Re: spyware

From: Nick (psstcenter_at_shaw.ca)
Date: 09/26/05

  • Next message: Notan: "Re: Kerio 4.1.3 firewall and PGP 9.0.x"
    Date: Mon, 26 Sep 2005 14:27:19 GMT
    
    

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    news:_GRZe.5157$kH3.2145@trnddc01...
    > From: "Nick" <psstcenter@shaw.ca>
    >
    >
    > Replies are inline...
    >
    > |
    > | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    > | news:IfHZe.1283$qC4.545@trnddc02...
    > >> From: "Nick" <psstcenter@shaw.ca>
    > >>
    > |>> Please, can anyone help by explaining to me the following?
    Thanks
    > | in
    > |>> advance!
    > |>>
    > |>> Nick
    > |>>
    > |>> AlexaToolbar - Browser Plugin
    >
    >
    > Very minor data miner.
    >
    >
    > |>>
    > |>> RegistryKey - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
    > |>> Explorer\Extensions\{C95FE080-8F5D-11D2-A20B-00AA003C157A}\
    > |>>
    > |>> RegistryKey - HKEY_CURRENT_USER\Software\Microsoft\Internet
    > |>> Explorer\Extensions\CmdMapping\{C95FE080-8F5D-11D2-A20B-00AA003C157A}
    >
    >
    > Not sure what these are...
    >
    >
    > |>> Advertising - 3rd Party Cookie
    > |>>
    > |>> URL - Cookie:nick1@advertising.com/
    > |>>
    > |>> Atdmt - 3rd Party Cookie
    > |>>
    > |>> URL - Cookie:nick1@atdmt.com/
    > |>>
    > |>> Edge - 3rd Party Cookie
    > |>>
    > |>> URL - Cookie:nick1@edge.ru4.com/
    > |>>
    > |>> Fastclick - 3rd Party Cookie
    > |>>
    > |>> URL - Cookie:nick1@fastclick.net/
    > |>>
    > |>> Tribalfusion - 3rd Party Cookie
    > |>>
    >
    >
    > Cookies are the LEAST of all problems to worry about. I don't bother with
    cookies at all.
    >
    >
    >
    > >> Please download, install and update the following software...
    > |
    > | Will you please let me know briefly what does the above INFO mean?
    > | I just started the security + program and hope to learn this stuff in
    > | details later on.
    > | Installing ZA helped me delete all of the above, but I guess it's not
    > | enough.
    > |
    > >> Ad-aware SE v1.06
    > >> http://www.lavasoft.de/
    > >> http://www.lavasoftusa.com/
    > |
    > | It took me a while to find this file finally at
    > | http://www.download.com/3001-8022_4-10399602.html
    > |
    > >> SpyBot Search and Destroy v1.4
    > >> http://security.kolla.de/
    > |
    > | Found this file at
    > | http://hestia-ignite.com/hs/spybot/download/index.html
    >
    >
    >
    > I don't know if that is a legal mirror site and not a tampered version (I
    hope it isn't !)
    > http://security.kolla.de/ takes you to
    http://www.safer-networking.org/en/index.html
    >
    > And was it found right here...
    > http://www.safer-networking.org/en/download/index.html
    >
    >
    >
    > |
    > | Actually I had this program on my computer before and I uninstalled it.
    >
    >
    > You probably had an older version. The latest version of SpyBot S&D is
    v1.4.
    >
    >
    > |
    > >> After the software is updated, I suggest scanning the system in Safe
    Mode.
    > |
    > | Do you mean rebooting the computer in Safe Mode and then scanning the
    > | system? Why is that so important? ( hope you do not mind if I ask stupid
    > | questions)
    > | I scanned immediately and I received the following result:
    >
    >
    > Safe Mode is a limited version of the OS. It doesn't load as many Kernel
    files and doesn't
    > load user startup files. Thus when scanning in Safe Mode removal of
    malware has a greater
    > efficacy. This is due to the fact that there is less of a chance that the
    malware is
    > running at the time of the removal.
    >
    >
    > < snip >
    >
    > >> I also suggest downloading, installing and updating BHODemon for any
    > | Browser Helper Objects
    > >> that may be on the PC.
    > >>
    > >> BHODemon
    > >> http://www.definitivesolutions.com/bhodemon.htm
    > |
    > | Isn't it too much to have Symantec AntiVirus, ZA, Spybot, Ad-Ware and
    BHO
    > | Demon on my PC? Is there any single program that performs all the
    functions?
    > |
    > | I appreciate your help!
    > |
    > | Nick
    > |
    >
    > No not at all. Albeit I am no phan of Norton AV (Symantec AV is for
    Corp./enterprise use
    > and Norton AV is their retail product line).
    >
    > NAV/SAV - Anti Virus
    > ZA - FireWall
    > SpyBot S&D, Ad-aware SE and BHODemon - non-viral malware
    >
    > There is NO single program that it all. While there may be overlap in
    their application,
    > some may catch what another may miss. SyBot and Ad-aware are peer
    programs. They do the
    > same thing but one may catch what the other misses. BHODemon is spoecific
    to the non-viral
    > malware class called Browser Helper Objects (BHO). These are similar yet
    different to
    > plug-ins to Internet Explorer. An example of a good BHO is the Acrobat
    Reader. This way
    > you can view a PDF file within IE. Bad BHO's will generate lots of IE
    Pop-Ups, force you to
    > go to poern sites or other web sites you don't want to go to, etc.
    >
    > When it comes to viral malware (Trojans are not really viruses but tend to
    be classed that
    > way) one needs to have one anti virus application installed and performing
    what is known as
    > "On Access" scanning. This is the process of scanning files written to or
    read from the
    > hard disk. This is different fro what is known as "On Demand" scanning.
    This is when you
    > specifically have AV software scan the entire computer or a specified area
    of the computer
    > (such as a folder or just one hard disk).
    >
    > One should have only one "On Access" scanner installed but you can use
    multiple "On Demand"
    > scanners. Reason being one may find what another may miss.
    >
    > "On Demand" scanners can be online scanners or the can be local scanners.
    >
    > Example online "On Demand" scanners...
    >
    > Trend:
    > http://housecall.antivirus.com
    > http://housecall.trendmicro.com
    >
    > F-Secure:
    > http://support.f-secure.com/enu/home/ols.shtml
    >
    > McAfee:
    > http://www.mcafee.com/myapps/mfs/default.asp
    >
    > Panda:
    > http://www.pandasoftware.com/activescan/
    >
    > Kaspersky:
    > http://www.kaspersky.com/de/scanforvirus
    >
    > Symantec:
    > http://security.symantec.com/
    >
    > BitDefender
    > http://www.bitdefender.com/scan/license.php
    >
    > Freedom Online scanner
    > http://www.freedom.net/viruscenter/index.html
    >
    > The disadvantages of online scanners are...
    > - dependence upon IE
    > - requires Browser to be running
    > - tend to only run in Normal Mode
    > - some detect but don't remove infectors
    >
    > An example of a local "On Demand" scanner is my Multi AV scanning tool.
    It provides AV
    > scanners from; McAfee, Sophos and Trend Micro.
    >
    > The advantage are..
    > - can be executed in Safe Mode
    > - non-GUI scanners can be used in DOS and if the hard disk uses NTFS, one
    can use NTFS4DOS
    > - no dependency on IE or a browser being used
    >
    >
    > Download MULTI_AV.EXE from the URL --
    > http://www.ik-cs.com/programs/virtools/Multi_AV.exe
    >
    > It is a self-extracting ZIP file that contains the Kixtart Script
    Interpreter {
    > http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart
    scripts, one Link
    > (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and
    WGET.EXE. It will
    > simplify the process of using; Sophos, Trend and McAfee Anti Virus
    Command Line Scanners to
    > remove viruses, Trojans and various other malware.
    >
    > C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    > This will bring up the initial menu of choices and should be executed in
    Normal Mode. This
    > way all the components can be downloaded from each AV vendor's web site.
    > The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.
    >
    > You can choose to go to each menu item and just download the needed files
    or you can
    > download the files and perform a scan in Normal Mode. Once you have
    downloaded the files
    > needed for each scanner you want to use, you should reboot the PC into
    Safe Mode [F8 key
    > during boot] and re-run the menu again and choose which scanner you want
    to run in Safe
    > Mode. It is suggested to run the scanners in both Safe Mode and Normal
    Mode.
    >
    > When the menu is displayed hitting 'H' or 'h' will bring up a more
    comprehensive PDF help
    > file.
    >
    > To use this utility, perform the following...
    > Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    > Choose; Unzip
    > Choose; Close
    >
    > Execute; C:\AV-CLS\StartMenu.BAT
    > { or Double-click on 'Start Menu' in C:\AV-CLS }
    >
    > NOTE: You may have to disable your software FireWall or allow WGET.EXE to
    go through your
    > FireWall to allow it to download the needed AV vendor related files.
    >
    > * * * Please report back your results * * *
    >
    >
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >

    Thank you very much Mr.Lipman.
    This is also a very useful lecture to me on my way to CompTIA Security +
    exam.

    All the best!

    Nick
    A+, Network+, CNA


  • Next message: Notan: "Re: Kerio 4.1.3 firewall and PGP 9.0.x"