Jump to content
Brian Enos's Forums... Maku mozo!

Spyware And Trojan Hunters

Detlef
 Share

Recommended Posts

Detlef Finally read the FAQs

Detlef

Posted
Posted

my MS Win 2000 PC is infected with a trojan horse that resets various IE related registry entries (search, default and start pages, e.g.). It is evading TrendMicro OfficeScan (comes back as *clean*), and i do not want to install and run other virus protectors (Norton, McAfee). What to do? What are reputable trojan and spyware hunting tools? Preferably free, of course.... :) Any recommendations?

--Detlef

Link to comment
Share on other sites
Shooter Grrl Sees Sights Lift

Shooter Grrl

Posted
Posted

I had this happen once before, and it wasn't a trojan so NOTHIN caught it. I had to totally wipe out IE and reinstall it - yikes - do you know how hard it is to FIND everything IE infiltrates on your computer.

At any rate, it was provided by the online gambling site - it would appear when I signed up to play I "approved" the installation of this thing!

Link to comment
Share on other sites
statichead2k Looks for Range

statichead2k

Posted
Posted

I use a combo of ad-aware and spybot, both were mentioned already and both are free from cnet.downloads.com. I found that one will find stuff the other did not. The key to either is making sure they are updated.

I also use an adblocking hosts file from http://www.everythingisnt.com/hosts.html Make sure you understand what the hosts file will do to your PC before you use it. Basically it makes your computer look for the ad websites on itself, when it cannot find them it gives up. It is real fun to go to MSN and see the banners missing and replaced with small versions of the page cannot be displayed error.

The last two pieces are norton AV corp edition, because it seems less invasive and more tuneable than the home editions. I also use the goggle toolbar that has a pop up blocker built in.

I spend my day removing this garbage from client computers for good money, and so far the stuff that I use at home seems to be the best...and all free except for norton.

Link to comment
Share on other sites
dajarrel Calls Shots

dajarrel

Posted
Posted

I had a virus/trojan/what ever you call it attack my computer recently. What it did was change my internet default setting to some search engine and added 3 or 4 sites to my favorites. I tried one of the ad-ware programs and spybot S&D and it did no good. I was also running McAfee on startup and Norton periodically on demand..

To make a long story short, Windows XP professional has a system restore feature that will restore your computer back to a previous state from a previous save. I ran it and it took care of it. I have since added a pop-up blocker as I think that is where my problems started.

FWIW

dj

Link to comment
Share on other sites
SiG Lady Calls Shots

SiG Lady

Posted
Posted

My ISP just today recommended Spybot Search & Destroy. PC Magazine just recommended Spy Sweeper 2.2 in its most recent issue. The entire article (see page 79) is pretty interesting. They review at least a dozen spy blockers and admit that Spybot Search & Destroy is neck-and-neck with Spy Sweeper. :ph34r:

I think users have the option of making a donation to the Spybot folks if they wish, even though the product is free.

Link to comment
Share on other sites
Tony Looks for Range

Tony

Posted
Posted

Tried many over the last year or so, concluding spybot is the best based upon my experiences, as it was highly recommended in a magazine I read few months back. Tried it and believe it’s the best so far. I have two computers at home, one is operated by a teenager, as she can attract every darn pop-up ad in the country I swear. Run spybot about once every week on both computers and you would be surprised how many tracking cookies you will find on your machine. Every time you run spybot, it will continuously block any repeating cookie which was immunized within your machine. Beware not to run adware with spybot. This should link you to: SpyBot

Link to comment
Share on other sites
  • 2 weeks later...
Detlef Finally read the FAQs

Detlef

Posted
  • Author
Posted

oh, and how come the offending executables all seem to end up in C:\WINNT and its subdirectories. Coudl such a trojan executable, in principle, contain a "del *.*", and if not, what is teh protection mechanism? I guess I revealed my ignorance...

--Detlef

Link to comment
Share on other sites
lmccrock Looks for Range

lmccrock

Posted
Posted

Spybot has lots of attention; another product is Ad-aware. Here is a link to a comparison. Ad-aware seems to be better, and this review dings Spybot for some useability problems. But my installation of Spybot does not exhibit the problem they describe.

Detlef, yes, it could do "del *.*" or trash the registry or email itself out. Nothing can stop that sort of program once it is on your computer and launched; it is really more virus than just a trojan. So keep your virus software up to date. For me, it is worth paying the virus companies, for peace of mind if nothing else.

Lee

Link to comment
Share on other sites
Detlef Finally read the FAQs

Detlef

Posted
  • Author
Posted

is that really the unanimous agreement? Why, then, are virus protectors (I run Trendmicro, it catches some but apparently not all major known trojans) so much more geared towards e-mail attachment virus infections than against internet web browser-based trojans? I think I am missing some crucial piece of information here. And, of course, given the high level of malicious intent out there, why didn't anyone (or did they?) come up with HD erasing trojans yet?

--Detlef

Link to comment
Share on other sites
lmccrock Looks for Range

lmccrock

Posted
Posted
Spybot S&D's interface is hideous.

Certainly not to Microsoft's coding standards. My mother has IT help; I do not need such help :P:P:P

so much more geared towards e-mail attachment virus infections than against internet web browser-based trojans

An executeable delivered by html requests require a web server to host the malicious content, so a user gets it thinking it is something else. One way is for a hacker to change "good" content into something malicious. As soon as a "good" web host knows the content is malicious, it will be removed. Delivery of the malicious content will be stopped as soon as it discovered, so this method does not spread it very fast. Great for Spyware, bad for viruses.

The new "anti-virus" programs include spyware detection/removal, but I have not upgraded yet.

Lee

Link to comment
Share on other sites
mcoliver Looks for Target

mcoliver

Posted
Posted

Not sure if this will help but I have one PC (running winXP) that connects to the net via dial-up. Every once in a while I get a message for automatic shut down because some win service (forgot the name of the service) was re-started. I updated the mcaffee DAT file and sure enough, it caught some virus (from the net provider probably) remotely running some "FTP" service in my machine. It tried running the FTP service several times while I was connected until I realized I failed to turn on firewall protection in the dial-up setup. Once turned on, the attacks stopped. ;)

Link to comment
Share on other sites
  • 1 month later...
aussieboy Looks for Range

aussieboy

Posted
Posted

:o Detlef: You should check TrendMicro's website for a method to remove the trojan which means you need to know the name of it. They should have a method for removing it which sometimes includes more than just scanning.

I use Norton & have used McAfee and they give you the name of trojan or virus when they pick it up during scanning. When you go to their website they give a method of removal.

I had one that when it was deleted another file stored in another location on the computer would redownload the trojan when I went on line. Norton had the information to look for that file and delete it manually.

Good luck :)

Link to comment
Share on other sites
GRD Looks for Range

GRD

Posted
Posted

The reason Norton, McAfee and Trend aren't picking it up is because it's not really a virus or virus-type trojan. You got your browser hijacked by a spyware parasite. Spyware is only now starting to come on the radar screen as a real threat, separate from viruses. Norton 2004 has some very half-assed support for finding this stuff, but you need to use dedicated parasite tools.

If anyone else is having problems (and if you don't run these types of scans regularly, you have problems, you just don't know it yet): the easiest answer is Ad-Aware. The next step up is to use AdAware and Spybot together, which is the way to go - run them both, one after the other. If you don't get satisfaction then, you can throw CWShredder at it and then if it's still not fixed, try HiJackThis! to manually dig out anything that's left over (HiJackThis! is a manual removal tool and it's pretty easy to screw things up with it, so be careful)

You can download the last two tools here:

http://www.spywareinfo.com/~merijn/

Spyware is awful. But with those 4 tools, you can pretty much nuke anything. Once you've got it cleaned out, AdAware is the easiest tool to continue to use every couple weeks to keep from having problems.

Be sure to update them before running the scans. AdAware and Spybot rely on updates, like a anti-virus program, and they are continually leapfrogging each other in what picks up more nasties. Best bet is just to run both of the them.

- Gabe

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
  • advertisement_alt
  • advertisement_alt
  • advertisement_alt


×
×
  • Create New...