Security Basics mailing list archives
RE: Please help: spyware in my machine...
From: "Bob Dienhart" <bob () dienhartconsulting com>
Date: Fri, 10 Nov 2006 18:46:36 -0600
My experience earlier this year with a particularly virulent piece of spyware (very persistent pop-under ads) running on a W2KPro box that _was_ up-to-date with patches was: A) Spybot didn't even see the spyware. B) CounterSpy thought it saw it, but wasn't sure, and did nothing about it. CounterSpy was running on the machine at the time. When tech support was called, the client was told to update their CounterSpy - it was as up-to-date as it could get. C) Lavasoft's Adaware saw the particular malware plus a long list of other nasties that Spybot and CounterSpy apparently turned a blind eye to. All of the other nasties were cleaned out but Adaware was unable to purge this particular malware, even in safe mode. It did politely advise me that the machine had seven instances of the culprit installed. Thanks. D) SpySweeper flushed 'em all out, including a couple of minor nasties Adaware had missed, and the machine was once again usable. However, multiple cleaning runs were needed, including in safe mode. I now swear by SpySweeper - but it is not free and it can be a bit strict. My preference - give me strict anti-spyware but give me latitude to tweak the strictness. Like someone else said, don't try to clean a machine of malware with System Restore enabled. You might wind up "restoring" your problems at some point. HTH -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Tsu Sent: Friday, November 10, 2006 2:31 PM To: Meghdad Azriel; security-basics () securityfocus com Subject: Re: Please help: spyware in my machine... Are you using XP? If so make sure that "restore" is turned off. Also, it appears you are running Avast & AVG... never advisable to run to antivirus programs. What does Spybot say that it is? Run Process Explorer (www.tsudohnimh.com/tools) see if you can spot the rogue process. Check you start up programs, you can do this w/ Spybot Advanced or with Autoruns. See if you can keep the program from starting. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Please help: spyware in my machine... Meghdad Azriel (Nov 10)
- RE: Please help: spyware in my machine... René Oliveira Jr . (Nov 10)
- Re: Please help: spyware in my machine... Tsu (Nov 10)
- Re: Please help: spyware in my machine... dawn (Nov 14)
- <Possible follow-ups>
- RE: Please help: spyware in my machine... Bob Dienhart (Nov 14)
- Re: Please help: spyware in my machine... Justin Lintz (Nov 15)