Security Basics mailing list archives

RE: RE: Best spyware program

From: "Joe George" <j.george () conservation org>
Date: Mon, 1 Aug 2005 09:42:09 -0400

I agree with these sentiments as well.  The 100% best solution has been
to re-image a troubled computer and never allow it a connection to the
Internet.  Doesn't seem so efficient and is pretty much a waste of a
computer, right? I have a hodgepodge of freeware and
commercially-available anti-spyware apps, such as those mentioned by
Mike.  Some do indeed work better than others, that I have noticed, but
it can be very frustrating sometimes.  I've encountered spyware
processes that specifically target the application which is designed to
counter it.  In cases like that, it is good to have handy the older
version of the anti-malware application.  

All-in-all, it is an inordinate waste of time for any systems and
support administrator.   

Joe

-----Original Message-----
From: Mike Fetherston [mailto:mike_sha () shaw ca] 
Sent: Wednesday, July 27, 2005 8:16 AM
To: knieveltech () yahoo com; security-basics () securityfocus com
Subject: RE: RE: Best spyware program

In my experience none of the spyware scanners ever seem to get a

system

truly clean, especially when dealing with some of the more devious

stuff

out there that keeps a process running with SYSTEM privs. They can be
handy for early warning though, so I suppose it depends on what your

focus

is. If you're looking for something to tip you off to a possible
infection, any of a number of scanners works great. If you're actually
trying to get the system clean, nothing I've tried so far competes

with

booting to safe mode and running hijack this.



That's been my experience as well.  I have the opportunity to see many
infected machines a week all with different symptoms, so I've been able
to
try out the order of scanning and cleaning with each Spybot, Ad-Aware,
MSAS,
and HijackThis.  All find traces that the other left behind no matter
what
order they've been run in.

For a really bad infection I will do as you mentioned above as well as
running the other three that I mentioned all in Safe Mode.  In addition,
I
will enumerate the startup registry entries and go hunting for the
individual files.  You'd be surprised how many times these scanners
leave
the .exes and .dlls behind!!  While you're in %systemroot%\system32 and
other places that spyware favours, it doesn't hurt to manually scan the
file
list.

Mike Fetherston

Current thread:

Re: Best spyware program bytesman (Aug 02)
- Re: Best spyware program Saqib Ali (Aug 02)
- <Possible follow-ups>
- RE: Best spyware program Doug . Janelle (Aug 02)
- RE: RE: Best spyware program Joe George (Aug 02)
- RE: RE: Best spyware program Mancini, Jack (Aug 03)
- RE: Best spyware program Joshua Sanders (Aug 03)
- RE: Best spyware program Craig Wright (Aug 03)