#274885 - 24/01/2006 20:36
Beware of Spyware Strike
|
journeyman
Registered: 14/12/2004
Posts: 95
|
Yesterday I inadvertantly d/l a Trojan called Spyware Strike which is closely related to Spyware Axe. Unfortunately for me this Trojan has just come out as of yesterday so all means of removal are not working as of yet and I have done a Google and tried just about everything known to man to get rid of this beast but it will not go away!
|
Top
|
|
|
|
#274886 - 24/01/2006 21:13
Re: Beware of Spyware Strike
[Re: Gallagher419]
|
pooh-bah
Registered: 12/02/2002
Posts: 2298
Loc: Berkeley, California
|
I say we take off and nuke the entire site from orbit. It's the only way to be sure.
Matthew
|
Top
|
|
|
|
#274887 - 24/01/2006 23:41
Re: Beware of Spyware Strike
[Re: Gallagher419]
|
old hand
Registered: 14/04/2002
Posts: 1172
Loc: Hants, UK
|
|
Top
|
|
|
|
#274888 - 26/01/2006 03:17
Re: Beware of Spyware Strike
[Re: matthew_k]
|
carpal tunnel
Registered: 17/12/2000
Posts: 2665
Loc: Manteca, California
|
Quote: I say we take off and nuke the entire site from orbit. It's the only way to be sure.
Matthew
Affirmative
_________________________
Glenn
|
Top
|
|
|
|
#274889 - 28/01/2006 17:06
Re: Beware of Spyware Strike
[Re: Gallagher419]
|
pooh-bah
Registered: 19/09/2002
Posts: 2494
Loc: East Coast, USA
|
Up until early 2005, most common spyware had the same removal technique: boot in safe mode and scrub the typical spyware areas by hand. But when registry hiding and root kits became easy enough for kiddies, I'm no longer sure what is the method for spyware removal.
I think the recommended tools are regedt32 and SysInternals tools such as Rootkit Revealer. I don't even want to know what spyware is silent and invisible on the machines that I manage. Or maybe my anti-spyware (SpySweeper Enterprise) is keeping them safe... but I doubt it.
_________________________
- FireFox31 110gig MKIIa (30+80), Eutronix lights, 32 meg stacked RAM, Filener orange gel lens, Greenlights Lit Buttons green set
|
Top
|
|
|
|
#274890 - 28/01/2006 20:12
Re: Beware of Spyware Strike
[Re: FireFox31]
|
carpal tunnel
Registered: 08/06/1999
Posts: 7868
|
Quote: I'm no longer sure what is the method for spyware removal.
Reload the OS. Removal usually takes too long, and reloding is sadly going to be faster. I have fixed two machines by booting to a BartPE disk, deleting the Windows folder, move data to a "Old" folder, then nuke every other folder/file in the root of the drive. I then boot to a Windows XP SP2 disk, install the OS, then patch it behind a router. Lastly, AVG Antivirus and Microsoft Spyware is loaded, along with Firefox. IE is set not to trust a single site except *.microsoft.com with anything beyond HTML, and icons to run it are removed.
My experiences with these last two systems though have me pretty unwilling to do any computer asisstance these days for people outside my close friends. I'm tired of the same issues on every machine, and now will just refer them to Best Buy or similar to wait a week to have their system reloaded.
|
Top
|
|
|
|
#274891 - 28/01/2006 23:26
Re: Beware of Spyware Strike
[Re: drakino]
|
carpal tunnel
Registered: 19/01/2002
Posts: 3584
Loc: Columbus, OH
|
I've had good luck with Ewido with some of the more insidious malware. It removed stuff that Ad-Aware and Spybot couldn't touch.
_________________________
~ John
|
Top
|
|
|
|
#274892 - 29/01/2006 01:22
Re: Beware of Spyware Strike
[Re: Gallagher419]
|
carpal tunnel
Registered: 08/07/1999
Posts: 5549
Loc: Ajijic, Mexico
|
Yesterday I inadvertantly d/l a Trojan called Spyware StrikeI had an analagous experience Thursday night/Friday morning. Peacefully browsing, my AVG went off, said virus alert, Internet Explorer shut down and wouldn't re-open until after re-boot, and then it defaulted to a bogus home page that helpfully offered me links to suppliers of virus and spyware removal tools. No doubt if I had followed those links I would have been in even worse trouble. I ran AVG full scan, it found no viruses, but all on its own would pop up with a virus alert about the same file in Windows/Temp that no matter how many times I deleted it still came back. I ran AdAware and SpyBot, and they very helpfully told me that I had tracking cookies which I don't care about (if someone wants to see a list of the porn sites I visit, they're welcome to it! ) but did nothing useful. PC Magazine's website recommended very highly a program called Spyware Doctor. I spent $30 to buy it, and as near as I can tell it was money very well spent. Spyware Doctor found 51 "bad things" (this was after AdAware, Spybot, and AVG) including a list of about a dozen Trojans, a bogus toolbar to give access to the above-mentioned bogus website, and some new desktop icons to do the same. Spyware Doctor got rid of all of them, and after I set my IE home page back to Google, everything seems to be back to normal. I have noticed no anomalous behavior, and I am watching closely. At Tony Fabris' suggestion, I downloaded and installed FireFox to run instead of IE (security is supposed to be a lot better) and so far I am quite impressed: FireFox seems to be designed by people who understand and love their product, as opposed to IE which seems to have come about by "...oh, by the way Mr Gates, we better stick something into Windows so people can see the internet." tanstaafl.
_________________________
"There Ain't No Such Thing As A Free Lunch"
|
Top
|
|
|
|
#274893 - 29/01/2006 08:01
Re: Beware of Spyware Strike
[Re: tanstaafl.]
|
carpal tunnel
Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
|
Okay, so now that you've got firefox, the best extensions to get are: - Adblock, which blocks ads and popups to a greater degree than what's already built into firefox. - The filterset.g updater for adblock. - Plain Old Favorites, which places your IE favorites menu onto Firefox's menu bar, so that you don't have to convert all of your IE favorites over. The extensions above are pretty much install-and-forget items. There is one other extension that I don't want to live without, but you might not care about its features, and its features are pretty complicated and pretty powerful. It's called Tab Mix Plus, and it lets you have very fine granular control over the Firefox "tabbed browsing" feature, which is a huge wonderful fantastic thing for me. It might not be your cup of tea. But if you get used to tabbed browsing, and want to control some of the features, then Tab Mix Plus is the answer. The "Undo Close Tabs" feature is worth a fortune alone.
|
Top
|
|
|
|
#274894 - 29/01/2006 20:46
Re: Beware of Spyware Strike
[Re: tfabris]
|
pooh-bah
Registered: 13/09/1999
Posts: 2401
Loc: Croatia
|
Quote: Tab Mix Plus
Ah, finally the tab tweaking extension with all the features I was looking for, and then some! Thanks, Tony.
_________________________
Dragi "Bonzi" Raos
Q#5196
MkII #080000376, 18GB green
MkIIa #040103247, 60GB blue
|
Top
|
|
|
|
#274895 - 30/01/2006 02:21
Re: Beware of Spyware Strike
[Re: tfabris]
|
carpal tunnel
Registered: 08/07/1999
Posts: 5549
Loc: Ajijic, Mexico
|
Okay, so now that you've got firefox, the best extensions to get are:
- Adblock, which blocks ads and popups to a greater degree than what's already built into firefox.
- The filterset.g updater for adblock.
- Plain Old Favorites, which places your IE favorites menu onto Firefox's menu bar, so that you don't have to convert all of your IE favorites over.
Y'know, I've been running the Google popup blocker for about a year now, and it seems to be doing an outstanding job. I almost never see popups. Your advice about getting FireFox was so good, however, that I'll certainly give Adblock a try.
My FireFox installation did a quite acceptable job of bringing my IE favorites over. A little tweaking to put them into appropriate folders and the order I wanted, and I am quite happy with them the way they are.
As always, your advice is appreciated.
tanstaafl.
_________________________
"There Ain't No Such Thing As A Free Lunch"
|
Top
|
|
|
|
#274896 - 30/01/2006 06:19
Re: Beware of Spyware Strike
[Re: tfabris]
|
pooh-bah
Registered: 06/04/2005
Posts: 2026
Loc: Seattle transplant
|
Quote: Okay, so now that you've got firefox, the best extensions ...
I think there's a 'best firefox extensions' thread around here, somewhere. Ah well, I'll mention my two favorites: FlashBlock and ImageZoom
I haven't tried AdBlock- I use the built-in option of blocking ad servers as I go. I want to go read more about AdBlock, though... hmm...
_________________________
10101311 (20GB- backup empeg) 10101466 (2x60GB, Eutronix/GreenLights Blue) (Stolen!)
|
Top
|
|
|
|
#274897 - 12/02/2006 18:52
Anothe Firefox advice needed
[Re: tfabris]
|
pooh-bah
Registered: 13/09/1999
Posts: 2401
Loc: Croatia
|
My FireFox seems to be quite impatient (as in a second or two) when it comes to waiting for DNS to resolve an address (my ADSL router is probably a bit lazy about that). I quite often get that page suggesting I had mistyped the URL, but clicking on "retry" sorts the things out.
So, is there a way to specify longer DNS lookup timeout?
Thanks!
_________________________
Dragi "Bonzi" Raos
Q#5196
MkII #080000376, 18GB green
MkIIa #040103247, 60GB blue
|
Top
|
|
|
|
#274898 - 12/02/2006 22:36
Re: Anothe Firefox advice needed
[Re: bonzi]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
It probably has more to do with your DNS server and its timeout, unfortunately. I can't seem to find anything to support this at the moment, but I remember that if BIND times out on getting a response from a remote DNS server, it sends a response to its client that the hostname does not exist. Meanwhile, it finally receives and caches the information about the initially requested hostname, so that when you try again, it immediately sends the correct response. It might be possible to configure Firefox to ask the DNS server more times than it currently does, but I'm not aware of any such option.
Edit: Okay, I found it now. BIND 8 and earlier fail to do a "query restart" when they encounter a glueless record during a recursive lookup. That is, if they look to see the correct nameserver for your request, and the response they get for that has that nameserver's name but not IP address, then it drops the initial query and tries to look up the nameserver's IP. That means that your client has to ask again, and this is probably what you're seeing. The DNS server never responds to your initial request, so your browser has to ask again.
Edited by wfaulk (12/02/2006 23:31)
_________________________
Bitt Faulk
|
Top
|
|
|
|
|
|