September 19, 2004
@ 08:00 PM

Reading a post on Dave Winer blog I caught the following snippet

NY Times survey of spyware and adware. "...a program that creeps onto a computer’s hard drive unannounced, is wrecking the Internet." 

I've noticed that every time I sit at the computer of a non-technical Windows user I end up spending at least an hour removing spyware from their computer. Yesterday, I encountered a particularly nasty piece of work that detected when the system was being scanned by Ad-Aware and forced a system reboot. I'd never realized how inadequate the functionality of the Add or Remove Programs dialog was for removing applications from your computer until spyware came around. After I was done yesterday, I began to suspect that some of the spyware that was polite enough to add an entry in "Add or Remove Programs" simply took the Uninstall instruction as a command to go into stealth mode. One application made you fill out a questionairre before it let you uninstall it. I wondered if it would refuse to uninstall if it didn't like my answers to its questions.

Something definitely has to be done about this crap. In the meantime I suggest using at least two anti-spyware applications if attempting to clean a system. I've already mentioned Ad-Aware, my other recommendation is Spybot - Search & Destroy.


 

Sunday, 19 September 2004 20:29:46 (GMT Daylight Time, UTC+01:00)
I would also suggest www.pestpatrol.com as an excellent Spyware removal engine. It actually stops spyware from getting onto your computer thru a very good memory checker.
Monday, 20 September 2004 02:21:35 (GMT Daylight Time, UTC+01:00)
"Something definitely has to be done about this crap."

Yup. The article "Follow the bouncing malware" should help raise the level of concern:
http://isc.sans.org/diary.php?date=2004-07-23
http://isc.sans.org/diary.php?date=2004-08-23

Not scared yet? Then consider reading the recently updated and newly discovered threats at McAfee for a couple of weeks:
http://vil.nai.com/vil/recently-updated-viruses.asp
http://vil.nai.com/vil/newly-discovered-viruses.asp

Or this article on a recent "proof of concept" worm (http://www.securityfocus.com/news/9503):
"Bundling a network sniffer with an auto-propagating worm makes it easier for hackers to harvest usernames and passwords than would otherwise be the case. "

There is a lot going on in malware DETECTION AdAware and Spybot S&D. Google search on
- winpatrol
- hijackthis
for broad background or
http://www.winpatrol.com/
http://www.tomcoyote.org/hjt/
for the exact products. If you poke around the internet with Google you should be able to find a number of lists of anti-malware tools.

For unknown process names and unknown .EXE/.DLL files, google should be the first place to visit:
Have a unknown process running on the tasks list? Drop the name into google - there are a number of web sites that catalog processes.
Have an unknown file on your PC somewhere? Google search it.

But this is malware detection.

Is there anything available on malware prevention that non-IT business people can understand and implement?
Malware detection & prevention?
Monday, 20 September 2004 12:59:39 (GMT Daylight Time, UTC+01:00)
Try JavaCool's SpywareBlaster as a prevention app. The latest builds of SpyBot has a link. Also, depending on the user's PC licteracy, I use ZoneLabs' firewall app, ZoneAlarm. And, yes, WinPatrol as well.
Rowan
Tuesday, 21 September 2004 02:21:01 (GMT Daylight Time, UTC+01:00)
When malware can't write to the c: or the registry using IE, it's "game over".

http://weblogs.asp.net/aaron_margosis/archive/2004/09/10/227727.aspx

RunAs with "Protect my computer" appears to use a SID which does just that.
An XP SP 2 preventative solution (?) to malware
Tuesday, 21 September 2004 04:01:01 (GMT Daylight Time, UTC+01:00)
Spybot is a passive tool. Try using Webroot' Spy Sweeper.
Soul
Wednesday, 22 September 2004 20:13:11 (GMT Daylight Time, UTC+01:00)
Spyware has become a bane on the computer industry. Especially when they use sneaky mechanisms to install themselves on the user's system. I too have spent many hours sitting in front of friends computers simply removing spyware and adware programs.
Comments are closed.