Slashdot Mirror

← Back to Stories (view on slashdot.org)

Does Spyware Damage Windows Networking?

Posted by Cliff on from the removing-the-stealth-riders dept.

DerBryGuy asks: "I work for an ISP in Canada. Recently we have had a rash of customers whose computers can connect via DSL, but cannot browse, or often even ping. Invariably it turns out that there is some spy ware of some sort installed on the customers machine - usually New dot Net or the other drek that comes with Kazaa. About half the time if this is removed correctly (manually or by using ad-aware) then the machine will regain http access. However the other half of the time the only option we have found is to format and reinstall the OS. So I am wondering, are other ISP's seeing this? What do they do when they get a similar complaint and they detect spyware on the machine. Is there any recourse for the customer? I mean most of these people had no idea what New dot Net was when their kid installed Kazaa, and now they are stuck with a computer store bill for reinstalling their machine."

17 of 52 comments (clear)

  1. New versions of antivirus software by Halvard · · Score: 3, Informative


    We seen this but not with spyware. Customer calls saying they no longer can access the internet. Invariably, they have updated their antivirus software and it now includes a personal firewall. Said firewall doesn't allow ports 80, 25, or 110. We've seen this with McAfee and with a less well know brand the name of which escapes my memory at the moment.


    We have seen spyware cripple the performance of a machine though.

    1. Re:New versions of antivirus software by Adam+Jenkins · · Score: 2

      It wasn't Norton's? I just fixed a friend's computer with dead Windows networking, partially I think it was a dead ZoneAlarm but also Norton AV seemed to have created a c:\windows\hosts file with something like
      127.0.0.1 pop.nortonav.com

    2. Re:New versions of antivirus software by cdrudge · · Score: 2

      That is for the e-mail monitoring. If I recall correctly, the mail is downloaded into Norton's "mail server", scanned, then downloaded into Outlook, Eudora, whatever. That line should not effect performance and is used by Norton's to run correctly.

    3. Re:New versions of antivirus software by Adam+Jenkins · · Score: 2

      Entries in that file take precedence over your other settings (eg before looking at DNS servers). The line for for pop3.nortonav.com to 127.0.0.1 redirects anything for pop3.nortonav.com to your local machine. What's the point of that? Doesn't doing this mean that normal applications trying to access localhost won't be able to? Okay probably not. At any rate it is a lazy and inefficient way to send packets from an application to the same machine's mail service that fucks with bits of Windows it shouldn't touch. IMHO.

  2. This problem by brsmith4 · · Score: 2, Troll

    I have experienced the same problem where I work at my school. Many of our users can dial-up, but they cannot access web sites or ping anything. I have not been able to fix this except with Windows ME or XP, both of which have the System Restore function. I thought that it could be spyware and I warned others in my staff about it. They told me basically that I was full of crap and that there was no way spyware could damage someone's network settings. I always thought that spyware on a windoze box had the power to do whatever it felt like. Maybe now that they see this on /., they might take me seriously or no, I am probably still full of crap.

    1. Re:This problem by karlm · · Score: 2
      I always thought that spyware on a windoze box had the power to do whatever it felt like.

      Unlss you've set up seperate users' accounts, the default user has Administrator privledges. Any installer s/he runs can do anything it wishes to the system given a little ingenuity.

      Single user systems are evil. I'm the only one that ever uses the machine I'm currently running, yet it has 3 accounts... root, serious work, and a leasure account. This way, I protect myself from myself.

      Macromedia Fireworks (I can'tremember which version) can't run in an unpriveledged account. I set up my GF's machine properly and then started pounding my head on the table because Macromedia was forcing her to do everything I just told her not to do. It makes me wonder what thier QA people do all day. Appearently they never tested it on a multi-user system. Oh well.

      --
      Copyright Violation:"theft, piracy"::Anti-Trust Violation:"thermonuclear price terrorism"<-Overly dramatic language.
  3. Re:Apparently you're not the only one by Cpyder · · Score: 3, Informative

    If you really want KaZaA, but without the spyware, you should checkout KaZaA lite (kazaalite.com). Be sure not to allow KaZaA to update itself (like now with the 1.7 version), as it will install the Sharman Networks version with said spyware. A nice p2p-program without spyware is WinMX, too bad there are no Linux clients for it. (for their own network, that is.. Opennap clients enough.)

  4. fragile windows DNS by larry+bagina · · Score: 2, Informative

    Window's DNS is somewhat finicky. If you have a virus, or spyware that tries to make DNS lookups while you're connecting to your ISP, it can prevent DNS from working once you do connect.

    --
    Do you even lift?

    These aren't the 'roids you're looking for.

    1. Re:fragile windows DNS by leuk_he · · Score: 2

      Any way to back this up? I too have sometimes problems with my dailup DNS. But how do i prove this is the problem and not my provider has a loose running modem.

      Where did you get this info from?

  5. Send out an email by gmhowell · · Score: 3, Insightful

    I'm sure that using that crap is against the TOS. Send out a bulk email to all customers saying that there is a grace period of 30 days where you will help them through uninstalling Kazaa and all that rubbish. After that, it will be either a $100 per incident fee to do it, or you will be on your own.

    Yeah, probably wouldn't work unless you were AOL or someone like that. Being a small ISP must really suck at times.

    --
    Jesus was all right but his disciples were thick and ordinary. -John Lennon
  6. Uh-oh... by Jester998 · · Score: 2

    "they are stuck with a computer store bill for reinstalling their machine"

    So now spyware makers/bundlers are going to justify their actions by saying that they create third-party jobs and help strengthen the economy... great.

  7. AOL "WAN Device" breaks networking, too by netringer · · Score: 2, Interesting

    I've talked several buddies through disabling the AOL installed "Compuserve WAN Device" whatever that is. It prevents a lot of SMB network services like file and printer sharing, from working in Windows NT/2000/XP. It seems to re-enable itself occassionally.

    Is AOL installing this thing as spyware?

    --
    Ever dream you could fly? Get up from the Flight Sim. I Fly
  8. I don't even play an ISP on TV, but... by fm6 · · Score: 2
    OK, I don't know for a fact that spyware does this, but I don't find the idea hard to fathom. In fact, I'd be suprised if this hadn't happened.

    I first developed an awareness of this problem when discovered I started experiencing strange random slowdowns and hangs, and started killing background processes until the problem went away. This narrowed the problem to a spyware component that seems to have been trying to extract really detailed usage information from Windows Explorer. Every since then, I've been running Ad-Aware every time my system seemed to lag -- usually with positive results. The alternative is to give up downloading any Windows software ever. Which I suppose I could do, but only as a last resort.

    And if spyware vendors are going to snoop on what programs you have installed (I thought my problems with the installer applet was simple feature bloat!), there's sure as hell gonna snoop on what web sites you access. And if they destroy the very thing they're trying to profit from -- well, that just makes them a kind of spammer, doesn't it?

    I would recommend running Ad-Aware before you re-install the OS. It's quite good at finding those spyware components. And you can't beat the price!

  9. Install Ad-aware by Electrum · · Score: 2

    Have the customer install Lavasoft's wonderful Ad-aware. This freely available program should remove any spyware that is installed.

  10. New.Net / Webhancer by |<amikaze · · Score: 2, Informative

    These screw with the HKEY_LOCAL_MACHINE/Services/Winsock2 keys and make things break. It's not easy to remove them until you get used to it. We had to request several times from New.Net to get removal instructions.

  11. Re:Apparently you're not the only one by GrandCow · · Score: 2

    A nice p2p-program without spyware is WinMX [winmx.com], too bad there are no Linux clients for it.

    Maybe it doesn't have any spyware (even though I oculd have sworn it did), but WinMX did a pretty good job of pissing me off up until the latest version. I installed it and decided it wasn't for me, and when I went to hit the uninstall button there was a big X over the icon. When I clicked on it a message would pop up about uninstalling the program, then it would just exit. I had to wait until the newest version that just came out a few weeks ago was released, install that, and then procede to uninstall the program. Definitely soured me on the whole WinMX experience.
    --
    "Well kids, you tried your best, and you failed. The lesson is, never try." -Homer Simpson
  12. webhancer by pyite · · Score: 2, Insightful

    Some things install webhancer. They're evil. They modify the TCP/IP stack so that it won't work when Ad-Aware removes their files. Programmers that do stuff like this should be destroyed.

    --

    "Nature doesn't care how smart you are. You can still be wrong." - Richard Feynman