Spyware And Trojan Hunters

[Detlef]

my MS Win 2000 PC is infected with a trojan horse that resets various IE related registry entries (search, default and start pages, e.g.). It is evading TrendMicro OfficeScan (comes back as *clean*), and i do not want to install and run other virus protectors (Norton, McAfee). What to do? What are reputable trojan and spyware hunting tools? Preferably free, of course.... Any recommendations?

--Detlef

[Loves2Shoot]

webroot.com Spysweeper seems to do ok

[Shooter Grrl]

I had this happen once before, and it wasn't a trojan so NOTHIN caught it. I had to totally wipe out IE and reinstall it - yikes - do you know how hard it is to FIND everything IE infiltrates on your computer.

At any rate, it was provided by the online gambling site - it would appear when I signed up to play I "approved" the installation of this thing!

[yeahyeah]

Keep a "Ghost" of your hard drive around.

[MoNsTeR]

Best for spyware is Ad-Aware, http://www.lavasoftusa.com/

[EricW]

Spybot Search and Destroy is absolutely excellent. And free.

[statichead2k]

I use a combo of ad-aware and spybot, both were mentioned already and both are free from cnet.downloads.com. I found that one will find stuff the other did not. The key to either is making sure they are updated.

I also use an adblocking hosts file from http://www.everythingisnt.com/hosts.html Make sure you understand what the hosts file will do to your PC before you use it. Basically it makes your computer look for the ad websites on itself, when it cannot find them it gives up. It is real fun to go to MSN and see the banners missing and replaced with small versions of the page cannot be displayed error.

The last two pieces are norton AV corp edition, because it seems less invasive and more tuneable than the home editions. I also use the goggle toolbar that has a pop up blocker built in.

I spend my day removing this garbage from client computers for good money, and so far the stuff that I use at home seems to be the best...and all free except for norton.

[Merlin Orr]

Spyware Blaster from Wilder Security is my fave. When I first ran it it picked up over 500 spyware programs in my computer. I was shocked at the number. I also use Lava Soft's Ad Aware.

[Detlef]

thanks all. I used my fellow professional theorist EricW's suggestion. Spybot S&D got rid of it. Amazing how many things had collected!

--Detlef

[dajarrel]

I had a virus/trojan/what ever you call it attack my computer recently. What it did was change my internet default setting to some search engine and added 3 or 4 sites to my favorites. I tried one of the ad-ware programs and spybot S&D and it did no good. I was also running McAfee on startup and Norton periodically on demand..

To make a long story short, Windows XP professional has a system restore feature that will restore your computer back to a previous state from a previous save. I ran it and it took care of it. I have since added a pop-up blocker as I think that is where my problems started.

FWIW

dj

[SiG Lady]

My ISP just today recommended Spybot Search & Destroy. PC Magazine just recommended Spy Sweeper 2.2 in its most recent issue. The entire article (see page 79) is pretty interesting. They review at least a dozen spy blockers and admit that Spybot Search & Destroy is neck-and-neck with Spy Sweeper.

I think users have the option of making a donation to the Spybot folks if they wish, even though the product is free.

[Tony]

Tried many over the last year or so, concluding spybot is the best based upon my experiences, as it was highly recommended in a magazine I read few months back. Tried it and believe it’s the best so far. I have two computers at home, one is operated by a teenager, as she can attract every darn pop-up ad in the country I swear. Run spybot about once every week on both computers and you would be surprised how many tracking cookies you will find on your machine. Every time you run spybot, it will continuously block any repeating cookie which was immunized within your machine. Beware not to run adware with spybot. This should link you to: SpyBot

[ErikW]

Spybot Search & Destroy

[Detlef]

oh, and how come the offending executables all seem to end up in C:\WINNT and its subdirectories. Coudl such a trojan executable, in principle, contain a "del *.*", and if not, what is teh protection mechanism? I guess I revealed my ignorance...

--Detlef

[lmccrock]

Spybot has lots of attention; another product is Ad-aware. Here is a link to a comparison. Ad-aware seems to be better, and this review dings Spybot for some useability problems. But my installation of Spybot does not exhibit the problem they describe.

Detlef, yes, it could do "del *.*" or trash the registry or email itself out. Nothing can stop that sort of program once it is on your computer and launched; it is really more virus than just a trojan. So keep your virus software up to date. For me, it is worth paying the virus companies, for peace of mind if nothing else.

Lee

[Detlef]

is that really the unanimous agreement? Why, then, are virus protectors (I run Trendmicro, it catches some but apparently not all major known trojans) so much more geared towards e-mail attachment virus infections than against internet web browser-based trojans? I think I am missing some crucial piece of information here. And, of course, given the high level of malicious intent out there, why didn't anyone (or did they?) come up with HD erasing trojans yet?

--Detlef

[ErikW]

Spybot S&D's interface is hideous. It's not the sort of thing I'd leave up to my mother.

[lmccrock]

Spybot S&D's interface is hideous.

Certainly not to Microsoft's coding standards. My mother has IT help; I do not need such help

so much more geared towards e-mail attachment virus infections than against internet web browser-based trojans

An executeable delivered by html requests require a web server to host the malicious content, so a user gets it thinking it is something else. One way is for a hacker to change "good" content into something malicious. As soon as a "good" web host knows the content is malicious, it will be removed. Delivery of the malicious content will be stopped as soon as it discovered, so this method does not spread it very fast. Great for Spyware, bad for viruses.

The new "anti-virus" programs include spyware detection/removal, but I have not upgraded yet.

Lee

[Detlef]

My TrendMicro is totally up to date, and it does not catch much. McAfee was better in that respect. What specifically are you alluding to when you say

The new "anti-virus" programs

?

--Detlef

[mcoliver]

Not sure if this will help but I have one PC (running winXP) that connects to the net via dial-up. Every once in a while I get a message for automatic shut down because some win service (forgot the name of the service) was re-started. I updated the mcaffee DAT file and sure enough, it caught some virus (from the net provider probably) remotely running some "FTP" service in my machine. It tried running the FTP service several times while I was connected until I realized I failed to turn on firewall protection in the dial-up setup. Once turned on, the attacks stopped.

[benos]

Can't believe this hasn't been posted, yet, but, you could always switch to Mac.

No wait, if everyone did, then viruses for Macs would be more common.

[wide45]

Now you've done it. We might as well start talking religion too.

[stryfox]

I have been happy with spybot.

I run norton also

[aussieboy]

Detlef: You should check TrendMicro's website for a method to remove the trojan which means you need to know the name of it. They should have a method for removing it which sometimes includes more than just scanning.

I use Norton & have used McAfee and they give you the name of trojan or virus when they pick it up during scanning. When you go to their website they give a method of removal.

I had one that when it was deleted another file stored in another location on the computer would redownload the trojan when I went on line. Norton had the information to look for that file and delete it manually.

Good luck

[GRD]

The reason Norton, McAfee and Trend aren't picking it up is because it's not really a virus or virus-type trojan. You got your browser hijacked by a spyware parasite. Spyware is only now starting to come on the radar screen as a real threat, separate from viruses. Norton 2004 has some very half-assed support for finding this stuff, but you need to use dedicated parasite tools.

If anyone else is having problems (and if you don't run these types of scans regularly, you have problems, you just don't know it yet): the easiest answer is Ad-Aware. The next step up is to use AdAware and Spybot together, which is the way to go - run them both, one after the other. If you don't get satisfaction then, you can throw CWShredder at it and then if it's still not fixed, try HiJackThis! to manually dig out anything that's left over (HiJackThis! is a manual removal tool and it's pretty easy to screw things up with it, so be careful)

You can download the last two tools here:

http://www.spywareinfo.com/~merijn/

Spyware is awful. But with those 4 tools, you can pretty much nuke anything. Once you've got it cleaned out, AdAware is the easiest tool to continue to use every couple weeks to keep from having problems.

Be sure to update them before running the scans. AdAware and Spybot rely on updates, like a anti-virus program, and they are continually leapfrogging each other in what picks up more nasties. Best bet is just to run both of the them.

- Gabe