OT: Ugh Spyware and IE Explorer

[wheresgrant3]

About a month ago I loaned a spare IBM Thinkpad to my girlfriend's brother while his PC was out of commission and it came back over flowing with spy and ad ware. In fact it was so bad that I could barely run IE (one window would take minutes to load and consume 100% of my CPU). I spent over 4 hours stripping layer upon layer of malovent software from my registry. I was using Spybot Search and Destroy. It originally identified 227 troubled files. I widdled it down to 31, and then the program just stopped working. After every scan it would identify 31 'objects' and then crash while removing them. When I ran another scan using Ad-aware it identified another 180 programs, cookies, and registry links that needed to be destroyed. It was actually a bit of fun. I was kind of like killing a large ant hill with a can of RAID. Everytime a new program would be identified I would rush to remove it.

 

 

What blows my mind is how loaded this machine had become just after one month of unprotected surfing. I surf the same 10-12 sites... some music forums (here, Tweakheadz.com), some online music stores (zzsounds, americanmusical), some news sites (CNN, MSNBC, FOX) and finally some special interest sites (espn, IMDB). Other than blogs, it's rare that I surf outside the mainstream. I mean how much scumware do you have to come across to infect a system with 225 malovent programs. Ugh!

 

I felt like I loaned him my car and he smoked in it the entire time.

 

This entire incident has finally motivated me to download Mozilla's Firefox. So far it's great... a bit slow loading, but no pop ads or unsolicited home page hijacks

[Yoozer]

Slow loading? As in pages are slow loading (which I don't think is possible) or slow in booting up? If it's the latter, keep in mind that IE is heavily integrated with Windows, and that the Windows Explorer (or default shell) prepares a lot of stuff so IE starts up nicely.

 

As for your gf's brother, send him a nice note saying "Thanks for looking at porn and crapping my computer".

 

I also recommend SpySweeper - apparently it can find stuff Spybot and Ad-Aware can't. Spybot has as an advantage that it can immunize, though.

 

I've narrowed down the checks for spyware to once every 2 weeks, and thanks to the "immunize" system I haven't had -anything- for already 2 months or so. Viruses - same thing. Just a checkup every 2 weeks w/ Panda online - and nothing found.

[Puta]

maybe he'd installed some trojan. that would explain the ridiculous amount of spyware.

 

these trojan programmers get more sneaky every day. a few weeks ago i was searching for song lyrics and got lots of irritating popups on some sites. some of them were those small screens saying "do you want to close this window?" with yes and no buttons. now normally i don't press any buttons in popups, but with these the 'closing cross' in the right upper corner didn't work. so i pressed 'yes' and suddenly i had a trojan and some spyware on my computer

luckily my firewall prevented it from downloading more spyware from the website, but i had to spend about an hour totally removing everything.

[cybermooks]

I agree that is probably a Trojan. Same thing happened on my wife's portable. Some are sneaky enough to send a message that if you don't want this click this to remove, but it just adds more {censored}.

 

You can easily locate the Trojan though if you go to the Control Panel and bring up Add/Remove Programs. It is installed as a program. Then just go through the list and carefully remove stuff there that you didn't install, only be careful you don't remove any system or MS files by mistake.

 

You don't get this on a Mac by the way.

[Puta]

heh, mac did have the first id3 tag trojan

[Allerian]

We just had another go-round with popups from "xlime". The only way I've found to get away from that one is to do an XP system rollback. My oldest does endless searches for video game music and ends up with spyware more than anyone I've ever met. (and not from porn sites - we wisely keep the computer in the living room, monitor facing the spot where we all chill in the evening) And yup, we use the same three tools mentioned here already - good stuff.

 

Sorta on the same topic, I also run TrueActive - allowing me to review any chat or other typing that occured on the machine. I prefer confronting problems before they start - because big brother is actually pretty cool, when it's You.

[jigg]

Firefox

IE sux0rs.

[Yoozer]

Originally posted by Allerian My oldest does endless searches for video game music and ends up with spyware more than anyone I've ever met. (and not from porn sites - we wisely keep the computer in the living room, monitor facing the spot where we all chill in the evening) And yup, we use the same three tools mentioned here already - good stuff.

He should check out the video game music remixes, then . It also helps a lot (in XP) to give everyone unless there's a good reason to do otherwise a simple User account instead of an Administrator account; XP Home does this by default when setting up, the first 5 names you give up to the system all become admins (stupid, stupid, stupid).

[cybermooks]

Puta that's interesting. Do you know of a Mac program that zaps spyware?

[scubyfan]

I use IE. No problems ever. Mozilla sucks. F*** open source.

 

The end.

[Puta]

 

Originally posted by cybermooks Puta that's interesting. Do you know of a Mac program that zaps spyware?

 

 

don't seem to be much of those...

 

check this out:

 

http://www.unwantedlinks.com/macsupport.htm

 

more info on the id3 trojan:

 

http://www.macnn.com/news/24174

[mytee2.0]

Originally posted by jigg Firefox IE sux0rs.

 

I have no freaking idea why people continue to use IE

[scubyfan]

Originally posted by myteeGTi I have no freaking idea why people continue to use IE

 

It's retro, yo!

[GigMan]

Originally posted by scubyfan I use IE. No problems ever. Mozilla sucks. F*** open source. The end.

 

scoob -

You must be joking, eh?

 

IE is the biggest, bloatiest (hey, I think I just coined a word? ) piece of crap I've ever seen - oh, next to Windows itself, of course.

 

I say this from many annoying hours as a "I.T. Guy!" for a public school system - where we run Windows 95, Windows 98, Windows 2000, Windows ME, and Windows XP.

 

If Microsoft were a car manufacturer, they'd have all their OS'es recalled already...

 

And while we're on the subject - WHY does an operating system (WinXP) have to include EVERY FRIGGIN' DRIVER UNDER THE SUN!!

 

Yes, on the one hand - it is convenient, 'cause you can set up Plug + Play devices without breaking a sweat: XP recognizes them almost instantly.

 

But the truth is: it's not that hard to install printer drivers and I'd rather have the responsibility to do it myself so that I ONLY have the ones I need install - wouldn't that eliminate some of the Windows BLOAT...

[GigMan]

Originally posted by wheresgrant3 About a month ago I loaned a spare IBM Thinkpad to my girlfriend's brother while his PC was out of commission and it came back over flowing with spy and ad ware. In fact it was so bad that I could barely run IE (one window would take minutes to load and consume 100% of my CPU). I spent over 4 hours stripping layer upon layer of malovent software from my registry. I was using Spybot Search and Destroy. It originally identified 227 troubled files. I widdled it down to 31, and then the program just stopped working. After every scan it would identify 31 'objects' and then crash while removing them. When I ran another scan using Ad-aware it identified another 180 programs, cookies, and registry links that needed to be destroyed. It was actually a bit of fun. I was kind of like killing a large ant hill with a can of RAID. Everytime a new program would be identified I would rush to remove it. What blows my mind is how loaded this machine had become just after one month of unprotected surfing. I surf the same 10-12 sites... some music forums (here, Tweakheadz.com), some online music stores (zzsounds, americanmusical), some news sites (CNN, MSNBC, FOX) and finally some special interest sites (espn, IMDB). Other than blogs, it's rare that I surf outside the mainstream. I mean how much scumware do you have to come across to infect a system with 225 malovent programs. Ugh! I felt like I loaned him my car and he smoked in it the entire time. This entire incident has finally motivated me to download Mozilla's Firefox. So far it's great... a bit slow loading, but no pop ads or unsolicited home page hijacks

 

Grant -

I did the same exact thing on a PC at work w/Spybot - and had the same sort of thought. Instead of the "anthill" analogy, though - I was thinking it's like shooting fish in a barrel...

 

I'm confused though: why do you say it was "unprotected surfing" when gf's bro' had your laptop? Do you have a firewall that you turned off for his benefit or something?

[Jeez]

I say use Mac.

 

Originally posted by Puta heh, mac did have the first id3 tag trojan

 

That wasn't a real virus or trojan. It was a proof-of-concept. It never got into the "wild".

 

Forever,

 

 

 

 

Kim.

[wheresgrant3]

Originally posted by GigMan Grant - I did the same exact thing on a PC at work w/Spybot - and had the same sort of thought. Instead of the "anthill" analogy, though - I was thinking it's like shooting fish in a barrel... I'm confused though: why do you say it was "unprotected surfing" when gf's bro' had your laptop? Do you have a firewall that you turned off for his benefit or something?

 

It's an old laptop. Thinkpad 390X 450P-III. I really haven't used it much in the last year and I don't have a software firewall setup on that machine b/c I have a hardware firewall I use on my network. I've tried using both in the past and it's lead to some conflicts. Software + hardware firewall= no late nite multiplayer Battlefield 1942 frag sessions using VoIP

 

Since it's an old laptop I didn't bother to update any virus definitions on it. He needed a computer to finish a paper... I was out of town... told him it was in my closet, next to my hockey mask.

[GigMan]

Originally posted by wheresgrant3 It's an old laptop. He needed a computer to finish a paper... I was out of town... told him it was in my closet, next to my hockey mask.

 

 

hockey mask ??

 

Are you Jason? Or is it Michael Meyers (of Halloween fame) ??

[Puta]

Originally posted by Jeez I say use Mac. That wasn't a real virus or trojan. It was a proof-of-concept. It never got into the "wild".

 

i read some conflicting reports on that. not that i've researched it deeply, since i don't have a mac. but i came across some articles while searching for id3 tag programs.

 

anyway, the fact that it could get into the wild is disturbing enough.

[Jeez]

Originally posted by Puta i read some conflicting reports on that. not that i've researched it deeply, since i don't have a mac. but i came across some articles while searching for id3 tag programs. anyway, the fact that it could get into the wild is disturbing enough.

 

Ok, I'll clarify this.

 

It's not as bad as it sounds.

 

The proof of concept was an application that could execute any arbitrary code. The trick was that it was possible to get a user to "unwittingly" execute the application. It did this by disguising itself as an mp3 file - it had the correct icon and filename.

 

The cool (in a hacker way) part was that the file actually was and mp3 file, and could be read and played fine using a player like iTunes.

 

The application only executed if the user double-clicked on it (to launch it). If it was opened in an mp3 player (like iTunes), nothing bad would happen - it'd just play the mp3 data in the file.

 

It wasn't perfect though - inspecting the file using Finder (the file manager) revealed that it was an application. Even having the "file type" column active in the Finder window revealed that it wasn't an mp3 file.

 

Anyway - the problem was NOT that it was an application. The problem was that someone had found a way to disguise an application as a data file, and fool the user into running it. This is nothing new. Any programmer can write a malicious application for MacOS, and fool people into running it without disguising it. Some people will always be gullible, and there's not a lot that can be done about it (computers are meant to be easy to use, remember? )

 

Still, I'd like to point out two features of MacOS that greatly reduces the impact of this type of deception.

 

1) OSX always warns the user when they are running an application for the first time. This can alert the user that something is not right if s/he didn't expect a new application to run. Of course, there will be people who just blindly click through... but I'm more worried that these people also drive cars on our roads and vote.

 

2) Even in the case that some malicious code is executed, it can't trash the system. Because of the UNIX core of OSX, any program run from a user account only has read-write access to the user's files. This can be pretty bad still... and the application might ask for an authorisation password, which could give it full system access... again, there will be some people who blindly type in their password, but at this stage I'm more worried about road safety and dumb-arse gung-ho national leaders.

 

 

So yeah, you can't fully protect dumb users from themselves, but you can help. And OSX helps.

 

 

Forever,

 

 

 

 

 

Kim.

[Jimmyzegg]

Originally posted by Jeez Ok, I'll clarify this. It's not as bad as it sounds. The proof of concept was an application that could execute any arbitrary code. The trick was that it was possible to get a user to "unwittingly" execute the application. It did this by disguising itself as an mp3 file - it had the correct icon and filename. The cool (in a hacker way) part was that the file actually was and mp3 file, and could be read and played fine using a player like iTunes. The application only executed if the user double-clicked on it (to launch it). If it was opened in an mp3 player (like iTunes), nothing bad would happen - it'd just play the mp3 data in the file. It wasn't perfect though - inspecting the file using Finder (the file manager) revealed that it was an application. Even having the "file type" column active in the Finder window revealed that it wasn't an mp3 file. Anyway - the problem was NOT that it was an application. The problem was that someone had found a way to disguise an application as a data file, and fool the user into running it. This is nothing new. Any programmer can write a malicious application for MacOS, and fool people into running it without disguising it. Some people will always be gullible, and there's not a lot that can be done about it (computers are meant to be easy to use, remember? ) Still, I'd like to point out two features of MacOS that greatly reduces the impact of this type of deception. 1) OSX always warns the user when they are running an application for the first time. This can alert the user that something is not right if s/he didn't expect a new application to run. Of course, there will be people who just blindly click through... but I'm more worried that these people also drive cars on our roads and vote. 2) Even in the case that some malicious code is executed, it can't trash the system . Because of the UNIX core of OSX, any program run from a user account only has read-write access to the user's files. This can be pretty bad still... and the application might ask for an authorisation password, which could give it full system access... again, there will be some people who blindly type in their password, but at this stage I'm more worried about road safety and dumb-arse gung-ho national leaders. So yeah, you can't fully protect dumb users from themselves, but you can help. And OSX helps. Forever, Kim.

 

 

I miss OSX :( :(

[Jeez]

 

Originally posted by Jimmyzegg "I contend that we are both atheists. I just believe in one fewer god than you do. When you understand why you dismiss all the other possible gods, you will understand why I dismiss yours." -Stephen Roberts

 

 

Man... I've heard that before. Where's it from?

 

Forever,

 

 

 

 

Kim.

[wheresgrant3]

I have run both Ad-Aware and Spybot S&D and Norton Antivirus and my system still seems to be under control.... of a malicious program.

 

I still get random popups ad while surfing my favorite site (this being one). And I am using Yahoo's toolbar for popup blocking.

 

Now my desktop seems to be inactive. I can only launch programs from my start menu, not my desktop.

 

Windows Media player will no longer launch

 

 

[GigMan]

Originally posted by wheresgrant3 I have run both Ad-Aware and Spybot S&D and Norton Antivirus and my system still seems to be under control.... of a malicious program. I still get random popups ad while surfing my favorite site (this being one). And I am using Yahoo's toolbar for popup blocking. Now my desktop seems to be inactive. I can only launch programs from my start menu, not my desktop. Windows Media player will no longer launch

 

Grant -

 

Sounds like that malware has got your nuts in a blender...

[GigMan]

Originally posted by wheresgrant3 I have run both Ad-Aware and Spybot S&D and Norton Antivirus and my system still seems to be under control.... of a malicious program. I still get random popups ad while surfing my favorite site (this being one). And I am using Yahoo's toolbar for popup blocking. Now my desktop seems to be inactive. I can only launch programs from my start menu, not my desktop. Windows Media player will no longer launch

 

If the PC is more than 1 yr. old, you're due to wipe it blank and start from scratch with clean install of Windows, reinstall of your applications, etc...

 

That would definitely fix the problem - if it is software, which it sounds like.