Re: Recurring Spyware
- From: "Shenan Stanley" <newshelper@xxxxxxxxx>
- Date: Sun, 7 May 2006 13:35:21 -0500
Karl in Scottsdale wrote:
<snip>
Furthermore, you are suggesting that the Tech Support folks at MS,<snip>
having spent much time helping me clean my system in detail using
probably most of the steps outlined in Stanley Shenan's reply to my
post, are incompetent - and they left some Spy Ware somewhere on my
system that magically 'woke-up' 3-days later to attempt to
re-infect my system?
Did they have you install at least five (5) of the antispyware applications
from the list I posted?
Did you run HijackThis! and/or CWShredder? Spybot Search and Destroy? Any
antivirus application that is not currently installed on your system?
IE-SpyAD and SpywareBlaster?
If not - then yes, there are two possibilities - if you have been reinfected
and they walked you through steps to clean up and prevent your machine from
becoming re-infected - then those you talked to are incompetent and if you
paid for their services you got taken.. OR you are doing something unique
on this one machine of yours to continue to become re-infected.
I assure you, Panda, after the second Spy Ware event, there is no
way in h*** that I knowingly or unknowingly installed Spy Ware on
my computer. My Zone Alarm is now set to the highest protection
possible, Ad-Aware and Ad-Watch are running full time, SpyBot S&D
resident is NOW (since yesterday) running full time, and I have the
most up to date version and definitions for Norton Anti Virus, as
well as a fully current version of IE.
Yes - that is a good bit of protection.
You have a decent firewall, if it has been kept up (meaning it is the latest
version - fully patched from its manufacturer..) and you have it properly
configured and at some point didn't (unknowingly - while typing and possibly
not looking directly at the screen) happen to press ENTER on allowing
something through your firewall and so now - whatever it is has an open-door
on your computer. Those questions can pop-up and you accidentally click on
allow or *yes* fairly quickly and easily - so checking your configuration
manually every so often is a good idea with firewalls.
You have Lavasoft's Ad-Aware full version.. cool. That's not too bad of a
protection (live) mechanism - although to be honest - as far as active
resident protection goes - I don't run any on 99% of the machines I manage
or have helped clean. Spybot Search and Destroy 1.4's immunization is
passive and
I don't browse porn sites, I don't open email that contains
attachments (unless I know the sender and expect an attachment).
This computer had been perfect prior to the initial Browser Hijack
event, and I have always been as cautious as I know how to be - the
browser hijack was the result of an impatient 'click' while
researching information on the web. hastily, I tried to click no on
something and wham!
Which is how it always happens to those who get infected. Wise surfers or
not. There is always a point where you weren't thinking straight or clicked
on something that popped up incorrectly/hastily/without proper thought.. Or
someone else used the computer. I know - it did happen to me once. Wasn't
thinking, had too many things on my mind, was trying to locate something to
help fix a problem for someone so some of the sites I was surfing were not
my normal list - and I had a popup ask me something - to which I answered..
And I swear to you, it was the exact moment that I clicked the wrong thing
that I KNEW I had done the wrong thing - and I spent that afternoon cleaning
my OWN PC.
Lastly, I appreciate everyone's help and input, but there is no way
I am downloading anything from anyone's website unless I am
speaking DIRECTLY to a MS Support person and they say it's OK to do
so, but thanks anyways to those with sincere good intentions.
*sigh*
While I commend you on having a line you will not cross.. If Microsoft's
Antispyware product actually worked - you would have it installed by now -
right? You also would not have come here - a peer-to-peer newsgroup - for
assistance if you were not open to external suggestion. You asked those in
this peer-to-peer newsgroup for help - and it was given ten-fold. I can
appreciate your hesitance in installing and using many of these third party
products - but the good part is that you don't have to necessarily "take us
at our word". You have search engines like "Google groups" that you can use
to do your own research. You can even look back and see how long the same
products have been recommended over and over and over and how many times
anyone came back and said "after I used that - my machine ran like crap on a
stick!"
In the end, I find it staggeringly paradoxical, that no programmer
anywhere on earth, can write a program that can literally stop in
it's tracks, any software from installing itself on MY COMPUTER,
REGARDLESS of the tricks they use (no means yes, etc) without ME
saying it's OK! In other words, kids, I should NOT have to rely on
the software that is trying or succeeding at installing itself to
STOP the Install - WINDOWS should have its OWN app that will LOCK
the registry and LOCK whatever loopholes these folks use to access
people's computers - so get to work on it.
Yes - in a perfect world - gas would just hydrate into your car while you
slept, roaches would not get into your home, ants would never get into your
yard or flower garden, weeds would only grow on un-owned properties,
hurricanes and other destructive storms would only hit un-populated areas
and there would be a perfect operating system and you would never need to
upgrade it or your computer hardware.
Unfortunately (or fortunately - if you bore easily) - nothing is perfect and
there is always someone who believes they are trying to make things more
perfect by exploiting the holes they find or those who think they will be
famous/infamous if they bring down hundreds of thousands of computers or
just those who are greedy enough to find a way to invade your privacy and
make a buck doing it.
Maybe - someday - there will be a perfect OS with its one line of
public-domain code that leaves nothing for anyone to exploit. For now - all
we have is OSes with millions/billions of lines of code and even if it is
all public-domain - that doesn't make it safe. We have people with nothing
better to do but find and exploit flaws - no matter their reasoning.
The best part about "now" though - is that you also have people who are
honestly trying to make things better. You have those who help people close
the holes and flaws that are found - whether for pay or for free. You have
more and more people who are willing to take the time to learn to do so.
Those here - in the peer-to-peer newsgroups - can only offer help. Most of
them do it for free and based off their own experiences. Most of them run
into the same problems you posted about almost every week - or they wouldn't
bother volunteering their free time and effort to reply to your problem (as
that would be a waste of their own free time.) And for any of them that you
doubt - the tools (like Google Groups) are at your disposal to verify what
they say is true and that their advice has not harmed anyone in the past.
I hope you take the advice given here and go through your current setup and
thoroughly clean it. Can anyone here guarantee 100% cleanup? Nope - but
from our experiences - each of us have been close enough to that success
rate to continue recommending our methods.. And if you utilize more than one
of our methods - all you lose is time and you will then be able to say that
you have truly tried everything.
Feel nervous about utilizing some third party applications? Do what you
should always do when installing something on your computer.. back it up.
Get a third-party imaging applications (like Symantec Ghost, etc.) and make
an exact image of your system - then clean it using the methods here. You
will take a day to go through them all (if you have a decent internet
connection) and you will be able to do so without fear. When it is all said
and done - use the computer - see if the infection is gone, see if it comes
back after a few weeks - maintaining your file/folder backup scheme the
whole time - separate from the imaging - and then come back and report to us
how things went.
If it works - then you are happier - you spent a day cleaning up, you did so
without fear because of the backups and it worked! If it doesn't work and
you get "re-infested", then you can come back and honestly say "I did
everything on XXXX and XXXXXX's lists - and although my machine was clean
for a week - I now get this.. (And be specific - tell us exactly what you
are seeing so that people can either offer up other suggestions and/or
actually have the information they would need to help you.)
That's all any of us can do here - give you the suggestions that we have
used/seen work over and over and over. Whether or not you take this advice
is always up to you. Remember - you came to us and asked us how to clean up
your machine and why these problems kept coming back on this machine - so we
answered what you asked to the best of our ability.
I wish you luck on ridding your system of whatever is infesting it and
properly maintaining it so it does not get infested with something later.
--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
.
- Follow-Ups:
- Re: Recurring Spyware
- From: cquirke (MVP Windows shell/user)
- Re: Recurring Spyware
- Prev by Date: RE: Recurring Spyware
- Next by Date: Re: deleted user remains
- Previous by thread: RE: Recurring Spyware
- Next by thread: Re: Recurring Spyware
- Index(es):
Relevant Pages
|
|
