[Sovkiller]

Edwood, for weird that it seems IIRC, Ad-ware is just to remove adware, and not spyware, Spybot, and similars are for spyware. BTW have you ever tried the microsoft last beta antispyware program, it works pretty good for more weird that it seems, and it has beaten all the ones I have used before, give it a shot it is free.....

 

[grandenigma1]

Quote:

Originally Posted by Sovkiller Edwood, for weird that it seems IIRC, Ad-ware is just to remove adware, and not spyware, Spybot, and similars are for spyware. BTW have you ever tried the microsoft last beta antispyware program, it works pretty good for more weird that it seems, and it has beaten all the ones I have used before, give it a shot it is free.....

as much as I dont want to admit it I would have to agree on the Microsoft Anti-spyware software being pretty good.

 

[Wodgy]

Quote:

Originally Posted by grandenigma1 as much as I dont want to admit it I would have to agree on the Microsoft Anti-spyware software being pretty good.

Microsoft AntiSpyware used to be pretty good, but it has changed recently. The latest version of MS AntiSpyware no longer flags Claria / Gator and several other spyware programs as a threat by default. (You can go into the options and change the default options with respect to these pieces of spyware, but the vast majority of users are not going to know enough to realize they have to change how the program is configured.)

For this reason, I no longer recommend Microsoft AntiSpyware to anyone. It's fine as a backup program, but it shouldn't be your only spyware detection software.

 

[YngwieJMalmsteen]

I saw that story, too, wodgy. I believe it went something like "microsoft buys gain advertising network, consequently declares it not spyware."

 

[Sovkiller]

This a software under development, a beta version, not sure how the definitive version will be, maybe they do not consider those as threads maybe they do (some other consider kazaa and edonkey as threads) and many of us uses them, who knows, anyway Gator is included in a huge variety of programs, that you choose to install or not, and for weird that it seems some people do choose to have them installed!!!!!

BTW they released even a new version today, but even though it still catches more spyware than any other I have tried considered as reliable antispyware programs, I used to have a couple installed, but honestly after I tried this one, no need, what the others missed, microsoft get it, so I have only this one and till now no problems to the date, the latest problem I had was running spybot, and it was a pain in the neck to get rid of it, anyway to try it will not harm anybody it is free....

 

[Wodgy]

Quote:

Originally Posted by YngwieJMalmsteen I saw that story, too, wodgy. I believe it went something like "microsoft buys gain advertising network, consequently declares it not spyware."

It's not just GAIN / Claria / Gator -- they made the change to a variety of other spyware programs as well. Claria got all the press because 1) it is the single most common piece of spyware on people's computers, and 2) Microsoft was reported to be considering purchasing Claria.

Quote:

This a software under development, a beta version, not sure how the definitive version will be, maybe they do not consider those as threads maybe they do

I don't care if it's under development or not. If it doesn't flag the single most common piece of spyware in its default configuration, I can't recommend it to anyone.

 

[aznsensazian]

If you are still getting anymore malware, etc and hijackthis doesnt do it for you, i suggest trying this trial version ewido security suite of which you can get here. Ive tried every spyware removal program out there, but only this security suite seem to solve my problem. I just tried the program out and after cleaning my system of suspicious ware, i uninstalled the trial program. Good Stuff imo.

 

[Edwood]

Quote:

Originally Posted by Wodgy 2) Microsoft was reported to be considering purchasing Claria.

Now this piece of news shows either a huuuuuge conflict of interest or a very powerful possible move by Microsoft.
If you can't beat em. Buy them out.

What I don't understand is how it is even legal for a reputed spyware company to even exist. The entire concept is an invasion of privacy and is in many cases outright theft. (well, where passwords and identity info is concerned).

-Ed

 

[Edwood]

Man, this experience has me very paranoid. I'm checking every PC for spyware with HiJackThis, regardless of whether they ever get used for surfing or not.

I've limited my user accounted to a Limited User for my "surfing machine", a.k.a. Ghetto Box. Which incidentally is the one that got the Spyware in the first place. Guess it did it's job and "took one for the team." That's why I'm not too terribly upset about having to nuke the drive.

I'm pretty happy that HiJackThis worked out so well.

Not to mention the education it and all of you have taught me.

-Ed

 

[Sovkiller]

Quote:

If it doesn't flag the single most common piece of spyware in its default configuration, I can't recommend it to anyone.

Regardless that apparent flaw (which could be customized as you wisely stated and BTW those two are not the most common, nor the most hard to get rid off) it stills gets a lot more spyware than many others, and it is absolutelly free, and they update it frequently, so I do still reco it, or at least reco to try it...

 

[1967cutlass]

Quote:

Originally Posted by Edwood Man, as careful as I am, looks like this install of Windows is toast. I've run Ad-Aware countless times. But everytime I launch IE, I get a whole bunch of pop ups, and every time I reboot, I get a whole bunch of them coming back, despite how many times Ad-Aware cleans them out. Looks like Spyware wins. Ad-Aware has been defeated. This is the first time I've had Ad-Aware been totally defeated. I don't know what else to do other than reinstall Windows. -Ed

didn't read thread but it made me lol.

 

[Stephonovich]

All the more reason to use a multi-OS setup. I now firmly believe in the Cult of Mac. My ideal setup would have a Windows box for gaming only - internet connectivity only for games. No browsing at all. A Mac for every day things like browsing, office applications, and the like. And finally, Linux for tinkering and developing.

Barring that, I concur with a limited user account for Windows. I really should set mine up that way, but I'm always too busy, or forget. I don't really have any problems anyway, as I'm an extremely cautious user. I'm sure it'd cut down even more, though. Browsing the internet with full admin rights is just asking for problems.

Oh, and as for Firefox incompatibility, the only problems I've ever had were Yahoo! Launch (and I found an Extension for that the other day), and Fox News site (have to get my entertainment somehow

. No video in Firefox. Other than that, it's never failed me.

 

[AlanY]

Quote:

Originally Posted by Stephonovich All the more reason to use a multi-OS setup. I now firmly believe in the Cult of Mac. My ideal setup would have a Windows box for gaming only - internet connectivity only for games. No browsing at all. A Mac for every day things like browsing, office applications, and the like.

I agree 100% with this. For someone like Edwood, who has a dedicated surfing machine, a Mac is perfect. It's also perfect for average people who can't be bothered with all this security stuff. I'm not one of the crazy Apple fanboys -- I own a bunch of Windows machines and just got my first Mac this year -- but the security situation is definitely nicer on the Mac. I was surprised actually. I'm going to get a Mac for my aging father, who is having real trouble keeping his Windows machine clean. He has both Norton and Zonealarm installed, and they just seem to fight each other and bog the (admittedly also aging) WinXP machine down.

The thing I worry about is not spyware per-se as much as invisible keystroke loggers. I remember reading in the Wall Street Journal a while ago that one fifth or more of identity theft was estimated to be related to spyware. Online banking/investing is pretty much a necessity for me, and I always worry that my Windows machines are not clean, since none of the anti-spyware software tools detects all spyware. I feel much safer on the Mac, given the improved security and given to date that there has not been a single piece of Mac spyware in the wild.

The Mac isn't for everyone, but if it's an option for you, it's worth considering.

 

[Ozric]

OK, my turn to get screwed now

A friend sent me a video clip which now refuses to get deleted, and now I get popups which obviously indicate spyware of some sort. I will post a HijackThis log shortly. Man I hope I don't need a clean reinstall of Windows.

 

[Ozric]

OK, could someone help me out here please?

Code:

[left]Logfile of HijackThis v1.99.1 Scan saved at 10:10:17 AM, on 7/31/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\PGPserv.exe C:\WINDOWS\System32\RioMSC.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\WINDOWS\System32\DeltTray.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\ctfmon.exe C:\Documents and Settings\Vikram Dravid\Desktop\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zmygyvvbvbybnytpxnhw.com/V8MlaQ3zKD1BMwTmbwiOHhkYORaOSCjWLz175ndqKiOHf3/wkksPyEOt6esVQ99q.jpg R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://registration.myway.com/login.jsp?app=em&return_url=http%3A%2F%2Fe2.email.myway.com%2F%3Fspeedbarconfigchanged R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O1 - Hosts: 64.91.255.87 www.dcsresearch.com O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\SYSTEM32\HDBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [DeltTray] DeltTray.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{176E8C88-3ACB-4402-A340-7BBE4DA26E06}: NameServer = 68.94.156.1 206.13.30.12 O17 - HKLM\System\CS1\Services\Tcpip\..\{176E8C88-3ACB-4402-A340-7BBE4DA26E06}: NameServer = 68.94.156.1 206.13.30.12 O20 - AppInit_DLLs: wbsys.dll OCMAPIHK.DLL O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\System32\PGPserv.exe O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Digital Networks North America, Inc. - (no file) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe[/left]