Slashdot Mirror

> Some people even argue that antivirus programs cause more vulnerabilities that they solve and advise not to install any.

In the early 2000's there used to be NUMEROUS problems with Norton and McAffe bringing a working machine to a C-R-A-W-L.

Also back in the early 2000's I actually ran without an anti-virus for about 6 years. Never got any viruses. When MS Security Essentials came out I decided to give it a go. It detected the one virus I had _already_ manually quarantined and renamed: foo_MAYBE_VIRUS.com

The BIGGER problem with all the anti-virus programs was summed up like this:

The vast majority of them, however, are not really new, but are simply re-branded clones ...

This site is a good list of Rogue/Suspect Anti-Spyware Products:
http://www.spywarewarrior.com/...

If you practice safe hex such as: Sandboxie, Spybot Search and Destroy, Ad-aware, Privacy Badger, NoScript, etc., technically you _don't_ need to run anti-virus -- but most people are not that disciplined.

Hell, you should be running ANYTHING _first_ in a Virtual Machine (or Sandboxie)

At the bottom of the page under Trustworthy Anti-Spyware Products it lists these programs:

* Ad-aware
* AVG Anti-Spyware
* Pest Patrol
* Spy Sweeper
* Spyware Doctor
* SUPERAntiSpyware
* Windows Defender
* Spybot Search & Destroy

There is the remote chance that several keys will have the same "short" Key ID. The "long" Key ID decreases the risk of a collision, but can be more unwieldy to use.

Considering that certain versions of the GnuPG man page actually explicitly cover this, I'd say this is a non-story. Just use the long key ID if you're worried.

It's hard to argue for privacy rights because it is a complex issue; It is difficult to come up with simple arguments, and evoke an emotional response from people. As a result, while everyone agrees privacy rights should exist, nobody can define them or present a unified front in advocating them

"Recent inventions and business methods call attention to the next step which must be taken for the protection of the person, and for securing to the individual what Judge Cooley calls the right "to be let alone." Instantaneous photographs and newspaper enterprise have invaded the sacred precincts of private and domestic life; and numerous mechanical devices threaten to make good the prediction that "what is whispered in the closet shall be proclaimed from the house-tops."

...

Of the desirability -- indeed of the necessity -- of some such protection, there can, it is believed, be no doubt... The intensity and complexity of life, attendant upon advancing civilization, have rendered necessary some retreat from the world, and man, under the refining influence of culture, has become more sensitive to publicity, so that solitude and privacy have become more essential to the individual; but modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury.

...

The common law secures to each individual the right of determining, ordinarily, to what extent his thoughts, sentiments, and emotions shall be communicated to others. Under our system of government, he can never be compelled to express them (except when upon the witness stand); and even if he has chosen to give them expression, he generally retains the power to fix the limits of the publicity which shall be given them... The right is lost only when the author himself communicates his production to the public, -- in other words, publishes it. It is entirely independent of the copyright laws, and their extension into the domain of art. The aim of those statutes is to secure to the author, composer, or artist the entire profits arising from publication; but the common-law protection enables him to control absolutely the act of publication, and in the exercise of his own discretion, to decide whether there shall be any publication at all.

...

...[t]he protection afforded to thoughts, sentiments, and emotions, expressed through the medium of writing or of the arts, so far as it consists in preventing publication, is merely an instance of the enforcement of the more general right of the individual to be let alone. It is like the right not be assaulted or beaten, the right not be imprisoned, the right not to be maliciously prosecuted, the right not to be defamed. In each of these rights, as indeed in all other rights recognized by the law, there inheres the quality of being owned or possessed -- and (as that is the distinguishing attribute of property) there may some propriety in speaking of those rights as property. But, obviously, they bear little resemblance to what is ordinarily comprehended under that term. The principle which protects personal writings and all other personal productions, not against theft and physical appropriation, but against publication in any form, is in reality not the principle of private property, but that of an inviolate personality."

Samuel Warren & Louis Brandeis, The Right to Privacy, 4 [Harvard Law Review] 193 (1890).
Full text here.

I can mention I've been looking around for ssh tunnel services and shell account providers. And not surprising that I am able to find global privacy services that are claiming to allow high bandwidth encrypted tunneling services with allowance for P2P and Usenet levels of traffic. It may be like a 2nd ISP bill on top of the original connection, but it helps to ensure that you're not the sucker in case the MAFIAA gets a hold of your IP, and some of them let you pick and choose the continent which your proxy resides... I'll drop a couple links I bookmarked recently when COTSE had their outage (thank you assholes at Verizon)...

COTSE
TriLightZone
List of Shell providers
Secure-Tunnel
Electronic Privacy Info Center Tools list
Spyware Warrior Resources Links

Anyways there's tons of stuff out there if you look, people can just put up SSH servers running on port 80 and encrypt everything and then what are the ISPs gonna do? Degrade all encrypted traffic like that Canadian ISP did? Ah the battles continue...

As an employee of a company that makes AV/anti-spyware software, I get to see trends most people are never aware of. In fact, malware companies ARE selling "protection" in the form of various pieces of software which end up on you Windows based PC via drive by, some My_Spays (intentional misspell) page, or in many cases, trying to download copyrighted music or cracked software via P2P. There is a whole page/site dedicated to listing these rogue programs. So, next time you get that security warning from Windows about registry errors and how you need to download this registry cleaner; or get a warning (again, it often uses very convincing fake windows messages) that you are infected, and need an antispyware tool. Check twice! Make sure you know what you are installing, and get out of the habit of clicking "Yes" or "OK" as a matter of course. That is,if you have to use Windows.

This has been said a zillion times before, but the article is referring to what's more commonly known as a "rogue anti-spyware" company, who puts out a 3rd-rate "spyware removal" program simply because there's money in it (some consist of nothing more than a grep for certain "bad" filenames!), then tricks old grannies with fake Windows error popups saying they're infected, but for $49.99 this nice product can make it all better.

These are the same companies responsible for those "Your computer is broadcasting an IP address!!" ("Your house is broadcasting a street address!!", yadayada) ads your grandparents keep falling for. I say this is a good start, but the state should sic a few more of them.

I think some of us would like the 10 page how-to. Some of us might be willing to PAY for the how-to. Why reinvent the wheel?

It tends to get outdated quickly, plus Spywarewarrior has forums that come with extra handholding free.

Plus they have the equivalent of the 10 page How-To here:

spywarewarrior.com/sww-help.htm.

Like I said, the links I provided are enough to get you pointed in the right direction.

Available at robotgenius.net

Spyberus is free of charge. Check out the tutorial

There is probably a dll that is tied into explorer or something to repopulate when you clean.

Also, use Spybot Search and Destroy in safe mode with all of the updates, but use all of the immunize functions first. It can spot some zombie process that "look" normal, but which sure as heck aren't. and then kill them.

Do a maximum amount of cleaning in safe mode.

Check out Spywarewarrior.com for a comperhensive list of bogus cleaners that are really infectors. For an example, see this illustration.

I make a decent living doing nothing but cleaning things like this up. I can't give you a ten page How-to, but the links will put you on the right trail.

i can't even begin to count the number of people i know that use google to find everything. they want to go to msn, they google for 'msn'. they want to go to yahoo, they google for 'yahoo'. 9 times of 10 they get where they're going, but that other time.. look out. a shady, spyware or popup infested ad destination is just a click away... it's really sad watching them at the msn home page (the lovely default in windows) and then search for 'google'.

they have no grasp of the concept of the address bar or how to use it, and you can try, try, try all you want to teach them, but they just go back to googling for things like 'microsoft' and 'itunes' (even with the bloody itunes program installed on their computer).

if you changed their homepage to something without a search box on it, they'd swear up and down that the internet was broken.

and of course, these are the people that will click on anything, don't read before clicking, and never have ever seen the phrase 'sponsored links'. they think they got spyware, so they google for spyware, end up clicking on an ad for some scumware and then, whaddyaknow. their internet does break on them anyway.

i live and die by the backspace key, i type quite fast and don't have the best eyesight in the world; so ocassionally miss a typo before hitting enter to load an address. i absolutely hate typosquatters (squatters in general really. they're the only reason we need more tld's in the first place).

if it wasn't for good ol' firefox & a few handy extensions (or my beloved debian desktop, which is just a kvm switch away), i would get infested with crap myself. and i see the results first-hand, of people who do (people like your mom and grandparents), as a result of typing in things like goggle.com (http://spywarewarrior.com/viewtopic.php?t=6537), or worse.

that 'did you mean...' is handy, i use it myself (especially after a little mexican swamp water), but it needs to be more prominent on screen, and for the really common misspellings, perhaps even change the search term automatically by default (with advanced option to disable the autocorrect).

it sucks that companies are basically held hostage to try to get these similarily spelt domain names just to protect their own corporate identity. while i haven't gone that far myself (not nearly as big as a state famr or bist bye), but i have gotten all the tld's i can get my hands on for my companies' actual domain names. even with cut-rate domain registrations, i cringe every year when they come due again, and my bill is only a few hundred bucks a year. just imagine what the domain registration costs are for one of the big companies that maintains a portfolio of hundreds or more.

check out this track record for 180 solutions. These guys have been corrupting your mom's computer since day one.

through many years of experience and making a fair living out of other people's ignorance, i've gotten spyware and virus removal down to this process:

i start by hooking up the infested hard drive to a clean system and running initial scans from there: adaware and antivirus.

then i manually delete (from all the machine's user accounts) temp folders, temporary internet files, downloaded program files (the ie's activex cache), restore folders (in xp and me), and then go through program files folder and remove the (believe me, get good at it over time, especially if you do this often) obvious stuff.

a casual scan through windows and windows\system (or windows\system32, depending on windows version) can also yield many files that you can outright delete.

if i see anything suspicious but not ready to delete them, i'll google to see if i can find any further information on it.. and then if i'm still not ready to delete something, i'll zip it up and then delete it.

once those are done, i copy over my collection of antivirus and spyware utilities and definitions. (the usual ones.. but most times, all i need is adaware, spybot s&d, hijack this and reglite).

once the drive is back in the host system.. it's off to safe mode, where i run every scan from every configured user. and i show no mercy in anything detected -- it all goes. i'll also uninstall any questionable programs and clean up the add/remove programs entries (of things that were manually removed).

when those scans are done and realtime protection is enabled (usually through spybot's ie plugin and teatimer, and spywareblaster's been installed and enabled).. then i will boot up normally. 9 times out of 10, i'm done at this point. but i will browse a bit with ie and then run through the scans once more just to make sure. and again, i check all configured user accounts. somewhere along the line any applicable udpates for windows and their installed antivirus will get installed.

i then install firefox :) with adblock plus and the filterset.g updater. and demonstrate to the user (via a virtual machine on my test system) the difference between ie and firefox when browsing to a page that's loaded with spyware installers, and another that's got tons of ads on it. that demo is more than enough to get the user to switch to firefox. :) and finally, i give them a list of programs and their web site addresses so they can look up more information on their own (or purchase, in the case of adaware or spywareblaster's update service, etc)

only rarely do i resort to a format and reinstallation of the operating system.. and i can usually tell right away if that's the easier and faster way to go.

besides google searches, http://www.spywarewarrior.com/ is my 1st source for info and links. of particular note is their listing of 'rogue' spyware applications.

There are so many rogue antispyware applications: http://www.spywarewarrior.com/rogue_anti-spyware.h tm that all the good names have been taken. Plus it dodges the semantics issue over deciding if something is adware or spyware or malware or whatever. Just call it all badware instead.

Are you aware that CounterSpy is a licensed clone of GIANT, which is now known as Microsoft AntiSpyware?

http://www.spywarewarrior.com/rogue_anti-spyware.h tm

Forgot to add - a lot of the actual company you'd be sending money to operate outside of the U.S. If the country they're currently in doesn't have laws against this sort of behavior, it would be almost impossible to bring any kind of case against them - they're unlikey to be extradited from the Ukraine for a few thousand USD worth of fraud. (Unless, of course, they defrauded the wrong high-ranking government official, but that's another story.)

The CoolWebSearch family of malware has been around forever... one of the major effects of many of the versions is to replace any IE entry of "search.msn.com" or "www.google.com" with "www.coolwebsearch.com", a rather shitty search engine.

This might be a little out of date, but it's still my favorite review site. It talked me into paying for Giant right before MS bought it, which is too bad, because it was the best one I'd ever used.

A good prosecutor might be able to bring it off. The legal definition of a punishable conspiracy is generally that at least two people knowingly cooperate to commit a crime, while in addition at least one of them does some illegal act to commit the crime.

180Solutions is already being sued in a class action. From the complaint: "180Solutions pays its distributors, who are its agents, money each time they infect a computer with 180Solutions spyware". Recruitment of agents and payment can be sufficient to establish a conspiracy, especially if there's a history of illegal acts by recruited agents. Read more of that filing to see how the plaintiff describes how 180Solutions not only tolerates, but pays, agents who use illegal means to force the install of 180Solutions software.

Since this lawsuit was filed, 180Solutions claims to be mending its ways. However, they're still allowing their existing affiliates to distribute the old, spyware-stuffed version of their application unti the end of 2005, so they're not too serious about it.

In any case, ceasing criminal activity is not a defense to previous crimes.

Pathetic.

Unfortunately there are alot of spyware programs like you mention, and often the false positives are NOT mistakes, but rather deliberate attempts to goad you into buying thier 'pro' version.
In some cases the 'anti-spyware' uninstalls some spyware, but only to prevent competition with the spyware IT comes with.
AOL's current anti-spyware offering falls into the last category IIRC.
Your best bet for free scanners is likely ad-aware (lavasoft) and Spybot Search and Destroy.
One site I've found that talks about the bad anti-spyware products is http://www.spywarewarrior.com/. Give them a look and see if your using one of the bad products.

Mycroft

there are hundreds of fake sites like these
this site lists the worst offenders

and this site has a hosts file that blocks them

regards
--AJS

for adding to your hosts file (if you havent already)

http://www.spywarewarrior.com/rogue_anti-spyware.h tm

How many times do we need to see reviews on ANY anti-spyware programs. NONE of them get rid of all spyware!!!!!!!!!!!

I'm going to point to a review that was on /. a while ago please check it out. It seems from the review that Giant AntiSpyware was this best in this review. Odd, how about 2 weeks later Microsoft has an AS program, that looks like Giants. Oh wait, MS bought Giant Company. Oddly enough it's the same product. I wonder if the reviewer in this article would have gave it a better review if it still siad "Giant" instead of "Microsoft."

I for one am not a fan of Mr. Gates, or MS, but this is still a quality product. I've been using Giant AS for a while and and a change in name doesn't change the product. Well, not yet anyway.

Spyware Warrior's Testing of AntiSpyware Clients. Basicially Replace Giant AS with Microsoft AS and there you go.

I'm using MSAS. It works well, And it's one of the best realtime scanners i've seen so far. Although as you can see from the above comparisons, while Giant AS was one of the best performing apps in the tests, it didn't catch every spyware app out there. In fact no other app did.

The only problems I see from MSAS so far is it might not be a free app and an MS lawsuit frenzy from every big name spyware company out there screaming Antitrust and monopoly all day.

A test of "I ran A but then I ran B and it found X left over" is meaningless by itself. You need to start over and run in the opposite order, to see how much A catches that B doesn't.

What Eric Howes found matches what service techs find. There's no tool with 100% coverage. Which, if you know any statistics, tells you that even running multiple tools doesn't guarantee anything. I tell any client who will listen to focus on prevention.

You know what else is wrong with the AP "review"? He keeps calling the "Malicious Software Removal Tool" (hilarious name, think about it) "antivirus". It's not intended to be. It's a bundle of a few cleanup utilities.

Links: Note that these tests were done in october... http://spywarewarrior.com/asw-test-results-5.htm http://spywarewarrior.com/asw-test-results-6.htm

Links: Note that these tests were done in october... http://spywarewarrior.com/asw-test-results-5.htm http://spywarewarrior.com/asw-test-results-6.htm

This is essentially old news. Microsoft's Anti-Spyware software is just Giant's rebranded.

It really depends on where you work. AdAware and Spybot S&D are two applications that work well and have a proven track record of being legitimate tools to combat spyware/adware/malware. Unfortunately, there are many more applications out there that are either (A) blatant rip-offs of these two legit programs, (B) Spyware disguised as anti-spyware or (C) BOTH.

This is not to say that there are not other legitimate programs out there, but sadly, if it's not on the short list of proven applications it should be scrutinized before it is endorsed.

It really depends on where you work. AdAware and Spybot S&D are two applications that work well and have a proven track record of being legitimate tools to combat spyware/adware/malware. Unfortunately, there are many more applications out there that are either (A) blatant rip-offs of these two legit programs, (B) Spyware disguised as anti-spyware or (C) BOTH.

This is not to say that there are not other legitimate programs out there, but sadly, if it's not on the short list of proven applications it should be scrutinized before it is endorsed.

Well, you r0x0r dude!

There is some really nasty shit out there and nothing gets is all right now - see this Spyware Test

I know your cool and everything but go back to p0rn surfing and shut the fuck up...

Basically, that's my disinfection routine for other people's PCs. I don't get spyware infestations either, but that's because I know about Windows Update and antivirus software.

1. Run AdAware SE, updated to most recent definitions. Detect 400+ hits (my record so far).
2. Run Spybot S&D, updated to most recent definitions. Detect 100+ hits AdAware missed, and reboot.
3. Wait 30 minutes whilst Spybot scans again, and turns up a solitary bit of Gator. Go through Spybot's advanced mode settings and clear out their Run tools to dump all sorts of run-on-start crud that Compaq/Packard Bell etc. stuck on there - bloated keyboard-multimedia-button utilities et al.
4. Run HijackThis! (which isn't really an antispyware tool, just a system startup editing tool with knowledge about really obscure system startup Registry keys and IE settings) and get rid of the really obscure spyware toolbars and other run-on-startup fun that AAW and Spybot missed.
5. Go through the root, Program Files and Windows directories manually and delete the 10+ dialers and other unwanted crap that's made their way into the system, plus hosts file.

No-one ever asked for this stuff to be installed on their system (and in case you're wondering why I believe them, take a look at this). I put it down to ActiveX exploits; inevitably, the worst infected systems I see are Win9x/Me systems which haven't ever had a Windows Update run. This routine - plus installing Firefox - usually helps fix their problems, but these shouldn't have happened in the first place. I don't blame Microsoft as much as I blame the prevaling culture that it is better to make more money than it is to have ethics - thus allowing for Gator/Claria, WhenU, 180solutions, all the fake 'anti-spyware' vendors et al. It's amazing that we can allow these people to go on.

You're right, the set of spyware tools tested is not among the best or even popular ones.

He should have tested these:

* Ad-Aware from Lavasoft
* Pest Patrol from Computer Associates
* Spy Sweeper from Webroot Software
* McAfee AntiSpyware from Network Associates
* Spyware Blaster from Javacool software

Check this out for a *real* review: http://spywarewarrior.com/asw-test-guide.htm

"Rogue/Suspect" means that these products are of unknown, questionable, or dubious value as anti-spyware protection.

Some of the products listed on this page simply do not provide proven, reliable anti-spyware protection. Others may use unfair, deceptive, high pressure sales tactics and false positives to scare up sales from gullible, confused users. A very few of these products are either associated with known distributors of spyware/adware or have been known to install spyware/adware themselves. Users are advised to rely on anti-spyware applications with deserved reputations for trustworthy performance.

useful link to bookmark

Not really true. Some CWS variants are really really hard to remove (in extreme cases, using the oxymoronically-named HackerDefender rootkit to disguise itself, plus hide and shut down CWShredder, AdAware, Spybot S&D et al when you try to install them), but everything is possible.

Basically, if CWShredder, Spybot and AdAware don't work for you, and you can't see anything on your HijackThis! log, first step is to search on the now slightly outdated CWS Chronicles and then on many of the excellent anti-spyware forums out there, all of which have encountered more variants of CWS than you could ever imagine. If you can't find someone else with the same problem, then post your HJT logs and other stuff and someone should be able to help you.

These parasites (it's not all spyware anymore) are now really, really, really out of hand - the CWS people, especially, but there's even worse people out there - and something needs to be done to stop them. Unfortunately, that's not going to happen anytime soon - since the companies that make most of these are "legitimate businesses", as opposed to idiot teenagers with Visual Basic. Shame.

Unfortunately lots of free/shareware 'anti-spyware' tools generate false postives and do other 'wrong' things to get you to buy the full version. Some only find the malware, but make you pay to clean them out, and some don't work so well and worst are the ones that install thier own spyware and only clean out 'competitors'.
There is a site that tracks and lists quite a few 'rouge' anti-spyware programs:
http://www.spywarewarrior.com/rogue_anti-spyware.h tm
One of the things they advise against is following any google add, seems buying adds on google is very popular with the bad anti-spyware makers.
Personally I just stick with spybot S&D and adaware for most malware and avg for anti-virus.
And the LAST thing I'd ever do is trust some website to scan my computer, no telling what info they are collecting along with the scan to provide 'marketing data' for thier 'bussiness partners'.

Mycroft

I've found that lyrics sites are very common offenders. Just Google some lyrics from a popular singer and you will quickly find an infinite source of spyware and adware. Now, they have ads for many different ineffective spyware removers on those sites as well, so they are doing their best to screw their visitors twice.

I just 'asked jeeves' to look up my real name in quotation marks: 481 hits. Google? 1420.

No, the real problem with AskJeeves is that you have to scroll past the first screen to see NON-PAID results. Try auto loans or spyware.

The spyware search is especially scary. Naive users (are there any others that visit AskJeeves?) are going to think the paid links are reputable sources of information. Instead of using Ad Aware or Spybot they'll be buying garbage products that don't work or make the problem worse.

He went down the merry path of trying to rescue the system in order to keep customer data intact. The story is typical of someone who is entering the fray without have their tools prepared in advance. The solution always looks easier than it really is.

In his case, he needed

• a CD with all of the relevent tools and updates
• a windows boot disk with CD support
• an understanding of the windows command line in order to copy a subset of these tools to a convenient folder on the hard drive from the CD
• The knowledge to run these tools from Safe mode, and how to get there in the first place
• Include in the subset of tools one that can fix the broken LSP setup.

  [LSP or Layered Service Provider is a piece of software that can be inserted into the Windows TCP/IP handler like a link in a chain. However, due to bugs in the LSP software or deletion of the software, this chain can get broken, rendering the user unable to access the Internet. Spyware is good at this, and some cleaners leave a broken LSP behind.

  With the correct tool, the fix takes seconds. Without the tool, you need to uninstall and re-install the winsocket, or else the same with the entire network support. Otherwise you fall into the trap this poor bloke got into.]

My current recommended free antivirus is Avast! Home Edition [avast.com], which is very low maintenance for the home user, and requires registration for the free license. It also protect a number of common Instant Messenger clients, as well as several common P2P clients. It is better than AVG in my opinion, and detects many trojans as well as spyware.

You can get a system that is so hosed that it will not boot, not even into safe mode, even under XP. The solution there to remove the hard drive, drop it into an external drive enclosure, and hook it up to another system where you can use scanning software to do a basic clean so you can boot in the original configuration. Once it boots you can install cleaners from safe mode, and then run cleaners from inside every user account. Note that you still need to run the clean from inside each user account because otherwise things will hide in the seperate user folders.

Re: the LSP chain break -- HijackThis can sometimes fix it. Otherwise, Spybot can fix it. Xblock will also fix it. [xblock is an excellent first pass cleaner, with a freeware version available). (Spybot second, AdAware third)I always use more than one scanner, and scan multiple times.] Immunisers such as SpywareBlaster are also nice. All of these packages are mentioned at spywareinfo.com, which sometimes goes under due to DDOS problems from people who do not like the services they provide. (insert obligatory plug for someone to help them out, one way or another.)

He went down the merry path of trying to rescue the system in order to keep customer data intact. The story is typical of someone who is entering the fray without have their tools prepared in advance. The solution always looks easier than it really is.

In his case, he needed

• a CD with all of the relevent tools and updates
• a windows boot disk with CD support
• an understanding of the windows command line in order to copy a subset of these tools to a convenient folder on the hard drive from the CD
• The knowledge to run these tools from Safe mode, and how to get there in the first place
• Include in the subset of tools one that can fix the broken LSP setup.

  [LSP or Layered Service Provider is a piece of software that can be inserted into the Windows TCP/IP handler like a link in a chain. However, due to bugs in the LSP software or deletion of the software, this chain can get broken, rendering the user unable to access the Internet. Spyware is good at this, and some cleaners leave a broken LSP behind.

  With the correct tool, the fix takes seconds. Without the tool, you need to uninstall and re-install the winsocket, or else the same with the entire network support. Otherwise you fall into the trap this poor bloke got into.]

My current recommended free antivirus is Avast! Home Edition [avast.com], which is very low maintenance for the home user, and requires registration for the free license. It also protect a number of common Instant Messenger clients, as well as several common P2P clients. It is better than AVG in my opinion, and detects many trojans as well as spyware.

You can get a system that is so hosed that it will not boot, not even into safe mode, even under XP. The solution there to remove the hard drive, drop it into an external drive enclosure, and hook it up to another system where you can use scanning software to do a basic clean so you can boot in the original configuration. Once it boots you can install cleaners from safe mode, and then run cleaners from inside every user account. Note that you still need to run the clean from inside each user account because otherwise things will hide in the seperate user folders.

Re: the LSP chain break -- HijackThis can sometimes fix it. Otherwise, Spybot can fix it. Xblock will also fix it. [xblock is an excellent first pass cleaner, with a freeware version available). (Spybot second, AdAware third)I always use more than one scanner, and scan multiple times.] Immunisers such as SpywareBlaster are also nice. All of these packages are mentioned at spywareinfo.com, which sometimes goes under due to DDOS problems from people who do not like the services they provide. (insert obligatory plug for someone to help them out, one way or another.)

In his case, he needed

• a CD with all of the relevent tools and updates
• a windows boot disk with CD support
• an understanding of the windows command line in order to copy a subset of these tools to a convenient folder on the hard drive from the CD
• The knowledge to run these tools from Safe mode, and how to get there in the first place
• Include in the subset of tools one that can fix the broken LSP setup.

  [LSP or Layered Service Provider is a piece of software that can be inserted into the Windows TCP/IP handler like a link in a chain. However, due to bugs in the LSP software or deletion of the software, this chain can get broken, rendering the user unable to access the Internet. Spyware is good at this, and some cleaners leave a broken LSP behind.

  With the correct tool, the fix takes seconds. Without the tool, you need to uninstall and re-install the winsocket, or else the same with the entire network support. Otherwise you fall into the trap this poor bloke got into.]

My current recommended free antivirus is Avast! Home Edition, which is very low maintenance for the home user, and requires registration for the free license. It also protect a number of common Instant Messenger clients, as well as several common P2P clients. It is better than AVG in my opinion, and detects many trojans as well as spyware.

You can get a system that is so hosed that it will not boot, not even into safe mode, even under XP. The solution there to remove the hard drive, drop it into an external drive enclosure, and hook it up to another system where you can use scanning software to do a basic clean so you can boot in the original configuration. Once it boots you can install cleaners from safe mode, and then run cleaners from inside every user account.

In his case, he needed

• a CD with all of the relevent tools and updates
• a windows boot disk with CD support
• an understanding of the windows command line in order to copy a subset of these tools to a convenient folder on the hard drive from the CD
• The knowledge to run these tools from Safe mode, and how to get there in the first place
• Include in the subset of tools one that can fix the broken LSP setup.

  [LSP or Layered Service Provider is a piece of software that can be inserted into the Windows TCP/IP handler like a link in a chain. However, due to bugs in the LSP software or deletion of the software, this chain can get broken, rendering the user unable to access the Internet. Spyware is good at this, and some cleaners leave a broken LSP behind.

  With the correct tool, the fix takes seconds. Without the tool, you need to uninstall and re-install the winsocket, or else the same with the entire network support. Otherwise you fall into the trap this poor bloke got into.]

My current recommended free antivirus is Avast! Home Edition, which is very low maintenance for the home user, and requires registration for the free license. It also protect a number of common Instant Messenger clients, as well as several common P2P clients. It is better than AVG in my opinion, and detects many trojans as well as spyware.

You can get a system that is so hosed that it will not boot, not even into safe mode, even under XP. The solution there to remove the hard drive, drop it into an external drive enclosure, and hook it up to another system where you can use scanning software to do a basic clean so you can boot in the original configuration. Once it boots you can install cleaners from safe mode, and then run cleaners from inside every user account.