Nasty, Smart, Spyware

Hi Everyone!!!
Got some nasty spyware a couple of days ago, I knew something was wrong with my computers performance, it had slowed to a crawl and WinXP was acting like Win98SE lock ups and crashes, I was running a spyware scanner but it said I was clean, I had just reloaded the OP/SYS so performance wise it should be rocking, but it was far from it.

I'm running Zone Alarm Pro firewall, and suddenly it starting asking permission for a program to access the internet, I denied permission, then it asked for another to access the internet, I denied it, then another, three separate programs, one right behind the other, thats not an abnormal thing for Zone Alarm to do, but I wasn't supposed to have these programs on the machine, but they were trying to access the internet.

Ran the spyware cleaner again, ( I'm not going to mention any names here but I just want you to be @#!$%#Aware&%$#@@#@ of it!!!), so I started a file search to see where these programs were residing, found 1 in Windows, and the other 2 were, 1 in its own folder on the C drive and the other in its own folder in my Program Files. Well thats just great, and I don't even have a clue as to where they came from.

Tried Deleting, tried Erasing, ran Anti-Virus scan, no joy!!!, the longer the spyware stayed on the machine the worse the performance got, I downloaded a free program called Spykiller, scanned my machine and came back with 32 definite spyware residing on my machine, named them and the names matched the programs that Zone Alarm had informed me were trying to access the internet.

I activated the clean feature on Spykiller, and it said you have to pay to have the spyware cleaned from your machine, I was %%$##@@@##@## Pissed, but at least I knew there was spyware on the machine, I uninstalled the Spykiller( Lying garbage program, If something claims to be free, it should be free, or at least warn you from the beginning, that it'll cost you to clean your machine of the spyware it finds.)&&!!%%#@*#%*#.

There is an end to this story I'm almost there, Spybot Search and Destroy, saved my butt, their program is free, and only ask if it helps you out to give a small donation if you want to, but its completely voluntary.

Spybot Search and Destroy tracked down and eliminated every piece of spyware on my machine even the ones hiding in the RAM, nasty little buggers. So in my book Cudos first of all to Zone Alarm Pro, because it wouldn't let the spyware access the internet, and Cudos to Spybot Search and Destroy.

Theres some new spyware in town guys, and if you get it on your machine remember this post.

Ryan


Links below provided by all those contributing to this post!
And they are free programs, voluntary donations are accepted, but not required.


These programs worked great for me and completely solved my problems, However use them at your own risk as far as I am concerned, and as far as the software developers are concerned, the default settings are adequate, but more agressive settings could remove more than you want to, so again use at your own risk.


<A HREF="http://download.com.com/3000-2144-10122137.html?part=104443&subj=dlpage&tag=button" target="_new"> Spybot Search and Destroy</A>


<A HREF="http://download.com.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button" target="_new">Ad Aware 6</A>


<A HREF="http://www.javacoolsoftware.com/spywareblaster.html" target="_new">Spyware Blaster</A>


For Browser Corruption
<A HREF="http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder" target="_new">CWShredder, posted by Auburn9686</A>







<A HREF="http://broadbandnuts.com/drtweak/index.php?board=4;action=display;threadid=5" target="_new">Article Posted by RCPilot</A>





<A HREF="http://www.biblegateway.com/cgi-bin/bible?language=english&version=NIV&passage=John+14:6&x=13&y=8" target="_new"><b><><</b></A>

<A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=2541" target="_new">My Rig</A><P ID="edit"><FONT SIZE=-1><EM>Edited by 4ryan6 on 03/10/04 10:41 PM.</EM></FONT></P>

I'm searching for an article that I found & apparently lost over my last fiasco. Any who, it said you need to run Zone Alarm, Spybot & Spyware Blaster all at the same time. It has worked flawlessly since I had the trouble. I'm trying to find it for you.

I found that virus was in the RAM on the MOBO. (At least that's where I think it was, never really figured out where it was, but it was on or in the board somewhere.) The only way I got it out was to take out all cables, RAM & cards off the board to get the power out of everything. Then I had to zero out the HDD as you pointed out to me. It took me down for over a week though. I haven't had a problem since I started running the Triple Threat, I call it.

Man, you must be tired of loading OSs & trouble shooting. You've had enough of it lately, I'd say.



Dazzle them with Brilliance, or Baffle them with BS!

You run both Daniel? Does one find things the other doesn't?



<A HREF="http://www.biblegateway.com/cgi-bin/bible?language=english&version=NIV&passage=John+14:6&x=13&y=8" target="_new"><b><><</b></A>

<A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=2541" target="_new">My Rig</A><P ID="edit"><FONT SIZE=-1><EM>Edited by 4ryan6 on 03/08/04 09:11 PM.</EM></FONT></P>

Yeah. It works like a charm. There's a little disclaimer that says they don't like each other but I never get any spyware. I run one program at a time so I'm not too worried about them disagreeing and I never use the 24/7 monitoring features of the software.

<font color=red>_________________________________________</font color=red>
<b><A HREF="http://kevan.org/brain.cgi?dhlucke" target="_new">I am watching you!</A></b>

I used to use Adaware all the time, but they took so long to update, since this new version was put out, are they updating it more frequently now?

You are running WinXP aren't you?



<A HREF="http://www.biblegateway.com/cgi-bin/bible?language=english&version=NIV&passage=John+14:6&x=13&y=8" target="_new"><b><><</b></A>

<A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=2541" target="_new">My Rig</A>

I'll find that article for you, sometime & post it. I know where I got mine. It came from a GameSpy download from a Serious Sam 1 patch. That dam GameSpy wanted to charge me $6.95 a month, or I could go to there mirror site for free. Well BLAM, there you go. Since that happened I've found I can get the same things on Cnet & not have the BS with GameSpy. Everybody trying to make $$$ from nothing I would say. I don't mess with porn, music or ebay. I though games were safe, especially when Serious Sam's site steered me there.



Dazzle them with Brilliance, or Baffle them with BS!

This is where I got it. <A HREF="http://www.spywareinfo.com/~merijn/cwschronicles.html" target="_new">http://www.spywareinfo.com/~merijn/cwschronicles.html</A>

I caught something that redirected my homepage to an adult search site xrenoder.com, deleted the entire "General" tab on my Tools/Internet Options page, etc, etc, etc. The spyware progams you mentioned previously got rid of about 20 or 30 things they found, but didn't fix this crap. Kinda sucks to try and show the wifey something on the net when it starts up to an adult page every time. Gotta be real quick to that Stop button so you don't anger the War Department.

<font color=blue>War</font color=blue> <font color=orange>Eagle</font color=orange>
<A HREF="http://www.kissmyass.com" target="_new">KMA</A>

Yes I can hear it now, What was that?, Why are you looking at That??, @@$%%^#@!



<A HREF="http://www.biblegateway.com/cgi-bin/bible?language=english&version=NIV&passage=John+14:6&x=13&y=8" target="_new"><b><><</b></A>

<A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=2541" target="_new">My Rig</A>

Heh-heh, freakin exactly. If I was married to PF's Steph, I'd be dead by now.

Too many beers, RC? Got 2 nights left on my bachelor week. Chuggin' away.

<font color=blue>War</font color=blue> <font color=orange>Eagle</font color=orange>
<A HREF="http://www.kissmyass.com" target="_new">KMA</A>

I just got to deep in the bag this afternoon. Had a blast though. Turned into more than a 6 beer lunch, somehow! Time flies when your having fun!



Dazzle them with Brilliance, or Baffle them with BS!

Have another beer for me RC - I'm going skiing tomorrow!

Park City ... fat city!



<b> ...more people are driven insane through religious hysteria than by drinking alcohol - W.C. Fields </b>

Rock on. Sweet. Have fun, ya bastard!

<font color=blue>War</font color=blue> <font color=orange>Eagle</font color=orange>
<A HREF="http://www.kissmyass.com" target="_new">KMA</A>

Thanks RC, and everyone!



<A HREF="http://www.biblegateway.com/cgi-bin/bible?language=english&version=NIV&passage=John+14:6&x=13&y=8" target="_new"><b><><</b></A>

<A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=2541" target="_new">My Rig</A>

Very Bad Things need to happen to the people who make Spyware. It just confounds me why these people do it. Oh wait, no it doesn't, it's all about money...

You know the really sad thing, is I bet people who work for the companies that make spyware DON'T use their own software, but do use Spyware killers to keep their own programs from ruining their systems... What scumbags.

I feel bad for the people that are very computer illiterate, and don't know something is wrong with their computer when they have spyware on it. Man, for me it's like a sixth sense. I know my computers so well if even the smallest thing is off, like a program taking extra time to load than normal, or internet being slow, or the bootup process is longer than normal, or whatever, I know to start looking for something.

F uck those spyware peddling scumbugs, f uck them in the ear.

-------------------------------------------
<font color=blue> "Trying is the first step towards failure." </font color=blue>

I totally agree with you!!!




<A HREF="http://www.biblegateway.com/cgi-bin/bible?language=english&version=NIV&passage=John+14:6&x=13&y=8" target="_new"><b><><</b></A>

<A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=2541" target="_new">My Rig</A>

1994, Well Eden, that would have made you about what 7 years old, lets see there were computers when I was 7, just not in peoples homes, I know NASA had some about as big as a small room, but they wouldn't quite fit on a desktop. Technology has come a long way in a short time, hasn't it little buddy!!!




<A HREF="http://www.biblegateway.com/cgi-bin/bible?language=english&version=NIV&passage=John+14:6&x=13&y=8" target="_new"><b><><</b></A>

<A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=2541" target="_new">My Rig</A>

You said a mouthful there. I with agree what you said. I also posses that 6th sense you mention as well. Pisses me of royally!



Dazzle them with Brilliance, or Baffle them with BS!

True dat.

I also have no idea why they aren't illegal... Maybe it's because most spyware latches itself on to other programs, and when you install the other programs and accept the EULA without reading it, you give the spyware the right to be installed. But, there is also that spyware crap that doesn't have you acknowledge an EULA, so I dunno... Either way they're bastarges.

-------------------------------------------
<font color=blue> "Trying is the first step towards failure." </font color=blue>

ROFLMAO Grub you are (highlarious)!!!



<A HREF="http://www.biblegateway.com/cgi-bin/bible?language=english&version=NIV&passage=John+14:6&x=13&y=8" target="_new"><b><><</b></A>

<A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=2541" target="_new">My Rig</A>

True RC, Just look at the advances in the past 5 years, its like each year multiplied the advancements, can you even imagine the advancements in the next 5, for technology this is an awesome time of progress. Your grandson will look at CDs like we remember 8track tapes, just think about it.



<A HREF="http://www.biblegateway.com/cgi-bin/bible?language=english&version=NIV&passage=John+14:6&x=13&y=8" target="_new"><b><><</b></A>

<A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=2541" target="_new">My Rig</A>

<A HREF="http://www.safer-networking.org/index.php?page=download" target="_new">http://www.safer-networking.org/index.php?page=download</A>

<A HREF="http://www.pcworld.com/downloads/file_description/0,fid,22262,00.asp" target="_new">http://www.pcworld.com/downloads/file_description/0,fid,22262,00.asp</A>

<A HREF="http://download.com.com/3000-2144-10194058.html?tag=lst-0-1" target="_new">http://download.com.com/3000-2144-10194058.html?tag=lst-0-1</A>

Or,

<A HREF="http://www.google.com" target="_new">http://www.google.com</A>

<font color=blue>War</font color=blue> <font color=orange>Eagle</font color=orange>
<A HREF="http://www.kissmyass.com" target="_new">KMA</A>

Thank you Ryan the Shredder program the other fella mentioned just cleaned a dump truck load of stuff out of the computer that was redirecting internet connections............. I feel like a noob I just spent 4 hours going through the registry 1 item at a time and checking everything but could not clean the P.C

Here is a list of what Shredder first found then later cleaned for me.

Found Hosts file: C:\WINDOWS\system32\drivers\etc\hosts (734 bytes, A)
Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe
UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINDOWS\system32\userinit.exe,
Registry value: DefaultPrefix (should be http://) [] http://
Registry value: WWW Prefix (should be http://) [www] http://
Registry value: Mosaic Prefix (should be http://) [mosaic] http://
Registry value: Home Prefix (should be http://) [home] http://
Found Win.ini file: C:\WINDOWS\win.ini (829 bytes, -)
Found System.ini file: C:\WINDOWS\system.ini (227 bytes, -)

Barton 3200+ 400MHz
A7N8X Deluxe
Liquid 12 Celsius
2x512 Crucial DDR 400 PC3200
GeForce FX5900
Two Maxtor 40Gig 8MB cach 7200rpm
SONY RW 52x/24x/52x
SONY DVD 16x/40x

Ryan thank you very much I now have both programs I will run them both and see what turns up.

GOOD MAN RYAN you are the best Cheers and thank you RCPILOT as well.

Barton 3200+ 400MHz
A7N8X Deluxe
Liquid 12 Celsius
2x512 Crucial DDR 400 PC3200
GeForce FX5900
Two Maxtor 40Gig 8MB cach 7200rpm
SONY RW 52x/24x/52x
SONY DVD 16x/40x

CHEERS to you as well Auburn and thatnk you very much

Barton 3200+ 400MHz
A7N8X Deluxe
Liquid 12 Celsius
2x512 Crucial DDR 400 PC3200
GeForce FX5900
Two Maxtor 40Gig 8MB cach 7200rpm
SONY RW 52x/24x/52x
SONY DVD 16x/40x

You were right about running both programs Daniel, Spybot S&D got the most of it, then Ad Aware found the rest of it. Thanks!!! Ryan




<A HREF="http://www.biblegateway.com/cgi-bin/bible?language=english&version=NIV&passage=John+14:6&x=13&y=8" target="_new"><b><><</b></A>

<A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=2541" target="_new">My Rig</A>