Re: spyware

• Previous message: Hairy One Kenobi: "Re: Opera browser is not free..."
• In reply to: David H. Lipman: "Re: spyware"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 26 Sep 2005 14:27:19 GMT

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:_GRZe.5157$kH3.2145@trnddc01...
> From: "Nick" <psstcenter@shaw.ca>
>
>
> Replies are inline...
>
> |
> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> | news:IfHZe.1283$qC4.545@trnddc02...
> >> From: "Nick" <psstcenter@shaw.ca>
> >>
> |>> Please, can anyone help by explaining to me the following?
Thanks
> | in
> |>> advance!
> |>>
> |>> Nick
> |>>
> |>> AlexaToolbar - Browser Plugin
>
>
> Very minor data miner.
>
>
> |>>
> |>> RegistryKey - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
> |>> Explorer\Extensions\{C95FE080-8F5D-11D2-A20B-00AA003C157A}\
> |>>
> |>> RegistryKey - HKEY_CURRENT_USER\Software\Microsoft\Internet
> |>> Explorer\Extensions\CmdMapping\{C95FE080-8F5D-11D2-A20B-00AA003C157A}
>
>
> Not sure what these are...
>
>
> |>> Advertising - 3rd Party Cookie
> |>>
> |>> URL - Cookie:nick1@advertising.com/
> |>>
> |>> Atdmt - 3rd Party Cookie
> |>>
> |>> URL - Cookie:nick1@atdmt.com/
> |>>
> |>> Edge - 3rd Party Cookie
> |>>
> |>> URL - Cookie:nick1@edge.ru4.com/
> |>>
> |>> Fastclick - 3rd Party Cookie
> |>>
> |>> URL - Cookie:nick1@fastclick.net/
> |>>
> |>> Tribalfusion - 3rd Party Cookie
> |>>
>
>
> Cookies are the LEAST of all problems to worry about. I don't bother with
cookies at all.
>
>
>
> >> Please download, install and update the following software...
> |
> | Will you please let me know briefly what does the above INFO mean?
> | I just started the security + program and hope to learn this stuff in
> | details later on.
> | Installing ZA helped me delete all of the above, but I guess it's not
> | enough.
> |
> >> Ad-aware SE v1.06
> >> http://www.lavasoft.de/
> >> http://www.lavasoftusa.com/
> |
> | It took me a while to find this file finally at
> | http://www.download.com/3001-8022_4-10399602.html
> |
> >> SpyBot Search and Destroy v1.4
> >> http://security.kolla.de/
> |
> | Found this file at
> | http://hestia-ignite.com/hs/spybot/download/index.html
>
>
>
> I don't know if that is a legal mirror site and not a tampered version (I
hope it isn't !)
> http://security.kolla.de/ takes you to
http://www.safer-networking.org/en/index.html
>
> And was it found right here...
> http://www.safer-networking.org/en/download/index.html
>
>
>
> |
> | Actually I had this program on my computer before and I uninstalled it.
>
>
> You probably had an older version. The latest version of SpyBot S&D is
v1.4.
>
>
> |
> >> After the software is updated, I suggest scanning the system in Safe
Mode.
> |
> | Do you mean rebooting the computer in Safe Mode and then scanning the
> | system? Why is that so important? ( hope you do not mind if I ask stupid
> | questions)
> | I scanned immediately and I received the following result:
>
>
> Safe Mode is a limited version of the OS. It doesn't load as many Kernel
files and doesn't
> load user startup files. Thus when scanning in Safe Mode removal of
malware has a greater
> efficacy. This is due to the fact that there is less of a chance that the
malware is
> running at the time of the removal.
>
>
> < snip >
>
> >> I also suggest downloading, installing and updating BHODemon for any
> | Browser Helper Objects
> >> that may be on the PC.
> >>
> >> BHODemon
> >> http://www.definitivesolutions.com/bhodemon.htm
> |
> | Isn't it too much to have Symantec AntiVirus, ZA, Spybot, Ad-Ware and
BHO
> | Demon on my PC? Is there any single program that performs all the
functions?
> |
> | I appreciate your help!
> |
> | Nick
> |
>
> No not at all. Albeit I am no phan of Norton AV (Symantec AV is for
Corp./enterprise use
> and Norton AV is their retail product line).
>
> NAV/SAV - Anti Virus
> ZA - FireWall
> SpyBot S&D, Ad-aware SE and BHODemon - non-viral malware
>
> There is NO single program that it all. While there may be overlap in
their application,
> some may catch what another may miss. SyBot and Ad-aware are peer
programs. They do the
> same thing but one may catch what the other misses. BHODemon is spoecific
to the non-viral
> malware class called Browser Helper Objects (BHO). These are similar yet
different to
> plug-ins to Internet Explorer. An example of a good BHO is the Acrobat
Reader. This way
> you can view a PDF file within IE. Bad BHO's will generate lots of IE
Pop-Ups, force you to
> go to poern sites or other web sites you don't want to go to, etc.
>
> When it comes to viral malware (Trojans are not really viruses but tend to
be classed that
> way) one needs to have one anti virus application installed and performing
what is known as
> "On Access" scanning. This is the process of scanning files written to or
read from the
> hard disk. This is different fro what is known as "On Demand" scanning.
This is when you
> specifically have AV software scan the entire computer or a specified area
of the computer
> (such as a folder or just one hard disk).
>
> One should have only one "On Access" scanner installed but you can use
multiple "On Demand"
> scanners. Reason being one may find what another may miss.
>
> "On Demand" scanners can be online scanners or the can be local scanners.
>
> Example online "On Demand" scanners...
>
> Trend:
> http://housecall.antivirus.com
> http://housecall.trendmicro.com
>
> F-Secure:
> http://support.f-secure.com/enu/home/ols.shtml
>
> McAfee:
> http://www.mcafee.com/myapps/mfs/default.asp
>
> Panda:
> http://www.pandasoftware.com/activescan/
>
> Kaspersky:
> http://www.kaspersky.com/de/scanforvirus
>
> Symantec:
> http://security.symantec.com/
>
> BitDefender
> http://www.bitdefender.com/scan/license.php
>
> Freedom Online scanner
> http://www.freedom.net/viruscenter/index.html
>
> The disadvantages of online scanners are...
> - dependence upon IE
> - requires Browser to be running
> - tend to only run in Normal Mode
> - some detect but don't remove infectors
>
> An example of a local "On Demand" scanner is my Multi AV scanning tool.
It provides AV
> scanners from; McAfee, Sophos and Trend Micro.
>
> The advantage are..
> - can be executed in Safe Mode
> - non-GUI scanners can be used in DOS and if the hard disk uses NTFS, one
can use NTFS4DOS
> - no dependency on IE or a browser being used
>
>
> Download MULTI_AV.EXE from the URL --
> http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
> It is a self-extracting ZIP file that contains the Kixtart Script
Interpreter {
> http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart
scripts, one Link
> (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and
WGET.EXE. It will
> simplify the process of using; Sophos, Trend and McAfee Anti Virus
Command Line Scanners to
> remove viruses, Trojans and various other malware.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in
Normal Mode. This
> way all the components can be downloaded from each AV vendor's web site.
> The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.
>
> You can choose to go to each menu item and just download the needed files
or you can
> download the files and perform a scan in Normal Mode. Once you have
downloaded the files
> needed for each scanner you want to use, you should reboot the PC into
Safe Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want
to run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal
Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help
> file.
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to
go through your
> FireWall to allow it to download the needed AV vendor related files.
>
> * * * Please report back your results * * *
>
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

Thank you very much Mr.Lipman.
This is also a very useful lecture to me on my way to CompTIA Security +
exam.

All the best!

Nick
A+, Network+, CNA

• Previous message: Hairy One Kenobi: "Re: Opera browser is not free..."
• In reply to: David H. Lipman: "Re: spyware"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]