Beating spyware for good

r3nu4l

Symptoms:
Pop-ups, shutdowns, connection slowing or dropping!!! Aaargghh!! Spyware!! We hates it precious!

Getting rid of spyware requires the right browser, the right applications and a bit of common sense surfing.

Browser choice:
Stop using IE, download and install Firefox browser.

Essential apps: All can be found at http://www.snapfiles.com/freeware/freeware.html

Spybot Search & Destroy
Ad-aware
Avast Anti-virus (or any anti-virus so long as it is kept up-to-date!)
HiJack This
Firewall

Download and install each item separately, restart the computer when prompted (painful but essential for proper installation).

Run the anti-virus scan first, follow the on-screen prompts

Run Ad-aware next, follow the on-screen prompts

Run Spybot S&D, note that not everything it finds is spyware, you can get information on each item it detects. The information will make it clear if there are any real nasties about! I suggest running this at this stage because Ad-aware and the anti-virus prog should have removed a lot of problems by now and the list should not be as long as it would otherwise be!

Run HiJack This - WARNING - Do not attempt to fix anything ehree yourself unless you are absolutely sure what you are doing!! This program lists all programs, services and browse helper pbjects running on your machine, deleting the wrong file could destroy your computer.
Copy the HiJack This log and post it to http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html
You will have to register (for free) first but it is well worth it. These guys will analyse the log and tell you exactly what to fix and how to do it. They receive a huge volume of logs so it may take a while for an answer to come through.

I haven't suggested a particular firewall as it's a matter of personal taste, the very least you should have (if using Windows) is the XP firewall (SP2 is better than SP1) but switch this off if you use ZoneAlarm.

Common sense:
When surfing, don't click on pop-up ads offering chances to win free ipods and the like. Tempting but could lead to grief for you in the end!

Be careful about downloading "useful toolbars" or "buttons" that can be added to IE navigation bars, especially from sites you don't know much about.

And remember, very few things in life are truly free!! Not all anti-spyware programs are truly anti-spyware!! Before downloading anything from the web (screensavers included) do a quick google search to see what you can find out about it, better safe than sorry!

Useful sites:
www.castlecops.com
www.spywareinfo.com
www.snapfiles.com
www.download.com

wind00ze

Cheers r3nu4l, that is good advice.
Now the question is will they listen or just just continue to post repetitive spyware questions in a security forum??

Zoned

The problem is that you can never really defeat spyware as long as stuff like Rootkits can hide the spyware files from the Spyware Scanner....

Beware the Rootkits...check out www.antirootkit.info , they have list of free anti rootkit software.

I was trying to fix a mates PC and all the scanners i found couldnt rid the PC of some bit of spyware.

I had to boot the PC up from a specially compiled CD with adaware and mcafee and lo and behold it found some rootkit files.
These files were stopping the kernel from reporting the existance of the files to scanner programs.... scarrrryy business now.

more info at http://www.protect-your-pc.org/rootkits/rootkitremoval.htm

r3nu4l

Ok, be pedantic! The thread title should be something like "How to remove general spyware from your machine" You happier, sleeping better?

As someone who has written experimental rootkits I can tell you that even the articles you link to are behind the times, rootkits are evolving and as always detection is behind the times, although a certain recently convicted (rootkit) hacker may soon be working for a certain security software firm and things might just change then

Also, many major firms are reluctant to create good rootkit detectors and some even program their detectors to ignore certain rootkits...I wonder what they're afraid of :rolleyes:

NutJob

Spyware calls for effective software controls like those in the new "windows Vista" /"Longhorn" (still in beta 2) but until then and the bugfixes post release(as the sneaky spyware coders are not stupid).

Now all i need to do is stop them clicking "Allow" before thinking.(never happen)

The Stack protection now offered by windows is a step in the right direction also.

As for rootkits sysinternals have rootkit revealer and datafellows have blacklight. (these wont remove rootkits but will point out "Suspicious files")

Its the same arms race that started with boot sector viruses in the 80s - now()

For the mean time windows users are am using the new fangled anti-spyware scanners.


ill be using the old fashoned linux approach

bammccabe

just saw there yesterday that microsoft has a beta version of its new anti spyware program avaible to download on the website,
have to say it found a few things that never got picked up before


http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en

r3nu4l

NutJob wrote:

ill be using the old fashoned linux approach

Great idea for now but just wait until Linux takes over the world (and I hope it does ) then the spyware coders will focus on Linux and all the holes will become all too readily apparent. The reason Linux attacks are so low is similar to the reasons Mac attacks have been historically lower than PC attacks. Fewer machines, slightly tighter coding in the OS, legions of loyal fans (many of whom ironically, are now "loyal" to Linux) and well, nobody likes to attack the underdog

Why not go with Unix?

NutJob

Disposable accounts and such like. BSD Jails services and crc checks across the system.

Scripting languages are the danger with linux with great power comes great power comes the ability to balls your system in unique ways and gives others the ability to balls it for you if ur not smart about how you set it up.

Reminiscing about the old bitchx DCC file exploits (eeehhhhhhh)