Re: Please help: spyware in my machine...

["Justin Lintz" <jlintz () gmail com>]

Look into using Hijackthis to clean out whats starting up each time
from your computer.  Also with the new hijackthis they have a tool
builtin to delete a file on reboot which I've found very useful on
more then one occasion on virus/spyware that refused to go away.

On 11/10/06, Bob Dienhart <bob () dienhartconsulting com> wrote:
> My experience earlier this year with a particularly virulent piece of
> spyware (very persistent pop-under ads) running on a W2KPro box that
> _was_ up-to-date with patches was:
>
> A)  Spybot didn't even see the spyware.
>
> B)  CounterSpy thought it saw it, but wasn't sure, and did nothing about
> it.  CounterSpy was running on the machine at the time.  When tech
> support was called, the client was told to update their CounterSpy - it
> was as up-to-date as it could get.
>
> C)  Lavasoft's Adaware saw the particular malware plus a long list of
> other nasties that Spybot and CounterSpy apparently turned a blind eye
> to.  All of the other nasties were cleaned out but Adaware was unable to
> purge this particular malware, even in safe mode.  It did politely
> advise me that the machine had seven instances of the culprit installed.
> Thanks.
>
> D)  SpySweeper flushed 'em all out, including a couple of minor nasties
> Adaware had missed, and the machine was once again usable.  However,
> multiple cleaning runs were needed, including in safe mode.  I now swear
> by SpySweeper - but it is not free and it can be a bit strict.  My
> preference - give me strict anti-spyware but give me latitude to tweak
> the strictness.
>
> Like someone else said, don't try to clean a machine of malware with
> System Restore enabled.  You might wind up "restoring" your problems at
> some point.
>
> HTH
>
>
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> On Behalf Of Tsu
> Sent: Friday, November 10, 2006 2:31 PM
> To: Meghdad Azriel; security-basics () securityfocus com
> Subject: Re: Please help: spyware in my machine...
>
> Are you using XP? If so make sure that "restore" is turned off. Also,
> it appears you are running Avast & AVG... never advisable to run to
> antivirus programs.
>
> What does Spybot say that it is? Run Process Explorer
> (www.tsudohnimh.com/tools) see if you can spot the rogue process.
>
> Check you start up programs, you can do this w/ Spybot Advanced or
> with Autoruns. See if you can keep the program from starting.
>
>
> ---------------------------------------------------------------------------
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic Excellence
> in Information Security. Our program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting experience.
> Using interactive e-Learning technology, you can earn this esteemed degree,
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------


--
- Justin Lintz

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------