Slashdot Mirror

There's another class of evilness that doesn't involve startup and that's BHO's (or Browser Helper Objects), which come into play when IE is started and have full access to the computer.

A lot of people here have made a mockery of the relevance of spyware removal tools, and even questioned whether spyware is a real issue at all. These people probably haven't tried to combat the latest strains of the CoolWebSearch infestation. Visiting a friend recently I noticed his laptop had gone totally Ga-ga, and I offered to help, thinking that a quick anti-virus scan accompanied by ad-aware cleansing, would get the unit back in shape. It didn't. I tried every automated and manual step-by-step procedure I could find on the net and nothing seemed to help. The premier anti-CoolWebSearch volunteer on the net seemed to have given up (as reported by the Register) I ended up deciding that it was less time consuming to save the few vital files that existed on the machine, and reinstall the operating system, rather than trying a meticulous process-creation-timestamp-analysis. The operating system I reinstalled was Win XP (not Linux). Why? Because my friend is a technically challenged moron and will never be capable of using anything but Windows for desktop computing.

That's what SpywareInfo's for.

http://www.spywareinfo.com

It's arguable that they're the biggest antispyware site out there, and if nothing else, they can get the CoolWebSearch strains that even Ad-Aware and Spybot can't get (real-yellow-pages, linklist, et cetera).

(Disclaimer: I'm a Trusted Advisor there.)

IMHO, Spybot & Ad-Aware are both absolutely necessary as is HijackThis:

http://www.spywareinfo.com/~merijn/downloads.html

I support quite a few home systems. Currently, the majority of my time is spent cleaning spyware and virus infestations. After installing Ad-Aware, HijackThis and Spybot, my clients stop having problems. As well, a working virus scanner is important. I've encountered several systems where the virus scanner has been deactivated. Therefore, I've been putting the EICAR test virus on all my systems.

http://www.eicar.org/anti_virus_test_file.htm

Spyware used to be most bots from hackers, now it seems it's all marketing crap from big business. Isn't greed grand?

I already have a shopping buddy, and his name is Bonzai!

Definetly, DEFINETLY try all of the above mentioned things first and as directed AND THEN if you *STILL* can't get it off (and are sick of my all caps), THEN:

1)Select one of the following spyware removal discussion boards

http://www.wilderssecurity.com/
http://forums.spywareinfo.com/
http://forums.net-integration.net/
http://www.computercops.biz/forums.html

2)READ THEIR FAQS THOUROUGHLY

3)Create an account and post your story along with supporting documents outlined in their FAQ to their board.

4)Wait patiently and a real life antiscumware security expert will help you.

The people on those forums hate scumware more then anyone and devote their spare time to helping rid the world of it. They have created custom tools to remove almost all kinds of spyware and with your help will diagnose your particular infection and send you the proper tools to get rid of it.

These guys are the best so treat them with respect: do your own spyware scans before you bother them. But I think in your case you are qualified to talk to them now :)

Good luck!

Try HijackThis
, I've found it effective at removing BHO embedded in IE. Combined with Ad-aware, I've found it clears off pretty much everything.

I've found the following helpful for the no-budget set:

Avast Home Edition Virus Scanner

Spybot Search and Destroy

HijackTHIS - Find out whats in your PC. (semi-advanced)
The site for HiJackThis seems to be down for now. THere are a few other little nifty freebie aps in there, too. Heres a mirror download site

AdAware - picks up a lot of crap in your PC

(Anyone wanna offer up a few opinions on this stuff? You know you do.)

Of course, the obligatory comment of "Use Mozilla, keep your shit patched, don't click every OK button you see" still applies.

<a href="http://www.spywareinfo.com/~merijn/">Merjin< /a>
<a href="http://www.tomcoyote.org/hjt/">HijackThis</a >
<a href="http://www.sysinternals.com/ntw2k/freeware/p rocexp.shtml">Process Explorer</a>

Merjin
HijackThis
Process Explorer

<URL:http://www.spywareinfo.com/~merijn/>
<URL:ht tp://www.tomcoyote.org/hjt/>
<URL:http://www.sysi nternals.com/ntw2k/freeware/procexp.shtml>

http://www.spywareinfo.com/~merijn/
http://www.tomcoyote.org/hjt/
http://www.sysinternals.com/ntw2k/freeware/procexp .shtml

<a href="http://www.spywareinfo.com/~merijn/">Merjin< /a>
<a href="http://www.tomcoyote.org/hjt/">HijackThis</a >
<a href="http://www.sysinternals.com/ntw2k/freeware/p rocexp.shtml">Process Explorer</a>

Merjin
HijackThis
Process Explorer

<URL:http://www.spywareinfo.com/~merijn/>
<URL:ht tp://www.tomcoyote.org/hjt/>
<URL:http://www.sysi nternals.com/ntw2k/freeware/procexp.shtml>

http://www.spywareinfo.com/~merijn/
http://www.tomcoyote.org/hjt/
http://www.sysinternals.com/ntw2k/freeware/procexp .shtml

He went down the merry path of trying to rescue the system in order to keep customer data intact. The story is typical of someone who is entering the fray without have their tools prepared in advance. The solution always looks easier than it really is.

In his case, he needed

• a CD with all of the relevent tools and updates
• a windows boot disk with CD support
• an understanding of the windows command line in order to copy a subset of these tools to a convenient folder on the hard drive from the CD
• The knowledge to run these tools from Safe mode, and how to get there in the first place
• Include in the subset of tools one that can fix the broken LSP setup.

  [LSP or Layered Service Provider is a piece of software that can be inserted into the Windows TCP/IP handler like a link in a chain. However, due to bugs in the LSP software or deletion of the software, this chain can get broken, rendering the user unable to access the Internet. Spyware is good at this, and some cleaners leave a broken LSP behind.

  With the correct tool, the fix takes seconds. Without the tool, you need to uninstall and re-install the winsocket, or else the same with the entire network support. Otherwise you fall into the trap this poor bloke got into.]

My current recommended free antivirus is Avast! Home Edition [avast.com], which is very low maintenance for the home user, and requires registration for the free license. It also protect a number of common Instant Messenger clients, as well as several common P2P clients. It is better than AVG in my opinion, and detects many trojans as well as spyware.

You can get a system that is so hosed that it will not boot, not even into safe mode, even under XP. The solution there to remove the hard drive, drop it into an external drive enclosure, and hook it up to another system where you can use scanning software to do a basic clean so you can boot in the original configuration. Once it boots you can install cleaners from safe mode, and then run cleaners from inside every user account. Note that you still need to run the clean from inside each user account because otherwise things will hide in the seperate user folders.

Re: the LSP chain break -- HijackThis can sometimes fix it. Otherwise, Spybot can fix it. Xblock will also fix it. [xblock is an excellent first pass cleaner, with a freeware version available). (Spybot second, AdAware third)I always use more than one scanner, and scan multiple times.] Immunisers such as SpywareBlaster are also nice. All of these packages are mentioned at spywareinfo.com, which sometimes goes under due to DDOS problems from people who do not like the services they provide. (insert obligatory plug for someone to help them out, one way or another.)

The trick with qttask.exe is that you've got to rename the executable. qttask.exe.bak or the like.

Even with Sysinternals' ProceXP, Spybot, Ad-Aware, BHODaemon, Hijackthis, ect, I can't find the damn thing's entry point.

As far as Real goes, I'd recommend Real Alternative instead.

My recommendation. Install both AdAware and Spybot, then install HiJack This:
http://www.spywareinfo.com/~merijn/downloads.html
Problem solved.

Nice tool, but why the hell does it need a setup. I have been infected with the CWS ad/spyware thingy and had a hard time getting rid of it. I finally resorted to reinstalling my compu and making mozilla my default browser (btw there is a google toolbar for mozilla). My mom called me yesterday and told me she had the same problem, maybe I will try to let her use Mozilla as well. However I use the view this page in IE option a lot and I do not see my mom using this option.

I had a hell of a time removing the CWS thing and used spy-bot, Ad-Aware and CWShredder all to no avail. I wrote my own BHO remover which will delete the Browser Helper Objects, but remeber that you shouldn't have any browsers or explorers open when using this program! And restart your computer after deleting any BHO's.

HijackThis! - lets you see & delete all BHO's, browser hijacks, host file entries, etc. Some caution is required tho, as it does NOT differentiate between the good & the bad, it's up to you to decide what to kill & what to keep. (Lamers can submit the list it generates to some forum to be told what is good or bad, but i've never used this service myself.) This prog is quick & clean, but again, can be dangerous if used carelessly.

There's a good explanation of BHO and how malware authors tend to exploit it here.

Maybe this is the kick of the pants that M$ will get now that financial institutions are targetted with a n exploit from a badly-design browser model.

Which is nice.

This popped up six windows which installed both the default-homepage-network hijacker and also some nasty stuff [...]

This crashed Windows Media Player and then it was overwritten with a small windows executable (I have it if you want it) - this was called wmplayer.exe and was in the Windows Media Player folder. The real Windows Media Player had been deleted. [...]

The next time a WMP media file was accessed the new wmplayer.exe file ran and installed lots of adware, junkware, spyware etc, etc. [...]

AVG free edition sygate personal firewall and Spybot seach and destroy (site down) will complete your collection nicely. Might want to have a look at Hijack this and this tutorial as well.

Yes, this is a lot of work for the price of keeping windows running. Some people don't have a choice... Me, as soon as my favourite IDE gets ported to Linux, I'll swap ;-)

Seriously though, if there are any other tools you guys use to try and keep windows secure, please share.

The more spyware/malware laws we get the better. It's so frustrating trying to use a computer with tons of spyware and spyware trojans. Ugh. And they say the average PC has 28 spyware programs running on it! This needs to stop.
It took me about 8 hours to clean out a friends computer the other day. He had about 15 viruses all installing spyware daily.
Here's some suggestions for cleaning your computer:

Grisoft's AVG Anti-Virus Free Edition - this is key. Free auto-updates too
http://www.grisoft.com/us/us_dwnl_free.php

Lavasoft's Ad-Aware - run it every so often, and always be sure to update it manually.
http://www.download.com/3000-2144-10045910.html?pa rt=69274&subj=dlpage&tag=button

CWShredder - removes only a few trojans that give you tons of ads, but does a better job of fully removing them than ad-aware.
http://www.spywareinfo.com/~merijn/downloads.html

Spybot-Search & Destroy - Similar to Ad-Aware. You should run both.
http://download.com.com/3000-8022-10122137.html

• Click 'Tools', then goto 'Internet Options...'
  
• Click on the 'Advanced' tab, and look for the 'Browsing' section.
  
• Make sure the following options are unchecked:
  
  • Enable Install On Demand (Internet Explorer)
    
  • Enable Install On Demand (Other)
    
  • Enable third-party browser extensions (requires restart)
    
  
  
• Now click on the 'Security' tab. Make sure the 'Internet' zone is highlighted.
  
• Click on the 'Custom Level...' button.
  
• Make sure you have the following settings:
  
  • Download signed ActiveX controls: Prompt
    
  • Download unsigned ActiveX controls: Disable
    
  • Initialize and script ActiveX controls not marked as safe: Disable
    
  • Run ActiveX controls and plug-ins: Enable
    
  • Script ActiveX controls marked safe for scripting: Enable
    
  
  

...and then only if you enable the advanced features (i.e. 'show pagerank').

Out of the box, the Google Toolbar is clean. There's a good description here (scroll down) which goes into more detail.

I called for a boycott of a company threatening to sue the maker of Spybot S&D. The person had been running the site www.spybot.com for years without doing much with it.

One day last year, he trademarked the word "spybot", then sent threats to Spybot S&D's maker in an attempt to make him stop using the name "spybot" while he sold a commercial product under that name.

A few days later, he gave up and even agreed to transfer the trademark to SSD's maker. It wasn't the boycott so much as the bad press, but either way it worked.

All of the details of this are at http://www.spywareinfo.com/articles/inboxcop/

Before I will install apps like this, I always take a look at google and see what I come up with looking for the appName + adware. I loathe (as 98% of the rest of ya'll?) adware/spyware/malware..so I really would need a very good reason to install programs with adware.

below is what I found:

Piolet:
http://download.com.com/3302-2166_4-10192787.html? pn=1&fb=2

and
http://www.spywareinfo.com/articles/p2p/

what's the best way to get rid of this crap?

• Ad-aware
• Spybot
• Cool Web Shredder Specific to CWS, but if you've got that, this is a necessity
• And while you're at it, for your own computer, don't forget the virus-checker, the hardware firewall, and maybe even the software firewall. Public computers are a Wretched Hive of Scum and Villainy, so if you're forced to use them, mentally adapt your practices to account for that. (Expect every virus/trojan/keycapture program written.)

And for the love of all that is holy, tell everybody you know to stop using IE. If you're the tech support guy for your friends and family, have them start using firefox. Because sooner or later, if you don't, they'll get CWS and you'll be at their house helping them for a LONG time.

I really like HijackThis. In addition to listing all the startup processes, it also lists all BHO, DPFs and Windows/IE settings used to hijack your browser... It's an awesome tool. I use it along with Spybot S&D and that seems to solve 99.99% of spyware issues.

Including things to do if you *need* to run MSIE

Useful article

In your troubleshooting, did you do any searches for info on Cool WWW Search itself? There's a purpose-built remover called CWShredder available at the bottom of that page, and lots of interesting info on the insidious nature of CWS.

A friend of mine had the "porno favorites" version and used the CWShredder successfully. I *DID* tell her about AdAware and SpyBot though, to guard against future infestations.

GTRacer
- Certified 100% Spyware-free

The CoolWebSearch (CWS) browser hijacking variants are nasty alright! I have just helped someone get rid of one of these.

It's the first time I've encountered spyware that actually trashes your files. The CWS variant in this case had replaced the Windows Media Player executable with it's own little pet resident trojan. That was new to me. I had to resort to using the CWShredder (contains more info about CWS) and SpyBot Search & Destroy tools to remove all the cruft left on the system - Ad-aware couldn't handle it in this case. Of course WMP had to be installed afresh, so no anti-spyware tool can actually "repair" all the damage CWS variants cause.

I believe the line between spyware and virus is getting blurry.

But if it's cameras checking our cars today, will we have to have RFID chips in our drivers licenses tomorrow to monitor our movements?

I hate to break the bad news to you, but...

Of course new laws, like the old ones, will have little effect anyway since this crap mostly comes from overseas.

As an aside, Spybot and Adaware don't catch everything, like the one I had. Another good tool for a windows sys-admin's arsenal is Hijackthis (http://www.spywareinfo.com/~merijn/), kind of a better and much more complete msconfig. It requires some more understanding to use correctly, but it will catch stuff nothing else will.

Anyone opening a new internet access account should have to spend some quality time surfing here first.

Have you checked to see if it's piggy-backing on any extensions? Check in registry editor under HKEY_CLASSES_ROOT and look under .com and .exe. This link will help you out too. A simple google search brought that up. If you do a search for "shim.exe" on google it finds shim.exe with variable words in front of shim.exe. The program may be duplicating and rewriting itself just like a virus. This this, and this might help too. Of course this site and this site will always help.

I recommend HijackThis, it will list everything it finds at all the nooks and crannies that spyware programs use to hook themselves into the system. Note that most lines will be for LEGITIMATE programs/system functions, so select carefully what you want to remove. In any case, I find it real easy to determine what's good and what's not, based on program names and directories. There hasn't been any spyware that I couldn't disable this way, though I usually run Spybot S&D first to take care of the easy and older ones.

...because a lot of my work is cleaning up those systems infested with spyware. And that's just my parents, co-workers, and friends' systems. My co-worker has a laptop that she telecommutes with, and her sister got a hold of that thing and loaded just about every cute freeware app she could grab on the 'Net. This thing was so loaded down with spyware that they were wrestling each other for control over Internet Explorer, and it wouldn't even browse. I don't remember exactly how many hits Ad Aware picked up, but it was several hundred.

I also had a bad run in with new.net. My thoughts about those people would land me in jail if put into action. Read about these scumbags along with removal instructions here. I spent an hour trying to extricate it out of my mom's computer before finding this link. This thing has a DLL that literally ties itself into the TCP/IP stack of Windows, so removing it will disable TCP/IP. Just a slight problem, don't you think? Nothing like an untrusted third party app intercepting your TCP/IP calls and doing god knows what with them.

I should mention that a different co-worker picked up CoolWebSearch, a particularly evil spyware app that resurrects itself even after you try to remove it with Ad-Aware. An awesome app called CWSShredder is available at http://www.spywareinfo.com/~merijn/downloads.html.
Also located there is a HiJackThis, which scans regkeys commonly used by spyware and allows you to remove them. Be very careful with this app though, as legit keys are listed too.

In light my experience, I shudder to think what Joe Sixpack must have on his system....

Last thought: What gets my goat is how everyone's going after virus writers, but no one's touching these asshole spyware programmers. These programs DO interfere with system operations, are difficult to remove (some even actively interfere with ad-removal software), and run without the user's knowledge. I'm probably preaching to the choir here, but I simply must vent.

It is a great idea in theory. Ideas like this have been discussed by spyware haters, activists, and makers of security software in a number of fora. Each time, they are ultimately rejected on the basis of creating legal liability/difficulties/saber-rattling for whoever is giving software the classifications. Some scenarios:

1) Researcher gives a piece of software from "Vendor A" e.g. a frowny-face icon because it does something semi-questionable, like transmit a GUID or auto-update without notice. Same researcher gives the same classification to another product from "Vendor B", but this product transmits the entire contents of the user's hard drive, harvests their email, and molests children. Vendor A's lawyers object to the classification on the basis that it associates their product with that of Vendor B, "creates confusion", etc.

2) Researcher evaluates a product on Tuesday, finds it spying, and gives it a SPYWARE label. Product's developer updates the program on Wednesday to remove the spyware features. Product's developer (or counsel, etc.) contacts the developer on Friday, demanding removal of the label because (on Friday) it is "false and damaging misinformation" causing damage to their business. Should the researcher label the product based on the sum of every version, only the latest version, the last n versions, or...? How would it play out in court, if the researcher and vendor disagree on which is appropriate? [Expensively, no matter who wins.])

3) Researcher labels a product $blahware, where $blahware is a relatively new term (e.g. Adware, Spyware, Malware, etc.) that does not appear in any official lexical record (OED, or whatever) and thus is not definitively defined. Product's author demands removal of this label on the basis that they can find definitions of $blahware (by other sites, their own affiliates(!), or whatever) that their product does not fit under. Whose definition shall be used? Which is correct? What if the researcher in question is in the minority? (This even can apply to terms the researcher has in fact invented on the spot. Think a hot-headed vendor will stand by while its product is labelled 'Crapware' a month before their big IPO?)

These are just a few scenarios. Unfortunately, most of this research is done by hobbyists and other everyday folks who don't want to, or can't afford to, be drawn into a lengthy battle, even if a judge would most likely find in their favor.

Not a flame or anything, but did you check the source for the Bittorrent client you downloaded? SpywareInfo shows there is a Bittorent client floating away with an infection of spyware.

Just for grins, I checked my machine and McAfee ( Virusscan Enterprise 7.0.0, virus defs 4341) didn't complain about ABC [Yet Another Bittorrent Client] 2.6.5 being on my machine. (Nor did AdAware 6.0.) So McAfee doesn't go after all Bittorrent clients.

• Trend Micro Damage Cleanup - Free, Effective at catching a multitude of viruses and malware (Detects some spyware as trojans or adware)
• Spybot Search & Destroy
• Ad-Aware
• CWShredder - Kills CoolWebSearch variants
• HijackThis! - Powerful general tool for cleaning up what the others miss
• LSPFix - to fix broken LSPs that interfere with Windows' TCP/IP stack

• Trend Micro Damage Cleanup - Free, Effective at catching a multitude of viruses and malware (Detects some spyware as trojans or adware)
• Spybot Search & Destroy
• Ad-Aware
• CWShredder - Kills CoolWebSearch variants
• HijackThis! - Powerful general tool for cleaning up what the others miss
• LSPFix - to fix broken LSPs that interfere with Windows' TCP/IP stack

Now that I think about it, Here are some other things that we have been using other than Spybot and Ad-Aware. so far I've haven't found a single app that does it all.

Go here and get the following tools.

HijackThis - Excellent tool that lists just about everywhere spyware gets into and allows you to delete them. This is not user friendly however, so you better know what you are doing before you do it.

CWShredder - Gets rid of CoolWebSearch. a Very nasty Spyware app that a pain to remove.

Also Here has these tools as well

WinsockFix - Fixes the winsock after spyware FUBAR's it.

TheKillBox - Gets rid of files that wont delete.

HostsFileReader - helps you get rid of all the crap adware likes to put in there. Can restore it to factory default.

Before this most virus writers wrote viruses just for kicks. Now there's a financial incentive to do their thing.

Here's a great link link to illustate how bad it's gotten and one person's fight against it. Hats off to merijn for writing cwshredder.

Rogue Anti-spyware Programs Part 3

I mentioned some of these before, but this is a more inclusive list.

Spy Wiper
AdWare Remover Gold
BPS Spyware Remover
Online PC-Fix SpyFerret
SpyBan
SpyBlast
SpyGone
SpyHunter
SpyKiller
SpyKiller Pro
SpywareNuker
TZ Spyware-Adware Remover
xp-AntiSpy
SpyAssault
InternetAntiSpy
Virtual Bouncer
AdProtector
SpyFerret
SpyGone
SpyAssault

Sources: Doxdesk.com: parasite, Tom Coyote Forums, Spywareinfo.com forums, safernetworking.org, home of Spybot Search & Destroy

Pardon me for plagarizing myself:

Some time ago, I posted to a message board topic where some idiot was arguing that people shouldn't worry about their privacy if they have nothing to hide. It was an angry post because I can't stand it when someone says that. It is an ignorant and simpleminded argument to bring into a debate about privacy.

Most people have nothing to hide and they would still require a search warrant before allowing the police to search their home. Wanting privacy to be respected has absolutely nothing to do with whether or not you have something to hide.

I decided to start a topic on this at SpywareInfo's forums to see how other people deal with that argument. The topic has been going strong for several months.

The latest response was a really interesting one and I've decided to show it here:

"When someone gives you the old "I have nothing to hide" argument, what do you usually say in return?"

When I hear this my blood boils, I feel my hackles rise and I want to reach through my monitor and inflict serious bodily harm upon their sheepish, emasculated, brainwashed arses!

Then, after I have calmed down, I patiently explain to them how such a statement is based upon empty rhetoric and not logic. I explain to them that in order for people to be truly free and enjoy the so called democratic rights our protective politicians claim we have, people must feel free. They must feel free of suspicion and they must feel a sense of trust, that people must be respected and not to be watched over their shoulder all the time. That society advances by the unfettered actions of truly free people, not those huddled in a corner, fearfully grasping their meager material possessions to their chests and calling the police to hunt down any person that displays the least bit of individuality. Creativity and progress come from those that are free of fear and distrust. But then I just sigh and walk away, knowing that the true spirit of humanity is actually lost to the vast majority of people on this dismal planet.

It turns out that some of those who say they don't worry about their privacy because they have nothing to hide sometimes are lying. When these people's privacy is invaded unfairly, they squawk just as loudly as anyone else. Read this story at the Willamette Week Online and you'll see what I mean.

The most comprehensive FAQ that I know of about Direcway is at BBR.

I've had Direcway since December 2002. In short, it sucks, but at least it ain't dialup.

The lag is god awful. Minimum latency, by the laws of physics, is 600ms, and more usually twice that. Forget ever playing any online game. Pages take nearly 5 seconds to even begin loading. FTP and email are so painfully slow you want to gouge out your eyes.

The download speed can't be beat (depending on what satellite/transponder they activate you on), but upload is a joke. All customers on a transponder fight for the same 128kbps upload speed. Dialup is better and more reliable for uploading any file larger than 20kb. When you do upload something, don't hold your breath because you will probably max out at 20-45kbps.

Yes, rain/snow/heavy cloud cover knocks it offline. Since you're in the north, it will go down easier than it would here (weaker signal the further north you are). I usually have to cycle the modems when the rain knocks it off. It fills up with static (probably could be grounded better).

This probably won't apply to the new Dway 6000, but the model I have (4000 I think) has software which Direcway uses for A.) Remote Access and B.) Popping up full page advertisements. See here for details.

Tech support is a joke. Don't bother. Go to Copperhead or BBR if you need help.

I don't know about the newer system, but I'm behind a NAT (and I think this applies to everyone unless you pay for a static IP). You cannot run a server because of the NAT. SSH probably won't work. I can't use VNC unless someone on the server side initiates a client connection to me first.

Then, there is FAP. FAP (Fair Access Policy) is a joke. If you download more than 169MB within 4 hours, they firewall your connection. They claim they throttle it to dialup speed, but that is a lie. The internet connection dies for hours after the FAP kicks in. If you decide to download a .ISO or other large file, use dialup because it'll download slower but in much less time than trying to work around FAP.

I would suggest taking a very hard look at Starband before spending any money with Direcway. I plan to switch to them myself as soon as I can afford to do so because of Direcway's popping up ads on my PC. I need to recover from Christmas first.

2. Offer different proxies with multiple levels of popup/junk filtering that your savvy customers can opt-into.

3. Send out a CD with free versions of Ad-Aware, Spybot S&D, and so on. Or point them to links like the online version of X-Cleaner or one of many online virus scans.

4. You could also be a real saint and figure out how to put most of the important Windows Updates on CD for your dial-up users and have it automatically do its thang. At a minimum, the Service Packs and Security Rollups will make you their hero.

5. ???
6. Profit!!!

We know there isn't a quick fix solution, but 1 and 2 are eminently doable. I personally use a proggie called AdMuncher(.com) and since Dec. 25th its blocked 13,100 ads/popups/etc and supposedly saved me around 102MB of bandwidth. It ain't free, but goddamn its good (and only 157K).

Maybe a good middle ground would be that at the end of the year (or maybe month), AOL were to send an email to their clients "Our filters blocked XXXX emails identified as spam from reaching your mailbox." (It would have to be infrequent enough that they don't consider it worse than the spam they're preventing.)

I like the way K9 shows its statistics. Although, I'd prefer it showed it only once instead of twice.

Just started trying it out for a review. Almost as good as Thunderbird for spam filtering.

Thanks. The one linked in the story keeps downloading as a corrupted file. Your's works.

I'll mirror it at http://www.spywareinfo.com/downloads/tools/xpsurvi valguide.pdf also. I intended to write a story about it, so I'll just mirror it myself.

Actually, the actual letter is just a letter, no ads. The first link in the summary is to the guy's newsletter where he talked about the letter and one of the readers posted the wrong link.

http://www.spywareinfo.com/articles/dell/support_l etter.php

In the open letter from the anti-spyware community, they say a representative from Dell informed them the response would be: "Call your ISP."

If that's true, it's a travesty. That's like your car insurance provider telling you that dealing with damage to your vehicle from a collision should be dealt with by the Department of Transportation.

I don't understand why Dell doesn't grab the bull by the horns and partner up with somebody. Isn't that what all the pre-packaged computer companies do these days? They all have a buddy in the anti-virus industry. When digital music became the craze, they leapt to bundle MusicMatch and the like. Why not call up LavaSoft and say, "Want to get packed in with everything we sell?" Dell's choice seems like a step away from gaining customer confidence.

I was having the same problem; getting literally thousands of hits to my site from referrers for all kinds of porn and other random domain names. I did a google search and found this site: http://www.spywareinfo.com/articles/referer_spam/. It shows how to use mod_rewrite with apache to block the most frequent domains. I took Mike's blacklist and created this page, which automatically creates the .htaccess file for you. The problem is that they seem to be registering tons of new domain names so it's hard to keep up a decent blacklist.

Some idiot tried to trademark the word "Spybot", bought up spybot.com, then tried to strong arm the guy that makes Spybot S&D antispyware. We announced a boycott of the company involved, had a bunch of web sites pull ads, thousands of angry emails/letters were sent to the people involved, etc.

They tried to feed me a line of crap and tried to fool me into backing off. So I turned the heat up a little hotter with a new announcement and the guy gave it up the next day.

Those guys were not the sharpest sporks in the box, believe me.