Tenacious Spyware Problem (Vanity)

6/16/04 | Me, Myself, and I

[Born Conservative]

Please excuse the vanity (this is my first vanity post). I am having a problem with spyware. It started when my 11 year old son installed a "really cool" screensaver on the computer (running XP Home) from "screensaver.com". As soon as he told me he did that, I knew that I was up the creek without a paddle. So, I ran Spybot, and then Ad Aware, and "fixed" my Spyware problems. Right. Needless to say, my computer is still infested.

I then did some searching on the web,and downloaded Hijack This, since my browser was hijacked to a different home page (msn.com). Since I wasn't sure which programs were spyware, and which were not, I haven't "fixed" them with Hijack This yet. I also downloaded Aluria's free spyware scanner, and it shows 17 spyware files. The files include Wild Tangent, IWon, Cydoor, 2020Search, Comet Cursor, WhenUSave, and MyWay Speedbar. I did re-run the SpyBot and AdAware, as well as CWShredder (run in Safe Mode), but the spyware persists. I am also up to date on all Windows updates. Any help would be appreciated. I do have a log file from the Hijack This if that would help.

[Terpfen]

"The problem with your suggestion is that when little Tommy voluntarily downloads the spyware file nothing can be done by 'immunization' feature on Spybot S&D or SpyBlaster."

... Yes, I understand the difference between prevention and treatment.

Notice how I said to run the Spybot/Ad-Aware scanners again after installing Spyware Blaster in order to prevent a reappearance of the spyware. The problem isn't that the malicious programs in question can't be wiped, but that they come back after being wiped. Spyware Blaster and Spybot's Inoculation will prevent the programs from being reinstalled, thus fixing the problem.

[sneakers]

Bump for valuable information!

[Eagle of Liberty]

Get another hard drive and transfer needed files to it. Easiest way I have found so far. You could also burn to CD or use Zip files.

[Freemeorkillme]

Yes. Good advice to Windows IE and, less importantly, Mozilla/Firefox users; get spyware blaster from javacoolsoftware.com.

[Eagle of Liberty]

Macs are not attacked because there is not a large quantity of available targets. If you promote the Mac, someone somewhere will start to target Mac software.

[rintense]

Just got word that the co-workers machine was indeed 'infected' with guardian spyware. It was doing all the things that both of you have posted.

[TankerKC]

I see I'm not the only one having these types of problems. There have been several similar threads of late. Why are companies allowed to put this crap on our computers? It really is theft of processing time and power.

Of course, the market will fix this. Actually, it already has to a degree. There is big money now in combating these hijacking programs. But these leaches will continue to build this kind of malicious software. It is time to create and enforce laws to prevent these companies from doing this. Some of them are “in your face” about it. I had a problem with Ebates.com momoneymaker and got no satisfaction from the company. I finally was able to remove their malware, but it has reappeared twice. Incidentally, Dell, Priceline, and the GAP all advertise on the Ebates.com website. I sent them letters informing them that I would not use their products/services as long as they associated with criminals. I got no responses.

[ShadowAce]

Spyware? What's that? Never get it. Never will.

[Born Conservative]

Mac or Linux?

[technochick99]

bump for a later read.

[Xenalyte]

When you search for something on MSN.com, does the first result page give you a bunch of shopping links?

If so, I fixed it by dumping my data onto a folder on a separate hard drive (auxiliary borrowed from Xena's Guy's PC), then running all antivirus and antispy programs on the folder. Then I Formatted C on my PC's drive, reinstalled XP clean, and moved my verified-clean folder back to my now-clean drive.

[Xenalyte]

As much as I resisted it, I forgot how nice it is to have a fresh clean install. I've reinstalled a couple of my games, and they start more quickly than they did before the wipe.

[Xenalyte]

A "clean wipe" is when you go to the DOS command prompt and type in "Format C:\". Then you sit back and watch your data disappear. Then you reinstall your operating system.

[Freemeorkillme]

Do they need to be setup as Run keys? No. They can be launched manually, can they not? At the very least, its systems clutter and not a needed process to run Windows. There was one or two other entries I believe I'd included to remove for the same reason...I could have included more, but whatever.

Let us know what you find and how you make out.

[ShadowAce]

Linux, of course :)

[Born Conservative]

Duh! I guess I didn't read your tagline before I asked.

[SengirV]

That's only half the story. Windows has more holes in it than swiss cheese is the other half of the story.

[Bloody Sam Roberts]

There is much good advice here so far so I won't add to the noise be simply repeating what's been said so far. You have some cleaning to do. Once done, do set up some sort of shielding for your PC.

SpyWareBlaster and The Proxomitron is an unbeatable combo.

Whether you are savvy or not, you should be using The Proxomitron. It will work out of the box and protect against such things as popups and homepage hijackers. Run the install program, put a shortcut to it in your startup folder, and then set it as an http proxy on port 8080. To do this for IE go to tools, internet options, connections. Then click settings if you have a dialup connection or click lan settings if you have cable. Either way, the rest is the same. Check the box that says use a proxy server and then click advanced. Under proxy address by HTTP, type in "localhost". Under port, type in 8080. OK your way out and surf free of popups, ads, and other obnoxious stuff.

You will have an icon in your system tray. If you want to bypass the program and see the page as it would appear normally, right click the icon and select bypass all filters and refresh the page.

Another thing. If you maintain the browser proxy settings as mentioned above and the Proxomitron is not running, you will not be able to connect to the internet. You will either have to reverse the proxy settings in the browser settings or start the Proxomitron.

Finally, this program is a stand-alone meaning it adds nothing to the registry or do such things as install dll's in the windows directory. This means if you don't like it all you have to do is not use it and if you want to uninstall it, just delete its program folder.

It's available here:
http://www.proxomitron.info/files/index.shtml

"Filthy, nasty spywareses... trying to ruin the Precious. We won't lets that happen, no. We'll shows them good!"

[boris]

"The Proxomitron is an unbeatable combo."

Unbeatable all right. Slowed my cable modem connection by a factor of 100x, screwed up my registry, messed with my CMOS settings.

Other than that, my (brief) exposure to it was delightful.

--Boris

[my_pointy_head_is_sharp]

Excellent instructions!