1-stop Answers here: Spyware, Secret Installs, Popups & related
One stop info reply for all (the typical and most frequently posted problems :)
If you use IE for your browser:
1. IE -> Tools -> Internet Options -> Advanced tab.
A. UNtick the boxes for "Enable Install On Demand"
B. DISable ActiveX(ploit) for ALL "zones", or if you MUST allow it for certain sites, put those sites in the "Trusted" zone and set all ActiveX entries to "Prompt".
D. DISable "all installation of desktop items" for ALL zones
2. Go to http://www.lurkhere.com/ and read the paragraphs about the "Hijack This!"**** program. Then go to the "Nice Files" page there and download and install the program. This will keep your homepage in IE from being hijacked.
An alternative that performs same/similar function is StartPage Guard (http://www.pjwalczak.com/spguard/index.php)
A similar and effective program is SpywareGuard:
http://www.wilderssecurity.net/spywareguard.html Also free, although donations are appreciated.
4. Go to http://www.javacoolsoftware.com/spywareblaster.html and download and install SpywareBlaster. "SpywareBlaster doesn't scan and clean for spyware - it prevents it from ever being installed." The program is free, and you can help support it (dev'ing and hosting it does cost money) with a donation, if you chose.
5. Go to www.wilders.org and then to their "free tools" subsection, which is at http://www.wilders.org/free_tools.htm
Download and install these:
A. HTAstop (in the prevention section, about 1/2 down the page)
B. WSH Anti-Polymorphism Patch
C. DSOStop v2
D. Windows Media Player Scripting Fix v1.0
And from the "monitoring" section there, get and install:
E. ScriptSentry or AnalogX Script Defender (depending upon whether you have MS VBS installed)
F. DHCP Fix
H. StartUp Monitor
and from the "misc" section there, download and install:
I. BHO Captor or BHOCop
"Messenger" Problems; Popup Problems & Programs
For "Messenger" popup problems, go here:
http://forums.spywareinfo.com/index.php?showtopic=1920 as this section of the forum gives information about programs that will tame the darn thing, as well as gives specific instructions to manually tame it with a step-by-step procedure for each OS.
Review and comparison of current, popular Popup killer programs is located at http://www.popup-killer-review.com/test.htm and is a pretty comprehensive site regarding the 'science' of pupups, how they function and how killer programs are defeated, and of popup killers themselves.
Oh, the *sigh* at the beginning isn't directed at you - it's directed at the scumburgers that create and foist this crap over and over again onto unsuspecting computer users.
PS. IE-SPYADS HAS A NEW URL. See updating post in this thread dated 8/7/04. There is an easy way to keep probably 90% of the crap sites from even being able to touch your machine to begin with: install "IE-SPYAD" - what it does is put a huge list of bad and universally-undesireable sites into the "Restricted" zone of IE. Go here: http://www.staff.uiuc.edu/~ehowes/resource.htm to read what it is and how it works. This is a good alternative to learning to use the HOSTS file to do the same thing, and some Windows OSs (Xp and 2000, I think) reportedly slow to a crawl if the HOSTS file is large.
Hazeleger.net is severely curtailing what, if any forums will remain available after 2/14-2/15/04. This post has therefore been edited to remove the reference to the various sections/forums.http://www.hazeleger.net/yabbframe.htm
(originally posted here: http://www.glocktalk.com/showthread....0&pagenumber=2)
***UPDATE: mando updates to HiJackTHIS! & CWShredder, due to new (as of 11/16/03) variant of the CWS Trojan.
Spywareinfo.com is having hosting problems at the moment. Here's an alternative DL location:
CWSHREDDER LINK http://www.majorgeeks.com/download4086.html
Size: 137 Kb
Requires: Win All
Added 3/13/04- A growing spyware problem, incredibly, is self-proclaimed "anti-spyware" applications that actually CONTAIN spyware and often this is NOT appropriately disclosed. While not a previously-unknown problem, it IS become a rather prolific one. For examples, this article is worth reviewing:
Waging the war against spyware"
There are several areas which list phoney "anti-spyware" apps which are actually spyware themselves.
Another very effective spyware tool is Ad-Aware, downloadable from www.lavasoftusa.com. I also HIGHLY recommend you install a virus scanner. In the event you don't want to pay outlandish prices for programs that slow your computer to a crawl, go download AVG Anti-Virus for FREE (www.grisoft.com). AVG is implemented on my corporate network and has kept out Gaobot, Melissa, Swen and The BLASTER virus. I highly recommend them, they're good people, and the program sits quietly on your system eating up a mere 2 MB of virtual memory (compared to Norton at 36 and McAfee at 21).
Finally, if you have a high speed connection and aren't being a router or a firewall, PLEASE download the latest Microsoft patches from http://windowsupdate.microsoft.com! You also may want to invest in a router or firewall software. It will save you many many headaches! Good luck!
Re: 1-stop Answers here: Spyware, Secret Installs, Popups & related
Nice Post MB-G26.
As always a wealth of Knowledge.
This will be stickies when Aeolus gets to it
So definately add your 'one-stop' fix/prevention tricks and such.
Re: This will be stickies when Aeolus gets to it
if none of the above work.
run linux ;a
Step One: Remove all Microsoft products from your computer...
THEN we can talk about locking it down.
I agree with David. SuSe 9 is looking good.
I downloaded and installed all the things in the original post and now I have no room left on my harddrive to do any work.
Anti-virus software is a must. I have used and really liked f-prot on Linux. They also have versions for nearly every operating system. Windows, Linux, FreeBSD, Unix... etc.
It is very reasonalby priced and at least with the Linux version there were new definitions available every 12 to 24 hours.
They can be found at www.f-prot.com
Mel, you are unbelievable. Almost every post you write seems like it has hours of tedious research behind it. Girl, you are one valuable resource!
Your posts are highly appreciated, MB-G26. You have provided me with tools that saved my rickity old computer.;f
Keep up the good work.^c
UPDATE: re-arranged, expanded, and more info
The recent attempted hack of GT's servers got me thinking, as did several inquiry threads. So.... here's an expanded and rearranged update - takes more than 1 posts:
The follow is focused on users of Windows 9.x and up, and of Internet Explorer. IE 6.x users - achieve the same things but you will have to look for where 6.x puts these options w/in IE Internet Tools.
1. DISable virtually everything in ALL "Zones" in IE-> Tools -> InternetOptions ->Security except for the "Trusted Zones", including specifically:
A. All ActiveX entries (1st 5 entries in IE5.5)
B. Cookies (both entries)
C. File and Font download (one entry each)
D. MS VM - Java Permissions (DISable java)
E. Misc: (Access Data Source.... etc., (9 entries, including Installation of Desktop Items...)
(set to HIGH Software Channel Permissions)
F. DISable all scripting entries (3 java/java script entries, Active, Paste & Scripting Java Applets)
D. Set User Authentication to "Annonymous logon"
E. A bit outdated, but for background info re the "Zones" http://www.nwnetworks.com/iezones.htm "Internet Explorer Security Zones, by Scott Schnoll"
F. See "Accidental Trojan Horses - Security Problems in Windows 98 PCs" http://www.computerbytesman.com/acctroj/ regarding ActiveX issues.
G. Advisable to change the default settings in "My Computer" zone - which can't be done straight manually since it isn't displayed like the other zones. See http://www.edensoft.com/ieak.html "Changing settings in the My Computer security zone"
H. Put "*.glocktalk.com" (w/o quote marks) in your Trusted Zone so it will work properly. Ditto for any other sites you need the otherwise disabled functionalities for.
I. ENSURE each & every single option is DISabled or set to "HIGH" (if that is the most disabling option offered) in the Restricted Zone.
2. DISable/UNtick the following in IE -> Tools -> Internet Options -> Advanced tab.
A. UNtick the boxes for "Enable Install On Demand"
3. Protection from browser high-jackers and others, including silent-download invaders:
A. SpywareGuard: http://www.wilderssecurity.net/spywareguard.html Also free, although donations are appreciated.
B. Browser Hijack Blaster: http://www.wilderssecurity.net/bhblaster.html
C. Go to http://www.lurkhere.com/ & look at info re: "Hijack This!" program. Download is mirrored @"Nice Files" page there. Installation will keep your homepage in IE from being hijacked. It "includes a copy of StartupList, that can be run from the HijackThis interface. Updated August 15th, 2004"
4. Protect against Start Page hijacks: StartPage Guard (http://www.pjwalczak.com/spguard/index.php)
5. Protect against infections of spyware: locate, download & install & keep updated the following:
A. Spybot Search & Destroy: also at lurkhere.com and a variety of other mirror sites. Home page: http://www.safer-networking.org/ Official support forums: http://forums.net-integration.net/index.php?c=7
B. SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
C. HTAstop (in the prevention section, about 1/2 down the page) also on http://www.simtel.net/pub/pd/53731.shtml
D. Robin Keir Script Trap http://keir.net/software.html
E. WSH Anti-Polymorphism Patch (Wilders)
F. DSOStop v2 (Wilders)
G. Windows Media Player Scripting Fix v1.0 (Wilders)
From the "monitoring" section there at Wilders, get and install:
H. ScriptSentry or AnalogX Script Defender (depending upon whether you have MS VBS installed)
I. DHCP Fix
J. StartUp Monitor
from the "misc" section @ Wilders, download and install:
K. BHO Captor or BHOCop
L. Obtain/install Ad-Aware, and use it as a backup to Spybot Search & Destroy. Start w/their main page http://www.lavasoft.de/ (AA products require frequent updates, have pay & free versions, & are often the subject of problem complaints immediately after updates/upgrades are issued.)
M. Considering installing EBURGER Windows Security Utility, "a menu-driven batch file utility that allows you to disable, re-enable, or otherwise configure the following aspects of Windows", and his "Windows Script (Host) Uninstaller".
O. Consider changing the "association" of "dangerous file types" to something harmless, like Notepad. (WSH, HTA, SHS-scrap files, MSHTA, etc.) See http://www.nsclean.com/psc-exe2.html (Privacy Software Corporation Security Advisory, Friday, April 13, 2001, "EXE2HTML HTA Exploit Generator" - authored by the coders of commercial AT programs BOClean, IECLean, and the freeware HTASTOP.) See also: "Scrap Files Can Tear Your Up", http://www.pc-help.org/security/scrap.htm
6. Ensure your "bindings" are properly configured. http://grc.com/su-bondage.htm
7. DISable Windows Messenger (not the same as the other Messenger)
A. Read and follow: (link out of date - currently culling new ones)
8. Obtain/install a pop-up blocker:
A. Review & comparison of current, popular Popup killer programs is located at http://www.popup-killer-review.com/test.htm
9. Prevent 'bad' websites from effectuating things on your computer:
A. A huge list of bad and universally-undesireable sites into the "Restricted" zone of IE. See Eric Howe's pages which provide IE-SPYAD, a self-installing add-in to the IE Restricted Zone which adds a choice of undesirable websites to that zone.
11. Ensure no phoney, 'pretending' "anti-spyware" programs are installed. See details here: http://www.netrn.net/spywareblog/
12. Ensure machine is running a good, updated ANTI-VIRUS PROGRAM "resident". Obtain an additional AV, such as the freeware AVG6, www.grisoft.com, and while keeping the 2nd one updated DO NOT RUN IT RESIDENT - RUN IT WEEKLY ON MANUAL LOAD DEMAND.
12(A) Good, reliable, and frequently updated free Anti-Trojan programs are almost impossible to find anymore, but SERIOUSLY CONSIDER spending the $40 for a good AT program. An AV program is NOT any guarantee in the least against a trojan - too much difference between the beasts. I recommend BOClean AT - about $40, & have used it for several years. Tho not affiliated in any way with PSC company or its coders, this is the only AT I have ever recommended. http://www.nsclean.com/boclean.html
12(B) If you won't run an AT, next best idea is implementing various fixes and work-arounds to combat trojan infections. Example: http://www.hackfix.org/subseven/ SubSeven Trojan info & fix page. Wilders.org also has a TON of 'trojan' and exploit fix tools indexed - free & downloadable, altho dated.
12(C). Anti-Virus programs (not a complete list):
(i) AVG (Anti-Virus Grisoft) www.grisoft.com
(ii) Trend Micro (including Online virus scan)
13. Ensure the appropriate patches installed from http://windowsupdate.microsoft.com ; http://www.microsoft.com/windows98/d.../corporate.asp ; https://v4.windowsupdate.microsoft.com/en/default.asp . There are alternative source sites for MS's patches if for some reason you have trouble w/the MS update pages. (You will have to RE-ENABLE all the ActiveX, Java, Script, Cookies, Download, etc., settings for whatever zone the MS page you use is in.)
D. http://www.rwclements.com/upgrades/mswin98.html (back up the URL or use links on page for updates for non win98 updates)
14. Ensure the FIREWALL is updated, if applicable, properly configured, and learn to utilize "Advanced" or "Special" Rules.
A. Consider using a different FW if you believe the one you have is being successfully penetrated.
(A)(1) Sygate Personal Firewall STD and PRO Versions. See the Sygate site for most updated version info. You may be able to download from here http://smb.sygate.com/buy/download_buy.htm
(B). If concerned with FW "alerts" and log entries, Learn to understand WHAT your FW logs are actually indicating.
"Firewall Foresics, What Am I Seeing?"
"Internet Firewalls: Frequently Asked Questions"
(3) Sygate products - FireWall, forums: http://forums.sygate.com/vb/
(4) Intrusion Detection Services http://www.ssimail.com/Sesintrude.htm
(5) Doshelp.com (firewall) Intrusion & Attack Reporting Center (helpful tips, explanations, FW help, Trojan Ports list, AV Tools, Security Patches, Security News, etc.) http://www.doshelp.com/sectips.htm
(6) Dshield.org FAQ http://www.dshield.org/primer.php
(8) Firewall Exploits: http://www.iss.net/security_center/a...ts/default.htm
(10) Intrusion Detection Tools: http://www.foundstone.com/resources/..._detection.htm
go to part 2
15. Utilize a reporting organization for serious intrusion attempts.
This is an excellent site to become familiar with. It is part of the Internet Storm Center/SANS ("SysAdmin, Audit, Network, Security" Institute, established 1989) and has an IP number registration lookup interface - useful for IP numbers reflected in the FW log as attempted intrusions, as well as a recent port useage/exploit lookup. (http://www.dshield.org/reports.php) Both the ISC and SANS sites are WELL worth perusing. For example, see not only the graphic on the main Dshield page which depicts current threat traffic, but also the "Trends" page on Sans: http://isc.sans.org/trends.php.
If implemenation of 'special' Rules is desired, consider utilizing Dshield's recommended "block list" of offending IP blocks: http://www.dshield.org/block_list_info.php
16. There are a variety of sites which offer free infection scanning. A word search in TechTalk will result in several threads listing these.
A. http://www.pcflank.com/scanner1.htm; http://www.pcflank.com/test.htm
D. Security Analysis Service http://www.vulnerabilities.org/
E. Firewall Test, Port Scan.... http://www.auditmypc.com/
Vulnerabilities, Incidents & Fixes
G. Port Scan Security Check http://www.sdesign.com/securitytest/index.html
H. Sygate Security Probe page http://scan.sygate.com/probe.html
REMEMBER TO DISABLE ANY FIREWALL REPORTING SERVICE/PROGRAM YOU HAVE IMPLEMENTED BEFORE DOING AN INTENTIONAL SECURITY AUDIT - YOU DO *NOT* WANT TO REPORT A FRIENDLY IP AS AN INTRUDER.
17. Various utilities would be helpful to have on board, including process viewers (which will show you EVERYTHING that is running - far beyond what the TaskManager - Cntrl-Alt-Del - box shows.) There is at least one freely available at Wilders.org
A. This is another free one - PrcView. http://www.xmlsp.com/pview/prcview.htm There are many payware programs, also.
(A) A Registry info site: http://www.winguides.com/registry/
19. Learning to put the HOSTS file to good use is also helpful, but this is limited to certain MS OS's as a nice, fat HOSTS file does NOT play well with some OS's above 9.x
Gorilla Design Studio Presents: Using the Hosts File
(This site is very comprehensive and also links to basically the best HOSTS file sites I know of, so I didn't post them all individually.)
How much to fly you out to my place and just set my computer up. ;f
Ah...... but I am in BabyLand.......
Help in totally removing AOHell
Just came across this and thought I'd add it to the 'helpful info' list:
Conferences Windows 98 Family ( http://www.lurkhere.com/cgi-bin/foru...mID14&archive= )
"Uninstalling AOL" Jul-28-04, 09:09 AM (EDT)
IE-Spyads users: new URLs
Jun-21-04, 05:09 AM (EDT)
Note from the much admired Mr.Eric L Howes:
"about:blank" browser command (aka hijack)
Came across the following which might be useful for anyone battling this new "about:blank" browser command infection/CWS variant:
Mentions a couple new tools helpful in detecting & dealing w/windows services and "about:blank" infections:
Getting rid of "WINDOWS MESSENGER"
This is a different beast than "instant messenger" and such, and the distinction is important to make.
Culled research to date:
www.itc.virginia.edu/desktop/docs/messagepopup/ - 20k - Sep 5, 2004
Could you repeat that please...?;)
DO NOT USE OUTLOOK EXPRESS
Please for the love of Pete don't use Outlook express as your email client.
Outlook express has so many security holes in it that it should be called the Swiss Cheese email Client.
Please use Outlook Or Mozilla Thunderbird.
Mozilla Thunderbird is an open source email client.
gee..these replies aren't NEAR long enough. ;Q ;Q
|All times are GMT -6. The time now is 16:14.|
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Copyright ©2013, Glock Talk, All Rights Reserved.