Slashdot Mirror
Which Adware and Spyware are the Most Insidious?
the_dreadnought asks: "I was just asked today which adware and spyware are the most insidious by an acquaintance. He asked me if this stuff was really legal, or was it just not important enough for law enforcement to deal with? I know the porn stuff (not from experience,,,ok, from experience) that dials out to foreign countries is one of the more extreme examples, and Gator is well known, but if Slashdot readers could describe what adware and spyware they think is the sneakiest I would appreciate it. Also, any thoughts on whether some of this stuff is even legal, as it is almost certainly not ethical."
Xupiter! Or what used to be Xupiter. In it's time it really wreaked havoc. Although going to their home page says they are out of business, ths link on their site shows that they may be up to something else soon
You can share some of the love for the Yomtobians here. These guys are right up there with Spamford Wallace and the Cantor/Siegel in the Internet Hall of Shame.
Here are the removal programs...
Spybot
Adware
However, this begs the more interesting questions....
Is there *nix spyware?
Why not?
Davak
Lop is by far the worse one ever... recently I convinced my cousin to switch over to Mozilla Firebird, but this article (http://www.spywareinfo.com/articles/lop/) suggested that Mozilla isn't 100% safe, but is much easier to cure than hacking the registry (apparently it's just one line in the user_prefs). One sources said that it changes 47 registry keys... I also found that it randomly mutates into new filenames (actually it downloads newer versions), making it much harder for programs like Adaware to hunt it down.
Also, Lop disguises itself as a mp3 search toolbar. It also comes with newer versions of MSN Plus.
One more thing, some people are willing to profit from lop uninstaller, such as this one - http://www.onlinepcfix.com/spyware/Lop.htm - it contains some more information related to lop.
Please direct all bug reports to
I agree, that HijackThis program did wonders for my parents' messed up computer. Not only did the search page mysteriously get changed after every reboot, we had the misfortune of answering questions from my little sister about the porn popups the BHO caused when she accessed Neopets. However, one or two clicks with HijackThis and all was right again. Adaware and S&D don't catch everything, looks like I had to add ANOTHER program to my arsenal.
The easiest way to delete New.Net is to do the following:
1. remove it using "Add/remove" programs
2. if still not working, remove the WinSock and WinSock2 registry keys from CurrentControlSet
3. Go to network settings on win98 or on 2000/XP, just go into the properties of your network connection and if possible, remove tcp/ip. On XP this is impossible, so ignore this step
4. Add new service. If you're not on XP, just reinstall tcp/ip. On XP, select "have disk" and point it at C:\windows\inf. Then select tcp/ip and install it
5. clean up any newdotnet files lying around.
6. Join a class-action lawsuit against the company that makes this piece of crapware.
Be aware that these steps can cause problems with programs like cyber-sitter or firewalling programs that modify the networking stack. Do this at your own risk.
This is very prolific. I've cleaned it on on laptop twice! I have a supsicion the user is downloading crap all the time, but I do wonder in what form it come in.
Michael
The worst program I've ever seen is savenow..
It starts like 5 processes on boot (using between 50-75mb of ram and 20-25% cpu), sends all of your browsing habits somewhere else, and pops up porn, and other various ads randomly while using the computer. It is by far the worst spy/ad ware I've ever seen.
Or you can just reset Windows XP's TCP/IP stack
from command prompt:
netsh [enter]
int ip [enter]
reset [enter]
then reboot
There is Real Alternative. I'm not sure how legal it is, but it plays the files and I don't have to install the RealOne crap. Until I found it I simply didn't use any sites that relied upon realplayer files. I was so happy when Amazon.com added WMP samples.
Google Toolbar doesn't count, because it is a VOLUNTARY move to enable the spying features (default is to disable them, they give you a nice short EULA that tells you they'll get some info from you if you enable PageRank). Gator and the more insiduous MemoryBlaster (or something like that - it's a taskbar icon that shows you percent free RAM, and takes up about 50% of RAM on a 128MB box with XP itself) count. Taking into account that someone could be blindly clicking links, one could VERY easily get the whole GAIN suite in a few seconds. (BTW, there are MUCH nicer alternatives to those - I've heard RoboForm isn't spyware, and can even import your Gator data if you did once use it, Date Manager? double click on the clock! (oh wait, roblimo can't figure that out) PrecisionTime? ArgoSoft Time Synchronizer is what I use - good ol' fashioned freeware)
... maybe this site would help:
http://www.spywareinfo.com/downloads.php
"Consensus" in science is _always_ a political construct.
In Windows XP there is a feature called Software Restriction Policies (SRP, see here). This feature allows you to deny software to run based on Certificates (and Path, and Hash, and Zone for MSI). Since all the Spyware installers use signed Active-X "drive-by" installers this is an effective way to kill them. This, however, is an arms race. You need to collect the certs you want to invalidate first (upon first encounter of a spyware safe their cert into a file and disallow it). You can find the feature in Control Panel->Administrative Tools->Local Security Policy. Have fun!
It's recommended as Pricelessware by alt.comp.freeware, which means no nasty spyware or adware.
or run them all together as MSN tech support is trained to do... "netsh int ip reset resetlog.txt" That along with "regsvr32 softpub.dll" and "regsvr32 wintrust.dll" will fix 99% of MSN problems. That and Referring to OEM...
Shift happens. Fire it up.