Help with Spyware
Moderator: S2k Moderators
Help with Spyware
Hello everyone, I am friends with chadtm80 in FL. Chad and I were talking about spyware and he mentioned some of you from time to time run into some nasty ones. I help with a site called http://spywaredata.com we are devoted to killing spyware, or doing the best we can! The site is related to a product called SSI, or System Spyware Interrogator. It is free, and does not remove spyware it only detects it. You may ask yourself what good is that? Well most of you already have a spyware remover product, if you dont you should get one. Suppose you run your remover and after it detects and removes everything you still have spyware on your computer. How would you know. The answer is SSI, use it to make sure that your computer really is spyware free. We have the largest database of spyware, and if you have something on your computer we suspect might be spyware you can upload the files and we will look at them. The more people that send us files, the better our detection gets. We currently have one of the largest public lists. We also keep a list of good items, so if there is an application we dont know about, and you dont mind uploading the file information please do so. If you aren't comfortable with that, then just use the program as an auditing tool.
I know this was a long email, but I figured it, and or I may be able to help if you run into any more spyware related issues.
Also if any of you have comments on SSI we would love to hear them.
Enjoy hurricane season.
-AsHtRaY
I know this was a long email, but I figured it, and or I may be able to help if you run into any more spyware related issues.
Also if any of you have comments on SSI we would love to hear them.
Enjoy hurricane season.
-AsHtRaY
0 likes
Lindaloo, we are working on removal instructions for all the different types, in the mean time I can help you here, or in the spywaredata message boards. You can also post the url for the results page and others can learn as well.
Example:http://www.spywaredata.com/analyze/analyze_data.php?uniqueid=2388&chk_tbl=10110011110
Thanks for your interest I will be happy to help anyone remove the pesky buggers.
-AsHtRaY
Example:http://www.spywaredata.com/analyze/analyze_data.php?uniqueid=2388&chk_tbl=10110011110
Thanks for your interest I will be happy to help anyone remove the pesky buggers.
-AsHtRaY
0 likes
- southerngale
- Retired Staff
- Posts: 27418
- Joined: Thu Oct 10, 2002 1:27 am
- Location: Southeast Texas (Beaumont area)
ColdFront77 wrote:It could be better to a group of people, but we shouldn't get into that.
southerngale wrote:What group of people Tom?
Some of us definately know, others do not.
I think (and I believe you [and others that know]) would think it best that we not get into it.
My sincere apologes for bringing it up.
0 likes
Hello again everyone. First off SSI will not effect any spyware remover, we have tested it with 9 of the major removers and have seen no problems. We designed it to be compatible with just about any windows program.
Here is a breif description of SSI, spyware/adware, and it's related technologies. Hopefully this explains a lot.
We gather system information from your computer to help determine what operating systems or browsers spyware seems to attack more. We gather your memory and the amount your using to aid us in determining how much of an effect spyware is having on your computer resouces. We also gather your version of Internet Explorer and your Internet connection type to determine if spyware is prying on broadband users as much as dialup users and what versions of Internet Explorer are being affected.
Browser Helper Objects (BHO)
A Browser Helper Object is a small program that runs automatically every time you start your Internet browser. Usually, a BHO is installed on your system by another software program. BHOs are typically installed by toolbar accessories and can track your internet usage and collect other information that is used on the internet.
ActiveX Controls
ActiveX is Microsoft's technology for signing plug-ins that add additional software to your computer when a web page is accessed.
Programs that start when your computer starts...
Your computer has several programs that startup when your computer starts. Most of these programs serve a good purpose such as an Anti-Virus program or maybe your favorite music software. However, spyware also forces itself to start when your computer starts. Removing spyware from here will prevent it from reinfecting your machine. We use this data to educate you on what Spyware is starting up when your computer starts.
Homepage and Searchpage Hijacker information...
Hijackers are applications that attempt to take control of the user's home page and reset it with the site of the hijacker's choosing. This site is almost always loaded with ads, pop - ups, and/or other make-money-fast portals. They are a low security threat, however annoying they may be. Many hijackers use stealth techniques or misleading dialogue boxes to perform installation. Hijacker programs will put a reference to themselves in the StartUp or Registry, so that the hijacker reinstalls itself every time the computer is started. If the user tries to change any of these settings, the hijacker then changes them back upon reboot
Add / Remove Programs List
Your Add / Remove program lists contains a wealth of information on what programs are 'registered' as installed on your computer. Quite a few spyware applications will not 'register' themselves with your Operating System because they do not want to be installed. Spywaredata.com can tell you what spyware programs have 'Registered' on your computer and how to remove them.
Programs that are running right now
right now your computer is probably running several dozen programs that you can't see. You can view some of them using the built in task manager of windows; However, each program running uses 'Dependency' programs. Dependency programs are little helper applications that help. Spyware comes in this form quite often. It can hide here with the security of knowing it will be very hard to find. SSI and spywaredata.com can grab this information and immediately alert you to these hidden spyware programs.
Host file information
Your Hosts file is like an address book. When you type an address like http://www.google.com into your browser, the Hosts file is consulted to see if you have the IP address, or 'telephone numbe' for that site. If you do, then your computer will 'call it' and the site will open. If not, your computer will ask your ISP's (internet service provider) computer for the phone number before it can 'call' that site. Normally you would not have that address in your Hosts file. Spyware will change your Host file and put in a different 'Phone Number' then the one you need to contact. This prevents you from accessing the correct web page and also redirects you to another site.
Toolbar registry enteries
Toolbars are helper programs that attach themselves to your Internet Explorer or Windows Explorer programs. Most toolbars are innocent and are made for convience. other toolbars track everything you do on the Internet and even pop advertisements up based on your searches. In addition, they can also deliver to you the search results they want, which are generally paid results and not necessarily what you searched for.
Distribution registry keys
Distrubtion units are a method of installing software over the Internet. Generally website will prompt you to install a certain 'Control' which then loads software needed for proper viewing of that webpage. Spyware has the ability to install these 'Distribution Units' on your computer through various websites, pop-ups and pop-under webpages. They can generate pop up advertisement, hijack homepages and monitor your Internet Activity. Spyware is NOT required to view a webpage.
Shell Extension registry keys
Shell Extensions are an integral part of the operating system. And example of a shell extension is the menu you receive when you left click on a folder in Windows Explorer. Spyware will attach to the shell extensions of your computer to help hide itself. This type of spyware is hard to find and can generate pop-up advertising.
URLHook registry keys
Spyware that monitors what you type in the address bar of Internet Explorer and then hijacks that data is known as a 'URL Hook'. This type of spyware can take you to Portals which deliver paid ad's, pop-ups and even adult content.
Winsock enteries, also known as the LSP layer
LSP or Layered Service Providers play a very important part in your Internet connection. All Internet traffic flows through the LSP like a chain. Each file is a link in this chain. If a file is deleted the chain breaks and you have no more Internet connection. Spyware that resides on this layer of your computer can monitor all Internet surfing and activities.
Keep the questions coming:)
-AsHtRaY
Here is a breif description of SSI, spyware/adware, and it's related technologies. Hopefully this explains a lot.
We gather system information from your computer to help determine what operating systems or browsers spyware seems to attack more. We gather your memory and the amount your using to aid us in determining how much of an effect spyware is having on your computer resouces. We also gather your version of Internet Explorer and your Internet connection type to determine if spyware is prying on broadband users as much as dialup users and what versions of Internet Explorer are being affected.
Browser Helper Objects (BHO)
A Browser Helper Object is a small program that runs automatically every time you start your Internet browser. Usually, a BHO is installed on your system by another software program. BHOs are typically installed by toolbar accessories and can track your internet usage and collect other information that is used on the internet.
ActiveX Controls
ActiveX is Microsoft's technology for signing plug-ins that add additional software to your computer when a web page is accessed.
Programs that start when your computer starts...
Your computer has several programs that startup when your computer starts. Most of these programs serve a good purpose such as an Anti-Virus program or maybe your favorite music software. However, spyware also forces itself to start when your computer starts. Removing spyware from here will prevent it from reinfecting your machine. We use this data to educate you on what Spyware is starting up when your computer starts.
Homepage and Searchpage Hijacker information...
Hijackers are applications that attempt to take control of the user's home page and reset it with the site of the hijacker's choosing. This site is almost always loaded with ads, pop - ups, and/or other make-money-fast portals. They are a low security threat, however annoying they may be. Many hijackers use stealth techniques or misleading dialogue boxes to perform installation. Hijacker programs will put a reference to themselves in the StartUp or Registry, so that the hijacker reinstalls itself every time the computer is started. If the user tries to change any of these settings, the hijacker then changes them back upon reboot
Add / Remove Programs List
Your Add / Remove program lists contains a wealth of information on what programs are 'registered' as installed on your computer. Quite a few spyware applications will not 'register' themselves with your Operating System because they do not want to be installed. Spywaredata.com can tell you what spyware programs have 'Registered' on your computer and how to remove them.
Programs that are running right now
right now your computer is probably running several dozen programs that you can't see. You can view some of them using the built in task manager of windows; However, each program running uses 'Dependency' programs. Dependency programs are little helper applications that help. Spyware comes in this form quite often. It can hide here with the security of knowing it will be very hard to find. SSI and spywaredata.com can grab this information and immediately alert you to these hidden spyware programs.
Host file information
Your Hosts file is like an address book. When you type an address like http://www.google.com into your browser, the Hosts file is consulted to see if you have the IP address, or 'telephone numbe' for that site. If you do, then your computer will 'call it' and the site will open. If not, your computer will ask your ISP's (internet service provider) computer for the phone number before it can 'call' that site. Normally you would not have that address in your Hosts file. Spyware will change your Host file and put in a different 'Phone Number' then the one you need to contact. This prevents you from accessing the correct web page and also redirects you to another site.
Toolbar registry enteries
Toolbars are helper programs that attach themselves to your Internet Explorer or Windows Explorer programs. Most toolbars are innocent and are made for convience. other toolbars track everything you do on the Internet and even pop advertisements up based on your searches. In addition, they can also deliver to you the search results they want, which are generally paid results and not necessarily what you searched for.
Distribution registry keys
Distrubtion units are a method of installing software over the Internet. Generally website will prompt you to install a certain 'Control' which then loads software needed for proper viewing of that webpage. Spyware has the ability to install these 'Distribution Units' on your computer through various websites, pop-ups and pop-under webpages. They can generate pop up advertisement, hijack homepages and monitor your Internet Activity. Spyware is NOT required to view a webpage.
Shell Extension registry keys
Shell Extensions are an integral part of the operating system. And example of a shell extension is the menu you receive when you left click on a folder in Windows Explorer. Spyware will attach to the shell extensions of your computer to help hide itself. This type of spyware is hard to find and can generate pop-up advertising.
URLHook registry keys
Spyware that monitors what you type in the address bar of Internet Explorer and then hijacks that data is known as a 'URL Hook'. This type of spyware can take you to Portals which deliver paid ad's, pop-ups and even adult content.
Winsock enteries, also known as the LSP layer
LSP or Layered Service Providers play a very important part in your Internet connection. All Internet traffic flows through the LSP like a chain. Each file is a link in this chain. If a file is deleted the chain breaks and you have no more Internet connection. Spyware that resides on this layer of your computer can monitor all Internet surfing and activities.
Keep the questions coming:)
-AsHtRaY
0 likes
I've used a combination of Ad-aware and Spybot Search and Destroy and I've had my home machines free of that junk for quite sometime now. Even my work PC support teams recommend using that combination. Sad that you have to use applications like that just to make the internet actually browsable, but combine that with the Google Toolbar for pop-up suppression (well, for IE...I use Mozilla Firefox 95% of the time) and you are pretty well on your way to getting back online without too much worry from silent installers and such.
Now, if only I could do something about those damn virus writers....ugh.
--snoopj
Now, if only I could do something about those damn virus writers....ugh.
--snoopj
0 likes
ash....
None.
I think a lot of the reason why I don't have anything is due to the fact I have moved away from IE and it's gaping holes for spyware delivery. Sure, getting some pages to function might be a pain and most plug-ins aren't written for Firefox yet, but it does the basics and I don't really do a whole lot of advanced web surfing.
--snoopj
None.
I think a lot of the reason why I don't have anything is due to the fact I have moved away from IE and it's gaping holes for spyware delivery. Sure, getting some pages to function might be a pain and most plug-ins aren't written for Firefox yet, but it does the basics and I don't really do a whole lot of advanced web surfing.
--snoopj
0 likes
Who is online
Users browsing this forum: No registered users and 6 guests