http://crookedtimber.org/2004/10/15/evil-spyware-problem/ Out of the crooked timber of humanity, no straight thing was ever made Mon, 13 Feb 2012 07:00:31 +0000 hourly 1 http://wordpress.org/?v=3.3.1 http://crookedtimber.org/2004/10/15/evil-spyware-problem/comment-page-2/#comment-46568 Chris Bertram Sun, 17 Oct 2004 21:55:58 +0000 http://crookedtimber.org/wp/?p=2360#comment-46568 Thanks everyone. I'm now happily popup and spyware free, and have installed SP2. HijackThis made the difference as well as blocking a list of sites using IE-Spyad (from the spywareinfo site). Thanks everyone. I’m now happily popup and spyware free, and have installed SP2. HijackThis made the difference as well as blocking a list of sites using IE-Spyad (from the spywareinfo site).

]]> http://crookedtimber.org/2004/10/15/evil-spyware-problem/comment-page-1/#comment-46567 gee jay Sun, 17 Oct 2004 13:07:55 +0000 http://crookedtimber.org/wp/?p=2360#comment-46567 Sounds to me like you may have Active Desktop turned on. If IE isn't running and popups still occur, tne that is the problem. I know it sounds hard to believe, but simply turning AD off will stop this. Sounds to me like you may have Active Desktop turned on. If IE isn’t running and popups still occur, tne that is the problem. I know it sounds hard to believe, but simply turning AD off will stop this.

]]> http://crookedtimber.org/2004/10/15/evil-spyware-problem/comment-page-1/#comment-46566 bryan Sun, 17 Oct 2004 00:20:06 +0000 http://crookedtimber.org/wp/?p=2360#comment-46566 what do these pop-ups look like, where do they direct you, anything distinguishing about them whatsoever? what do these pop-ups look like, where do they direct you, anything distinguishing about them whatsoever?

]]> http://crookedtimber.org/2004/10/15/evil-spyware-problem/comment-page-1/#comment-46565 Mike Sat, 16 Oct 2004 20:05:55 +0000 http://crookedtimber.org/wp/?p=2360#comment-46565 You've gotten some good advice. Top three suggestions: 1) Use Hijack This -- a great program that helped me when I had a similar program; 2) Use ZoneAlarm -- another great free program -- to turn off IE's access to the Net. This is an excellent plan; 3) Install SP2. It works, it has great pop-up protection, but use Hijack This first in case whatever-it-is tries to defend itself by screwing with your SP2 install. You’ve gotten some good advice. Top three suggestions: 1) Use Hijack This—a great program that helped me when I had a similar program; 2) Use ZoneAlarm—another great free program—to turn off IE’s access to the Net. This is an excellent plan; 3) Install SP2. It works, it has great pop-up protection, but use Hijack This first in case whatever-it-is tries to defend itself by screwing with your SP2 install.

]]> http://crookedtimber.org/2004/10/15/evil-spyware-problem/comment-page-1/#comment-46564 Adi Sat, 16 Oct 2004 09:39:27 +0000 http://crookedtimber.org/wp/?p=2360#comment-46564 erm i forgot to mention that afaik this is a windows xp fix, not so sure about 2k or previous versions of the unwashed OS erm i forgot to mention that afaik this is a windows xp fix, not so sure about 2k or previous versions of the unwashed OS

]]> http://crookedtimber.org/2004/10/15/evil-spyware-problem/comment-page-1/#comment-46563 Adi Sat, 16 Oct 2004 09:37:44 +0000 http://crookedtimber.org/wp/?p=2360#comment-46563 this isnt as far gone as regediting, but it should help a little anyway, if just to increase bootup time go to start->run->msconfig choose selective startup, then click on the startup tab. uncheck everything that is not located in c:\windows\[whatever] things like qttask and ituneshelper and winamp agent are the things i find in this area. also doublecheck that whatever is actually IN the windows directory is something you want upon booting up. hope this helps this isnt as far gone as regediting, but it should help a little anyway, if just to increase bootup time go to start->run->msconfig choose selective startup, then click on the startup tab. uncheck everything that is not located in c:windows[whatever] things like qttask and ituneshelper and winamp agent are the things i find in this area. also doublecheck that whatever is actually IN the windows directory is something you want upon booting up. hope this helps

]]> http://crookedtimber.org/2004/10/15/evil-spyware-problem/comment-page-1/#comment-46562 Adi Sat, 16 Oct 2004 09:36:30 +0000 http://crookedtimber.org/wp/?p=2360#comment-46562 this isnt as far gone as regediting, but it should help a little anyway, if just to increase bootup time go to start->run->msconfig choose selective startup, then click on the startup tab. uncheck everything that is not located in c:\windows\[whatever] things like qttask and ituneshelper and winamp agent are the things i find in this area. also doublecheck that whatever is actually IN the windows directory is something you want upon booting up. hope this helps this isnt as far gone as regediting, but it should help a little anyway, if just to increase bootup time go to start->run->msconfig choose selective startup, then click on the startup tab. uncheck everything that is not located in c:windows[whatever] things like qttask and ituneshelper and winamp agent are the things i find in this area. also doublecheck that whatever is actually IN the windows directory is something you want upon booting up. hope this helps

]]> http://crookedtimber.org/2004/10/15/evil-spyware-problem/comment-page-1/#comment-46561 Phill Sat, 16 Oct 2004 05:40:42 +0000 http://crookedtimber.org/wp/?p=2360#comment-46561 Yikes, sounds like its just adware, but we have been seeing a new type of spyware called theftware, this watches what you do and uses the information gained to either steal from you or to take out loans in your name. i am not kidding. Renaming the IE executable should not have terrible consequences. It is only a thin layer over a large amount of library codes. What Microsoft thinks of as IE is the linked libraries, not the executable. Yikes, sounds like its just adware, but we have been seeing a new type of spyware called theftware, this watches what you do and uses the information gained to either steal from you or to take out loans in your name. i am not kidding. Renaming the IE executable should not have terrible consequences. It is only a thin layer over a large amount of library codes. What Microsoft thinks of as IE is the linked libraries, not the executable.

]]> http://crookedtimber.org/2004/10/15/evil-spyware-problem/comment-page-1/#comment-46560 Jonathan Goldberg Fri, 15 Oct 2004 22:48:56 +0000 http://crookedtimber.org/wp/?p=2360#comment-46560 NB: if you take any of the suggestions involving editing the registry, BACK UP THE REGISTRY FIRST. It's not hard to do; Microsoft's site has instructions. The grief it could save you is enormous. NB: if you take any of the suggestions involving editing the registry, BACK UP THE REGISTRY FIRST. It’s not hard to do; Microsoft’s site has instructions. The grief it could save you is enormous.

]]> http://crookedtimber.org/2004/10/15/evil-spyware-problem/comment-page-1/#comment-46559 terry Fri, 15 Oct 2004 22:18:08 +0000 http://crookedtimber.org/wp/?p=2360#comment-46559 go to aumha.com, which has forums where people who know what they're doing will examine your hijack this logs and walk you thru what to delete. go to aumha.com, which has forums where people who know what they’re doing will examine your hijack this logs and walk you thru what to delete.

]]> http://crookedtimber.org/2004/10/15/evil-spyware-problem/comment-page-1/#comment-46558 dan Fri, 15 Oct 2004 21:57:56 +0000 http://crookedtimber.org/wp/?p=2360#comment-46558 I had this same problem. I solved it by activating Windows XP's own firewall. I also have separate firewall and virus detection software which did not do the job. To start XP's firewall Go to Control Panel, then Network and Internet Connections, click on network connections, right click on icon for your internet connection, click on properties, go to advanced tab, check the box, and that's it. I hope I explained this clearly I had this same problem. I solved it by activating Windows XP’s own firewall. I also have separate firewall and virus detection software which did not do the job. To start XP’s firewall Go to Control Panel, then Network and Internet Connections, click on network connections, right click on icon for your internet connection, click on properties, go to advanced tab, check the box, and that’s it. I hope I explained this clearly

]]> http://crookedtimber.org/2004/10/15/evil-spyware-problem/comment-page-1/#comment-46557 SHai Fri, 15 Oct 2004 19:28:53 +0000 http://crookedtimber.org/wp/?p=2360#comment-46557 but about installing sp2, id wait until the spyware is removed; e.g. see <a href="http://www.cnn.com/2004/TECH/ptech/09/06/windowsupdate.ap/">this story</a> but about installing sp2, id wait until the spyware is removed; e.g. see this story

]]> http://crookedtimber.org/2004/10/15/evil-spyware-problem/comment-page-1/#comment-46556 Shai Fri, 15 Oct 2004 19:26:03 +0000 http://crookedtimber.org/wp/?p=2360#comment-46556 removing stuff from run in registry won't damage your computer (it will merely stop the programs you remove from starting with windows). anyway, bring up the process list (ctrl-alt-delete -> processes) then look for suspicious exe files. especially ones with names like dfsdfwer.exe; ones with more regular names you can search google and maybe find how to remove it. if not, it might be hidden in a dll somewhere. I used <a href="http://www.download.com/Security-Task-Manager/3000-2094_4-10318553.html?tag=lst-0-1">security task manager</a> to identify and delete spyware hidden in a dll that norton, adaware, spybot didnt find. if you get really desperate you can try mcafee antivirus or trend micro online virus scan. sometimes one can detect what the other can't, especially when the virus/spyware isn't widespread or dangerous. removing stuff from run in registry won’t damage your computer (it will merely stop the programs you remove from starting with windows). anyway, bring up the process list (ctrl-alt-delete -> processes) then look for suspicious exe files. especially ones with names like dfsdfwer.exe; ones with more regular names you can search google and maybe find how to remove it. if not, it might be hidden in a dll somewhere. I used security task manager to identify and delete spyware hidden in a dll that norton, adaware, spybot didnt find. if you get really desperate you can try mcafee antivirus or trend micro online virus scan. sometimes one can detect what the other can’t, especially when the virus/spyware isn’t widespread or dangerous.

]]> http://crookedtimber.org/2004/10/15/evil-spyware-problem/comment-page-1/#comment-46555 Chris Fri, 15 Oct 2004 19:17:44 +0000 http://crookedtimber.org/wp/?p=2360#comment-46555 Avast! anti-virus software is pretty powerful and free for private users. It caught several bugs on mine that Spybot S&D passed by. Avast! anti-virus software is pretty powerful and free for private users. It caught several bugs on mine that Spybot S&D passed by.

]]> http://crookedtimber.org/2004/10/15/evil-spyware-problem/comment-page-1/#comment-46554 Randolph Fritz Fri, 15 Oct 2004 19:12:26 +0000 http://crookedtimber.org/wp/?p=2360#comment-46554 Hire an expert. Hire an expert.

]]>