Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spyware Becoming Worst Tech Support Problem

Posted by michael on from the brought-to-you-by-microsoft-windows dept.

teknurd writes "Wired has an article about the growing problem of computer users having to call tech support to get help removing all of the spyware on their computers. 'The fast-growing phenomenon is already responsible for more than 12 percent of all technical support calls in Dell's consumer hardware division, the biggest category of complaints this year, company representatives said.' Personally, I have had to remove this plague from the computers of several friends and family members."

47 of 814 comments (clear)

  1. Just run Spybot by baggachipz · · Score: 5, Informative

    http://www.spybot.info . That's all it takes. Have it run on people's windows startup and they're set.

    1. Re:Just run Spybot by AndroidonPPC · · Score: 5, Informative

      \\(machine name)\c$\documents and settings\all users\startmenu\programs\startup\ is good place to start

      or just make a registry file to add info into hkey_local_machine\software\microsoft\windows\curr ent version\run key. (hint: this works on any windoze box when done as administrator)

      with remote administration and a script, you could have those puppys running mighty quick.

      -Andy in Chi

    2. Re:Just run Spybot by drinkypoo · · Score: 4, Informative
      Lavasoft Ad-Aware still detects things that spybot doesn't - and vice versa. Entirely (?) removing CoolWWWSearch actually required running both programs.

      There's nothing you can do to prevent spyware aside from completely locking down systems so users have nearly no permissions to the registry or anything else. This of course means that no programs not explicitly allowed on your network will operate. If you can deal with this tradeoff, more power to you.

      Spybot Search & Destroy is a fabulous piece of software but it doesn't do the whole job.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    3. Re:Just run Spybot by petecarlson · · Score: 4, Informative

      Unless you were using an older version of Ad-aware, LSP-FIX would have fixed your tcp/ip stack. I used it on one of my friends computers and it worked perfectly. Of course I installed Mozilla while I was there and he asked me about it. I tried to explain that it was an opensource web browser but he just gave me a blank stare so I explained that it was an improved version of IE with a built in popup blocker and tabbed browsing.

    4. Re:Just run Spybot by Anonymous Coward · · Score: 5, Informative

      I'm going to make the assumption that XPI can be abused in the same way -- but why abuse 5% of the browser population (and the 14 users of Netscape Navigator) when you can abuse 95% of your browsing audience?

      It's not very common, but it does happen. Check out this thread if you don't believe me.

    5. Re:Just run Spybot by GPLDAN · · Score: 4, Informative

      I don't know if you've seen on the website, but Spybot has been under a concerted DDOS attack, off and on, for awhile. I think the fact the software is so damn effective, and the guy does just a frankly superb job of keeping signatures up, that's it's really put a thorn into the side of spybot creators everywhere.

      If you can afford it, consider donating to the guy. That's a helluva bit of software to be giving away. Either that, or nominate him for the Nobel Prize, if your on the committee that is.

    6. Re:Just run Spybot by Anonymous Coward · · Score: 2, Informative

      No, Spybot and AdAware are not enough.

      I was plagued with problems for over a month (more like two). I ran both of these programs continuously and was never able to remove the problem completely. I would remove everything that was found by Spybot and AdAware, and it would seem clean--until I rebooted that is. The damn crap would reinstall itself when I would reboot.

      I was pulling my hair out with this sh!t coming back constantly and thinking that I would have to do a complete reinstall.

      What eventually worked: Bazooka

      It tells you how to remove things manually (not for the layman, but no problem for the /.er) and is in-f*cking-credible. After about 8 weeks of hell, I found this and was able to remove all of the problem software within minutes. Plus, the software is free.
      In case you were wondering, the app killing me the worst was WinPup . Grrrrr.

    7. Re:Just run Spybot by mgpeter · · Score: 5, Informative
      just make a registry file to add info into hkey_local_machine\software\microsoft\windows\curr ent version\run key. (hint: this works on any windoze box when done as administrator)

      Instead of messing with the registry, download the Excellent Startup Control Panel from Mike Lin's Home Page. This little Utility is an excellent way to control what does and does not execute on Windows startup. Using this utility you will be amazed at what processes are automatically started, some programs, like roxio's crap, will start 3-5 processes at Windows Startup.

      It is also an excellent way to very quickly see if any Adware/Spyware is installed without running Adaware or Spybot.

    8. Re:Just run Spybot by masoncooper · · Score: 2, Informative

      The easiest way to prevent corporate computers from becoming infected with spyware is to not run your users as local admins. I can't begin to tell you how many times I've seen companies whine and complain because it's too much work, and that it's easier to just let them install what they want.

      We have almost 200 machines and in the past 8 months have had only ONE exploited. Not only that, but a restart fixed it, because all they were able to do was change the startup page in IE.
      I'll admit it, we spent lots of research time adjusting permissions so that certain apps would run (Freakin ADP) but once it's set up, you can rest easier knowing that the users, and transitively any software running as the user) cannot write to system folders.
      Obviously, this isn't our only level of security, we run SAV CE and regularly push a set of kill bits for malicious activex components. Oh, and our last line of protection is a driver-level program called Fortres that denies any writes to certain files (EXE's, executables, others we choose). They can't even copy/rename files to and from EXE.
      We've covered most of our bases and are continually watching for holes but I'd say the most important thing an admin can do to control the desktops is to run users as users!

    9. Re:Just run Spybot by Just+Some+Guy · · Score: 5, Informative
      The problem is that if you have family or friends that don't know anything about computers and don't seem to care to learn, doing the above will help you out temporarily... and then cause you a huge amount of problems on Windows.

      I have one (1) stock response to all non-business tech support requests. Say this verbatim, and without sounding condescending:

      I work on computers all day, but they're the big ones like banks use, and I don't know much about the smaller ones that people have at their desks.

      I know that Apple makes a nice little Macintosh computer that doesn't cost much more than a good one like the Windows kind you've been looking at, but they're a lot easier to use by people who aren't one of us computer geeks. My own wife has one and she loves it. If you get one of those, I could probably help you with it, but like I said, I really don't know much about Windows. Sorry I can't be of more help.

      It gives them a useful solution to the problem they're having, is honest (I really don't know a whole lot about Windows versions more recent than Win98), and has one of two outcomes:

      1. They buy a Mac, love it, and think I'm a hero.
      2. They stick with their PC, but finally believe me that "has a degree in computers" doesn't mean "can fix every computer made", and find someone else to pester.

      PS: You and I know that "big computer" means "FreeBSD web server over in the machine closet", but who wants to get hung up on details?

      --
      Dewey, what part of this looks like authorities should be involved?
    10. Re:Just run Spybot by scumdamn · · Score: 3, Informative

      The best fix for Winsock corruption in XP is to delete the Winsock and Winsock2 keys from the registry, reboot, and install TCP/IP over itself (you have to browse to c:\windows\inf to get it to show up in the list) but it works nearly every time. I've been having techs do it for about a month now and it's been very successful.

    11. Re:Just run Spybot by wackysootroom · · Score: 2, Informative

      We've had the same problem on our network until we banned people from downloading microsoft executable and certain types of archive files using our network alltogther.

      Our company firewall redirects all http traffic through a transparent squid, where we have a bunch of ACLs that allow and disallow certain things. All of the non standard HTTP(s) ports are blocked at the firewall.

      We are a smallish shop of only ~50 users, and this all works out fine. No more spyware/crapware/malware headaches.

    12. Re:Just run Spybot by twoshortplanks · · Score: 2, Informative
      You do get pesky Mac problems though. Like the hardware falling to bits *all* the time. Seriously, I've sent my mac back to apple twice. The person across the desk from me sent his new mac back as soon as he got it (fried mainboard) - and he's sent his old one back several times. The other person opposite me sent his better half's back three times. My flatmate had to send his TiBook back as soon as it arrived. And it seems everyone else I know (and I'm not exagerating here) has sent theirs back too. It's like one of the things you just have to accept - the hardware *will* fall to bits.

      This isn't to say that your points are invalid. This isn't to say that I don't still keep buying apple hardware. But the build quality sucks! I'm not sure if I recommended one to a friend how I'd feel saying "Oh yeah, that needs to go back to the shop. They all do that".

      --
      -- Sorry, I can't think of anything funny to say here.
    13. Re:Just run Spybot by jhagler · · Score: 2, Informative

      I know that running Outlook is a risk, however it really doesn't take that much to remove 99% of the risks. Like I say, don't keep the preview pane open and I view mail as plain text, that should remove the dangers from anything embedded in the HTML, I know better than to open annakornukova.vbs/exe/pif, and I use AVG's antivirus plug-in to catch anything else I may have missed. At this point I think most of the threat is gone. Like I said, this is my first virus in several years.

      I have the feeling it came in on a P2P file. AVG is supposed to scan them too, but I've never really trusted that completely. But those are the risks you take connection to the Internet nowadays. And as long as I can catch it and remove it within 24 hours, I am willing to take the risk.

      --
      Never underestimate the power of human stupidity -RAH
    14. Re:Just run Spybot by festers · · Score: 2, Informative

      Firefox has another great advantage that I see frequently overlooked: AdBlock

      That little extension has made my web browsing pure joy. It blocks every ad I've come across, including flash ads, and it supports wildcards so I can right-click and block entire "ad" directories from servers without losing other content. It's beautiful.

      --


      -------
      "Every artist is a cannibal, every poet is a thief."
  2. ad-aware by frizz · · Score: 4, Informative

    Is there anything better than ad-aware for solving this problem?

    1. Re:ad-aware by I+confirm+I'm+not+a · · Score: 4, Informative

      Is there anything better than ad-aware for solving this problem?

      Why, yes, as it happens! ;)

      I've read some suggestions to run both Adaware and Spybot - I've found either to be more than capable on their own, but then I tend to practice "safe-browsing": use Firefox, use Linux where possible, etc.

      --
      This is where the serious fun begins.
    2. Re:ad-aware by UconnGuy · · Score: 2, Informative

      Spybot is just as good. I find running them both is a better solution, each find things the other doesn't.

  3. Some solutions to spyware by mausmalone · · Score: 4, Informative

    AdAware is a great program, I swear by it. Also, working at a help desk, I often tell people to go into IE advanced settings and disable 3rd party browser extensions. They seem to think that if it's a toolbar for IE, it's automatically a great idea to download it.

    --
    -=-=-=-=-=
    I'd rather be flamed than ignored.
  4. A few tips i give to friends by insomaniac · · Score: 2, Informative

    1. Run a good anti spy ware tool like spybot or ad aware.

    2. Don't use IE or Outlook

    3. Don't use Kazaa or most other p2p clients

    4. Don't run any and every program you come across

    This helped my friends a lot, my father was really offended by spyware and who can blame him, he's a firefox fan till the end now... :)

    --
    The way to corrupt a youth is to teach him to hold in higher value them who think alike than those who think differently
  5. Re:What a Crock by Doesn't_Comment_Code · · Score: 5, Informative

    Ah, yes. Here it is. It took me a while to find it.

    http://yro.slashdot.org/article.pl?sid=03/12/03/02 57238&mode=thread&tid=126&tid=172&tid=187&tid=98&t id=99

    --

    Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
  6. Re:Good tools. by WebGangsta · · Score: 2, Informative
    I used to use Lavasoft's AdAware but after it wasn't updated for a while someone recommended Spybot which I've stuck with.

    Ad Aware was updated a few weeks ago to version 6.181 (?) and does a better job of getting rid of stuff (including CWS) than the current version of Spybot. Normally, I would run Ad Aware then Spybot to finish cleaning stuff that Ad Aware left behind, but now I've found that I have to run Spybot first followed by Ad Aware. This may be temporary, but still...

    I think it has to do with some of these spyware/virus programs deactivating these sweeper programs or munging the hosts file so they can't get the updates. At least with a download of Ad Aware (without the latest update), you can get the bulk of things cleaned up enough to be able to access the update sites afterwards for a second pass with your favorite spy-removal tool.

  7. STOP RUNNING AS ADMIN! by dioscaido · · Score: 4, Informative

    I'd say 75% of spyware issues come from users running as part of the Administrator group. All day-to-day use windows accounts should be a regular user, with the least priviledges as possible. Without being part of the Admin group, the spyware would not be able to write to HKLM registry, C:\ or C:\WINDOWS. Some spyware could still infect the user's directory, but at least a simple re-log on to Administrator could be done to clean up the machine.

    1. Re:STOP RUNNING AS ADMIN! by jonasmit · · Score: 1, Informative

      Agreed.
      It seems to me thought that MS and many software vendors haven't figured out the multi-user idea though. There is no superuser concept to get rights to install something without logging out. Some software doesn't run happily on the standard limited user privs so people take the lazy route.

  8. CWshredder by jrwillis · · Score: 3, Informative

    CWshredder does tend to work REALLY well on that hard to get adware/malware. It's like I was complaining to a co-worker the other day, I don't feel like a Network Tech as much as a bloody computer janitor now.

    --
    Keep Austin Weird!
  9. Re:my experience... by hattig · · Score: 5, Informative

    A lot of "Spyware Removal" software is actually Spyware that removes competing spyware.

    The only two to trust are AdAware and Spybot.

    Unfortunately the Spybot download doesn't work at the moment, I think it's slashdotted.

  10. Spybot on start-up works fine. by Saeed+al-Sahaf · · Score: 4, Informative
    But when you administer dozens, hundreds, thousands of Win boxes and you can't automate installing/configuring/running Spybot

    Gee, that's strange. We have 300 Win boxes in my building and about 1000 company wide, not a lot really, but more than a few... Spybot runs just fine from the start-up script. Actually, though, since our machines (all of them) stay on 24/7, we run it and other stuff at night too (but those are scheduled tasks, of course). Need my LAN admin's number?

    --
    "Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
    1. Re:Spybot on start-up works fine. by Verteiron · · Score: 5, Informative

      If you'll check the Spybot S&D forums, you'll find that, yes, there is a way to get push SpybotSD out to machines on a domain, and update it, and run it, silently, with no user interaction.

      http://forums.net-integration.net/index.php?c=7

      --
      End of lesson. You may press the button.
  11. "legal" viruses by esoterus · · Score: 2, Informative

    This is absolutely the biggest problem tech support-wise that I have to deal with these days with my clients. It surprises me that they aren't yet seen in the same light as viruses are. They can be just as crippling, just as tricky to remove (even with ad-aware and spybot), and just as sneaky getting in to your system...

    I've told people when they've asked me how their infestation happened that they're basically viruses they actively allowed to be installed, though in some cases I'm not even sure you as user have to "ok" to let in there. I advise users to click "x" on the installer windows now - I don't even trust "no" anymore.

    --
    Not only does God definitely play dice, but He sometimes confuses us by throwing them where they can't be seen. -Hawking
  12. Re:There is a rather simple fix by sesaetaen · · Score: 2, Informative

    Time spent installing each and every application for your lusers: ???

    Constricting your average user's permissions that way is what makes people try to circumvent security, which in the end can be even more troublesome than cleaning out spyware.
    (I know I would)

  13. You can look under the hood yourself by zeno_lee · · Score: 5, Informative

    In addition to using the various anti-spyware software recommended above, like AdAware and SpyBot, I've made it a regular habit to look at these registry keys:

    Run regedit:
    Start->Run-> "regedit"

    Look in:
    HKEY_LOCAL_MACHINE
    SOFTWARE
    Microsoft
    Windows
    CurrentVersion
    Run
    RunOnce
    RunOnceEx

    The Run is an especially attractive haven for spyware companies. That's how spyware programs run their programs after users reboot their computers. If you suspect there are weird entries in these registry keys, download spyware removal software and run it. If you don't know what you're doing don't mess with the keys.

    I also check TaskManager regularly for weird processes. It's a bit technical, but after a while you can see which processes belong and which ones don't.

    1. Re:You can look under the hood yourself by rsadelle · · Score: 2, Informative

      Actually, figuring out what the things in Task Manager are isn't as technical as it looks. I happen to like Answers That Work's list. It's a little heavy on "use our tool to turn this off," but if you know enough to be looking at your Task Manager, you probably also know enough to be able to turn off the services yourself. (Control Panel > Administrative > Services)

  14. [X] marks the spot by mwvdlee · · Score: 4, Informative

    This is what I told my dad after removing another 20 porn auto-dialers from his system ("Yeah sure dad, you have no idea how those got there"); Whenever you encounter a popup which you don't fully understand, click the [X] button top-right, do not click the "Yes", "No", "Cancel" or any other buttons. If no [X] button exists, hit the Alt+F4 keys. This basically got rid of practically everything problems since he doesn't install software himself (wouldn't know how if he wanted to).

    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  15. Re:Odd... money to be made isnt being made? by Have+Blue · · Score: 4, Informative

    Possibly because encouraging companies to uninstall each other's software is a dangerous precedent. Who's in charge of deciding what's spyware? And it would be easy to slippery-slope one's way into a situation where Windows or BIOSes would only run code signed by a central authority.

  16. bazooka, not just a hilarous chewing gum. by cabazorro · · Score: 2, Informative

    try bazooka spyware removing tool.
    Unlike some other tools that jack with your
    register, bazooka just detects and advices you
    on how to remove it.
    slashdotter remark:
    #of spyware on my linux box...el zippo.

    --
    - these are not the droids you are looking for -
  17. point of interest by RMH101 · · Score: 2, Informative

    you can't remove/readd TCP/IP in XP. you have to fix the stack. annoying, but there you go.

  18. Re:i know.... by wheany · · Score: 2, Informative

    Use Mozilla until you run into a page that doesn't work. Then copy the address, open IE and use it while on that page. That's what I do with Opera. And really, there aren't that many pages that simply refuse to work with anything but IE.

  19. Are you on Win2K? by not_a_product_id · · Score: 5, Informative

    If you are you can run most things as Administrator WITHOUT having log out. Just hold down shift and right-click on the EXE. The pop-up menu will have a "Run-As" option. Just put in your administrator details and away you go. It's not perfect but it's a damn sight easier than having to log out.

    --

    ---
    We spoke for about a half an hour. I don't recall a thing we said. - Colorblind James Experience

  20. Re:Does Spybot S&D Immunize really work? by sheddd · · Score: 3, Informative

    After rolling out ~35 new PC's at work (with user rights to the registry and c:\windows so our most used app will work) I was freaking amazed at how good some of our clueless users are at finding viri/spyware. If I put my mind to it I couldn't screw up a pc worse. Every time IE started (with the new xxx toolbar) around 30 popup windows with all sorts've educational pics came up.

    In 24 hours, one machine had over 60 viri quaranteened and several pages of crap that spybot picked up.

    After enabling immunize, their infection rate went to almost 0.

    It's not perfect, but it is a great help, IMO.

  21. New.net by Tantrum420 · · Score: 2, Informative

    I too had this problem. Let AdAware take out New.net and Blammo! No network connectivity. Did the research and found the fix just like you did.

    "And Class.... What did we learn?"

    I learned to cruise through add/remove programs and remove any of the obvious spyware first. Sure, they don't usually "completely" remove themselves but then spybot/adaware get the remnants and I haven't had any problems with partial uninstalls on anything since.

    Just a tip.
    T

  22. How to remove Spyware by slonkak · · Score: 2, Informative

    1. Kill all suspicious processes
    2. Clear Internet history, cookies, and cache.
    3. Delete any crap from the Startup group
    4. Install Ad-Aware (this might have to be done from cd or removable media since some spyware causes internet breakage)
    5. Update Ad-Aware
    6. Run Ad-Aware
    7. Delete anything Ad-Aware quarantined
    8. Run msconfig and remove from the Startup group anything you don't know what it is
    9. Reboot
    10. Repeat steps 6 and 7
    11. Reboot

    You should be good to go. I've had to do this on just about everyone's computer in the dorm at school and many family and friend's computers... It's never failed once.

    Some people might not like this suggestion, but trust me, it works. Install Firefox and remove any shortcuts to IE (just make it unusable by the average person, since you still need it for Windows Updates). Teach whoever how to use Firefox. I've done this with my parents (who are NOT computer literate). I set all the settings correctly, installed all the plugins, etc. They don't miss IE at all. Plus, Firefox blocks popups and doesn't run ANYTHING without asking you first, thus, no more unwanted spyware from bad websites...

  23. My Two Cents, Korean Spyware... The Horror! by Chordonblue · · Score: 3, Informative

    I'd have to agree, with the small provisio that I think that anti-virus firms need to do a better job defining what a virus IS.. As the admin of a small school I've decided that next year I'm locking down the labs - big time. I didn't do it up until now because of program incompatabilities but I have to say that if this remains an issue, it won't matter - we'll get different programs.

    It wasn't so bad before this year. Yeah, there was some spyware out there, but it wasn't like f*cking 'n-case' which replicates itself to random filenames all over your drive and then inserts startup stuff in 'startup', the local and machine registry, and even the freakin' win.ini!!!

    I called Sophos on this after spending some two hours cleaning it up. I basically said, "You folks need to take some responsibility here."

    The time has come to draw the line in the sand. n-case and others like it, are VIRAL. It can't be removed easily by the user - NO agreement of this nature can be legally binding.

    Now for what frightened me the most: Ever have spyware that couldn't be cleaned by Spybot and/or Ad-Aware - even with the latest patches? No? Then you probably don't live in Korea. A few of our students do, and this is where this particular piece of crap came from. It defended itself by making a program that runs at startup that runs a program that insures that another program is there and running THAT, reprograms your home page to a site that ActiveX 'drivebys' your computer to load the program!!! :O

    That was a bitch to clean up (although nothing compared to n-case!). You probably haven't seen this yet because it's a Korean app - but it managed to get on a few American machines here when the Koreans visited a site that installed some 'happy fun cursor' program.

    I'm ranting.. But the truth is: Admins have to do their part, but the anti-virus people have got to do a better job also. They need to stop turning a blind eye to this issue.

    --
    "...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
  24. Spyware and tech support by Orion+Blastar · · Score: 2, Informative
    Most OEM Helpdesks refuse to help the customer uninstall Spyware and Adware. They do not want to get sued by Spyware and Adware makers.

    I found that Spysweeper works better than SpyBot or others. It scans memory and can prevent Spyware and Adware from installing and schedules a regular scan in case they do install.

    If you run an X86 PC system with Windows, There is a solution to the malware problem if you are not too chicken to use it. Buy Crossover Office if you really want to run MS-Office and other MS-Junk. Yes you heard me right, leave that POS called Windows for an OS that does not suffer from such bad malware and security prolems.

    --
    Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
  25. Re:What a Crock by Trifthen · · Score: 2, Informative

    Careful just saying adaware. The software is named Ad-aware, a start contrast to Ada-Ware which is itself a spyware program masquerading as a removal tool. Note that both of these are "adaware" when all punctuation and capitalization are removed. Scary, huh?

    --
    Read: Rabbit Rue - Free serial nove
  26. Pick Your Poison: Ad-Aware or Spybot by crashnbur · · Score: 2, Informative

    Repost of this comment, with fixed links. (Mod the other one down!)

    * * *

    Ad-Aware with Ad-Watch is my personal choice, which requires either the "Plus" ($26.95) or "Professional" ($39.95) edition. You'll have to go through the "Tweak" options to set Ad-Watch to run win Windows starts and start in blocking mode, but once its up -- you don't have to worry about ad/spy-ware much anymore. Just run a comprehensive Ad-Aware scan every week or two, and check the results list to make sure nothing useful is being flagged as spyware! Oh, and Ad-Aware's free version (that does not come with Ad-Watch) is a very effective scanner/cleaner, but it will not stop ad/spy-ware from infiltrating your system -- it can only remove it after the fact, which often requires several minutes (or even hours?) of tweaking after their removal.

    Spybot Search & Destroy is my second choice, and except for its tendency to treat files quarantined by Ad-Aware as spyware (well, they are, but they're quarantined!) and to miss a few items that Ad-Aware finds, Spybot is very capable of keeping your PC (mostly) clean. But here's the catch: Spybot is freeware, so it is much more cost-effective than Ad-Aware, but remember the old addage: "You get what you pay for."

    I've used both Ad-Aware (more extensively) and Spybot (somewhat extensively) for several months, and here's my suggestion: use Spybot or Ad-Aware's free version at home if your files aren't "top secret" or otherwise crucial to anyone's survival; use Ad-Aware Plus or Professional on business computers (where the company will pay for the license) or if you want to protect your computer from gathering ad/spy-ware in the first place.

    There are other options out there, and remember that nothing is perfect... Some legitimate things will be deleted if you're not careful, and some illegitimate things will sneak through no matter how careful you are. The ad/spy-ware-war only marks our attempts to stay ahead of the game.

  27. wmplayer.exe - me too. Here's how to kill it by Weaselmancer · · Score: 4, Informative

    I had no idea I got it until I ran adaware. Then I got some freaking spyware bug that deleted windows media player and replaced it with a spyware app or a virus or something.

    I just fought that one off last night. Took forever to nail it down. Here's what finally worked.

    Delete the wmplayer.exe in Program Files/Windows Media Player. Run ad-aware 6 with the latest definitions. That'll zap the crap that it installs, which for me was windows/a.exe and windows/system32/bridge.dll, along with a host of other reg keys and crap.

    Because it's windows, reboot and run the scanner again. If it finds anything, repeat.

    If you're lucky, you'll still have a working copy of wmplayer.exe in windows/system32/dllcache. You'll know it's the good copy if it's larger than around 6k or so.

    Hope this helps, because this one was a total pain in the ass to track down. Good thing my machine is dual boot Linux. And my main windows browser is now Firefox, too.

    Oh yeah, on a side note... Whoever wrote the scumware that overwrites Windows Media Player needs to be hung by a pair of thumb screws and roasted over a coal fire. It's one thing to sneak your apps onto a system, but another thing entirely to overwrite existing apps.

    Here's hoping their crap gets noticed on some FBI computer somewhere.

    Weaselmancer

    PS: Just in case there's a friendly FBI guy reading this, take the scumware wmplayer.exe into a Linux install and run "strings" on it. You'll see the URL of the fine folks who brought you this plague. They encrypt their strings by inserting 4 garbage characters over 0x80 every so often, so ignore those.

    --
    Weaselmancer
    rediculous.
  28. Bart's PE is a great Windows Boot CD by WoTG · · Score: 2, Informative

    Too bad my mod points expired...

    I'll vouch for Bart's PE as a great tool. It does take a while to assemble and build your boot CD - for licensing issues, you can't just "download an ISO". But, if you're looking for a way to easily get your friends and family off your back... this is a good way to go.

    There are extra benefits to using a boot CD versus a regular software install of anti-spyware. Since you're not booting from the hard drive, there's no chance for spyware launch "watcher" processes to prevent anti-spyware programs from installing or launching. While you're at it, you might as well pop a virus scanner on the CD, for similar reasons.

    As an aside, even though Bart's PE should have perfect NTFS abilities, when it comes to recovering data from damaged filesystems, Knoppix often works better - probably because it mounts read-only or something.