Re: spyware

From: Nick (psstcenter_at_shaw.ca)
Date: 09/26/05

  • Next message: Notan: "Re: Kerio 4.1.3 firewall and PGP 9.0.x"
    Date: Mon, 26 Sep 2005 14:27:19 GMT
    
    

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    news:_GRZe.5157$kH3.2145@trnddc01...
    > From: "Nick" <psstcenter@shaw.ca>
    >
    >
    > Replies are inline...
    >
    > |
    > | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    > | news:IfHZe.1283$qC4.545@trnddc02...
    > >> From: "Nick" <psstcenter@shaw.ca>
    > >>
    > |>> Please, can anyone help by explaining to me the following?
    Thanks
    > | in
    > |>> advance!
    > |>>
    > |>> Nick
    > |>>
    > |>> AlexaToolbar - Browser Plugin
    >
    >
    > Very minor data miner.
    >
    >
    > |>>
    > |>> RegistryKey - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
    > |>> Explorer\Extensions\{C95FE080-8F5D-11D2-A20B-00AA003C157A}\
    > |>>
    > |>> RegistryKey - HKEY_CURRENT_USER\Software\Microsoft\Internet
    > |>> Explorer\Extensions\CmdMapping\{C95FE080-8F5D-11D2-A20B-00AA003C157A}
    >
    >
    > Not sure what these are...
    >
    >
    > |>> Advertising - 3rd Party Cookie
    > |>>
    > |>> URL - Cookie:nick1@advertising.com/
    > |>>
    > |>> Atdmt - 3rd Party Cookie
    > |>>
    > |>> URL - Cookie:nick1@atdmt.com/
    > |>>
    > |>> Edge - 3rd Party Cookie
    > |>>
    > |>> URL - Cookie:nick1@edge.ru4.com/
    > |>>
    > |>> Fastclick - 3rd Party Cookie
    > |>>
    > |>> URL - Cookie:nick1@fastclick.net/
    > |>>
    > |>> Tribalfusion - 3rd Party Cookie
    > |>>
    >
    >
    > Cookies are the LEAST of all problems to worry about. I don't bother with
    cookies at all.
    >
    >
    >
    > >> Please download, install and update the following software...
    > |
    > | Will you please let me know briefly what does the above INFO mean?
    > | I just started the security + program and hope to learn this stuff in
    > | details later on.
    > | Installing ZA helped me delete all of the above, but I guess it's not
    > | enough.
    > |
    > >> Ad-aware SE v1.06
    > >> http://www.lavasoft.de/
    > >> http://www.lavasoftusa.com/
    > |
    > | It took me a while to find this file finally at
    > | http://www.download.com/3001-8022_4-10399602.html
    > |
    > >> SpyBot Search and Destroy v1.4
    > >> http://security.kolla.de/
    > |
    > | Found this file at
    > | http://hestia-ignite.com/hs/spybot/download/index.html
    >
    >
    >
    > I don't know if that is a legal mirror site and not a tampered version (I
    hope it isn't !)
    > http://security.kolla.de/ takes you to
    http://www.safer-networking.org/en/index.html
    >
    > And was it found right here...
    > http://www.safer-networking.org/en/download/index.html
    >
    >
    >
    > |
    > | Actually I had this program on my computer before and I uninstalled it.
    >
    >
    > You probably had an older version. The latest version of SpyBot S&D is
    v1.4.
    >
    >
    > |
    > >> After the software is updated, I suggest scanning the system in Safe
    Mode.
    > |
    > | Do you mean rebooting the computer in Safe Mode and then scanning the
    > | system? Why is that so important? ( hope you do not mind if I ask stupid
    > | questions)
    > | I scanned immediately and I received the following result:
    >
    >
    > Safe Mode is a limited version of the OS. It doesn't load as many Kernel
    files and doesn't
    > load user startup files. Thus when scanning in Safe Mode removal of
    malware has a greater
    > efficacy. This is due to the fact that there is less of a chance that the
    malware is
    > running at the time of the removal.
    >
    >
    > < snip >
    >
    > >> I also suggest downloading, installing and updating BHODemon for any
    > | Browser Helper Objects
    > >> that may be on the PC.
    > >>
    > >> BHODemon
    > >> http://www.definitivesolutions.com/bhodemon.htm
    > |
    > | Isn't it too much to have Symantec AntiVirus, ZA, Spybot, Ad-Ware and
    BHO
    > | Demon on my PC? Is there any single program that performs all the
    functions?
    > |
    > | I appreciate your help!
    > |
    > | Nick
    > |
    >
    > No not at all. Albeit I am no phan of Norton AV (Symantec AV is for
    Corp./enterprise use
    > and Norton AV is their retail product line).
    >
    > NAV/SAV - Anti Virus
    > ZA - FireWall
    > SpyBot S&D, Ad-aware SE and BHODemon - non-viral malware
    >
    > There is NO single program that it all. While there may be overlap in
    their application,
    > some may catch what another may miss. SyBot and Ad-aware are peer
    programs. They do the
    > same thing but one may catch what the other misses. BHODemon is spoecific
    to the non-viral
    > malware class called Browser Helper Objects (BHO). These are similar yet
    different to
    > plug-ins to Internet Explorer. An example of a good BHO is the Acrobat
    Reader. This way
    > you can view a PDF file within IE. Bad BHO's will generate lots of IE
    Pop-Ups, force you to
    > go to poern sites or other web sites you don't want to go to, etc.
    >
    > When it comes to viral malware (Trojans are not really viruses but tend to
    be classed that
    > way) one needs to have one anti virus application installed and performing
    what is known as
    > "On Access" scanning. This is the process of scanning files written to or
    read from the
    > hard disk. This is different fro what is known as "On Demand" scanning.
    This is when you
    > specifically have AV software scan the entire computer or a specified area
    of the computer
    > (such as a folder or just one hard disk).
    >
    > One should have only one "On Access" scanner installed but you can use
    multiple "On Demand"
    > scanners. Reason being one may find what another may miss.
    >
    > "On Demand" scanners can be online scanners or the can be local scanners.
    >
    > Example online "On Demand" scanners...
    >
    > Trend:
    > http://housecall.antivirus.com
    > http://housecall.trendmicro.com
    >
    > F-Secure:
    > http://support.f-secure.com/enu/home/ols.shtml
    >
    > McAfee:
    > http://www.mcafee.com/myapps/mfs/default.asp
    >
    > Panda:
    > http://www.pandasoftware.com/activescan/
    >
    > Kaspersky:
    > http://www.kaspersky.com/de/scanforvirus
    >
    > Symantec:
    > http://security.symantec.com/
    >
    > BitDefender
    > http://www.bitdefender.com/scan/license.php
    >
    > Freedom Online scanner
    > http://www.freedom.net/viruscenter/index.html
    >
    > The disadvantages of online scanners are...
    > - dependence upon IE
    > - requires Browser to be running
    > - tend to only run in Normal Mode
    > - some detect but don't remove infectors
    >
    > An example of a local "On Demand" scanner is my Multi AV scanning tool.
    It provides AV
    > scanners from; McAfee, Sophos and Trend Micro.
    >
    > The advantage are..
    > - can be executed in Safe Mode
    > - non-GUI scanners can be used in DOS and if the hard disk uses NTFS, one
    can use NTFS4DOS
    > - no dependency on IE or a browser being used
    >
    >
    > Download MULTI_AV.EXE from the URL --
    > http://www.ik-cs.com/programs/virtools/Multi_AV.exe
    >
    > It is a self-extracting ZIP file that contains the Kixtart Script
    Interpreter {
    > http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart
    scripts, one Link
    > (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and
    WGET.EXE. It will
    > simplify the process of using; Sophos, Trend and McAfee Anti Virus
    Command Line Scanners to
    > remove viruses, Trojans and various other malware.
    >
    > C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    > This will bring up the initial menu of choices and should be executed in
    Normal Mode. This
    > way all the components can be downloaded from each AV vendor's web site.
    > The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.
    >
    > You can choose to go to each menu item and just download the needed files
    or you can
    > download the files and perform a scan in Normal Mode. Once you have
    downloaded the files
    > needed for each scanner you want to use, you should reboot the PC into
    Safe Mode [F8 key
    > during boot] and re-run the menu again and choose which scanner you want
    to run in Safe
    > Mode. It is suggested to run the scanners in both Safe Mode and Normal
    Mode.
    >
    > When the menu is displayed hitting 'H' or 'h' will bring up a more
    comprehensive PDF help
    > file.
    >
    > To use this utility, perform the following...
    > Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    > Choose; Unzip
    > Choose; Close
    >
    > Execute; C:\AV-CLS\StartMenu.BAT
    > { or Double-click on 'Start Menu' in C:\AV-CLS }
    >
    > NOTE: You may have to disable your software FireWall or allow WGET.EXE to
    go through your
    > FireWall to allow it to download the needed AV vendor related files.
    >
    > * * * Please report back your results * * *
    >
    >
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >

    Thank you very much Mr.Lipman.
    This is also a very useful lecture to me on my way to CompTIA Security +
    exam.

    All the best!

    Nick
    A+, Network+, CNA


  • Next message: Notan: "Re: Kerio 4.1.3 firewall and PGP 9.0.x"

    Relevant Pages

    • Re: Homepage keeps resetting itself
      ... > Is there some sort of idiots method, i.e. download an *.exe, run it, ... >>>difficult CWS parasite variants to remove. ... >>>using a malware provider's uninstall, ... >>>All of these removal tools should be run from Safe mode when possible. ...
      (microsoft.public.windows.inetexplorer.ie6.browser)
    • Re: Getting a warning NOTICE
      ... Do you wnat to injstall AntiSpware Suite to scan your PC for malware now? ... To go back to Normal Mode, ... A description of the Safe Mode Boot options in Windows XP ... You can choose to go to each menu item and just download the needed files ...
      (microsoft.public.windowsxp.general)
    • Re: Trojan Worry XP Home
      ... > 1) Dump the contents of your IE cache - ... > download the files and perform a scan in Normal Mode. ... > needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key ... It is suggested to run the scanners in both Safe Mode and Normal Mode. ...
      (microsoft.public.windowsxp.general)
    • Re: Malware
      ... It is possible that is how you got infected with malware. ... Please download, install and update the following software... ... I suggest scanning the system in Safe Mode. ... needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key ...
      (microsoft.public.windowsxp.security_admin)
    • Re: VIRUS: W32.Desktophijack infected /windows/system32/wininet.DLL
      ... The following tool provides scanners for; ... This will bring up the initial menu of choices and should be executed in Normal Mode. ... You can choose to go to each menu item and just download the needed files or you can ... needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key ...
      (microsoft.public.windowsxp.general)