Slashdot Mirror
Spyware Becoming Worst Tech Support Problem
teknurd writes "Wired has an article about the growing problem of computer users having to call tech support to get help removing all of the spyware on their computers. 'The fast-growing phenomenon is already responsible for more than 12 percent of all technical support calls in Dell's consumer hardware division, the biggest category of complaints this year, company representatives said.' Personally, I have had to remove this plague from the computers of several friends and family members."
http://www.spybot.info . That's all it takes. Have it run on people's windows startup and they're set.
Is there anything better than ad-aware for solving this problem?
Spyware can be a real prick to remove, people just cant do it themselves, even competent computer users.
how about NOT installing shit on your systems duh?
Im the IT manager for a 100+ person software compandy (actually, the ONLY IT person...)
Over the last 6 months, I've had to spend more and more time cleaning this crap off peoples machines. I've got it down to a science, though - I keep a disk around with a whole lot of useful tools on it such as:
Spybot search and destroy
stinger
all windows XP / 2000 patches since the latest SP
spywareblaster
and others
Takes me about 15 minutes to clean a machine now. Of course, that is 15 minutes that I could be doing something USEFUL...
"The natural progress of things is for liberty to yield and government to gain ground." - Thomas Jefferson
Spybot Search & Destroy [Best spyware cleaner IMHO, also immunizes against re-installation]
Javacool's Spyware Blaster [works well in conjunction with Spybot]
I used to use Lavasoft's AdAware but after it wasn't updated for a while someone recommended Spybot which I've stuck with.
Trolling is a art,
with the company i work for id love to make suggestions to help people rid themselves of this, but were not allowed because its all third party stuff. i dont work for an ISP, but an internet banking group, and time after time people are blaming their bank for redirect hijackers and popups...all i can say is that your computer is messed up and you should try to call your ISP for assistance. not like theyd be in a much better sitch than me. too bad we can convince people to stop clicking on every bloody thing that pops onto their screen.
________________________________________________
between spy-bot and hijack this, i have been able to remove any spyware i have encountered. The trick with spybot, is that people need to know what they are doing, so they dont screw up their computer. Adaware is dummy proof, but only does gets a portion of the stuff.
Personaly I find foramt C: the best for getting rid of crap like that!
yeah... this is easily the most common thing that I fix during customer service calls. I'd guess about 9 out of ten calls. I try to tell customers what to do and not do but they just have no idea how common spyware is. dave ps... FP? Me? Sweet.
Spyware ? ... no spyware, it is called online support for your software :-)
"The fast-growing phenomenon is already responsible for more than 12 percent of all technical support calls in Dell's consumer hardware division"
Am I the only one who noticed something funny with that statement?
I always ask Bonzi Buddy to help solve my spyware problems. He is always so helpful!
Don't blame Durga. I voted for Centauri.
In the past 2 weeks I've had to remove Master-Search's little pressie from our works server, and Cool Web Search from my housemate's computer. I swear, I spend more time protecting these damn things than using them
'Don't worry' said the trees when they saw the axe coming, 'The handle is one of us.'
If I remember correctly from a previous article (3-6 months ago), Dell prohibits its tech support from helping customers remove certain programs that could be considered spyware. They are unable to do so because Dell, and some other suppliers have partnerships with the makers of the borderline spyware.
What a crock!
Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
AdAware is a great program, I swear by it. Also, working at a help desk, I often tell people to go into IE advanced settings and disable 3rd party browser extensions. They seem to think that if it's a toolbar for IE, it's automatically a great idea to download it.
-=-=-=-=-=
I'd rather be flamed than ignored.
get on it Symantec etc. this getting to be as big if not a bigger problem than viruses. All the computers of family and friends are rife with this stuff, and they won't stump for Ad-aware pro as well as AV sw
I've got some photographs, I'd like to show them to you. Though you don't know the girls You'll recognise the view..
I support this kind of thing every day at work with the odd internet customer/staff member. Spybot has really helped out a lot - its free, small, and works great. I can believe the 12% figure, but here at the ISP I work for, its more like 60% of calls, only the customer doesn't know they are calling for this particular problem. For them, the internet and their computer has just bogged right down so they think something is wrong with the internet.
You create your own reality - Leave mine to me.
Spyboy and Adaware are the two programs I always install when I reformat my computer. I'm a little paranoid since I shop online a lot - amazon, newegg, ebay. I want to teach my parents the value of running them both once a week as well since they often visit foreign, non-english sites to watch TV and videos and I don't have a clue what they could be getting.
...priceless.
Sheesh, evil *and* a jerk. -- Jade
Microsoft claims half of all computer crashes reported by its customers are caused by spyware and its equivalents.
If it crashes, Microsoft wants it to be their crash. They're not going to roll over and let just anyone compete in the crash business. They want it all for themselves.
tells me he still gets a great deal of PEBKAC calls...
There's a little bit of an omission in the article: Spyware is becoming the number one tech support problem for Windows users. Macs and Linux are, as usual, unaffected.
I'm in the hole of the broadband donut.
Simple. Takes half an hour on a decent network.
Eh, you do store all your data on servers and build your client systems from standard images, don't you?
Government of the people, by corporate executives, for corporate profits.
"the developers get paid, in theory, by companies that want to harness the spare computing cycles on thousands of computers to solve some complex computing problem."
i wouldn't actually mind giving a fwe of my spare cycles to someone if they needed them for something legitimate.
everyone i know ran the SETI@home screensaver... not only were you contributing to something, but it looked way cool too!
and if you see me strut, remind me of what left this outlaw torn...
There has not been a single documented virus, worm, trojan, or spyware instance for OS X.
We are talking about a 3-year old OS installed in over 10 million machines.
(Yes, I know someone did a proof of concept for a trojan. No, this prototype has not infected anyone.)
Tell me again why do techies insist on spec'ing 2000/XP at the office?
The next pasture is always greener
I've been working for the college I attends IT department and we get more calls dealing with people thinking they have spyware or are sure they have spy ware and having to deal with them is painful at best, but many people don't know that the software they install is doing things like this to their computer.
I keep reading articles about how much trouble spyware, adware and virii are and yet these are predominantly delieverd through a combiantion of MS Outlook, MS Explorer and indeed MS Windows.
Surely the transition to Mozilla, Firefoxx, Linux, etc...has got to be cheaper than continuing to service these kinds of problems?
I think the problem is that some people simply don't know any other way so take these problems as 'evil necessities' when they really don' thave to be.
I spent three hours last Sunday at the house of a friend of my in-laws removing spy/ad/malware. He just couldn't grasp how his brand new $2800 Windows MCE PC could be so useless in just a month. He was averaging about 60% processor usage from all of that junk. I still couldn't get it completely clean before I had to leave, but I at least got Ad-Aware, Spybot S&D, updated Virus definitions and a firewall installed.
1. Run a good anti spy ware tool like spybot or ad aware.
:)
2. Don't use IE or Outlook
3. Don't use Kazaa or most other p2p clients
4. Don't run any and every program you come across
This helped my friends a lot, my father was really offended by spyware and who can blame him, he's a firefox fan till the end now...
The way to corrupt a youth is to teach him to hold in higher value them who think alike than those who think differently
Every time I remove this crud, I explain exactly why they had it to begin with. I tell them Comet Cursor , Gator, Bonzai Buddy, and the like are VIRUSES. Absolute VIRUSES. I tell them not to download them, and the problems will never come back. I set their IE security settings to not allow Active X as well.
/works for tech support
Within days, they're all back. "But I LIKE my Comet Cursor! I didn't think it would happen this time."
The problem here is that many people today lack basic problem solving skills. They see a problem with their VCR, they fix it. (Clock's off, let's say). They see a similar problem with their computer, and they freeze up and assume they can't fix it even though, in the case of the clock for example, it's the SAME PROBLEM with nearly the SAME SOLUTION.
People don't seem to apply their own basic intelligence to computers. Nor do they seem to learn from their mistakes. "Why did you install Spambar again?"
"I wanted the -feature-. How was I supposed to know it was bad?"
"Because it caused this SAME PROBLEM THE LAST THREE TIMES YOU INSTALLED IT! I HATE YOU! DIEDIEDIE!"
GeekNights!
Late Night Radio for Geeks!
Nothing will ever top the good old keyboard interface error.
"If, therefore, any be unhappy, let him remember that he is unhappy by reason of himself alone."
~Epictetus
The most amazing thing to me is how slow some people will allow their computers to become, mostly due solely to spyware. My aunt asked me why it took her computer like 7 minutes to start up. I said it could be the bonzai buddy, three IE search bars and gator, but I couldn't be sure... Hopefully XP SP2 will have some effect in helping to keep people from runing so much of the crap.
Personally, I have had to remove this plague from the computers of several friends and family members.
Not to sound snide, but this is exactly why all my family & close friends run Macs now. It's easier on them, and it's a hell of a lot easier on me, since now I don't have to stop over, run Adaware, and clean their systems for them.
My wife at work: "Honey, you should install this comet cursor program. Its cool. Also, a friend sent me this cool wallpaper program. You should try it too"
*looks up wallpaper program - sees it has gator and some other crap wrapped in it*
Me: "Honey Both of those programs are laden with spyware. You should uninstall them and clean your system"
My wife: "oh I don't care, I like the cursors and the wallpapers."
*sigh* okee dokee...but NOT on our home PC.
Is the juice worth the sqeeze?
Last night I spent 3 hours at a neighbor's house on spyware patrol. He's a fireman who plows my driveway for free (he is Joe Sixpack personified), and I'm his volunteer tech monkey. I cleaned them all out 2 months ago, and now they were in worse shape.
All 3 of computers were unable to surf the web. Teenage daughters had downloaded Kazaa, weatherbug, morpheus and others. I explained the dangers of spyware (and getting sued by the RIAA, hoping the scare them into ending the spyware party) to them last time, with predictable results. I also advised Dad to lay down the law (I'm not holding my breath).
The 98SE box (yeah, I know) was completely hosed. Booted up, auto-launched about 8 different programs, auto popups, and would actually blue screen before I could launch a single app. I blew that one away, reinstalled from scratch, and ran Windows update (requiring 5 reboots) for close to 2 hours (ever run windows update after a clean install of 4-year old media? Not fun).
And he has a hardware firewall and fast cable modem connection: this would have been impossible on dialup (and the clean install would have been compromised within 10 minutes without the firewall).
After all of this, I had all 3 computers working fine, with up-to-date patches, virus protection, and an Ad Aware icon on the desktop. Also a lecture on the evils of spyware to the assembled daughters.
I'll be back there in a month or 2, guaranteed. Let's hope for lots of snow next winter.
Is Spyware a problem that's limited to Windows OSes, or does Linux also suffer from it? I only ask because the adaware site doesnt appear to have any mention of it being supported in *nix, and I was wondering if that was a lack of support, or a lack of a market. Cheers
RoseColor red={0, 0xffff, 0x0000, 0x0000};VioletColour blue={0, 0x0000, 0x0000, 0xffff};find / -name *mybase*|chown you
I love how the Microsoft representative draws no line between open source software and free-closed source software with his comment "If something's free, there's often a catch." Furthermore the Microsoft and Dell reps both say that the best protection is to keep MSIE up to date. Too bad neither of them mentions mozilla or mozilla firefox. I wouldn't expect the microsoft rep to but I can't believe the article's author doesn't mention it.
Then again - don't use mozilla - according to microsoft - if something's free, there's probably a catch. I bet its full of spyware right now. Just like those microsoft "Smart Tags" we read about yesterday.
Spybot removal software is one thing, but is there a real solution to this problem?
User's will continue installing software they think is cool, or hear about from their friends/colleagues - be it bonzi buddy, kazaa or anything else. Pretty soon they'll start facing problems - the computer would begin to be unresponsive since kazaa is eating all the cpu, searches in google fail because IE is redirected to SearchScout, or whatever else you have/
Cure is one thing, what's the prevention for all this? And I ask this, not for informed, knowledgeable users, but naive home users who don't know any better?
No M$ bashing please. I have heard of several tools that keep track of what's installed and the changes to registry, but haven't come across anything will a simple interface and a "knowledge" of most common spyware (possibly updated frequently from a public server). Such a tool would at least make the customer support job easier!
http://efil.blogspot.com/
You must be confused... Its VALUEware not spyware
I have discovered a truly remarkable sig which this post is too small to contain.
Dell should just provide users with a Windows Live CD that contains and anti-virus program and a spyware removal program.
Pop it in, computer boots up, runs the anti-virus and spyware removal, shuts down.
Then there is no hassle for the customer about them going to an internet site and installing a program, and then figuring out how to run it.
A family friend was having trouble with their computer crashing and displaying pop-ups, so I went round and ran Ad-Aware for them. It found over 400 items of spyware! Turns out the idiot son had bought a CD off of Ebay that promised to give him access to "Exclusive Cheap WholeSale SiTeS!!!!11 BUY BUY BUY". They said their problems started about the same time as he installed it. I suggested they may have begun with his conception.
In the last couple of months I've seen four or five computers that were rendered completely useless by spyware. The owners literally could not open their browser and get on the web.
Many of the newer programs should not really be called "spyware". They are really a form of hijack-ware. They seize control of a users browser and send up an endless stream of ads.
And no, the average user will never be able to cope with this. Most people just want to buy a computer and use it. They are no more interested in learning how to maintain a computer than they are in learning auto maintenance. It's up to the computer industry to deliver usable products to the end user.
I don't understand the problem.
My wife is relatively computer literate. But it comes down to a simple rule.
Don't download anything, don't install anything. Ignore all those taskbars and toolbars and toys.
we've had no trouble.
from the article: Finally, Friedberg cautions Internet users to pay extra attention to offers of free software. "Be suspicious," he said. "When something's free, there's likely a catch." I especially like the "When something's free, there's likely a catch". Ahh, the subleties of FUD.
"Sigs mentioning ducks were considered particularly funny."
"A separate study by Internet service provider EarthLink found more than 29 million spyware-related files on the 1 million computers the company tested."
Earthlink uses those types of data mineing files in their total access software. When I run spybot and Ad-ware, it constantly finds the files tied in with earthlink for advertising.
Not to mention AIM now has pop up advertising and things. I am glad that I don't have to use my windows machine for anything more than audio processing for the most part. I couldn't imagine what it would be like if I used it to browse the web regularly...
root 10956 5164 0 Oct 22 - 0:23 sendmail: rejecting connections: load average: 70 (isn't sendmail just too kind)
One word - Linux. Been using it for 2 years now. No spyware, no virus/worms/trojans, no shit!!! If you use your computer just to browse net and/or for porn, switch to linux today. Sure it take a couple of hours to know your way around it, but believe me,once you get the damn thing running, there is no looking back. Forget windows, it's for kids and lamers.
You can update adaware inside the program to dl a list the most recent nasties.
"When something's free, there's likely a catch."
Yea, like my linux laptop not having one piece of spyware in 3 years.
I upgraded all the computers in my company to new Dell PC's 6 months ago. Virtually all of the software and hardware problems I used to have are gone. Now, 30-40 percent of problem calls I get are related to spyware. Is there someone I can send a bill to?
Of course this is the fault of the consumers but over time its become a deceptive trade practice as those responsible for the programs know that legal jargon only succeeds in confusing the average user. Many would probably regard it as an abuse of the system.
I recently met a guy that wrote some spyware that he has been improving and so on for many years for windows platforms.
He uses the information gathered to write big reports and sell them to large companies. I was interested in what sort of information the guy was gathering. He gave me a brief description of web pages viewed, banks used, ages, general usage, and the spyware he wrote even logs when the systems not online for those dialup users. The information is then sold to companies so that they can identify what thier market is better.
He claims its 100% legal because they agree when installing "icons" or something like that..
sly...and not something i would admit to in certain crowds..
A long while back AdAware wasn't being updated at all. They've resumed work on it ages ago.
Finally, Friedberg [from Microsoft] cautions Internet users to pay extra attention to offers of free software. "Be suspicious," he said. "When something's free, there's likely a catch."
I worry that ordinary users will associate the free software work done in the Linux/BSD community with spyware - or more likely that MS will turn up the rhetoric against the Linux/BSD community when the competition gets hot in the desktop space.
Search Bars, Bonzi Buddy...those aren't a big deal to remove. The browser hijackers are the worst.
I support about 60 users in two offices, and about 20 users in remote offices, and my biggest problems are Spyware, viruses, and Trojans. Anti-virus software (on the PC's I manage in the office) takes care of almost all viruses, but spyware and shit is harder to stop.
The best thing you can do is have your users setup as 'users' instead of 'power users' (if you can). I'd have everyone on Mozilla but 2 of our ASP's -require- IE.
Look2Me is the worst one, walking someone through that removal over the phone isn't my idea of fun.
...clueless users.
...is reading this on a Windows box that has never had any spyware.
Or Viruses for that matter.
Tell people they need to buy a Mac.
... I tell them it has all the good apps, etc, and it doesn't have spyware. Everything else I tell them doesn't matter, just the spyware part really gets to them.
When they ask why "why?"
Sunny Dubey
There is one thing I cant figure out here. Spyware is the next big thing after virii... why havent the big anti virus companies gotten in on the action? I mean, how much more work would it take a McAffe or Symantec to add spyware detection tools and removal software to their current products? If you think about it, the only big thing that distinguishes one AV company from another is there response times to a new virus. Wouldnt this be a very sellable feature?
:)
On the bright side, the big kids staying out of it, allows little guys the like LavaSoft ( ad-aware ), to carve a niche for themselves. However, in a lavasoft type company gets smart and offers virus removal in their tool aswell... why would you not get the do it all tool, instead of two pieces of software?
Its always funny watching big commerical companies miss the boat on stuff like this though
Also, I may be wrong, their may be an AntiVirus product out there that deals with SpyWare. If there is, please let me know!
I had a client of mine at a medical office two weeks ago who was having problems with an onslaught of uncontrollable pop-ups. I downloaded two popular spyware removal programs and I just could not believe the amount of SHIT that has been secretly installed on these PCs. Man, I'm so happy I own Macs.
It took me a couple of hours just to clear out all of the spyware programs and files fromboth computers. One of them had nearly 200 files/programs that had been installed, not by the user.
To all you fuckers who create this malware, I hope you all die horrible, slow deaths. Really. You are scum.
The problem with AdAware, Spybot etc is that they are clients that must be installed on individual windows machines. Does anyone know of a tool, like Symantac AV Corp, that has a central admin console, quarantine and auto updates clients etc? Even better, a tool that doesn't require a client and can remote scan, through administrative shares or something?
Rocket science is easy. Neurosurgery, now *that's* difficult.
I'd say 75% of spyware issues come from users running as part of the Administrator group. All day-to-day use windows accounts should be a regular user, with the least priviledges as possible. Without being part of the Admin group, the spyware would not be able to write to HKLM registry, C:\ or C:\WINDOWS. Some spyware could still infect the user's directory, but at least a simple re-log on to Administrator could be done to clean up the machine.
naw just buy a mac. not that they are immune in any sense but for some reason they dont seem infested either. put that in your TCO and smoke it.
Some drink at the fountain of knowledge. Others just gargle.
I work on a campus, and spyware is the cause of 90% of the calls. The problem is the average user simply does not know what spyware is, or how to get rid of it. They click yes to every yes/no installer popup, and eventually there's so much crap the computer is so slow it's unusable.
What it comes down to is the average user does not know what they're doing. If they knew installing all kinds of stuff would cause problems, they most likely wouldn't do it.
It usually just takes running SpyBot, but beyond that, it takes some education since even "legit" "products" from companies seem to be worse than viruses when installed in mass amounts...
These damn "My Search" people are a curse! If you try to uninstall their stuff on a Windows machine, all it does is remove the uninstall entry in the registry but actually leaves the software running. It took me hours a few nights ago to get their junk off my PC. My Search is a front-end to Google and a number of other search engines. I've no idea why Google (and the other's) allow My Search to do the things they do.
Free Firefox news reader.
What will it take for people to use an alternative
like Mozilla, which cuts back on the spying; or to
give up on Windows altogether?
Excellent analogy.
Is the juice worth the sqeeze?
Because Windows is spyware itself. The media player and various other programs are notorious homephoners.
We coupled XP permissions, SUS (godsend, that thing) and NAV Corporate. NAV updates everyone's definitions as soon as they come out. SUS sends out updates nightly (usually a few days pass after they're issued by MS so we can test and approve them). Firewall keeps dump RPC requests out.
Since then: no viruses, no spyware. Time taken to set up all of the pieces: a few days. Money spent: XP licenses came with new machines, NAV cost a couple grand, SUS was free. Time and frustration saved: priceless.
I have had the most problems with removing Hotbar. It tries to install every time Outlook is run. It pretends to uninstall from add/remove programs, but is back next time you try to load Outlook. I hate it! I want to sue the people who make that crap software.
I've been wondering why companies like Symantec and McAffee don't step up to the plate on these things. It's getting to the point where the distinction between spyware/malwhere and a virus is pretty minor. I've seen spyware that copies files and registry entries to your computer, and then damages the permissions and such so that you can't remove them (even AdAware and Spybot can't because the system won't let you remove the files/entries AT ALL). But still they're "spyware" and not a "virus".
It seems like someone really needs to offer an enterprise level solution with centralized pushed updates and such, and I get the feeling that if current antivirus software providers don't get moving, they may find the anti-spyware people have incorporated antivirus software, and pushed them out.
I work at an ISP and we get a fair amount of calls pertaining to spyware/adware. "As soon as I connect to your service I have all these ads coming up on my screen!" "I keep changing my home page but then it goes back to this porn site!" All that we are supposed to support is getting people connected to the internet and setting up their e-mail.. so they always get upset. I personally prefer SpyBot, but management tells us to recommend Ad-Aware. The best is when they call up because Ad-Aware didn't fix the problem. "Now what?!". CWShredder can be pretty useful in these situations.. For your own personal machine I recommend SpyBlocker. It isn't free anymore, but it's worth the money to buy it. It's a real-time ad/spyware/bug/cookie filter. It works quite well.
i happened to come across these fantastic spyware removal sites. if you download their software you are guaranteed 100 per cent no more spyware
Debian
Mandrake
Linspire
Fedora
Mepis
Xandros
Suse
Slackware
Gentoo
However, the CEO & Chairman keep bringing their laptops and home computers in because they, or their kids keep putting crap on them. It's pretty impossible for me to refuse to clean them. No other employees seem to have this problem at work any more.
I use OS X at home and keep telling them that I don't worry about viruses and have never had any spyware. Funny thing is, they're willing to switch, but are worried about the cost! I keep telling them how much they're paying me to sort out the stuff constantly, but the message isn't getting through... Oh well.
Q: What do you call a program that you do not want installed that runs anyways, is hard to remove, and notably degrades the performance of you machine?
A: They're frickin viruses. I guess technically they might be considered trojans, worms, etc, but they should be the in the realm of virus and they should be treated as such both socially and legally.
I can see the argument that some software requires such spyware to run and therefore that spyware is not a virus, but if that is the case then the spyware should be uninstalled with the offending program. If not, the company producing said spyware should be handled legally the same way as a person introducing a computer virus, trojan, worm, etc into the wild.
She's running windows 2000, and logs in as a USER.
I've got Admin rights to her computer. When she needs a game installed, I install it. But limiting her to user rights, she doesn't have to proper access to install ANYTHING.
This works for me.
Executive ability is deciding quickly and getting someone else to do the work. --John G. Pollard
Don't mean to tout my own horn here, but i just finished a presentation about spyware to the Clawson Rotary club a couple of days ago. You can find the doc at http://www.exiant.net/doc/spyware.pdf . If anyone ever has to give a presentation about it, you can find some good info on there, free for all.
Enjoy.
--
I will endure to the end.
CWshredder does tend to work REALLY well on that hard to get adware/malware. It's like I was complaining to a co-worker the other day, I don't feel like a Network Tech as much as a bloody computer janitor now.
Keep Austin Weird!
and nothing happened.
The default settings in Internet Explorer are one of the biggest causes of spyware insertion. The problem is that spyware on a page causes IE to come up with a message window that says "Would you like to install FREE toolbar from foo.bar?" and then at the bottom it says something about a security certificate.
Well, as you all know, anyone can go to Verisign and buy a certificate for authentication purposes, but most people take certificates to mean that it's certified safe software. For the uninformed user, there's little difference between this and the latest Macromedia Flash plug-in.
Even worse, there are a lot of sites that cause Internet Explorer to go into a loop with the plug-in. By that I mean:
1. Plugin for "FREE SphyWhere Inc. ToolBar Search!" presents itself to user.
2. User presses "No" button or the close window button to avoid installation.
3. IE comes back with a dialog that says "You MUST install free toolbar to gain access!" and then has to click the "Ok" button or the close window button on THAT dialog.
4. Process repeats itself at Step 1 and continues in perpetuity unless the user is fast enough to be able to close the actual browser window before the plugin pops up, or until the user consents, or unless the user shuts down Internet Explorer.
This occurs primarily on porn sites, but it will occur many times on legitimate sites (e.g. VG-Network, formerly Dave's Video Game Classics for classic games and one of the music lyric sites (can't remember which off the top of my head).
The root of the problem here is that - surprise - Microsoft has continued to let websites exploit this peculiarity in its browser. The end result is that users get frustrated and either inadvertently or out of frustration simply allow the spyware to be installed. Even worse, if the user is dumb enough to have "Low" set on their security settings due to their own inability or unwillingness to learn about basic browser functionality, all this spyware will get installed automatically. Some users I believe continually complain about their computer being slow to the point where they're prompted to upgrade unnecessarily because of spyware they don't know that they have.
So...on every fresh Windows install I do, I do it behind a NAT router to begin with, install all service packs and security updates and drivers, then put a software firewall on the computer, then an antivirus app with Trojan detection, and finally a spyware removal app. Then I instruct people to go to Windows Update every day, their virus update every day, and Spyware check every week.
Isn't spyware fun?
The problem is that this has left non-technical users wide open to the unethical practices of crappy programmers who create spyware and/or allow it to be bundled with legitimate applications. Then the users complain that we in the Development group made a horribly slow program and we need to fix it. We then run Ad-aware on their box and remove Hotbar, Weather Bug, etc from their box. As if by magic the applications are fast again (shocking!). We're currently working with our Tech Support staff to image the user community's computers as Restricted Users. The stuff is going to hit the fan when they discover they cannot install anything without IS approval.
What are the worst offenders? Those programs offering either "cute" or "informative". Desktop wallpaper, custom cursors, so many toolbars and geegaws to make your browser look like CNN's Headline News. A time updater. A date updater. A weather notifier. Hate to tell you, but I have a watch, a calendar, a radio, and a window. Between these four things, I think I'll know what the day/time is and what weather is coming.
What would these same users do if they drove up to a street corner and there was somebody waiting to plaster their car with a flashy bumper sticker in exchange for their friends' email addresses? I would hope that these folks would just drive away. So why does it work on a computer screen?
Hell, half the problems business have could be solved if companies just banned access to all the websites that produce these programs. Can't download Weatherbug or Webshots if you can't get to the websites in the first place. No need to visit each individual computer if you can use the firewall to do your job for you. Anyone have a list of those evil IP addresses they'd like to share? (and by "evil" I mean, well, "evil")
I've been working as a Macintosh help desk tech for about 7 months, and not once have I heard of someone calling about spyware.
Although, I've had a few calls where people *thought* they had a virus because of some strange email in their inbox, but that's about it.
Install was smooth.
Nope no spyware on this gentoo machine
kidding aside more and more programs written for windows look decent with wine of your choice. Of course I would rather see native linux binaries (come on developers its not THAT hard to do it right the first time!!)
no god is good
The thing that comes to mind is the old saying, "people should need a liscense to breed" or some variant. People should honestly need a "liscense" to own and run a computer.
It is the uneducated that are wasting the internet away with installing this "cool" software that is chalked full of spyware, dragging the internet to its knees. Education is the key to a solution.
Require a class, shit even offer a class for new computer buyers at retail stores. That would make a tremendous difference.
I work on computers AND my child needs a new pair of shoes!!!
Folks have been trained since the DOS days that they just turn on their computer and use it. Programs have been written for that environment with this assumption in mind (no user-admin privilage distinction).
So the "Problem" is more Microsoft's failure than it is the users failure. Users use, and are taught how to use. Microsoft perpetrated the "run as admin always" problem, and they directly trained (through the use of their software) vast armies of average users and software developers to embrace this road as the norm and the expected software "reality". Unfortunately it is was a disasterous mistake in many regards (virii, worms, spyware, blah blah)
They need to fix this basic architecture problem, and this will hurt users (learning curve, potential invalidation of older software) and the software industry (re-tooling their software code).
Garbage in, Garbage out?
Is the juice worth the sqeeze?
..so forgive me for asking ( and no, this is not meant to be a "troll" ), but how do your users install this stuff on their machines?
I run a 100-node network ( ~80 employees ), and I only have to deal with this stuff on my poweruser's computer. Everyone else is a limited user ( win2k ), and the machines are updated nightly ( if needed, via SUS for win2k server ).
Am I missing something here?
Mod me down with all of your hatred and your journey towards the dark side will be complete!
Gee, that's strange. We have 300 Win boxes in my building and about 1000 company wide, not a lot really, but more than a few... Spybot runs just fine from the start-up script. Actually, though, since our machines (all of them) stay on 24/7, we run it and other stuff at night too (but those are scheduled tasks, of course). Need my LAN admin's number?
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
BING!
Problems with your COMPUTER?!
Is your computer slower then when you bought it?
Getting frustrated with dozens of advertising popups?
Call us today! 1-800-WeDemolishSpyware and we will send out one of our geeks to examine your pc and fix it. Just make the FREE call, answer 3 simple questions, and we will dispatch a tech to your home... for a fee.
Get your internet back!
Call NOW!
BING!
no
Thanks for your insightful and informed post. (but doesn't help much for us win 9x users [the ME users were beyond help anyway])
This suggestion won't much help the Joe Smoe user who doesn't know 'Administrator' from a garbage heap, and just wants to be able to surf the web and check his email, and install the occaisional piece of software without trouble.
Just wondering, is this run on MS Windows only? Or it can run on any OS like Mac OS and Linux?
I manage an office of about 70 Windows PCs. When I first started many of the PCs had spyware on them. Every other day someone would complain and I would clean it off. When the same people kept asking for spyware removal it became clear that to solve the problem you have to prevent the average user from installing software on their PC.
Want to stop spyware? Do not log in with Administrative rights! 99% of spyware requires administrative rights to install. In the corporate environment this is simple: don't give out the local administrator password to anyone Ever! And don't put regular users in the Administrators group. For home users, create two accounts - one for installing software with admin rights, and one for everyday use without admin rights.
UNIX admins figured this out years ago. You only use root when you must, why don't most Windows users do the same thing? My suspicion is most home users don't like the concept of windows login's and passwords. To solve this I wish XP home had a simple switch for a user to enable or disable software installation.
The developers at my company are very tech-savvy and have no problem taking care of and their workstations, it's the execs I have to worry about.
I showed them my Powerbook G4 and jeaslousy set in. Now we're standardizing on iBook G4s for traveling execs. No more worrying about them coming back from a trip w/ a virus, no spyware either.
This guy is way out there
Surely better advice would be to read the licence agreement.
Mod parent up!
This is absolutely the biggest problem tech support-wise that I have to deal with these days with my clients. It surprises me that they aren't yet seen in the same light as viruses are. They can be just as crippling, just as tricky to remove (even with ad-aware and spybot), and just as sneaky getting in to your system...
I've told people when they've asked me how their infestation happened that they're basically viruses they actively allowed to be installed, though in some cases I'm not even sure you as user have to "ok" to let in there. I advise users to click "x" on the installer windows now - I don't even trust "no" anymore.
Not only does God definitely play dice, but He sometimes confuses us by throwing them where they can't be seen. -Hawking
You gotta love this quote from Wired's ace reporter:
the proliferation of a NEW category of deceptive software
How long have Lavasoft been out there?
Registrar: domaininfo.com
Domain Name: lavasoftusa.com
Record created: 21 May 2001
Record last changed: 27 May 2002
Record expires: 21 May 2006
Prolly is a Usenet pest who never reads the FAQs...
Put Spywareblaster and Spywareguard on their systems maybe even a host file. Still not a perfect solution but will most likely keep them out of trouble.
Slashdot, home of supporters of free software, free music, and free speech.Except for Moderators that disagree with you.
I'm making 600-800 a week part time in the evenings doing consulting by removing this crap from client systems. For me, fixing the problem is a bad thing....
Watch out, free software usually has a catch! Don't be pulled in by the trickery of Sharman Networks' or those crazy Linux distributors!
In addition to using the various anti-spyware software recommended above, like AdAware and SpyBot, I've made it a regular habit to look at these registry keys:
Run regedit:
Start->Run-> "regedit"
Look in:
HKEY_LOCAL_MACHINE
SOFTWARE
Microsoft
Windows
CurrentVersion
Run
RunOnce
RunOnceEx
The Run is an especially attractive haven for spyware companies. That's how spyware programs run their programs after users reboot their computers. If you suspect there are weird entries in these registry keys, download spyware removal software and run it. If you don't know what you're doing don't mess with the keys.
I also check TaskManager regularly for weird processes. It's a bit technical, but after a while you can see which processes belong and which ones don't.
Like a lot of the /. crowd, I do tech support for an extended group of family and friends. Most of these folks have no idea that leaving an unfirewalled unpatched win98 machine sitting on a broadband connection is a bad thing. All they know is it doesn't work anymore and can I fix it?
If they're on a broadband connection I get them a hardware firewall. I don't even ask, I just buy it and hand them the bill. I also enable automatic updates. I generally use free tools like ad-aware and spybot, tiny firewall, a free av scanner if they're too cheap, etc.
In what has to be the most painful bit for them, I give the Inevitable Security Lecture. Their attention span being what it is, I only hit the high points. I point to the Windows Update icon, explain what critical updates are, explain what spyware is (and how to use ad-aware & spybot), etc. It's probably a waste of time, but you never know.
There you have it. I've been through it over and over. Like I said, old hat.
If a bunch of spyware sites are set to a certain # of hosts, can we just make them resolve to 127.0.0.1 with a nice custom hosts file?
I know mike's ad blocking hosts file does it for pop-ups, but what about stuff like bonzi buddy?
If so I'd like to put it on my dad's computer. Problem is, a lot of little rinky-dink apps he downloads have spyware just piggybacking on it. Then again there's a few utilities that take care of that.
Ahh i can see in a few years we'll have a nice internet that will blindfold themselves to such malicious sites.
If you are talking about a corporate setup with some sort of software standardization you could check the HKLM or HKCU Software-->Microsoft-->Windows-->CurrentVersion--> Run key for values present. That's where a lot of malware/adware/spyware hides. I do this through using KixTart as part of the network logon script.
Spyware? On Linux? Are you utterly mad, sir?
Oh, but the gall, the gall!
Lord of the Spies
This is what I told my dad after removing another 20 porn auto-dialers from his system ("Yeah sure dad, you have no idea how those got there"); Whenever you encounter a popup which you don't fully understand, click the [X] button top-right, do not click the "Yes", "No", "Cancel" or any other buttons. If no [X] button exists, hit the Alt+F4 keys. This basically got rid of practically everything problems since he doesn't install software himself (wouldn't know how if he wanted to).
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Or adaware or hijack this, yadda yadda...
Problem is, we're talking about computers owned by the unwashed masses (at least in my tech support job). These are people that call up with a chip on their shoulder demanding that their ISP fix what has happened to their computer. Wonderful ads lik "Earthlink with a free Pop-Up blocker" etc. have now in the perception shifted the responsibility of parasite problems onto the ISP.
A lot of these people don't understand the basic directory structure or how to find something that's been downloaded onto their computer, and walking them through a download of a parasite removal tool, updating it, running it, and then guiding them through what to do with what it has found can EASILY turn into a 2-hour procedure. Most of us have more important shit to do than that. Double that amount of time if they don't have two phone lines and/or cannot be connected to the internet. Any coincidental problems are blamed on your removal tool.
Also, the latest trend i'm seeing, is people calling up to complain about all these popup ads and homepage hijackings/search pages thrown in. You start pointing to all the free games they've downloaded, bonzai buddy, Desktop Calendar, Weatherbug, etc, and you are met with "but i LIKE having my weather updates, i LIKE having my Calendar there" etc.
THEY WILL REFUSE TO LET YOU HELP THEM
Doesn't stop them from still calling you up "i'm still having a problem with all these popups..."
Most machines i've cleaned up (like HUNDREDS of parasites), i'll hand it back to them and tell them what not to do again, and they are in the exact same state in a week's time. They simply go and install all the same crap they had before.
I was warned by many that doing Tech Support for a living was a burnout job, and borderline emotional abuse. But the last couple years of parasites have made it pure insanity. Tech Support is at a whole new low...
"i need to find a new job" is an understatement.
do() || do_not();
1 - Blocking spyware from being downloaded and installed EVER (aside from simply saying "Use Linux"), and
2 - Completely cleaning already infected machines/browsers/etc, and
3 - Hunting down the developers of all of this crap and them.
It pisses me off knowing there are many hard-core intelligent software developers out there creating this crap!
They all should suffer!
The community should find them, like they do for child-molesters, and berate them and publically thrash them.
doooh
www.mozilla.org Download FireFox. There is no foolproof software to prevent people from downloading Bonzi Buddy and Gator. Ad-Aware and a good virus program should take care of the rest.
I use Windows (XP) at home primarily because I'm not prepared to make the ($) switch to a Mac yet. Our current software investment includes a lot of educational games passed down from child to child. Most of my childrens' games require XP compatability mode - which only works for Admin users.
Your monitor is staring at you.
Can anyone point me in the direction of a tutorial on writing a rules file for pkt filter. It looks like a good GPL firewall but the default rules are dissallow everything. I've seen a couple of case studies, but would rather learn from others before I just start making assumptions about how to write good firewall rule settings.
Degaussing scares the bad magnetism out of the monitor and fills it with good karma.
I've tried various virus/worm/adware programs and neither managed to remove these...
Nasty little critter wuamgrd.exe - hid itself up in \windows\system32 with System/Hidden/Read-only attributes. Fortunately, a quick 'attrib -h -s -r' removed its sticky coating, and a quick 'del' sent it into oblivion, and a regedit to make sure no remnants was in the registry. I'm not sure about point312.exe - it may be just a printer driver, but it's one listening port I'd prefer not to have.
Isn't it ironic that the purpose of the registry was to prevent malware from damaging the system configuration, and now it's the first place to check for such things.
At home I sometimes run W2K. Whenever I get software, I check that it supports W2K. Unfortunately, supporting W2K is really only supporting running as admin in W2K.
I expect to install software as Admin (just like su root under Linux). But, frequently there are permission errors if I want to run the installed software as a normal user. If I am lucky, I just need to modify the permissions of the save directories.
This year TurboTax required me to run as Admin. It did a check at startup, and would not go any further if I didn't have admin privs.
I wish that they would distinguish between being able to run under W2K, and being able to run as a normal user once installed on a secure W2K box.
Where law ends, tyranny begins -- William Pitt
try bazooka spyware removing tool.
Unlike some other tools that jack with your
register, bazooka just detects and advices you
on how to remove it.
slashdotter remark:
#of spyware on my linux box...el zippo.
- these are not the droids you are looking for -
you can't remove/readd TCP/IP in XP. you have to fix the stack. annoying, but there you go.
Like everyone, I've had plenty of these problems, and I run adaware and spybot. Lately I've been enabling the spybot immunization - but haven't had the time to test it.
Has anyone seen whether this really works?
The worst of these are the really nasty ones like coolwebsearch. These are not installed piggybacked onto Kazaa or something, but are installed through security holes in the system. For people that have only a 56K connection to the interweb, installing that latest 32MB service pack that fixes the problem is often a very undesirable option. So stuff like this gets in.
I have uninstalled this several times, and found cases where the software decided, for whatever reason, to delete critical system files like run32.dll or parts of winsock.dll. I have no clue what this does for the jerks that write this stuff, but it breaks the hell out of these machines.
+++ ATH0 +++
If you have disk imaging software (Drive Image, etc.), after updating everything make an image and burn to CD. The next time you have to redo his system (and it sounds innevitable) just blast back to the base image.
Drink blood - 50 trillion mosquitoes can't be wrong.
yeah, doing something similar already. just doesn't cut it with all those toolbar 'helpers', removing classid's, cookie, keeping upto date etc. I see on another thread that there is consensus that nobody is doing it yet.
Rocket science is easy. Neurosurgery, now *that's* difficult.
Now he can't find/email you! Even if he did announce himself, how would you friend him without an account?
What was it about the pot and the kettle?
...is of that type. It's eeeeeeeeeeeeevil.
Is there any website out there where there is maybe a pdf that you can print out for people who are just starting out with computers and explains what viruses, worms, trojan horses, and spyware is and how to avoid them. I have searched google but haven't found anything that is good for a beginner.
I would like to find something that you can give to a parent or friend and have them read it and keep it by their computer as a reference as to what they should and shouldn't do when it comes to email attachments and avoiding spyware.
Here a Sig There a Sig Everywhere a Sig Sig...
Nah, just switch to using Macs. Life is much more...serene. Users are still stupid, but there isn't a huge spyware or virus problem there either.
There are two types of people in the world: Those who crave closure
If you are you can run most things as Administrator WITHOUT having log out. Just hold down shift and right-click on the EXE. The pop-up menu will have a "Run-As" option. Just put in your administrator details and away you go. It's not perfect but it's a damn sight easier than having to log out.
---
We spoke for about a half an hour. I don't recall a thing we said. - Colorblind James Experience
Entirely (?) removing CoolWWWSearch actually required running both programs.
I believe some of the CWS spyware variants actually replace some of your executables (like Windows Media Player) with a trojan that downloads new versions of these wonderful pets. This is bad because no anti-spyware can help you when this kind of damage is done. You're gonna have to reinstall applications.
I've always tried to explain to people that anti-spyware tools should be your last line of defense. You have to be aware of the dangers to avoid them, and adjust your behaviour on the internet accordingly (look up info on known spyware, inspect browser cookies before storing, etc.). Letting spyware in and having, say, Ad-aware deal with it after the damage is done just won't cut it (at least not anymore)! It's not like you do this with a virus?
zWhat would an EWOULDBLOCK block, if an EWOULDBLOCK could block would? -- me
I am waiting for someone else to go to court with spyware companies on destroying private property and win. Then my company will follow, we have been waiting for someone to start a lawsuit against them and win so we can do the same. My employers would more than likely jump at an opportunity to get back valuable time and money we have wasted on this problem. If just one lawsuit is won, then there will probably be many more to follow. They are advertising on people's private property and should not be allowed to continue. The american people get raped again...
If carrots got you drunk, rabbits would be fucked up. - Comedian Mitch Hedberg R.I.P. 03/30/68-2/24/05
Nah, just switch to using Macs. Life is much more...serene. Users are still stupid, but there isn't a huge spyware or virus problem there either.
I assume that you are a Mac User. I think you'd know just as well as anyone what kind of feat that is trying to explain to someone why their next computer should be a Mac.
For the record, the ISP i work at is very Mac-Centric, and I (myself) haven't used or owned a Windows machine since 1997
do() || do_not();
Most companies that provide tech support will not let you remove / delete anything from a user's computer...liability issues if removing spyware ends up borking the whole thing. Then it was tech support that killed the computer and the company is responsible for fixing it.
slashdot, news for crazed liberal socialist zealots
I use both Spybot and Ad-Aware with good results, and I remember when Ad-Aware 5 didn't get updated for awhile.
However, Spybot's last update was March 4, so they're two months behind. I still use it, but I'm starting to lose confidence. They were updating every month or so, but it's nowhere near Ad-Aware's update cycle of every day or two.
I've come across some pop-up ad-program at work that neither of these will remove, and it's not in the normal places (registry, startup, ini files, etc.) Had to re-image the system to get rid of it. Never did figure out what it was.
Yeah, this dude is a known troll.
Simple explanation:
I have to wipe your hard drive clean and you lose all your email, word files, quicken records, tax records, business files.
Or switch to a Mac and never have to worry about it again.
There are two types of people in the world: Those who crave closure
Haha, thats all my friends/family ever asks me to do nowadays. Forget the days of setting up modem init strings, configuring IRQs, etc. No, now that everyone's on broadband, its spyware and "porn popups" for which my services are most frequently requested. Thanks adware makers, you keep me employed :-D
It is actually staggeringly easy to avoid installing spyware on your computer. Once you have downloaded a piece of software, just comment out anything in the source code that looks like it might be spyware, before you compile it. Then generate a difference file against the source you downloaded, and post it on your own web site as a patch so everyone can share and enjoy it.
..... they probably have already created their own patch anyway, if it's a package worth using.
If you think that's hard, seek out your local guru and get their advice
Je fume. Tu fumes. Nous fûmes!
I visit lots of sites. I get lots of email
The problem is that people install random crap that they don't need, and it causes trouble.
You only need a few plugins or helper apps.
Flash is nice, Acrobat is a must, I grab mozilla too.
I don't find my online experience lacking, I get my emails, I find phone numbers, and get information on other stuff I need. Ebay and online banking work just fine.
Windows IS spyware you fucking, wussy win-losing idiots. Admit it, you are suckers. And I might add, you deserve all the trouble you get.
My primary workstation at home runs Linux. However, to keep peace in the familiy, I got my wife a laptop running Windows (98SE to be precise; don't laugh, it does everything she needs, & I installed Eudora so to avoid Outlook & all of its problems, a step that prevented her from virus infections countless times).
So last week while playing one of the online games at Yahoo, she is bombarded by countless pop-up ads. While she is a competent user, she knows this is beyond her & asked for my help. So I sat down & started digging thru the guts of Windows.
Now keep in mind that for the last several years, I have dealt almost exclusively with Linux, Solaris & other flavors of UNIX; I was drawing from my memory of Window 3.1 (& a hazy idea of the Windows Registry) for what to look for. And after 2 hours of hunting, I killed a couple of the easier bits of malware, but it wasn't until a colleague told me about Ad aware & Spybot that we truly started to make a difference.
The moral of my story? Unless you're willing to live in a Windows-free world, its defects will still make your life miserable; & ignorance of Windows is not strength.
Geoff
I think I see a trend here. Maybe for them it really would be easier to muzzle the entire internet than to produce p
At school we have a techmaster organization where to go and fix people's computers when they have problems. I'd say about 80% or so of the texh requests are directly related to spyware. What's worse is that none of them will listen to what we tell them. Even with Spybot on their systems, they never run it or update it. Also, they stick with IE and always out of curiosity run that .exe email attachment that we warned them of so many times. It's damn depressing.
And I also heard that a whopping 23% of the calls were for "Curry in a Hurry" restaurant deliveries.
MS should make windows xp like windows 2k3, where it asks you if you want to run an executable everytime you download. there should also be a message at the top, if "unsure click no" and have no as the default option. problem solved
You are now their bitch.
Hahaha. It's funny because it's true. I am my family's "computer guy". *hangs self*
"i need to find a new job" is an understatement.
Now you can understand why so much of this is being outsourced to foreign countries. The stress levels are too high for minimum wage, but paying a real techie $40/hour to sit on the phone with a clueless customer for 2 hours is too expensive. Until the revenue model changes to actually charge the end user for the hours used, this will continue.
from the if-you-can't-beat'em-join'em-dept.
Have you considered acquiring a foreign accent to make it harder for people to understand you? When they give up and just live with all the slowness and annoyances, then your job is done!
...what do I do? Oh and if you have a virus or worm could you let me know too?
[Caution this is a semi-joke; I'm pretty sure Linux is still pretty virginal. But I'm looking for that one final reason to change from Windows to Linux.]
--..
Help end the use of Sigs. Tomorrow
Yes -I- know this...
but convincing someone else this....
do() || do_not();
66.35.250.150 is the IP address to block.
Would people pay $25 per hour for me to do this for them? I'm a high school chemistry teacher wouldn't not mind the extra income. I would not feel guilty charging the same for family and friends.
--..
Help end the use of Sigs. Tomorrow
I too had this problem. Let AdAware take out New.net and Blammo! No network connectivity. Did the research and found the fix just like you did.
"And Class.... What did we learn?"
I learned to cruise through add/remove programs and remove any of the obvious spyware first. Sure, they don't usually "completely" remove themselves but then spybot/adaware get the remnants and I haven't had any problems with partial uninstalls on anything since.
Just a tip.
T
Tech support people who don't know anything about computers (these are by far the majority) can go years without any ill effects. For those people, their job is to answer the phone and read a script.
It helps if your company has a process in place for various issues. When I worked tech support, there were actually times when we could say "Sorry! That's your problem! We're not going to help you! We're not responsible for you fucking up your computer!"
Personally I think Internet access should be licensed, just like Ham Radio is. And tech support people should be able to revoke that license at any time for any reason. "You installed WHAT?! I'm sorry sir, I'm afraid I'm going to have to revoke your Interent license."
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
It's amazing how bad spyware and adware are getting, and even more amazing is how most non-savvy people have no idea what it is! They all know about virus's and stuff, but this epidemic seems to be becoming worse than virus's.
I work in the MIS Department of my company and people are always asking me what they can do to speed up their personal computers at home. The first thing I always tell them is to go download ad-aware (http://www.lavasoftusa.com) and they almost always come back the next day saying that their machine is running 10 times faster than it did before.
Whats the most spyware components that any of you have found and removed from a computer? Mine's around 3000. That's right. We have a thing around here where running Ad- Aware and the like is more of a game. People bring in their computers, and immediately run Ad- Aware and spybot on them. I hold the current record in the store.
It would be interesting to see the money trail involved in common spyware.
I'd like to see the endpoint companies who are advertising, wittingly or unwittingly, via spyware. Perhaps the way to go about ridding spyware is to shun companies into policing their advertising partners to ensure they don't ever use spyware as their method.
.sigs are for post^Hers.
That's the best solution. And these programs must be run often in order to maintain a secure machine.
Someone mentioned LSPFIX (for fixing winsock settings). If only I had it four hours ago!!! I just spent 4 hours of my life re-installing Windows and all the little apps that are needed for good operation...
Why is it that spyware removal remains a separate category of software. There should be a feature added to AV programs to prevent spyware from ever being installed in the first place.
I've developed a small, word-of-mouth, cash-only business removing spyware and adware from friends and friends-of-friends' various Windoze machines. I use free tools like AdAware and Spybot. I tell them about Popup-Stopper and Kazaa lite.
I don't tell them about Firefox, Mac OS X, or Linux anymore. I also don't tell them to not use regular Kazaa anymore. After the first twenty or so times I tried, I got nothing in reply except blank looks, shrugs, and scorn, derision, and vitriol about any other operating system other than Windoze.
Now I don't tell them because in a month or two, like clockwork, they call me again and I repeat the procedure, and pocket another $50 CASH that they happily fork over. I've even been called a "lifesaver" many times.
1. Kill all suspicious processes
2. Clear Internet history, cookies, and cache.
3. Delete any crap from the Startup group
4. Install Ad-Aware (this might have to be done from cd or removable media since some spyware causes internet breakage)
5. Update Ad-Aware
6. Run Ad-Aware
7. Delete anything Ad-Aware quarantined
8. Run msconfig and remove from the Startup group anything you don't know what it is
9. Reboot
10. Repeat steps 6 and 7
11. Reboot
You should be good to go. I've had to do this on just about everyone's computer in the dorm at school and many family and friend's computers... It's never failed once.
Some people might not like this suggestion, but trust me, it works. Install Firefox and remove any shortcuts to IE (just make it unusable by the average person, since you still need it for Windows Updates). Teach whoever how to use Firefox. I've done this with my parents (who are NOT computer literate). I set all the settings correctly, installed all the plugins, etc. They don't miss IE at all. Plus, Firefox blocks popups and doesn't run ANYTHING without asking you first, thus, no more unwanted spyware from bad websites...
Did we forget how to set exclusive proxies?
How much is your data worth? Back it up now.
I'd have to agree, with the small provisio that I think that anti-virus firms need to do a better job defining what a virus IS.. As the admin of a small school I've decided that next year I'm locking down the labs - big time. I didn't do it up until now because of program incompatabilities but I have to say that if this remains an issue, it won't matter - we'll get different programs.
:O
It wasn't so bad before this year. Yeah, there was some spyware out there, but it wasn't like f*cking 'n-case' which replicates itself to random filenames all over your drive and then inserts startup stuff in 'startup', the local and machine registry, and even the freakin' win.ini!!!
I called Sophos on this after spending some two hours cleaning it up. I basically said, "You folks need to take some responsibility here."
The time has come to draw the line in the sand. n-case and others like it, are VIRAL. It can't be removed easily by the user - NO agreement of this nature can be legally binding.
Now for what frightened me the most: Ever have spyware that couldn't be cleaned by Spybot and/or Ad-Aware - even with the latest patches? No? Then you probably don't live in Korea. A few of our students do, and this is where this particular piece of crap came from. It defended itself by making a program that runs at startup that runs a program that insures that another program is there and running THAT, reprograms your home page to a site that ActiveX 'drivebys' your computer to load the program!!!
That was a bitch to clean up (although nothing compared to n-case!). You probably haven't seen this yet because it's a Korean app - but it managed to get on a few American machines here when the Koreans visited a site that installed some 'happy fun cursor' program.
I'm ranting.. But the truth is: Admins have to do their part, but the anti-virus people have got to do a better job also. They need to stop turning a blind eye to this issue.
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
I'm a workstudy at a local college. The domain is NT4 server with 2k workstations. Our net admin is worthless, so I'm trying to figure out a way to limit the amount of spy/adware we have on our systems, which is alot.
I'd also like to limit installations that don't quite qualify as adware, like Yahoo Messanger and Google toolbar(questionable). I've limited access to the Program Files dir, no write access. But what I'm wondering is there a built in feature for NT4 to limit installs of any kind to users? If so please respond with any tips that may be useful!
Email will probably work best if you're really generous
spite_fowl@yahoo.com
Thanks!
PS: OT problem also, I've been trying to lock down the roaming profile, so that they download the profile from the server, but no changes are made and the local profile is wiped out on logoff, This has become a tiresome delimna, I can lock down the profile on the server, but the local profile remains and causes some problems. Any tips from MS admins would be helpful!
It seems like MOST of these beasties throw themselves into the Run and/or Runonce registry keys. Why can't those keys be locked down?
"Draco dormiens nunquam titillandus."
Does MacOS have a magic spyware prevention AI, or is this simply a temporary fix theorugh obsucrity. Remember, spyware has nothing to do with the security of lack of in an OS since the user actually isntalls the spyware, either alone or with another program.
Now being that Macs are at least reasonably popular and that spyware is just on the rise, the day will come when spyware makers start targeting Macs. There will never be as much of it, of course, since they are as popular as Windows, but then again the majority of the spyware you see in Windows as the same few programs over and over.
So what happens then? Do you move your family to a different OS like Linux? If that gets targeted do you go to something REALLY obscure like VMS or QNX?
I'm not saying there aren't good reasons to use MacOS, there are plenty, but "because there's no spyware" isn't one of them. That is running away from a problem that will eventually catch you. Unless you are ready to again hop to a new platform when it happens, it's a bad reason.
"format c: /q" /dev/hda1
That's the best way? I always thought it was:
% mkfs.ext3
After that, the spyware won't come back, either.
Kinetic stupidity has a new brand leader: Allen Zadr.
I saw in a couple of comments that folks referred users off to their ISP for help removing these items.
DON'T! Please!
A comparison I had to use yesterday with a customer because they were getting angry that we(ISP) would not help them was:
If you have a car, don't maintain it, ignore the recall notices, drive without your seatbelt and slam it into park while still moving, you're going to have an accident or break the damn thing.
Do not call the DOT/highway department because of it. We can't and are not going to help you.
An ISP's job it to provided a customer an internet connection. Not to be their free tech bitches for any and every issue that comes along. We view virii and spyware as OS issues and not the ISP's connectivity issue.
Our qualifying test is.....if your computer was in perfect working order, can you get on the internet. If it's not.....call us back when it is and we'll help you with the internet.
That may sound a little customer unfriendly but when queue hold times are over 30 minutes and every customer is pissed off, you have to draw the line somewhere.
If we fail to hold computer users responsible for their own actions, we are enablers of the behaviors we are complaining about.
I'm at a university, not a corporation, but there are coprporations with similar problems. Thing is at many places the buck does NOT stop with the IT people. The policies are made higher up. So you can argue to the people that make the policies that it should be policy that no one has admin and all installs must go through IT, but the don't necessiarly listen.
That's where we are. We TRY to keep people at user level access, but if they demand admin access we basically aren't allowed to say no.
The other reason why Macs don't get a whole lot of virii is because they're lacking the application market. You're much more likely to get a virus/spyware from some shitty program you've snagged from FlyByNight Shitware than anyone that's bothered to take the time to port their app over to the Mac.
With this in mind, it's equally easy to run virus/spyware free with Windows, just by being careful.
- Think Snow Crash. Treat unknown software like a hypodermic needle picked up off the street. You gonna run that? Run software from reputable sources you trust. Don't do warez.
- Know the software you install. Don't install what you don't need. Strip down your installation, if necessary.
- Know the difference between programs and data files (if yer a newb). Know which data files contain scripting/macroshit. Disable the scripting functions of every program that views those data files, or use data viewers that don't run those scripting functions.
- Be up to date on your security patches.
This basically eliminates your exposure to 90% of virii, simply by not being fucking stupid. You'd get the same results by using a Mac, mostly because Macs don't have a massive shitpile of software to infect yourself from. You're basically practicing these steps anyway.
The other 10% are either going to fuck you up the ass regardless of what you do, or maybe will be caught by AV software.
I warned my daughter about the Same Stuff on Different Days. Even had to reinstall Windoze on her system because it was so trashed. I read her the riot act about adding "the goodies" and tied in the third degree with it on top. The next week all of the garbage was back. So, I cleaned the drive again and pulled the network drivers. She has no email, internet, NOTHING. Yes I get the occasional whine and sob about not talking to her friends but I told her, you mess up - you pay. Best fix possible - pull the plug. It also works at the office. Install spyware after a cleaning and warning, your computer loses internet access. It is just ToughNetworkLove.
I found that Spysweeper works better than SpyBot or others. It scans memory and can prevent Spyware and Adware from installing and schedules a regular scan in case they do install.
If you run an X86 PC system with Windows, There is a solution to the malware problem if you are not too chicken to use it. Buy Crossover Office if you really want to run MS-Office and other MS-Junk. Yes you heard me right, leave that POS called Windows for an OS that does not suffer from such bad malware and security prolems.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
Props to the SONY desk ~ML
My experience as a technician in the business world is that spy war should be more of a training issue than a support issue. The users at my office know they are going to get chewed a new one if I find bonzi buddy and the like on their computer. Our company has a very strick policy about installing software on their computers. Our firewalls and proxies block most everything, plus we don't give users administrative rights to their computers. I rarely find spyware any more, except on the occasional old win98 pc. Companies need to let IT departments get tough on users, instead of bending over backwards for them. I guess that's why I like working where I do.
---
Lousy rotten karmic retribution.
Have to deal with this every bloody day with customers who phone me, its a pain in the bloody arse!
#
"WebTV: bringing the Internet into the shallow end of the gene pool since 1995" - Martin Bishop
The problem here isn't spyware developers. The problem here isn't the Nigerian spammers. The problem here isn't DDOSing skript kiddies taking over thousands of machines on the Internet. The problem here is users who expect to be able to be allowed to be completely ignorant of their extremely complex system while at the same time being protected against the hazards that they will encounter on the Internet.
The solution is quite simple; force those users to learn the fundamental basics they'll need to protect themselves from all the above hazards, and require them to take a test to determine that they're at least minimally able to protect themselves. Additionally make it easy for a person working in a technical capacity to revoke that license ("I'm revoking your license. If you want it back you'll have to take the class and the test again.")
Elitist? Is requiring a driver's license so that idiots won't go out and kill people on the road elitist? Is requiring a ham radio license so that people won't go out and interfere with legitimate services elitist? The potential exists to do as much or more damage with the Internet. We can no longer allow users to be blissfully clueless. A license is a public affirmation that they are aware of the responsiblity they take when connecting their computers to the Internet.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Easy, try nessus. Nessus scans networks for security vulnerabilities and spyware as well. To scan for spyware, it needs remote registry access so give it an account with sufficient priviledges. Just look at the plugins page to see which spyware it can detects.
Just turn off your computer and go out and watch a soccer match or something. GUARANTEED not to get any spyware on your computer that way! O:)
...not so much because it "has partnerships" with spyware developers, it is because the EULAs of a lot of software like that form Gator, Bonzi Buddy and Kazza Lite grant you use of the software only in conjunction with the spyware and adware components it installs.
So on essence, Dell could have their asses sued off for assisting its customers in software piracy, DMCA violations and so on. So it's probably on advice of their lawyers to cover their butts by not getting involved in spyware support calls.
Younger users growing up with computers are much more willing to learn. It may take 15-20 years to work, but educating children who will be the future workforce is more likely to solve the problem eventually than trying to teach the current workforce of people who don't want to learn.
In the meantime, "Joe, this is the same problem you have reported twice before. I have been helping you as a favor. However, I have explained how to avoid the problem. I will explain it again right now. If you need help with this again, it will cost you an extra US$150 (some outrageous amount they won't want to pay or that you'd be happy to earn to do this repeatedly)." or some similar response that affects their wallet directly may force a few brain cells into action.
I was taking one day at a time, but then several days got together and ambushed me. (from a Rhymes with Orange comic)
Get it right guys.
_
\\/ are accustomed' - First Lensman
Look here for a nice custom patch. I just had to reinstall Windows for someone (not spyware, but just as dumb, they tried to install Win2k over Win98 with the disk scratched all to hell). I start with that, install the the free AVG and then Zone Alarm, Adaware, and spybot. I figure (hope) that'll keep the computer from comming right back to me.
Still, I wonder how long until Microsoft notices (and sues) this guy (whether what he's doing is legal or not won't matter to good 'ol MS).
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Thats what test boxes are used for. You install the patch on the test box and see what happens...
About the Sasser worm:
You really should have patched sooner. Eh, if I remember correctly the vulnerability reports appeared on the 13th of April and the exploit came out on the 30th. You had around 15 days to patch your computers and did not do it. Who's fault it is? In that manner, better to get used to skipping lunchtime... What kind of sysadmin are you?
Regarding Sasser, we where lucky that we had so much time in between the vulnerability reports and the appearance of the worm (the exploit). In many cases it has been much shorter than that. You really have no excuses not to have patched sooner. A good firewall may help too... (it actually prevent the worm to spread itself directly via tcp)
But since you're relatively new to the field, you (hopefully) WILL learn from these experiences.
This is a stolen sig.
Get it right.
users _never_ have their data backed up, they almost never are willing to lose it to a disk image. That's why OEMs love recovery CDs so much; they can easily blow the customer off by saying all they can do is run the restore, but hey, you could call Microsoft and they'll fix it.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Personally I think Internet access should be licensed, just like Ham Radio is. And tech support people should be able to revoke that license at any time for any reason. "You installed WHAT?! I'm sorry sir, I'm afraid I'm going to have to revoke your Interent license."
I know (think, hope?) you're joking, but I just have to point out how bad an idea this is. Licensing will invariably end up in the hands of a corporation or a government entity that listens to corporations, upon which "You installed WHAT?!" will refer to the random piece of OSS the tech support people don't know about or even the stuff they're paid to suppress.
-insert a witty something-
I took some precautions with my computer to prevent spyware but my roommate managed to mess it up pretty good, since then I have taken the correct steps to ensure protection. This is what I recommend if you want to keep a Windows computer safe from everything without paying for anything.
Whenever possible enable Automatic Updates for all applications (including Windows itself), if that's not an option update manually on a weekly basis.
System Protection:
Only use admin account when necessary.
Virus/Worm Protection/Removal:
Install AVG
Don't use Outlook Express use Thunderbird
Hacker/Worm Protection:
Enable XP Firewall (easiest) or Zonealarm or Kerio (my favorite)
Adware/Spyware/Pop-up Protection:
Don't use Internet Explorer use **** Frefox ****
If you have to use IE install the Google Toolbar
Run Spyware Blaster to give IE &/or Firefox more protection.
Install Spyware Guard and place in all users startup group to give real-time protection.
Adware/Spyware Removal:
Run SpyBot & Ad-Aware
In my experience each product alone doesn't get rid of everything, using both is the best way to go.
OR
Just take the Absolute Cheapest & Most Effective route and install Linux.
********
If you install Firefox you will want the following plugins, use Firefox to download the plugins.
Shockwave
Flash
Java
SELinux is the solution. With that you can set all kinds of permissions, such as ability to access the internet (full, limited, or none), file/directory/filetype permissions beyond the standard per user ones, and so on. For example, an mp3 player can be given read only access to mp3 files, read write access only to its own configuration files, write only access to the audio device such as /dev/dsp,, no other file access, no network access, and no other device access. I am hoping that there will be a distro for desktop use based on SELinux or other mandatory access control systems out once 2.6.x stabilizes.
I've never used Adaware Professional, only the free Adaware. But, according to the info at http://www.lavasoftusa.com the Pro version support network control of Spyware/Adware. I can't say how easy it is to deploy and manage though.
Just because it's the #1 OS for mostly-clueless home users. There are security safeguards that *could* prevent spyware from being installed. User-level security has been in place for the NT/2000/XP branch of Windows since Windows NT 3.1 up through Windows XP Professional. This should be equivalent to not running regular Linux sessions logged in as root/superuser. If Windows sessions started out logged on as non-administrator users then spyware couldn't install itself. That plain, that simple.
I don't mean to troll, but I am very curious about this trend. Many /.-ers here claim to hate spywares and yet, many earn their living dealing with spywares. So, would you recommend or have you recommended Windows PC over linux/Mac OS X/BSD strictly because of the support cost you can make? (Such and such softwares exist only on Windows or you only have Windows skills does not count)
Be honest! Post anonymously if you have to, and no, I am not interested in lengthy discussions. Just a simple no or yes, I would/I have.
Spyware has always baffeled me. I don't see why anyone would ever follow any link that pops up on their desktop. It's annoying, and I just want to close it instead of buying anything from a pop-up company. Is it even a good marketing scheme? ...
I have friends who call me up on the phone asking for help. I finally got tired of it, so I put up a website tutorial on removing spyware. I've even made step by step instructions for using Ad-aware and Spybot Search & Destroy. These pages still need alot of work (I actually made them last week), but I think they are a good start. I'm hoping to get some tutorials on other things such as firewalls sooner or later too.
Much of the problem with spyware is that EULA's are so arcane and overlooked that it makes it easy for things to be slipped in under the user's nose. Why do EULAs need to be so long? Why are they always in a tiny box that discourages reading it? Is there anything in the legal landscape to simplify all of this? I realize some of the problems are interface/GUI programming issues and some are legalistic maneuvers, but if EULAs weren't so lame and complicated we may have had a safer-computing populace right now.
When I was a kid, we only had one Darth.
My experience was in an environment where we had to maintain many UNIX's and NT's platform in order to certify product on all.
When one have an "old" NT box for example, all auto-update functionnality can be considered as somehow viruses : without warning it will change your environment. I faced several time our source code control system beeing screwed by those auto-updates, because some common stuff is changed in an incompatible way. The culprit was the... antivirus system. Result : production stoped, manual inevestigation... When you have all you prod automated from compile to package including tests, that's kind of pretty bad effect caused by something pretending to protect you.
When we look at the end of the day: the ressource is hijacked for non essential activities, not even in reaction to a real problem. That is why I eventually consider many "protections" as mal-ware. Could spybot auto-update be considered like that ?
I am pretty reluctant in anything changing a machine "automaticaly", even more users installing rubbish on a box.
I prefer to see myself what is there with www.windowsstartup.com. Hum sure : this does not work if you have to maintain 10s of boxes.
Probably the best solution is do not use an OS so subject to downgrades, just do not even have the possibility of a problem.
Ciao ciao.
The easiest pollution to clean is the one not generated.
Also, try running the program 'sysedit.exe' and it'll popup with the older style text config files (config.sys, autoexec.bat, win.ini & system.ini)... look in these for any suspicious proggies. I've seen some viruses/spyware add themselves into here so they can respread if you've just taken them out of the registry/startup folder.
Are you local? There's nothing for you here!
Ad-Aware with Ad-Watch is my personal choice, which requires either the "Plus" ($26.95) or "Professional" ($39.95) edition. You'll have to go through the "Tweak" options to set Ad-Watch to run win Windows starts and start in blocking mode, but once its up -- you don't have to worry about ad/spy-ware much anymore. Just run a comprehensive Ad-Aware scan every week or two, and check the results list to make sure nothing useful is being flagged as spyware! Oh, and Ad-Aware's free version (that does not come with Ad-Watch) is a very effective scanner/cleaner, but it will not stop ad/spy-ware from infiltrating your system -- it can only remove it after the fact, which often requires several minutes (or even hours?) of tweaking after their removal.
Spybot Search & Destroy is my second choice, and except for its tendency to treat files quarantined by Ad-Aware as spyware (well, they are, but they're quarantined!) and to miss a few items that Ad-Aware finds, Spybot is very capable of keeping your PC (mostly) clean. But here's the catch: Spybot is freeware, so it is much more cost-effective than Ad-Aware, but remember the old addage: "You get what you pay for."
I've used both Ad-Aware (more extensively) and Spybot (somewhat extensively) for several months, and here's my suggestion: use Spybot or Ad-Aware's free version at home if your files aren't "top secret" or otherwise crucial to anyone's survival; use Ad-Aware Plus or Professional on business computers (where the company will pay for the license) or if you want to protect your computer from gathering ad/spy-ware in the first place.
There are other options out there, and remember that nothing is perfect... Some legitimate things will be deleted if you're not careful, and some illegitimate things will sneak through no matter how careful you are. The ad/spy-ware-war only marks our attempts to stay ahead of the game.
Sounds to me like someone needs to build freeware or shareware spyware-free clone of Weatherbug, Comet Cursor, etc.
Your fantasies contain the seeds of important concepts.
would someone tell the dell execs to quit f'in telling their customers to call their ISP and say its their problem? then again, they do that for *ANYTHING*
Repost of this comment, with fixed links. (Mod the other one down!)
* * *
Ad-Aware with Ad-Watch is my personal choice, which requires either the "Plus" ($26.95) or "Professional" ($39.95) edition. You'll have to go through the "Tweak" options to set Ad-Watch to run win Windows starts and start in blocking mode, but once its up -- you don't have to worry about ad/spy-ware much anymore. Just run a comprehensive Ad-Aware scan every week or two, and check the results list to make sure nothing useful is being flagged as spyware! Oh, and Ad-Aware's free version (that does not come with Ad-Watch) is a very effective scanner/cleaner, but it will not stop ad/spy-ware from infiltrating your system -- it can only remove it after the fact, which often requires several minutes (or even hours?) of tweaking after their removal.
Spybot Search & Destroy is my second choice, and except for its tendency to treat files quarantined by Ad-Aware as spyware (well, they are, but they're quarantined!) and to miss a few items that Ad-Aware finds, Spybot is very capable of keeping your PC (mostly) clean. But here's the catch: Spybot is freeware, so it is much more cost-effective than Ad-Aware, but remember the old addage: "You get what you pay for."
I've used both Ad-Aware (more extensively) and Spybot (somewhat extensively) for several months, and here's my suggestion: use Spybot or Ad-Aware's free version at home if your files aren't "top secret" or otherwise crucial to anyone's survival; use Ad-Aware Plus or Professional on business computers (where the company will pay for the license) or if you want to protect your computer from gathering ad/spy-ware in the first place.
There are other options out there, and remember that nothing is perfect... Some legitimate things will be deleted if you're not careful, and some illegitimate things will sneak through no matter how careful you are. The ad/spy-ware-war only marks our attempts to stay ahead of the game.
Hey, go to http://www.linspire.com. Purchase Linspire. It is the best and easiest distribution of Linux out there! Then say goodbye to spyware. :-)
>I don't understand why Apple's market share hasn't soared thanks to this and other similar advantages.
I'm betting a lot of potential Mac buyers are first introduced to linux as the "other OS," and thankfully re-install XP after the 80th time they've typed su or edited a 20 page config file written by CS majors for CS majors.
Linux advocates really need to realize that they're acting like a third-party spoiler when someone wants something simple to use. I don't see how installing what is essentially a server OS is a "MS killer" especially when Apple makes a product designed for people sick of windows.
Ideally, Linux advocates should be advocating Macs for non-techies. Instead, I see way too much mindless Apple bashing here and we wonder why MS is so dominant. For these reasons, when someone says they're a mac owner its the equivalant system shock of hearing "I'm a scientologist!"
Lets put the rhetoric and idealism to rest and push Apple products to those who need them.
That might work if you can keep you're users from saving stuff to C:. I guess you could move system folders like User's Profile folder to another device. What I really want is an honest to God /home dir, complete with no write access for other directories on the system. Users shouldn't even have the option to throw their files all over the drive. If this could be done though, I'd think Dell/Gateway/etc would be doing it. The problem probably goes back to the fact that you need admin rights under Windows to do most anything beyond Office apps/Web apps. Still, maybe it can be done, and Dell/Gateway/me are all just too lazy.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
I run Win XP Pro because I need Lotus Word Pro and Access, neither of which run native on Apple; but I don't help others support Windows. It takes too much time.
Wouldn't be very useful in the real world though. You'd have little more than a bulky, expensive WebTV box.
I also got a "bad" version of CW, here is how to get rid of it. STart ad-aware start spybot start cw shredder (do not execute their cleaning) hit ctrl + shift + esc, this will bring up task manager. Browse Processes and turn of all instances of internet explorer and "explorer.exe" Now run ad-aware, run spybot, then run cwshredder. explore the windows directory and delete the random folders created by cool www search, i think they all have random naems with a common "msiesh.dll" file./ After that is finished, restart the computer, and it should be gone. This was what finally got rid of it on my worst case scenario.
If you don't vote, you don't matter, so don't waste your time telling me your opinion
I t'ink he
I bought this house and you know I'm boss
Ain't no h'aint gonna run me off
When I was working in phone support for a major ISP one of the biggest problems we had was people wouldn't call in about spyware problems until their machines were SO hosed they couldn't even GET to the sites to download removal tools. So eventually I started bugging my supervisor and various higher ups until we put spybot in a small public ftp that we all memorized the IP adress of. That way when the users called in, what we'd do is have them open a command prompt, and walk them through an ftp on the command line to get the file. Sure it'd take 5 minutes to explain all the crap to type in, but it's way better than the usual "Wait I can't see the link anymore, there's a popup. Let me close it. Ok there's 3 popups, I'll close them. Ok wait I'll just reboot" etc that'd take half an hour. Command line ftp doesn't trigger all the resident hijack crap because it doesn't use the browser.
Introducing the new Occam Fusion! Now with sqrt(-1) fewer blades!
Nobody really cares about outsourcing tech support jobs. It's that companies are outsourcing stuff that requires more knowledge/creativity/expertise that is bad. And most companies have to learn the hard way that outsourcing that stuff is a huge and costly mistake. I wish that our helpdesk would be outsourced. They are simply incompetent.
Symantec Corp Ed v9 (when released) is supposed to begin treating spyware/malware etc as a Virus - complete with signature updates and centrallized policy management ...
..
I know I'm cranked about it
---- "Logoff! That cookie shit makes me nervous!" - A. Soprano
...it's a huge growth opportunity for them, and in many ways is such a natural for their scanning engines that they would have to do very little to even begin supporting it other than adding spyware definitions.
That they haven't makes me speculate that they might fear repercussions from other industry partners that like the spyware concept, albeit slightly less malevolently, and don't want to see it totally mooted by AV companies, or if perhaps they've felt pressure from larger clients who are involved in spyware either directly or indirectly.
It's probably conspiratorial to speculate on that, but there aren't a lot of logical reasons why they *wouldn't* want to do spyware removal, especially in a premium product.
THEY WILL REFUSE TO LET YOU HELP THEM
...For which, I have a fairly standard response:
Doesn't stop them from still calling you up
"Run both SpyBot and AdAware. Let them delete everything they flag as suspicious. If this includes a program you use, you have two choices. Either find an alternative that SpyBot and AdAware don't detect, or stop asking me for help - If you actually want spyware, I can't help you anyway".
That about covers it. Some people may not like that attitude, but TFB. I consider my time a lot more valuable than their ability to know the current weather without a quick visit to weather.com, and will tell people as much.
In my experience, if a person's machine has started behaving poorly enough to prompt a call to me, they will welcome and thank me for cleaning their machines, even if I do end up killing a program or two that they actually use. I have yet to hear someone complain that their machine feels about 10x faster at the expense of their pretty cursors.
Now, the more negotiable grey area, IMO, involves what loads at startup. I personally tend to disable everything that I can manually load when I need to actually use something. That includes most printer and display "control panels", Palm's hotsync manager (or similar app for other handhelds), most multimedia apps' quick-start features (Netscape, QuickTime, Real, etc). If a person really does use that functionality very frequently, fine, they can keep it. Otherwise, they waste memory, meaning they don't really speed up loading, they slow down everything. Not a net gain, IMO.
Firefox only has two advantages over IE+google toolbar: Tabbed Browsing (which i'm starting to like), and security. Until recently, they weren't reason enough to switch. Now, they are.
;).
This is a bit off-topic, but if you have this exe - C:\Program Files\Common Files\Microsoft Shared\Help\dexplore.exe (Microsoft Document Explorer) - on your machine (I guess it comes with MSDN?), then you can use it to browse. It will use the IE rendering, and will have tabs, and you can even customize the hotkeys. Somehow I find it faster than IE
You have to remember that most of this spyware installs itself via social engineering. All you have to do is write some stupid game that downloads ads while getting the high score list, and you can compromise millions of machines.
As with all social engineering attacks, there is no technological solution. The only way to stop them is to do what works in meatspace -- prosecute the perpetrators for fraud/larceny/whatever. That way, any software that doesn't explicitly spell out all of its "features" is liable for fraud and whatever else the user "agreed" to.
aQazaQa
I've found that it works better having another job and doing tech support as a side thing. That way I can be the emotionally abusive one and it won't affect my bottom line terribly.
My blog. Good stuff (when I remember to update it). Read it.
All it takes is for the spyware to call itself WINLOGON.EXE, and you won't know it's bad. In fact, Task Manager will refuse to kill it if its name is services.exe, smss.exe, winlogon.exe, or csrss.exe.
aQazaQa
I had no idea I got it until I ran adaware. Then I got some freaking spyware bug that deleted windows media player and replaced it with a spyware app or a virus or something.
I just fought that one off last night. Took forever to nail it down. Here's what finally worked.
Delete the wmplayer.exe in Program Files/Windows Media Player. Run ad-aware 6 with the latest definitions. That'll zap the crap that it installs, which for me was windows/a.exe and windows/system32/bridge.dll, along with a host of other reg keys and crap.
Because it's windows, reboot and run the scanner again. If it finds anything, repeat.
If you're lucky, you'll still have a working copy of wmplayer.exe in windows/system32/dllcache. You'll know it's the good copy if it's larger than around 6k or so.
Hope this helps, because this one was a total pain in the ass to track down. Good thing my machine is dual boot Linux. And my main windows browser is now Firefox, too.
Oh yeah, on a side note... Whoever wrote the scumware that overwrites Windows Media Player needs to be hung by a pair of thumb screws and roasted over a coal fire. It's one thing to sneak your apps onto a system, but another thing entirely to overwrite existing apps.
Here's hoping their crap gets noticed on some FBI computer somewhere.
Weaselmancer
PS: Just in case there's a friendly FBI guy reading this, take the scumware wmplayer.exe into a Linux install and run "strings" on it. You'll see the URL of the fine folks who brought you this plague. They encrypt their strings by inserting 4 garbage characters over 0x80 every so often, so ignore those.
Weaselmancer
rediculous.
Ad-Aware is a viable product, now. I am not claiming that Spybot is superior to Ad-Aware. I'm merely saying that Spybot gets the job done very well, at a price that cannot be beat.
Ayup
its a hell of a lot of work to keep the Windows updates up-to-date, not to mention the anti-virus sigs, the ad-aware, spy bot and the Spyware blaster all updated too.
I have one machine at home that I must keep Windows on due to work requirements, and I spend more time administering that box in a week than I do on my other four Linux boxes in a year combined. Its a bitch when work requires you to have certain software then says its up to you to support it. Damn...I guess its time to find me a new employer.
SELECT * FROM User WHERE Clue > 0
0 rows returned
If you switch to Opera, firefox, Mozilla,etc many of the spyware problems disappear (and a large number of virus problems as well). I know it sucks to have to train the staff and hide the IE web browser. But as someone already said "Why infect the small 5%?"
Finding it is easy.
Simply not installing it is also easy.
this calls for a well configured proxy to block all sites deemed unworthy, im not for internet censorship, but in the case of security its essential. just make sure you blacklist the corresponding ip's of sites you really want to keep users out of, beucase just accessing a site that way will bypass the restrictions.
"I was annoyed by these pop-ups," [Portal of Evil's webmaster] Faliszek said. He started digging, but ran into a wall of shadows, denials and false trails. He thinks the problem of sneaky programs like VX2 is growing, and something needs to be done. "Self-policing isn't working," he said. "I hate to say we need government intervention, but something needs to be done."
So let me get this straight: This guy is quoted by a sympathetic journalist and clamors for new regulations, laws, an army of civil servants to enforce them, and the matching tax levying, all of that for his God-given right to use IE under Windows instead of, Heaven forbid, using Mozilla or a non-Windows machine.
At this degree of cluelessness, the words "dribbling idiots" are pitifully unadequate. May I suggest "drooling fuzzbrain"?
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
"Sure thing, Skipper!"
Heh. Ubersoft.net rocks. =)
eudas
Blessed is he who expects the worst, for he shall not be disappointed.
Don't you wish the software you want could install so easily?
You think spyware's bad? Take a look at the "cool web search and other malware removal" forum on SWI.
http://www.spywareinfo.com/forums
Hell, just because of that crap that people push out, I keep a USB pindrive (yes, it's the "devil duck" one from ThinkGeek) filled with utilities:
- Spybot (can be run without installing!)
- Ad-Aware 6 installer and new reference file
- Stinger
- CWShredder
- AVG installer and license code
- ZoneAlarm installer
- TheKillBox (can delete _ANY_ file - even ones in use)
- PV (used to detect new versions of CWS that tie themselves to winlogon.exe as well as explorer.exe and can't be removed without DOS or the Recovery Console)
- Firefox and K-Meleon installers
Suffice it to say, my life is rather busy thanks to those bastards who make this.
If I had my way, I'd take them out into the street, then let each and every person who was inconvenienced by their software throw one ball at them.
I.E. shotputs.
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
Sysinternals Freeware AUTORUNS Applet.
n s.shtml
Allows manual removal of anything and everything you don't want.
Without question, worth the $0 it costs to download.
http://www.sysinternals.com/ntw2k/freeware/autoru
Ok, I may be silly even posting this, when no one is probably reading this thread anymore, but are there any spyware removal software packages that run silently from a command line?
Use 'autoruns' from http://www.sysinternals.com/ntw2k/freeware/autorun s.shtml. It finds everything that starts automatically.
Must Consult Someone Else
Must Consult Someone Experienced
Either will do in this situation. I have 30+K boxen to take care of and I don't have this problem. On the other hand I didn't get my job by having a lovely collection of MS placemats.
sorry about the flamage it is just that admins who do not know what they are doing bother me. Patching, updating VSCAN, pushing uot apps, etc, all of this can be automated.
I depend on the powers of AC to prevent karma damage.
Get SpywareBlaster
I'm just wondering instead of waisting trained and experienced IT personnel removing spyware. Why don't companies hire tech savvy college students to remove it? It'd be cheap and free up IT for other things. After all how much know how des it take to run spybot and adaware from Win XP and 98?
Really... Using IE and downloading and installing all sorts of crap is how spyware gets on a computer. These jackass users need to realize that they're not the victim, they're a willing participant. And they should be slapped too.
"Would it kill you to put down the toilet seat?" -- Maya Angelou
I really like HijackThis. In addition to listing all the startup processes, it also lists all BHO, DPFs and Windows/IE settings used to hijack your browser... It's an awesome tool. I use it along with Spybot S&D and that seems to solve 99.99% of spyware issues.
- Go to Control Panel, Administrative Tools, Computer Management.
- In the left pane, see System Tools -> Local Users and Groups -> Users, Groups.
Make a user account a member of the Power Users group. This gives you a predefined set of user rights between the Users and Administrators groups.If you know exactly what restriction is getting in your way, you can enable that right for your account type.
- Go to Control Panel, Administrative Tools, Local Security Settings.
- In the left pane, see Local Policies -> User Rights Assignment.
To do this more quickly, if you find what changes are being made in the registry, you could make twoWe realized this over a year ago. It's about time AV vendors stepped up to the plate to help eliminate this junk. It's embarrassing that some products such as Symantec Antivirus Corporate Edition could do -nothing- about these new threats until their recent 9.0 release. In contrast, McAfee's VirusScan Enterprise has been able to detect "unwanted programs" since their 7.0 release over 1 year ago (April 2003). I think Symantec's stance was something like: "it's not anti-threat, it's anti-virus! Go buy Symantec Client Security". Total BS. Their consumer Norton Antivirus 2004 product was better than their corporate product!
The smothering of OSS is a small price to pay if I can arbitrarily deny someone the ability to access the Internet forever, even if only once.
You really need to use a thridparty task manager. A lot of newer spyware programs and keyloggers can hide from the MS version but fail to recognize a thridparty viewer like Codestuff Starter (which also happens to show you all the Run keys in the same app)
... and you better believe that if this sort of thing ever gets implemented by Micrsoft or the like that it would sound like this:
"Media player agent only allowed to operate if the media it is trying to play is approved by Record Company Cartel..."
A good concept in theory... I just fear what corporate interests would do to such a design (and then force down greater public's throat through monopolistic practices).
The worst, as in most annoying when it happens, tech support problem is viruses. I don't think I have a worst as in most common problem.
This is easily solved by the standard tech support answer!
fdisk
format
re-install
(doo-dah, doo-dah)
Seriously, I don't see how this problem really affects hell desk employees since they're not allowed to support anything but the software the machine was shipped with.
All spyware does is execute as normal software. Nothing special about it. By the very fact that OS-X can execute software, it can execute spyware. Spyware is just an app that runs in the background (OS-X supports this) that watches what you do (OS-X supports this) and then uses the network to report it (OS-X supports this). It's not like a virus that breaks in through a hole, users willingly install it. Sometimes as part of an app they want (Kazaa) or sometimes by itself because they like something it does (Bonzi Buddy).
Thus there is no prevention for it, under current OS design models. If users can install software, they can install spyware.
Spyware does NOT come in via exploits, it comes right in the front door. The users downloads and installs a program which, as part of the install process, installs spyware. Most even TELL you they are doing this. Kazaa is the best example. It installs about 6 peices of spyware, and notifies you it is doing so. If you remove any of them, it stops working.
OS-X cannot provide any defense against this since this is a USER INITATED install. The user WANTS to install the software. If it requires root, no problem, it'll ask when it installs. They'll say yes since they want to install the app.
Spyware isn't a virus, it doesn't prey on exploits, it preys on users. They either don't know or don't care about it's ill effects and so install it anyhow. Some even markets itself. Comet Cursor is software that is spyware, but people actively seek out and install since they like the dorky cursors it gives them.
First it was problems setting up software or getting the printer to work.
When my mom asks me about her spyware problem, I can't answer. I just say that she almost shouldn't be on the internet anymore.
God spoke to me
If you are using this mentality, then YES, Spyware/Adware is probably kicking your ass right now. Stupidest mentality EVER. Can't believe techs still use it.
Too bad my mod points expired...
I'll vouch for Bart's PE as a great tool. It does take a while to assemble and build your boot CD - for licensing issues, you can't just "download an ISO". But, if you're looking for a way to easily get your friends and family off your back... this is a good way to go.
There are extra benefits to using a boot CD versus a regular software install of anti-spyware. Since you're not booting from the hard drive, there's no chance for spyware launch "watcher" processes to prevent anti-spyware programs from installing or launching. While you're at it, you might as well pop a virus scanner on the CD, for similar reasons.
As an aside, even though Bart's PE should have perfect NTFS abilities, when it comes to recovering data from damaged filesystems, Knoppix often works better - probably because it mounts read-only or something.
I provide support in a corporate environment where a percentage of our users have local administrator rights on their Win2K boxes. They have these rights for legitamate, valid business reasons and most of them are computer savy people. Yet they get infected with spyware on a regular basis. Often enough they tell me that it just happens. I have to believe in a certain percentage of cases, this is true. Other times, they are fooled in to installing it.
It interfers with some of their business software and God only knows what information this adware is pulling and using. I hate the stuff. I also hate to re-image the computers but have started to form the opinion that this may actually be the best course of action to take. Why do I feel this way? Because when I re-image the computer, it stayes spyware free a bit longer. I'm pretty sure that this is partly a social factor. When I tell the user that I had to tear it down and start over again, I think they are more careful.
"i need to find a new job" is an understatement.
I'm right there with you, brother. I work for *gasp* Comcast. The rash of anti-Comcast articles here aren't helping me feel good about my job.
||:|::
What are the others? Yeah, I could make a bunch up, but I'm really interested in what other people find useful.
I'm working in a school, so my best tools are Bart's Network disk with ghost on it, (all NICs except the ones with no DOS drivers, for that I'm working on ghost32) and chntpw.
The aggressive firewalling, censorware and AV ensure that most of the problems are intentional mischief.
Remarkable how destructive bored adolescents can be. I guess that's one reason the military loves 'em.
Assembly is the reverse of disassembly.
Spyware and adware is 80% of the clientel we getv at our computer repair shop. As for removing it we use a bootable windows cd With SpyBot S$D and Adaware on it.
Most of the world's problems are caused by the behavior of assholes.
I think people convicted of crimes should be indentured afterwards to pay the social cost. For example, burglars should pay part of their income into a fund to provide everybody with locks and burglar alarms. Spammers should pay for part of my bandwidth, and spyware makers should pay for free tech support. It's not about an eye for an eye, it's about behaving like a grownup and cleaning up your own mess.
I've seen a lot of people in this thread ask why anitvirus companies don't go after spyware. What I wonder is why don't computer makers go after spyware. Tech support at Dell and HP must have tons of problems with spyware, but since they don't want to tell them to download another company's product like Spybot it is impossible for them to solve their customer's problems. They should ship PCs with their own spyware removing software just so that their tech support doesn't have to look worthless.
Open Source Sushi
Thanks! Here's my list. The stuff I carry is usually for cases where I can't access the network or hardware. If the machine sees the network, I've got it made.
I mentioned these two, but here are details.
chntpw, reset NT/2k/XP passwords with the full bootable floppy version.
Bart's network boot disk built into a 2.88 meg image allows a huge load of network drivers, and with a copy of ghost I don't ever have to mess with building boot floppies for ghost again. I also included basic DOS utilities for manipulating the HDD and testing.
Bootable CDs with floppy images can be useful, and Bart provides a handy utility for building them. Put a disk image of chntpw on a bootable CD with other goodies per instructions at Bart's site.
I also carry Knoppix or perhaps a nice Bootable Business Card with lots of network drivers. With read-only NTFS access and networking, I've stripped data off of drives I couldn't even access for a fresh NT/2k install. Pour it across the network, and you're a hero. Also good for a slow clone with dd, or an emergency Remote Desktop Client. If you pick a livecd with a nice recent version of kparted, you can resize live NTFS partitions (I used SystemRescueCD). I've needed to do this more often than I'd have expected. Knoppix's NTFS tools were less useful at the time.
I'm looking forward to using the Captive NTFS drivers, but that seems less neccessary with one more set of tools from Bart's site, the bootable XP/2000 pre-execution environment in BartPE. These allow full access to NTFS, as well as providing an environment you can run Adaware and other Windows tools from. One of these made my day last week. It's dog slow to boot, but running Adaware or other utils (chkdsk, AV, undelete), from NOT the boot drive is great.
Assembly is the reverse of disassembly.
To install Ad-aware and have it be up to date from the start, have a version of it on a known good machine, update that, then copy the reflist.ref file from your Lavasoft Ad-aware directory to your installer program location on CD or wherever.
After installing Ad-aware, copy the updated reflist.ref over to the install directory (make sure it is not set to Read Only if copying from CD), overwrite the old version and then run Ad-aware itself. It will have the latest reflist ready to go for you without needing to get online.
Visceral Psyche Films
Not KParted, QtParted. My apologies to the developers of QtParted, you've got a great tool.
QtParted is great for resizing live NTFS partitions.
Aaargh!
Assembly is the reverse of disassembly.
It was an accident DUMB ASS!
That's to get the creditors off their backs for the other 87% which probably have to do with the $440 for a P4-2.66Mhz machine.. Hey they are making them in China anyhow.. Could this be how the spyware is getting in?
Just say no to license servers!!
Don't you just hate when you get calls from telemarketers at the most inappropriate times (any time in fact). They are a pain. Well it looks like the pain is now chronic. Spyware is the new age telemarketing without your knowledge. Big Brother is watching and really is more like a Big Bother. Its programs such as Kazaa that ruin your computer. Along with the fact your running windows but thats another story. Its like when did surfing the internet turn into an invasion of privacy.
This solution is really intended for competent IT managers, since you have to coordinate it with actual updates (like service pack installs), but it's pretty easy to use. I have been using it to manage my wife's system and several neighbors. Before I started, the systems were the usual spyware-fest. Now it's just amusing to get a notification every time someone tries to install something they shouldn't.
Allan Miller
handsfreenetworks.com