MG-Rover.org Forums banner

1 - 20 of 26 Posts

·
Premium Member
Joined
·
43,249 Posts
Discussion Starter #1 (Edited)
Or other malicious and annoying windows opening trying to sell you something?

This topic "pops up" (pun intended) quite frequently and there are a few steps you can take to clean your system and further protect yourself.

Here is how you should begin the analysis of your pc:

For starters, if you do not have them yet, please download and run AdAware and Spybot Search & Destroy. AdAware and Spybot Search & Destroy are 2 of the most trusted apps in the security area. They are both free, compliment each other nicely, and do not use a lot of resources. They can be found here:

Spybot Search & Destroy v.1.4
AdAware SE

With AdAware and Spybot: download, check for updates, then scan, repair/remove/quarantine anything found. Reboot before the next scan with whichever app is next. The reason for running these apps, is to clean up some of the other 'spypware' on your pc.

Now if you don't already have up to date anti-virus software installed, head over to Grisoft AVG anti-Virus Software and download their FREE software.

There better commercial applications that you can use and I recommend Webroot Spy Sweeper as a more permanent solution.

Remember, even if you're not getting popups but the home page in your browser keeps changing or your PC is running slower than normal you may already be infected.
 

·
Administrator
Joined
·
54,941 Posts
Be warned that Spybot is renowned for screwing up Windows Explorer under XP and has more spyware in it than Kazaa ever had.

Install, use, uninstall is the best solution for this if you need to use it.
 

·
Premium Member
Joined
·
43,249 Posts
Discussion Starter #3
I've never seen that problem with SpyBot and explorer Stu but I am aware that it does leave some spyware behind that Ad-Aware should subsequently remove. I would suggest that users uninstall it after it has done it's job if it does cause instabiliy problems with explorer.

Better to shell out around £25 and get Spy Sweeper from Webroot, or stop visitng those dodgy sites in the first place ;)
 

·
Administrator
Joined
·
54,941 Posts
Seen it on a couple of machines myself and there was a thread on it in one of the security forums that went to about 100 pages in the end. It is the teaservice (or whatever they call it) which does the live scanning. Will just lock up Explorer randomly.

Seems it's mainly SP2 XP machines.

Haven't got either installed on my machine m8 as I run a packet scanner on the perimeter :) Prevention is always better than the cure.
 

·
Registered
Joined
·
539 Posts
Stu said:
Be warned that Spybot is renowned for screwing up Windows Explorer under XP and has more spyware in it than Kazaa ever had.

Install, use, uninstall is the best solution for this if you need to use it.

Ah so this may be why my Windows Explorer keeps screwing up. Have uninstalled and will see how it goes
 

·
Registered
mg_6_gt
Joined
·
223 Posts
BE WARNED

There is a new piece of spywear doing thr rounds at the mo called Popuper.exe. To date, no anti-spy softwear is able to safely remove it and the Microsoft Task Manager will not end the processes. It first shows a snapshot of the Microsoft Blue Screen Of Death before loading. Then is changes your desktop browser to display a warning that you have been infected and you should go to a site to remove the virus. It also changes your home page which can not be re-set with any anti virus or anti spywear programme.

The only way that I have found to overcome this is no matter what version of Windows you are using download a Windows 98 startup disk (if you havn't got one). Search your ppc for the location of the Popuper.exe file and note it down. Re-start your pc using the Windows 98 boot disk. At the DOS prompt change your path to where the programme is loaded (in my case it was C:\WINDOWS\) and re-name the file. For example type - "REN Popuper.exe aaaaaaa.aaa". You can not delete files using the boot disk but you can rename them so do so and don't forget to change the extension from a .exe to something unrecognisable ( I used .aaa). Re-start your pc in Windows and find the renamed file, then you can delete it. That just leaves the Blue Screen Of Death. Don't worry about this too much. It is not for real, it is only a bitmap so search your pc for all bitmaps to find it (can't remember what it is called but it doesn't actually do anything) and delte it.

The other way to avoid it is to stop letting your teenage sons go on some tissue grabbing site in the first place (lol). But hey, lads will be lads...
 
R

·
Guest
Joined
·
0 Posts
Download Opera 8 browser free from www.download.com and use "preferences" to set the integral popup killer to "only open requested popups".

I've haven't seen a malicious popup for 5 years!
 

·
Registered
Joined
·
30 Posts
I'm an IT Engineer working for a large company in Huddersfield. There are a number of ways to combat pop-ups/spyware.

Firstly, as mentioned above SpyBot and AdAware are extremely good at removing spyware, however just using one will not always get everything. personally i'd recommend using 2/3 and if one misses then the other will generally pick it up and remove it. If using AdAware the Pro version is very good and has an in-built spyware monitor that constantly scans your system and warns/blocks items from installing on your system. If anyone would like the Pro Version let me know via page message and i'll drop you a link to download it.

Another one which hasn't been mentioned I dont think is Microsoft AntiSpyware http://www.microsoft.com/athome/security/spyware/software/default.mspx

A good program and one we install as standard on all Internal and Customer machines and also has an inbuilt scanner to monitor installing items and blocks/warns.

With regards to Browsers, Opera is a good browser but if not paid for I believe it has adverts within it until you've upgraded to full version. Although not the kind of Ads found in IE they can still be a little annoying. However, i've not used this in a while so this may not be the case anymore.

One I do recommend is Mozilla Firefox, extremely good browser with inbuilt pop-up blocker and tabbed browsing, I haven't used IE since.

If you are Internet Explorer (IE) bound then as an additional measure of stopping pop-ups I'd recommend downloading the Google Toolbar (http://toolbar.google.com). Simple to install and helps combat the pop-ups that are produced in Internet Explorer.

Always keep the AntiSpyware programs updated, along with your AntiVirus. A clean machine will always bring you better results as spyware runs additional services which reduce available memory and CPU slowing it down.

Hope this helps
Danny
 

·
Registered
Joined
·
30 Posts
Stu said:
Be warned that Spybot is renowned for screwing up Windows Explorer under XP and has more spyware in it than Kazaa ever had.

Install, use, uninstall is the best solution for this if you need to use it.
Not heard of this, however AdAware does pick up Spybot as spyware but this can be ignored. Some of the services running mimick that of Spyware sometimes. The most up-to-date versions I dont belive bring this problem
 

·
Registered
Joined
·
4 Posts
Update your spyware defs reboot into safe mode then scan. Ad-Aware runs in this mode, most spyware won't be active in memory so it's easier to remove.

If you have XP SP2 you can also check and disable Browser Helper Objects and ActiveX controls that many install.
SpyAxe installs homepage.hbo for example.

Remember that many free scanners, AS and AV, aren't active at startup; you have to manually run then to scan your system. That's why many of them are free. So the protection is reactive not proactive.

Something that is becoming common now are rootkit infections (Kernal mode and user mode). If your considering purchasing an AV scanner ensure it has Rootkit detection...only a couple of vendors implement this at present!
 

·
Registered
Joined
·
3,111 Posts
Hi chaps

Just thought I'd add on here a nifty program I just used incase anyone else has the same problems I had!

I've been plagued with the "winantiviruspro2006" pop up and my computer running netinstaller.exe etc etc and had tried adaware, spy bot etc etc but nothing worked at all.

I've just downloaded Spynomore for £25 and jobs a gooden, no pop ups, no dialling into the internet automatically when I boot up. Am a very happy chap!

Incase anyone else wants to give it a go www.spynomore.com

Cheers

Adam
 

·
Registered
Joined
·
922 Posts
Don't forget, it's worth running your anti virus/spyware programs in safe mode. (F8 key on boot normally)

They will run quicker and they can find and remove the deeper rooted files that keep re-applying infections after a reboot.
 

·
Registered
Joined
·
1,302 Posts
Be warned that Spybot is renowned for screwing up Windows Explorer under XP and has more spyware in it than Kazaa ever had.
Do you have any evidence of the spyware stu? I simply don't believe this statement at all.

The explorer bug will have been fixed by now, If it ever effected many people.

Adaware has never been any use to me. Maybe it has improved since I last used it but I won't ever be trying it again.

[EDIT]

Better to shell out around £25 and get Spy Sweeper from Webroot, or stop visitng those dodgy sites in the first place
Webroot are known distributers of spyware through their sister company so I really wouldn't even bother with the free version.

[/EDIT]
 

·
Registered
cityrover
Joined
·
3,409 Posts
It's a difficult market however you look at it.
I do all my scanning on a monthly, install, use, uninstall basis anyway, but have always previously used a combination of Spybot and AdAware, but stopped using the latter due to it's AOLisation & being about half as effective as it used to be.
Stu rightly said prevention is better than cure - I don't go as far as packet scanners but I've no real need, I just don't go surfing to dodgy sites in the first place :)

As part of my job though I do have to test things from people I've never heard of before - all this I do in a virtual machine with lots of protection on. Doesn't guarantee the host's safety but certainly knocks it down to 99% safe.

Either way for day to day use I still side with Spybot - install, update, immunise, scan & clean, uninstall. Never use anything like Teatimer resident scanning for load reasons. I've heard rumours of nasties involved in it but I'd personally put it down to the nature of some nasties that can tag onto such software to propogate itself - Norton had been under fire for doing this with ease more often than I care to remember.

Bit of common sense, not downloading dodgy things, avoiding porn and warez sites and that should sort most of them out.
Disabling cookies or slightly more convenient, picking and choosing which sites you allow cookies for will make things a lot better too, but then again it's very surprising how many websites stick you with a tracking cookie to rake in some extra cash - even the big ones!
 

·
Registered
Joined
·
1,302 Posts
All excellent advice Kryt. I would just like to set the record straight about Spybot S&D. I don't believe it contains any spyware and is the most effective software I have found for spy ware detection and removal.

The best part is, It's free!
 

·
Registered
Joined
·
166 Posts
For anyone using Internet Explorer this website is useful for a quick spyware check of your browser and has useful info on removing the main offenders.

As already mentioned this is not an alternative to proprietary anti-spyware software.

I did mention it in the antivirus thread but just realised it would be better in here.
 

·
Registered
Joined
·
922 Posts
Lets face it, from other angles, what we have and do on any pc has some sort of footprint. Just depends on what we term as spyware.

When you register a product, any legit product online from your pc, you are giving details out on your pc.

Just depends on the level of how malicious the recipient is with our sacred info.
 

·
Administrator
Joined
·
54,941 Posts
Complete and utter tripe, Spybot has NO spyware at all the only thing that may give explorer.exe a headache is when uninstalling when Tea Timer is still active, just stop tea timer.
Actually it does. It may not be malicious as in trying to do any harm, but it has spyware technology built into it. Your software firewall (or hardware) will not catch it easily as it uses already approved services that you cannot stop without breaking the OS. If you packet scan and know what you are looking for (and you really will need to know deep packet scanning) then you will be able to see it.

IT security is part of what I do for a living, so please don't try to tell me I don't know what I am talking about.
 
1 - 20 of 26 Posts
Top