Spyware Becoming Worst Tech Support Problem

← Back to Stories (view on slashdot.org)

Spyware Becoming Worst Tech Support Problem

Posted by michael on Friday May 7, 2004 @02:07AM from the brought-to-you-by-microsoft-windows dept.

teknurd writes "Wired has an article about the growing problem of computer users having to call tech support to get help removing all of the spyware on their computers. 'The fast-growing phenomenon is already responsible for more than 12 percent of all technical support calls in Dell's consumer hardware division, the biggest category of complaints this year, company representatives said.' Personally, I have had to remove this plague from the computers of several friends and family members."

21 of 814 comments (clear)

Min score:

Reason:

Sort:

Just run Spybot by baggachipz · 2004-05-07 02:08 · Score: 5, Informative

http://www.spybot.info . That's all it takes. Have it run on people's windows startup and they're set.
1. Re:Just run Spybot by AndroidonPPC · 2004-05-07 02:16 · Score: 5, Informative
  
  \\(machine name)\c$\documents and settings\all users\startmenu\programs\startup\ is good place to start
  
  or just make a registry file to add info into hkey_local_machine\software\microsoft\windows\curr ent version\run key. (hint: this works on any windoze box when done as administrator)
  
  with remote administration and a script, you could have those puppys running mighty quick.
  
  -Andy in Chi
2. Re:Just run Spybot by drinkypoo · 2004-05-07 02:19 · Score: 4, Informative
  
  Lavasoft Ad-Aware still detects things that spybot doesn't - and vice versa. Entirely (?) removing CoolWWWSearch actually required running both programs.
  There's nothing you can do to prevent spyware aside from completely locking down systems so users have nearly no permissions to the registry or anything else. This of course means that no programs not explicitly allowed on your network will operate. If you can deal with this tradeoff, more power to you.
  Spybot Search & Destroy is a fabulous piece of software but it doesn't do the whole job.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
3. Re:Just run Spybot by petecarlson · 2004-05-07 02:48 · Score: 4, Informative
  
  Unless you were using an older version of Ad-aware, LSP-FIX would have fixed your tcp/ip stack. I used it on one of my friends computers and it worked perfectly. Of course I installed Mozilla while I was there and he asked me about it. I tried to explain that it was an opensource web browser but he just gave me a blank stare so I explained that it was an improved version of IE with a built in popup blocker and tabbed browsing.
4. Re:Just run Spybot by Anonymous Coward · 2004-05-07 02:48 · Score: 5, Informative
  
  I'm going to make the assumption that XPI can be abused in the same way -- but why abuse 5% of the browser population (and the 14 users of Netscape Navigator) when you can abuse 95% of your browsing audience?
  
  It's not very common, but it does happen. Check out this thread if you don't believe me.
5. Re:Just run Spybot by GPLDAN · 2004-05-07 02:49 · Score: 4, Informative
  
  I don't know if you've seen on the website, but Spybot has been under a concerted DDOS attack, off and on, for awhile. I think the fact the software is so damn effective, and the guy does just a frankly superb job of keeping signatures up, that's it's really put a thorn into the side of spybot creators everywhere.
  
  If you can afford it, consider donating to the guy. That's a helluva bit of software to be giving away. Either that, or nominate him for the Nobel Prize, if your on the committee that is.
6. Re:Just run Spybot by mgpeter · 2004-05-07 03:12 · Score: 5, Informative
  
  just make a registry file to add info into hkey_local_machine\software\microsoft\windows\curr ent version\run key. (hint: this works on any windoze box when done as administrator)
  Instead of messing with the registry, download the Excellent Startup Control Panel from Mike Lin's Home Page. This little Utility is an excellent way to control what does and does not execute on Windows startup. Using this utility you will be amazed at what processes are automatically started, some programs, like roxio's crap, will start 3-5 processes at Windows Startup.
  
  It is also an excellent way to very quickly see if any Adware/Spyware is installed without running Adaware or Spybot.
7. Re:Just run Spybot by Just+Some+Guy · 2004-05-07 03:35 · Score: 5, Informative
  The problem is that if you have family or friends that don't know anything about computers and don't seem to care to learn, doing the above will help you out temporarily... and then cause you a huge amount of problems on Windows.
  I have one (1) stock response to all non-business tech support requests. Say this verbatim, and without sounding condescending:
  I work on computers all day, but they're the big ones like banks use, and I don't know much about the smaller ones that people have at their desks.
  I know that Apple makes a nice little Macintosh computer that doesn't cost much more than a good one like the Windows kind you've been looking at, but they're a lot easier to use by people who aren't one of us computer geeks. My own wife has one and she loves it. If you get one of those, I could probably help you with it, but like I said, I really don't know much about Windows. Sorry I can't be of more help.
  
  It gives them a useful solution to the problem they're having, is honest (I really don't know a whole lot about Windows versions more recent than Win98), and has one of two outcomes:
  
  They buy a Mac, love it, and think I'm a hero.
  
  They stick with their PC, but finally believe me that "has a degree in computers" doesn't mean "can fix every computer made", and find someone else to pester.
  
  PS: You and I know that "big computer" means "FreeBSD web server over in the machine closet", but who wants to get hung up on details?
  --
  Dewey, what part of this looks like authorities should be involved?
ad-aware by frizz · 2004-05-07 02:08 · Score: 4, Informative

Is there anything better than ad-aware for solving this problem?
1. Re:ad-aware by I+confirm+I'm+not+a · 2004-05-07 02:18 · Score: 4, Informative
  
  Is there anything better than ad-aware for solving this problem?
  
  Why, yes, as it happens! ;)
  
  I've read some suggestions to run both Adaware and Spybot - I've found either to be more than capable on their own, but then I tend to practice "safe-browsing": use Firefox, use Linux where possible, etc.
  
  --
  This is where the serious fun begins.
Some solutions to spyware by mausmalone · 2004-05-07 02:12 · Score: 4, Informative

AdAware is a great program, I swear by it. Also, working at a help desk, I often tell people to go into IE advanced settings and disable 3rd party browser extensions. They seem to think that if it's a toolbar for IE, it's automatically a great idea to download it.

--
-=-=-=-=-=
I'd rather be flamed than ignored.
Re:What a Crock by Doesn't_Comment_Code · 2004-05-07 02:24 · Score: 5, Informative

Ah, yes. Here it is. It took me a while to find it.

http://yro.slashdot.org/article.pl?sid=03/12/03/02 57238&mode=thread&tid=126&tid=172&tid=187&tid=98&t id=99

--

Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
STOP RUNNING AS ADMIN! by dioscaido · 2004-05-07 02:28 · Score: 4, Informative

I'd say 75% of spyware issues come from users running as part of the Administrator group. All day-to-day use windows accounts should be a regular user, with the least priviledges as possible. Without being part of the Admin group, the spyware would not be able to write to HKLM registry, C:\ or C:\WINDOWS. Some spyware could still infect the user's directory, but at least a simple re-log on to Administrator could be done to clean up the machine.
Re:my experience... by hattig · 2004-05-07 02:40 · Score: 5, Informative

A lot of "Spyware Removal" software is actually Spyware that removes competing spyware.

The only two to trust are AdAware and Spybot.

Unfortunately the Spybot download doesn't work at the moment, I think it's slashdotted.
Spybot on start-up works fine. by Saeed+al-Sahaf · 2004-05-07 02:44 · Score: 4, Informative

But when you administer dozens, hundreds, thousands of Win boxes and you can't automate installing/configuring/running Spybot
Gee, that's strange. We have 300 Win boxes in my building and about 1000 company wide, not a lot really, but more than a few... Spybot runs just fine from the start-up script. Actually, though, since our machines (all of them) stay on 24/7, we run it and other stuff at night too (but those are scheduled tasks, of course). Need my LAN admin's number?

--
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
1. Re:Spybot on start-up works fine. by Verteiron · 2004-05-07 03:52 · Score: 5, Informative
  
  If you'll check the Spybot S&D forums, you'll find that, yes, there is a way to get push SpybotSD out to machines on a domain, and update it, and run it, silently, with no user interaction.
  
  http://forums.net-integration.net/index.php?c=7
  
  --
  End of lesson. You may press the button.
You can look under the hood yourself by zeno_lee · 2004-05-07 02:52 · Score: 5, Informative

In addition to using the various anti-spyware software recommended above, like AdAware and SpyBot, I've made it a regular habit to look at these registry keys:

Run regedit:
Start->Run-> "regedit"

Look in:
HKEY_LOCAL_MACHINE
SOFTWARE
Microsoft
Windows
CurrentVersion
Run
RunOnce
RunOnceEx

The Run is an especially attractive haven for spyware companies. That's how spyware programs run their programs after users reboot their computers. If you suspect there are weird entries in these registry keys, download spyware removal software and run it. If you don't know what you're doing don't mess with the keys.

I also check TaskManager regularly for weird processes. It's a bit technical, but after a while you can see which processes belong and which ones don't.
[X] marks the spot by mwvdlee · 2004-05-07 02:56 · Score: 4, Informative

This is what I told my dad after removing another 20 porn auto-dialers from his system ("Yeah sure dad, you have no idea how those got there"); Whenever you encounter a popup which you don't fully understand, click the [X] button top-right, do not click the "Yes", "No", "Cancel" or any other buttons. If no [X] button exists, hit the Alt+F4 keys. This basically got rid of practically everything problems since he doesn't install software himself (wouldn't know how if he wanted to).

--
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Re:Odd... money to be made isnt being made? by Have+Blue · 2004-05-07 03:02 · Score: 4, Informative

Possibly because encouraging companies to uninstall each other's software is a dangerous precedent. Who's in charge of deciding what's spyware? And it would be easy to slippery-slope one's way into a situation where Windows or BIOSes would only run code signed by a central authority.
Are you on Win2K? by not_a_product_id · 2004-05-07 03:21 · Score: 5, Informative

If you are you can run most things as Administrator WITHOUT having log out. Just hold down shift and right-click on the EXE. The pop-up menu will have a "Run-As" option. Just put in your administrator details and away you go. It's not perfect but it's a damn sight easier than having to log out.

--
---
We spoke for about a half an hour. I don't recall a thing we said. - Colorblind James Experience
wmplayer.exe - me too. Here's how to kill it by Weaselmancer · 2004-05-07 07:20 · Score: 4, Informative

I had no idea I got it until I ran adaware. Then I got some freaking spyware bug that deleted windows media player and replaced it with a spyware app or a virus or something.

I just fought that one off last night. Took forever to nail it down. Here's what finally worked.

Delete the wmplayer.exe in Program Files/Windows Media Player. Run ad-aware 6 with the latest definitions. That'll zap the crap that it installs, which for me was windows/a.exe and windows/system32/bridge.dll, along with a host of other reg keys and crap.

Because it's windows, reboot and run the scanner again. If it finds anything, repeat.

If you're lucky, you'll still have a working copy of wmplayer.exe in windows/system32/dllcache. You'll know it's the good copy if it's larger than around 6k or so.

Hope this helps, because this one was a total pain in the ass to track down. Good thing my machine is dual boot Linux. And my main windows browser is now Firefox, too.

Oh yeah, on a side note... Whoever wrote the scumware that overwrites Windows Media Player needs to be hung by a pair of thumb screws and roasted over a coal fire. It's one thing to sneak your apps onto a system, but another thing entirely to overwrite existing apps.

Here's hoping their crap gets noticed on some FBI computer somewhere.

Weaselmancer

PS: Just in case there's a friendly FBI guy reading this, take the scumware wmplayer.exe into a Linux install and run "strings" on it. You'll see the URL of the fine folks who brought you this plague. They encrypt their strings by inserting 4 garbage characters over 0x80 every so often, so ignore those.

--
Weaselmancer
rediculous.