Getting rid of Spybots

self ^ | 17 feb 04 | self

[El Gran Salseron]

"Do you know of a way to paste a list of evil URLs into the Security settings all in one swoop?"

No, not in one swoop. However, you can go to the following site to download then unzip and install 3d Clipboard after reading the readme file. Also, download the Visual Basic Runtime Files from the same site if you do not already have them otherwise the program will not work:

http://www.3dclipboard.com/

It allows multiple copies to the clipboard.....up to 25 copies. If you have a list of sites that you have saved in Notepad, for example, you can copy each site to the clipboard then see each entry in the listing by left-clicking the paper clip in the systray near the system clock.

Or if you don't have a list then you can visit each site that you want to block and copy to the clipboard which saves the last 25 copies. Then in IE click on Tools/Internet Options/Security Tab/Restricted Sites Icon/Sites Button/copy to the top text box the first copy from the 3d clipboard/click Add/repeat for each entry in the clipboard.

"I'm also looking for a thorough list of the worst offenders."

As for a list of known offender sites, I know of none except those listed in the Ad-Aware database or the Spyware Blaster database. However, I am sure that some list must exist somewhere on the internet but I have not seen it or heard about it.

[Citizen of the Savage Nation]

Take what you read at Cnet and ZDnet with a grain of salt. There's a lot of kids around there, Gates shills ("Tim Taylor") and spammers and spyware writers who infiltrate the place to make certain programs and their programmers look worse than they are.

Thanks for the advice. Most Spybot detractors were pimping Adaware, I had planned to try that as well.

[Citizen of the Savage Nation]

Thanks, I'll try that out when I can. Does that work for Mozilla as well? I use that, my wife uses Explorer.

[Citizen of the Savage Nation]

Great, thanks, that's quite a bit. It's kinda funny, but this weekend I noticed that Spybot was unable to search to see if an upgrade was available. As if its also being blocked like Google is.

Also, while using Explorer, if I go to Tools, Internet Options, it tells me that my security settings have disabled this option, see network admin. Funny, don't remember doing that.

[WestCoastGal]

bookmark

[El Gran Salseron]

"Does that work for Mozilla as well? I use that, my wife uses Explorer."

The re-install of IE will not work for Mozilla. There is a setup file for Mozilla but I assume that it would be saved on your hard drive somewhere.

The filename for the version of Mozilla that I have is "Mozilla-win32-1.4.1-installer.exe" and I would assume that your install file for Mozilla would be similar.

Hijack This should work for any browser.

[El Gran Salseron]

Spybot and Ad-Aware pretty much do the same thing. If the worm, hijacker or adware has blocked Spybot you may want to try Ad-Aware.

If security settings have changed in IE it sure does sound like a hijacker or worm. Can you change the "See Admin" setting and take control of your security settings?

[Citizen of the Savage Nation]

I've been getting around that by going through Control Panel, so the answer is yes.

[mac_truck]

bump for later reading

[tbird1]

bump, truck

[B4Ranch]

Look for undertone.net in 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'.

[old chief]

Hope this will help your browser redirect problem.

I too had a problem accessing Google and other search sites on my company computer a few months ago. This computer is behind an industrial strength corporate firewall and protected by Norton Corporate AV, but still, something managed to slip through undetected and redirect some URLs. My corporate people managed to find a virus description that sounded like the right thing, although my computer didn't have all of the symptoms, one was there--a file named "HOSTS" (no extension) with a bunch of redirection information (ASCII text file, but without the TXT extension--you can open it with NOTEPAD or WORDPAD).

There were several of these files, but one had a lot of URL names, and all pointed to the same IP address. I erased the contents of the HOSTS file (to be careful--I found later, you can just erase the file), resaved it as an empty file and that solved the problem. So do a file search for HOSTS and erase all of them. If you are not sure whether they are used for anything, simply rename them with a .SAM extension and test your system. You can always remove that if it has a negative effect.

[A Cyrenian]

Bump.

Thanks for the advice.

[Citizen of the Savage Nation]

Hey thanks, as a matter of fact my problem did turn out to be a virus/spyware just like this. I managed to get rid of it with a McAfee full scan along with an Ad-Aware full scan. Those problems have gone away, I'm happy to report.

[js1138]

Spyware Blaster is the best first defense, because you never see the temptation to download spyware. It is essential if you have kids. They will not be able to download the crap in the first place.

Second, it does not remove spyware. It disables it, which is reversable. This is important if you accidentally wack a legitimate game or program you need.

[Bloody Sam Roberts]

This thing would automatically regenerate the registry entries every time I deleted them

My friend's XP box has one called "svhost.exe" that resides in C:\Windows as a hidden file. It came in via a CoolWebSearch trojan called "Googlems". I cannot get control of the C:\drive before windows does in order to delete it. The NTFS partition won't allow that.

Consequently, this executable regenerates the registry entries and everything else that you can clean out...every 10 seconds. It won't even allow you to see the Spybot S&D files in any directory they are in...it even shuts down MSIE when you visit the Spybot homepage!

I've given up and told him he'll need to find his restore disk(s) so we can wipe it clean and then patch the gaping MS Java VM hole.

[Bloody Sam Roberts]

QUESTION: Just what processes DO belong?

Here's a good list to look through. It will at least identify the entries you do see and which ones are necessary.

Startup Items List.

[Bloody Sam Roberts]

You might want to look at MYIE2.

A great little overlay program for MSIE. I'm using it at work now. I use Firefox at home but here I need IE because a lot of our corporate sites require it. It's a good way to get tabbed browsing into MSIE. I love the Merriam-Webster Dictionary search function. I wish Firefox had that one.

[Xenalyte]

I had one and couldn't remove the sucker no matter what (I mistakenly clicked "yes" on one of those "do you want to install . . ." pop ups). I opted for the nuclear option eventually - Format C:.

I did something similar, and similarly stupid, last fall - I accepted a Windows Update without researching it first. I can't get to HTTPS (secure) sites now, and as soon as I procure a new hard drive, it's Nuke City for the current one.