/Temporary Internet Files/Content.IE5/NUDIZJR6/WinTS[2].cab: Trojan.Downloade[/quote]

I should have known better than to use Internet Explorer for anything :(
December 12, 2004, 6:04 AM
Mephisto
Why are you using IE5.0?
December 12, 2004, 8:01 AM
iago
I installed Windows XP, then updated to the newest updates below SP1 right away.  Why it's using the directory .IE5, I don't know.
December 12, 2004, 8:35 AM
Yoni
[quote author=Mephisto link=topic=9853.msg92030#msg92030 date=1102838488]
Why are you using IE5.0?
[/quote]The directory name Content.IE5 is used in both IE 5 and IE 6. They just haven't bothered to update it, I guess (possibly for fear of backwards incompatibility).
December 14, 2004, 11:56 AM
iago
I formatted my Windows partition today.  Once I get SP1 installed and patched up, I'm going to dd it to a file on my USB drive so I can quickly pull the image back next time it blows up. :)
December 14, 2004, 3:44 PM

Search