Beware of Spyware Strike

Up until early 2005, most common spyware had the same removal technique: boot in safe mode and scrub the typical spyware areas by hand. But when registry hiding and root kits became easy enough for kiddies, I'm no longer sure what is the method for spyware removal.

I think the recommended tools are regedt32 and SysInternals tools such as Rootkit Revealer. I don't even want to know what spyware is silent and invisible on the machines that I manage. Or maybe my anti-spyware (SpySweeper Enterprise) is keeping them safe... but I doubt it.

I've had good luck with Ewido with some of the more insidious malware. It removed stuff that Ad-Aware and Spybot couldn't touch.

Yesterday I inadvertantly d/l a Trojan called Spyware Strike

I had an analagous experience Thursday night/Friday morning.

Peacefully browsing, my AVG went off, said virus alert, Internet Explorer shut down and wouldn't re-open until after re-boot, and then it defaulted to a bogus home page that helpfully offered me links to suppliers of virus and spyware removal tools. No doubt if I had followed those links I would have been in even worse trouble.

I ran AVG full scan, it found no viruses, but all on its own would pop up with a virus alert about the same file in Windows/Temp that no matter how many times I deleted it still came back.

I ran AdAware and SpyBot, and they very helpfully told me that I had tracking cookies which I don't care about (if someone wants to see a list of the porn sites I visit, they're welcome to it! ) but did nothing useful.

PC Magazine's website recommended very highly a program called Spyware Doctor. I spent $30 to buy it, and as near as I can tell it was money very well spent. Spyware Doctor found 51 "bad things" (this was after AdAware, Spybot, and AVG) including a list of about a dozen Trojans, a bogus toolbar to give access to the above-mentioned bogus website, and some new desktop icons to do the same. Spyware Doctor got rid of all of them, and after I set my IE home page back to Google, everything seems to be back to normal. I have noticed no anomalous behavior, and I am watching closely.

At Tony Fabris' suggestion, I downloaded and installed FireFox to run instead of IE (security is supposed to be a lot better) and so far I am quite impressed: FireFox seems to be designed by people who understand and love their product, as opposed to IE which seems to have come about by "...oh, by the way Mr Gates, we better stick something into Windows so people can see the internet."

tanstaafl.

Okay, so now that you've got firefox, the best extensions to get are:

- Adblock, which blocks ads and popups to a greater degree than what's already built into firefox.

- The filterset.g updater for adblock.

- Plain Old Favorites, which places your IE favorites menu onto Firefox's menu bar, so that you don't have to convert all of your IE favorites over.

The extensions above are pretty much install-and-forget items. There is one other extension that I don't want to live without, but you might not care about its features, and its features are pretty complicated and pretty powerful. It's called Tab Mix Plus, and it lets you have very fine granular control over the Firefox "tabbed browsing" feature, which is a huge wonderful fantastic thing for me. It might not be your cup of tea. But if you get used to tabbed browsing, and want to control some of the features, then Tab Mix Plus is the answer. The "Undo Close Tabs" feature is worth a fortune alone.

Okay, so now that you've got firefox, the best extensions to get are:

- Adblock, which blocks ads and popups to a greater degree than what's already built into firefox.

- The filterset.g updater for adblock.

- Plain Old Favorites, which places your IE favorites menu onto Firefox's menu bar, so that you don't have to convert all of your IE favorites over.


Y'know, I've been running the Google popup blocker for about a year now, and it seems to be doing an outstanding job. I almost never see popups. Your advice about getting FireFox was so good, however, that I'll certainly give Adblock a try.

My FireFox installation did a quite acceptable job of bringing my IE favorites over. A little tweaking to put them into appropriate folders and the order I wanted, and I am quite happy with them the way they are.

As always, your advice is appreciated.

tanstaafl.

My FireFox seems to be quite impatient (as in a second or two) when it comes to waiting for DNS to resolve an address (my ADSL router is probably a bit lazy about that). I quite often get that page suggesting I had mistyped the URL, but clicking on "retry" sorts the things out.

So, is there a way to specify longer DNS lookup timeout?

Thanks!

It probably has more to do with your DNS server and its timeout, unfortunately. I can't seem to find anything to support this at the moment, but I remember that if BIND times out on getting a response from a remote DNS server, it sends a response to its client that the hostname does not exist. Meanwhile, it finally receives and caches the information about the initially requested hostname, so that when you try again, it immediately sends the correct response. It might be possible to configure Firefox to ask the DNS server more times than it currently does, but I'm not aware of any such option.

Edit: Okay, I found it now. BIND 8 and earlier fail to do a "query restart" when they encounter a glueless record during a recursive lookup. That is, if they look to see the correct nameserver for your request, and the response they get for that has that nameserver's name but not IP address, then it drops the initial query and tries to look up the nameserver's IP. That means that your client has to ask again, and this is probably what you're seeing. The DNS server never responds to your initial request, so your browser has to ask again.