Hi, people. Need some advice. My office people just discovered that one of our broadband connected PCs is infected with spyware. What type and version I do not know, but it is proving very difficult to remove. Any suggestions for cleaning up the system with minimal damage to the data in the hard disk?
Help! Spyware attack on my computer
- Thread starter ws
- Start date
Help Support Candle Power Flashlight Forum
OZ
Newly Enlightened
Hi ws,
I use a program called Spybot Search and Destroy it's really good, best of all it's FREE.
Here is the url: http://www.safer-networking.org/index.php?page=home
Hope this helps. /ubbthreads/images/graemlins/smile.gif
I use a program called Spybot Search and Destroy it's really good, best of all it's FREE.
Here is the url: http://www.safer-networking.org/index.php?page=home
Hope this helps. /ubbthreads/images/graemlins/smile.gif
B@rt
Flashaholic
Frenchyled
Flashaholic*
Try also Webroot Spy Sweeper here :
Spy sweeper
Spy sweeper
Icebreak
Flashlight Enthusiast
Please find out what the infection is and what program found it. Working third person can be a challenge.
BB
Flashlight Enthusiast
On a friend's computer, I had a problem with pop-up graphics windows (looked a little like a web browser with no controls).
No spyware or anti-virus program (those listed above or Norton Anti-Virus) would find the program. So, I installed Zone Alarm (the free edition) and watched which programs tried to access the Internet... And there it was. Found it in the startup file (RUN msconfig) to turn it off, and erased it from the disk.
-Bill
No spyware or anti-virus program (those listed above or Norton Anti-Virus) would find the program. So, I installed Zone Alarm (the free edition) and watched which programs tried to access the Internet... And there it was. Found it in the startup file (RUN msconfig) to turn it off, and erased it from the disk.
-Bill
In addition to AdAware and Spybot Search and Destroy (I highly recommend both of these as well), you might want to add HijackThis to your arsenal of tools. It is free as well. HijackThis tells you all kinds of stuff about your system - not all of it bad. You need more personal knowledge to analyse HijackThis output. You just can't go deleting everything it lists. Download HijackThis from http://www.spywareinfo.com/~merijn/
You might also want to review Internet Options (if you're using IE) and try to determine how the spyware got in. Possibly JavaScript, ActiveX, or InstallOnDemand. It also could have come is as a hidden payload piggybacking on some program that was installed on purpose.
You might also want to review Internet Options (if you're using IE) and try to determine how the spyware got in. Possibly JavaScript, ActiveX, or InstallOnDemand. It also could have come is as a hidden payload piggybacking on some program that was installed on purpose.
This type of topic comes up so often, along with anti-virus, spam, and firewall software, browsers, email, etc .... along with hardware and the different operating system discussions. Maybe there should be a list of all these software programs that people here recommend in one place. Possibly a separate software/computer section altogether.
In any case, the following programs are free, well regarded and are for the Windows operating system.
Spybot (free anti-spyware)
Ad-aware (free anti-spyware)
AVG Anti-virus (free anti-virus)
AntiVir (free anti-virus)
Mail Washer (free spam filter)
Zone Alarm (free firewall)
Some fun ones for the adventurous at heart.
Microsoft Power Toys for Windows XP
VirtuaWin
You can see all of these and more ..... here.
Mike
In any case, the following programs are free, well regarded and are for the Windows operating system.
Spybot (free anti-spyware)
Ad-aware (free anti-spyware)
AVG Anti-virus (free anti-virus)
AntiVir (free anti-virus)
Mail Washer (free spam filter)
Zone Alarm (free firewall)
Some fun ones for the adventurous at heart.
Microsoft Power Toys for Windows XP
VirtuaWin
You can see all of these and more ..... here.
Mike
Icebreak
Flashlight Enthusiast
haertig -
That's what I was thinking also, but I'm a little leary recommending it unless the user is pretty knowledgeable. If ws doesn't get fixed I'll post some instructions. HijackThis is very useful.
_Mike_ -
Good post.
- Jeff
That's what I was thinking also, but I'm a little leary recommending it unless the user is pretty knowledgeable. If ws doesn't get fixed I'll post some instructions. HijackThis is very useful.
_Mike_ -
Good post.
- Jeff
Chris M.
Flashlight Enthusiast
Don`t forget, once you have that evil junk cleaned from that system, you need to stop it ever getting back there. Go here: http://javacoolsoftware.com and get a hold of Spyware Guard and Spyware Blaster. They run in the background and prevent known parasites (spyware, keyloggers, pr0n diallers, etc) from getting in, especially good for preventing MSIE ActiveX hijackings.
Anyways, I use them and have no serious problems to report. Updates are pretty frequent and so far I havn`t been nobbled since installing them. The old system does seem a little tiny bit slower, but it is ancient as far as computers go so that is to be expected really, slow is a way of life for an IBM PC300GL....
/ubbthreads/images/graemlins/ooo.gif
Anyways, I use them and have no serious problems to report. Updates are pretty frequent and so far I havn`t been nobbled since installing them. The old system does seem a little tiny bit slower, but it is ancient as far as computers go so that is to be expected really, slow is a way of life for an IBM PC300GL....
/ubbthreads/images/graemlins/ooo.gif
Spybot and Spywareblaster both together do a great job.. Spybot picks up new things and spywareblaster keeps them from coming back. AVG www.grisoft.com is the best antivirus I have ever used, and I have used quite a few. And all of the above listed are FREE
stockwiz
Enlightened
IE spyad is a registry file which implants hundreds of the most well known ad/spam/activex sites into the "restricted sites" list so they there is no possibility that they can download unauthorized activex files, cookies, etc. onto your computer. In the rare event you find there is an entry for a site you need to use, it's easy enough to remove it from the list or enable web forms in the restricted sites list so you can at least use the site.
http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD
Every computer user with a always on internet connection should be using a firewall. I use norton internet security 2003, but Zonealarm is free and will get the job done just fine. Make sure the firewall scans for outgoing connections as well as incoming connections. Windows XP improves their firewall with the SP2 release, but there is still no monitoring of outgoing connections.
http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD
Every computer user with a always on internet connection should be using a firewall. I use norton internet security 2003, but Zonealarm is free and will get the job done just fine. Make sure the firewall scans for outgoing connections as well as incoming connections. Windows XP improves their firewall with the SP2 release, but there is still no monitoring of outgoing connections.
[ QUOTE ]
stockwiz said:
Every computer user with a always on internet connection should be using a firewall.
[/ QUOTE ]
You know, I have thought about this one a bit. Stockwiz, what I'm about to say is just tech type hair-splitting which I figure you'd appreciate. But I agree with you, most folks should get all the protection they can.
Anyway, I'm thinking it would depend on what type of connection you have. For instance, my ISP uses NAT (Network Address Translation) for their dynamically assigned IP addresses for their DSL connections.
Basically, this setup puts my computer and home network behind a firewall. In theory, I should not need to run either a hardware or software based firewall for my home computer for inbound threats.
Now, if I had a static IP address, I would definately need a firewall as I would be wide open to the Internet.
Again, I am in no way disagreeing with stockwiz, and would always err on the side of caution unless my ISP could convince me beyond a shadow of a doubt that I didn't need a firewall for inbound threats, if that was all I was concerned about.
In any case, a firewall can help diagnose and stop un-authorized outbound traffic which is very important if you happen to become infected with some kind of Internet "nasty". This alone would make it worth having a firewall.
Mike
stockwiz said:
Every computer user with a always on internet connection should be using a firewall.
[/ QUOTE ]
You know, I have thought about this one a bit. Stockwiz, what I'm about to say is just tech type hair-splitting which I figure you'd appreciate. But I agree with you, most folks should get all the protection they can.
Anyway, I'm thinking it would depend on what type of connection you have. For instance, my ISP uses NAT (Network Address Translation) for their dynamically assigned IP addresses for their DSL connections.
Basically, this setup puts my computer and home network behind a firewall. In theory, I should not need to run either a hardware or software based firewall for my home computer for inbound threats.
Now, if I had a static IP address, I would definately need a firewall as I would be wide open to the Internet.
Again, I am in no way disagreeing with stockwiz, and would always err on the side of caution unless my ISP could convince me beyond a shadow of a doubt that I didn't need a firewall for inbound threats, if that was all I was concerned about.
In any case, a firewall can help diagnose and stop un-authorized outbound traffic which is very important if you happen to become infected with some kind of Internet "nasty". This alone would make it worth having a firewall.
Mike
Icebreak
Flashlight Enthusiast
Glad you are back. Please ask them what the spyware was and what software found it.
asdalton
Flashlight Enthusiast
[ QUOTE ]
B@rt said:
Just make sure you update before running the tests, the updates are very frequent.... /ubbthreads/images/graemlins/wink.gif /ubbthreads/images/graemlins/grin.gif
[/ QUOTE ]
Yes, that step is easy to forget. Also, the default "smart system scan" with Ad-Aware scans the registry but doesn't check every file on the hard drive. After running the smart scan, you should scan all of your hard drives.
B@rt said:
Just make sure you update before running the tests, the updates are very frequent.... /ubbthreads/images/graemlins/wink.gif /ubbthreads/images/graemlins/grin.gif
[/ QUOTE ]
Yes, that step is easy to forget. Also, the default "smart system scan" with Ad-Aware scans the registry but doesn't check every file on the hard drive. After running the smart scan, you should scan all of your hard drives.
richpalm
Banned
Try this: http://www.kephyr.com/spywarescanner/
(Bazooka spyware scanner.) It picked up things that Spybot did not. Only thing is, it only detects. Then you have to follow the instructions for manual removal.
Some removals involve the registry. If you don't know what you're doing with that, stay away.
Rich
(Bazooka spyware scanner.) It picked up things that Spybot did not. Only thing is, it only detects. Then you have to follow the instructions for manual removal.
Some removals involve the registry. If you don't know what you're doing with that, stay away.
Rich
BuddTX
Flashlight Enthusiast
I read something about why if you use Ad-Aware, then use Spybot, you will probably find additional spyware installed.
If you choose the DEFAULT settings in Ad-Aware, it will skip some scanning options.
To get a more complete scan, do the following:
UNCHECK "Perform Smart System Scan"
CHECK "Use Custom Scanning Options"
Choose Customize
Check ALL options:
-Scan within Archives
-Scan Active Processes
-Scan Registry
-Deep Scan Registry
-Scan my IE Favorites for Banned URL's
-Scan my Hosts file
Now it will take longer, but you will get a more complete scan.
If you choose the DEFAULT settings in Ad-Aware, it will skip some scanning options.
To get a more complete scan, do the following:
UNCHECK "Perform Smart System Scan"
CHECK "Use Custom Scanning Options"
Choose Customize
Check ALL options:
-Scan within Archives
-Scan Active Processes
-Scan Registry
-Deep Scan Registry
-Scan my IE Favorites for Banned URL's
-Scan my Hosts file
Now it will take longer, but you will get a more complete scan.
