Spyware after downloading anti spyware products

Discussion in 'Tech Talk' started by unit 900, Sep 6, 2004.

  1. unit 900

    unit 900

    Likes Received:
    Sep 3, 2000
    Baltimore, Md
    I told a buddy about Spywareblaster and SpywareGuard after reading about them here and installing them on my pc. He installed them ( he also has Adaware) and has the following problem that he e-mailed me. Any ideas on how to rectify the problem?

    "I loaded both the spyware programs on my computer and now my homepage is (about.blank) every time I resume my internet my home page goes to this, and a pop up for free remove spyware crap comes up......I didn't ever have these things come up before loading the new downloads"
  2. Rainman

    Rainman Forgiven!

    Likes Received:
    Nov 3, 2000

  3. MB-G26

    MB-G26 Canceled Lifetime Member

    Likes Received:
    Oct 9, 2001
    Missing Sharon
    Ok, couple three things -
    There is a malware homepage hijack/exploit referred to as 'about: blank' (which can be confusing because some people, like me, do NOT have a specific "homepage" setting in IE, and intentionally have our homepage field setting to "Address: about:blank").

    I have also read of some problems regarding current/recent releases of the various versions of Ad-aware and "about:blank" problems. Although they can sometimes be troublesome to hunt down, do make sure that your friend is running both the most recent release of his AA product AND the most recent release of its "ref list".

    Please ask him to consider reviewing the multi-page 'One Stop Answers' stickie at the top of GT's TechTalk (it's only a couple of screen pages, and contains recommendations by many GT TT members. I also reorganized my initial lists and such, incorporated info posted by others, and updated links, etc., back in April. http://www.glocktalk.com/showthread.php?s=&threadid=190615&perpage=10&pagenumber=2 ) So if you start at the beginning of the stickie, do take a close look at April's revamp posts/lists that start on page #2).

    Regarding AA products, please take a look the LH thread (see next paragraph re LH) in "Spies",topic #694, entitled, "AdAware Latest Updates" Aug-10-04, 05:54 PM (EDT) which includes a paste of info directly from Christine at AA:
    It IS important to make sure one's anti-malware apps are keep up-to-date. Take a look at the threads on LH, the "Spies" forum section, at http://www.lurkhere.com/forum600.html as notices are posted there continually regarding various updates and upgrades for apps like those you mention, plus those for Spybot Search & Destroy, HijackThis! (HijackThis includes a copy of StartupList, that can be run from the HijackThis interface. Updated August 15th, 2004;
    homepage setting protector w/can be downloaded along w/Startup List - which is helpful in determining what, if any, malware/bugs/trojans/etc is running at startup, for example). It's mirrored at LH's "Nice Files" section.

    Spyware Blaster, for example, has an update as of 8/27/04
    (Note, if by chance one trys to update using the "internal updater" but is doing so for an OLDER version, a 'no updates available' msg is likely to result. Ensure the user has the most recent program version AND update version.

    You might want to also scan down the LH "Spies" thread titles for a couple of screen pages' worth to check for posts/threads pertaining to the various other spyware/malware defender programs, including CWShredder, IE-SPYAD & AGNIS - Latest Update, and such. 99 times out of a proverbial 100, updates, upgrades, and any troubles (such as false positives, etc.) will be posted about in LH's "Securities Issues Conference" which contains forums entitled "Spies", "Catching Critters", "General Security", and "Virus and Trojan Information". This can be a LOT easier than hunting up the info for each app you use or seek, individually. It can also give a user a good idea of what works, what's new/improved, what's problematic, and what's been updated.

    There are also tons of helpful programs indexed (with program name, short description, and available locations) in LH's last forum on the index page (http://www.lurkhere.com/forum600.html) called "Lurker's Library". If you take a look at our 'One Stop' stickie pages, you can see listings of good and helpful tools & applications re fighting and protecting against spy/mal apps, hijacks, infections and so on. I'd recommend a review of those followed by scanning through the applicable forums at LH, for starters. I know it sounds like a lot of reading, linking, downloading and installing - but one can always just pick the major ways to go and not do everything listed in the TT stickie.

    Unless otherwise specifically noted, IIRC the tools & apps I listed in the stickie pages are either freeware or voluntary donation-ware. The LH threads cover both freeware apps/tools AND payware programs, so in that regard the LH info will cover more applications than are listed in the stickie pages. While a lot of the entries point to wilders.org as download sources, LH's "Nice Files" section is a mirror for many of the same apps: http://www.lurkhere.com/~nicefiles/index.html

    One additional warning: there ARE a number of 'pretending' spyware removal/protector applications out there which are exactly the OPPOSITE and instead of removing or fighting spyware and other exploits, actually INSTALL what they claim to fight. I'd really recommend a high degree of care when it comes to accepting at face value what some application claims to be and do - the TT 'One Stop' stickie recommends ONLY valid applications, and often the forums at LH will contain notices about 'pretending' spyware apps (which are instead, spy/malware/exploits). For example, an app in the wild called, "1 Click Spy Clean" is actually confirmed as using a stolen version of Spybot S&D's database. There ARE many phoney apps running around out there. As a general rule, if you receive email spam pushing a particular product you've never had before or registered at a support board for, it's probably a phoney/pretending app and best avoided.

    Specifically regarding what your friend described in his email to you - it does sound like he has acquired some malware or perhaps installed older versions or somesuch which is why even if properly installed and run, valid spyware fighters could miss catching whatever is currently causing his troubles. He might have inadvertently installed a copy-cat malware program instead of one of the real things - the pretenders often name their malware very closely to real, VALID, anti-spyware apps. It's kind of hard to 'diagnose' what's going wrong w/o knowing for sure which apps and which versions he's installed, how he has them set up internally for cleaning/removal of offending things found, what OS and browser versions, and what processes are (a) running at startup and (b) running on the computer as a whole.

    Depending upon what browser he usually runs (sounds like IE), you might have him consider implementing the "Suggestions" section re 'protecting settings steps' described in the TT stickie pages - if even just temporarily to avoid the pop-ups and such for the time being until he isolates his problem. Disabling "windows messenger" (which is NOT the same as "Instant Messenger" is strongly recommended.

    At a minimum, I'd suggest he consider:
    Ensuring he actually obtained the applications he thinks he did and perhaps UNinstall what he installed, then start fresh with new downloads and installs of one or more of the following (several different apps are listed which perform same/similar functions):
    Additional protections can be implemented using some/all of the following:
    Similar to IE-SPYAD is the use of a nice fat "hosts file". IE-SPYAD adds to the "Restricted Zone" in IE a long list of bad websites, ranging from those w/silent (aka "background") spyware downloads, spywares' sites, to sites that infect w/porn and other dialers w/o the user's knowledge, to unwanted advert sites, you name it. Set correctly, utilizing the "Restricted Zone" will help keep connections from effectuating between the subject machine and any of the sites listed in "Restricted". There are installation options, so if some one does NOT want to prevent connections with, say, so-called "adult" sites, installing the appropriate version of IE-SPYAD will still allow those connections while preventing those of other genre that are UNwanted.

    Expanding the HOSTS file on a machine with a pre-prepared list of similar sites works a lot like IE-SPYAD does - in that it puts the unwanted sites in the actual HOSTS file, so if something trys to reach one of the sites IN the HOSTS file the machine actually looks to its own address for the connection instead of actually connecting out to the prohibited site. Both IE-SPYAD and a good, functional HOSTS file can go a long way toward preventing infections, spyware, malware, etc. from reaching the machine in the first place.

    Sorry to be so wordy and make it sound like a lot more work than it really is. It all depends upon how far one wants to go. I originally did up the stickie to cover all possible bases security-wise, so it is fairly comprehensive and in some opinions, overkill. It's all up to the individual user what degree of security steps they want to take. Sorry if I've started to go in circles - it's one of those days already.