Jump to content
WnSoft Forums

Recommended Posts

Posted

When using PTE most of us will surf around the net very often. This will pick up all kinds of cookies and also lay you wide open to Spyware and pop-up ads. All very dangerous stuff! How many of you use your credit card to pay for web purchases.

I have been trying out some 'privacy software packages' to try and keep my computer clean. I am a little confused by some of it though and am worried that such software will delete some of my 'legitimate files'

What are your views? Can you suggest (and recommend) any software? I will be glad to hear from you.

Ron

Posted

Ron

i use the free versions of

Lavasoft's AdAware SE personal version,

SpyBot Search and destroy

and

WinPatrol

winpatrol and SpyBot are running in the background and are in my XP Home startup

both warn whether you want to allow something to be put in

SpyBot sets a restore point when removing something -- and when you first run it i run screen shots of the gremlins it has detected -- one must know what you are going to remove

it is most effective in some cases

Adaware quaratines or removes so you can get the stuff back

i also run the MS desktop/web search plugin as well as altavista's browser plugin which also has a pop up blocker -- normally i have Altavista disabled and rely on the Popup blocker in MS's Desktop plugin.

i also keep s/c's to

http://doxdesk.com/parasite/

and

http://aumha.org/win5/a/noads2.php

http://aumha.org/a/quickfix.htm

the doxdesk site describes how to get rid of certain trojans

the doxdesk site was the original and

James A. Eshelman has copied the script from doxdesk because doxdesk is sometimes down as he describes on his site

i was told about another piece of software today that a fella had to install

"XoftSpy"

that is about all i can tell you other than it is a personal decision and you have to know what is doing what -- windows media player among others want to look for things thus they are classed as gremlin

you have read some of the exploits by Granot and others have gone thru, perhaps Brian" CONFLOW " will jump in as he walked Granot out of his mess

ken

Posted

Safety-Security-Privacy

Hi Ron & Ken,

Well Ken apart from 'walking' Granot out of his mess, I also had to do some 'walking' last March when I was attacked by 'Coolweb and a Backdoor Trojan' simultaneously ~ the consequential destruction, the likes I never saw before ~ this despite having a '3 Comm Hardware Firewall' and being on a secure Business Server (A Bankers Server) with the usual A/V Software described by Ken.

Some of our Irish Banks and U.S Banks got "ripped-off" on that weekend of 13th.March.

A group of us decided -enough is enough- so we sat down and worked through a routine that would offer the best of all compromises across the various Windows Platforms.

1) FIREWALL - This is an absolute necessity if you are not using XP-Sp2 which has its own Firewall, provided of course you have not allowed 'Exceptions' to access thro' the Firewall.

2) MAIL CLIENT - We now use 'Avir Mail Client' which can handle up to 9 EMail Addresses.This utility makes 'proxy access' directly to your Server where you can read your Mail safely without identifying yourself to the Mail Senders. In effect you are invisible.

3) NORTON 2005 - This version of Norton is now linked to the new 'SpyNet Community' in co-operation with Microsoft and others. It uses the latest SARC algorithms (Submit & Receive Confirmations) with anything suspicious.

4) MICROSOFT BETA-1 V2 This is the 2nd version of 'Microsoft-Beta-1' A/V Program and my god is it awesome ! ~ it also co-operates with the SpyNet Community using the SARC System. So now we have a number of 'Super-Computers' tied together and active at all times 24/7.

5) BOTH PROGRAMS - Are dynamically active at all times, even when 'OffLine' and they share facilities with all Members of the SpyNet Community.

6) BACKUP A/V - The new version of 'Spybot' is probably the best for the reasons that it actually 'Immunises your PC' against a Blacklist of known rogue sites now numbering +2000. It also works silently in the background (within the PCs' Operating System) and interrogates anything that slips past the Firewall and the other 2 Programs. Its a very effective Cleaner.

7) DAMAGE LIMITATION - The combination of these 4 utilities really get down to the business of attacking the Virus & Phising Vendors - in reality Microsoft & Parteners are now counter attacking these "rogues" where up to lately they simply 'purged' your PC after the damage was done.

8) THESE SYSTEMS will not only 'purge' your PC they are actively using counter-measures against these villians and the newer version of Microsoft Beta-1 will actually "fix" your PC if you are using .Net Framework.

All this has happened within the past year with more advances due in December ~

Hope this helps,

Brian.Conflow.

Posted

Ron, I will "ditto" Brian and Ken's remarks. I am using the free version of Lavasoft Ad-aware as well as Spybot. I also run the Ad-aware program every time I get off line. I will also add that several years ago I had a trojan horse attack my computer. I was using Norton at the time. It would not get rid of the trojan horse. I was able to download a free version of Grisoft's AVG virus pritection program, which removed the trojan horse, and have not had a virus since. But, there is always tomorrow, so we must be prepared.

Howard

Posted

I realise that my solution will not be suitable for all, but I have a desktop computer (now getting older than I would wish) for my e-mail and Internet use and a laptop for all other purposes. Both are connected to a common monitor. The laptop has protection against viruses in case of problems with discs etc.

I have a memory key and/or a CD burner for transfering files between computers.

If I get a problem then it will (should!) not be disastrous.

When it is time to upgrade the desktop I will probably switch roles and use the laptop online and keep the desktop clear of the Internet.

As I said, not a solution suitable for everyone but it works for me.

DaveG

Posted

Ken, thanks for the information - as thorough and detailed as ever!

Brian, I am always keen to read your views on all matters and your response to this thread is fantatstic.

Bearing in mind, that all other readers of this post will probably not be as 'computer literate' as yourself maybe you would consider supplying 'a novices guide' to just what should be installed on the average home PC (not networked). I am sure this would be useful to a lot of people (myself included).

Thanks in advance, on behalf of all of us!

Ron

Posted

Hi Ken,

Thanks for the very useful info that you are emailing me. I am interested in the article on the program called 'Spyware Doctor' Reading about it seems a little to good to be true! Does anyone on the forum have any hands on experience with this program? Can you recommend it, or is it just another of those bogus programs on this subject?

Ron

Posted

Hi Ron & Ken and All,

In my last post I mentioned that a group of us sat down (for a few days) and brain-stormed this subject. Two Microsoft OEM Manufacturing Engineers, two Senior Programmers, and three Application Engineers ~ I being one of them.

Our conclusions were very simple,viz:-

Protection falls into 2 Catagories:- 'Static Protection' and 'Real-Time Protection'

The choice of Catagory is very much dependent on the Operating System you are using,viz:-

Window '95 - '98 - '98se

By the nature of these Op-Systems its very difficult to install 'Real-Time Protection' (Always On) for the reason that Memory resources are quite low and Processor Speeds are usually low and these systems are DOS-Based. Consequently the only protection you can deploy is a Static Firewall such as 'Sysgate' and an A/V Program such as Norton, McAfee, Avast and others.

(I know it works but I don't recommend Grisofts A/V because it has no Uninstaller)

INSTALL SPYBOT to immunise the system. Any further extensions beyond this burns up too much Memory and slows up the PC to the extent where its virtually unusable.

Windows XP (Versions Sp2-Sp6)

These Systems can deploy 'Real-Time Protection (Always-On) ~ they have an excellent inbuilt 'Firewall' ~ provided its switched on. They also support the Microsoft Beta-1 (V2) AntiSpyware,Anti Virus package, where in conjunction with Norton 2005 and the installation of Spybot makes the system fairly bullet-proof and most of all "Auto-Fixable" if attacked.

(Microsofts .NET Framework furthers enhances the PCs' immunity if installed)

Window 2000 and 2000.Pro

Very much built on the NT System these Op-Systems are as tough as 'old boots' and can take terrible punishment. They are not as "bloated" as XP, therefore tend to run faster given the same Processor but most importantly they are an excellent 'bridge-head' between the older Systems and XP and Virtual PC...the McIntosh Clone Program.

They also run 'Real-Time Protection' and in all Applications are as in the XP paragraph above.

So at the end of the day ~ Its a personal choice whether to run 'Static Protection' or 'Real-Time Protection.

Whats the down-side of 'Real-Time Protection' ?

a) Boot-Up is much slower. PC Speed drops by about 10% ~ this is not noticed if you have a reasonable fast Processor and at least 250mB of Memory.

B) You also have Pop-Up Windows asking questions (resident time 2 secs) ~ However these abate with time as the PC gets used to your methods of operations.

c) Contary to the 'old wives tale' ~ Real-Time Protection' does not interfer with the operation of the PC.

Worthwhile ~ Very much so, particularily if you use the Net above 1 Hour per day.

Brian.Conflow.

Posted

PC PRIVACY ISSUE

In my last post I had forgot to mention the issue of PC Privacy ~ whereby you are "invisible" on the Net when processing your EMails and Attachments. I recommended an EMail Client Manager such as "Avir". Extracted Quote below:-

MAIL CLIENT - We now use 'Avir Mail Client' which can handle up to 9 EMail Addresses.This utility makes 'proxy access' directly to your Server where you can read your Mail safely without identifying yourself to the Mail Senders. In effect you are invisible.

Brian.Conflow.

Posted
Hi Ken,

Thanks for the very useful info that you are emailing me. I am interested in the article on the program called 'Spyware Doctor' Reading about it seems a little to good to be true! Does anyone on the forum have any hands on experience with this program? Can you recommend it, or is it just another of those bogus programs on this subject?

Ron

Thanks for the very useful info that you are emailing me. I am interested in the article on the program called 'Spyware Doctor' Reading about it seems a little to good to be true! Does anyone on the forum have any hands on experience with this program? Can you recommend it, or is it just another of those bogus programs on this subject?

Hi Ronnie,

I've found Spyware Doctor to be one of the very best (I use a large number of spyware removal programs) available and frequent free updates keep it at optimal protection levels. It finds and removes nearly every spyware with the exception of some of the latest Coolweb browser hijacks, which actually nothing is presently able to eliminate with the user doing some manual work. I was down for three days eliminating some of the Coolweb trash and it was a genuine pain in the behind even for an experienced user like myself. Be sure also to download and use the freeware version of Adaware.. I would also suggest purchasing the following:

http://www.neuber.com/taskmanager/regonline.html

This $29 package can be your best friend and help you get rid of problems which no spyware can presently fix such as some of the Coolweb browser hijack monkeys. This programe is called Security Task Manager. What it does is let you see exactly what is being loaded into memory and what is running in the background when you boot your computer. It also ranks the programs in order of their "danger" based on several criteria. Because any browser hijack or spyware will either lie latent to run at a pre set date or be actuated to run in memory, you can see the names of the offending files, start your computer in the "safe" mode then manually erase the offending files. Whenever a file is added to your computer it's dated with the day it was loaded. Because of this if you know the date when the problem first was noticed, you can search you files by date and quickly find the pesky little .exe files which cause so much concern. This tool is of great value to help you isolate problem files.

Best regards,

Lin

Posted

Hi Ron,Ken,Lin,

Lin,

I have read your Post and I appreciate that your views are purely from a personal experience. In the matter of the Coolweb Parasites, I only wish that your explaination as to the 'operation and resident methodology' of these was as simple as you have indicated ~ unfortunately its not ~ for the reason that the 'Coolweb Parasite' clones genuine PC Dll Files and assumes the real-time name of such Files, consequently you may have up to 10 Dll's with the same name ~ Which one is the genuine File ??.

(Dll is a Dynamic Linked Library)

Ron.

We also have the 'Invisible Clones' which hide behind the Browser also those that 'Auto-Boot' from Memory (which Lin mentioned) and those that boot from within the 'PC.System INI' and those that create 'Alias CAB Files' parked within the 'Windows CAB Library System' and others that get into A/V programs with the intent of disabling them.

Serious problem's arise when you start to remove these "Dll Clones" ~ for each one you remove the 'Win.INI System File' or 'Explorer INI File' has been modified by the parasite to auto-replicate the "clone" elsewhere in the System ~ ergo, unless one really knows what one is doing, the act of removing these can do more damage to the PC even to the extent of destroying the Win.INI or Explorer INI System - now you don't have a Computer.

The question of 'attached' Trojans & Monkeys in the 'Coolweb Parasite' is purely the Hackers' attempt to prevent you from interfering with his criminal masterpiece.

So the moral of the story is:- DONT LET THEM IN AT SOURCE....

Ken,

In the past both Ken & I have gone to great lenghts in our own individual ways to advise Forum Members as to the following:-

1) Install a Firewall.

2) Use "Real-Time-(Always Active)-On Line Filtering & Script Protection"

3) Use A/V Programs that are Registered Members of the SpyNet Community.

4) Use A/V Programs that deploy 'SARC Technology'...(see my 1st post on this page)

Microsoft

Microsoft have not wasted millions developing their 'Microsoft Beta-1 A/V Program' just for the fun of it ~ its estimated that these 'hackers' have cost the Company in excess of $5billion in lost sales due to these activities, so it was in their interest to put a stop to these activities, the answer being Microsoft Beta-1 A/V program...its free.

If you have been infected please contact a reputible PC.Technician and let them address your problem ~

Coolweb & variants is something that the average Forum Member CAN NOT FIX by themselves.

Hope this helps a little further,

Brian.Conflow.

Posted

Hi Brian,

You are right! Most of us are seriuosly confused about this Spy/Adware problem - exactly why I started this post in the first place! You seem to be suggesting that we ought to install the 'Microsoft Beta-1 A/V Program', Ok can you supply a current link for the download? I notice that the program is in 'Beta' form, have you tried it yet?

What about Spybot and Spyware Doctor, these 2 programs seem to be mentioned quite a lot?

Ron

Posted

Hi everyone!

Just a thought, if a computer becomes infected and, as a last resort, the owner decides to restore a previously made full back-up of the infected drive, would that clear all the infection? Or would it be necessary to reformat the drive first and then restore the back-up?

Ron

Posted

Hi Ronnie,

The most important thing to do is to approach the A/V Dilema in a professional manner.

To do this, get out a sheet of paper and write down the following:-

Questions:

1) Do I need "Static Protection" or "Live On-Line Protection" (depends on the PC)

2) Do I have a Firewall ? is it active and effective ?

3) I'm thinking about an A/V Program ~ Is this "Registered" with the Spynet Community ?

4) Can the A/V Program be "Uninstalled" if it conflicts with the Firewall...(thats vital)..many cant.

5) Does my PC have the Microsoft SP2 and/or the SP6 upgrade installed ?

6) Is my PC running Microsoft .NET Framework.?...This indexes all your PC.Files,which currently would be unindexed.

7) Microsoft Beta-1 (V2)...damn it, they designed the Operating System we use, so who better to protect it ?

NOTES

a) Beta-1 works best when 'cross-linked' with programs which are Registered with the SpyNet Community Group which are using the SARC Technology.

B) This allows you silent 'Automatic-Connectivity' to the Groups Super-Computer System set up by Microsoft,Norton,and many other A/V Manufacturers.

c) The reason its called "Beta" at this juncture is to allow intergration time to other A/V Manufacturers who are intending becomming Members of the SpyNet Community.

d) Beta-1 ~ By itself DOES NOT HAVE all the answers, but the combined 'SARC Cross-Linking' of other specialists within the Group, certainly does, and its an automatic service.

So its a matter of spending a few minutes with pen and paper and deciding what to do.

Brian.Conflow.

Posted

Reformatting Drive & Restore

Ronnie,

When things become so bad that a "reformat" is the last resort most people go to a Technician and ask for a 'Reformat' but please,please,please SAVE MY FILES !!

There is Reformatting A and also Reformatting B...let me explain:-

1) Reformat A

1) Answer

Most people try and restore the System from a previous date known to be 'un-infected' and re-load from there. They mistakenly call this reformat and restore ~ it can work PROVIDED ALL INFECTIONS were remover from the PC in the 1st.instance and the current 'Registry' was washed (its most likely damaged anyway). For most ordinary folk it simply doesn't work because they have no means of clearing the infected/damaged Registry in current use. So as soon as they Log-Off and Reboot, the "infections" simply invade the restoration Registry they have just installed.

2) Reformat B

2) Answer Correct Method

* Remove the Infected HD-Drive from the PC and install it into a "Services Dual-Drive PC" now remove and 'Wash the Files' and drop them into the 2nd. Clean HD.

* Completely Erase & Wipe the "Origional Infected HD-Drive" and reinstall XP or 2000 or whatever.

* Now re-install the 'Washed Files' to the cleaned HD and re-install it into the Clients PC.

* Then 're-Initialise' the System plus all Drivers plus the CD-Rom & Floppy Drivers et al.

Its a very 'messy long job' ~ unfortunately there is no quicker way of doing this apart from buying a New Drive and re-loading it with Windows ~ but you have lost your Files & Drivers.

Brian.Conflow.

Posted
Hi Ron,Ken,Lin,

Lin,

I have read your Post and I appreciate that your views are purely from a personal experience. In the matter of the Coolweb Parasites, I only wish that your explaination as to the 'operation and resident methodology' of these was as simple as you have indicated ~ unfortunately its not ~ for the reason that the 'Coolweb Parasite' clones genuine PC Dll Files and assumes the real-time name of such Files, consequently you may have up to 10 Dll's with the same name ~ Which one is the genuine File ??.

(Dll is a Dynamic Linked Library)

Ron.

We also have the 'Invisible Clones' which hide behind the Browser also those that 'Auto-Boot' from Memory (which Lin mentioned) and those that boot from within the 'PC.System INI' and those that create 'Alias CAB Files' parked within the 'Windows CAB Library System' and others that get into A/V programs with the intent of disabling them.

Serious problem's arise when you start to remove these "Dll Clones" ~ for each one you remove the 'Win.INI System File' or 'Explorer INI File' has been modified by the parasite to auto-replicate the "clone" elsewhere in the System ~ ergo, unless one really knows what one is doing, the act of removing these can do more damage to the PC even to the extent of destroying the Win.INI or Explorer INI System - now you don't have a Computer.

The question of 'attached' Trojans & Monkeys in the 'Coolweb Parasite' is purely the Hackers' attempt to prevent you from interfering with his criminal masterpiece.

So the moral of the story is:- DONT LET THEM IN AT SOURCE....

Ken,

In the past both Ken & I have gone to great lenghts in our own individual ways to advise Forum Members as to the following:-

1) Install a Firewall.

2) Use "Real-Time-(Always Active)-On Line Filtering & Script Protection"

3) Use A/V Programs that are Registered Members of the SpyNet Community.

4) Use A/V Programs that deploy 'SARC Technology'...(see my 1st post on this page)

Microsoft

Microsoft have not wasted millions developing their 'Microsoft Beta-1 A/V Program' just for the fun of it ~ its estimated that these 'hackers' have cost the Company in excess of $5billion in lost sales due to these activities, so it was in their interest to put a stop to these activities, the answer being Microsoft Beta-1 A/V program...its free.

If you have been infected please contact a reputible PC.Technician and let them address your problem ~

Coolweb & variants is something that the average Forum Member CAN NOT FIX by themselves.

Hope this helps a little further,

Brian.Conflow.

Lin,

I have read your Post and I appreciate that your views are purely from a personal experience. In the matter of the Coolweb Parasites, I only wish that your explaination as to the 'operation and resident methodology' of these was as simple as you have indicated ~ unfortunately its not ~ for the reason that the 'Coolweb Parasite' clones genuine PC Dll Files and assumes the real-time name of such Files, consequently you may have up to 10 Dll's with the same name ~ Which one is the genuine File ??.

(Dll is a Dynamic Linked Library)

It's never "simple" - that's why it took me three days to get rid of the Coolweb issues. But the oriinal post I replied to asked about a specific software (Spyware Doctor) and my reply was simply to endorse that software and suggest also the associated program which allows the use to see what's actually loaded and running - and give a rough indication of the "danger".

As for which dll is the "correct" one - the question should actually be which ones are "incorrect" and the best way to approach this is by their respective dates and locations. Whenever new files are added - regardless of whether they are "cloned" from existing files, they will have a different date stamp courtesy of Windows. This date can help the user make an intelligent decision about whether these .dll or .exe or .com files are originals or pretenders. Removing the offending files is not for the faint of heart, and prevention is stil the best "cure" - but when a computer is already infected what else is there to do? Yes, if there is a competent service near by where one can take their computer and have it cleaned that's a great solution - but this is certainly not always the case. Many users are miles from anything resembling "competent" service. In fact, the majority of services in my own area would simply low level reformat the entire drive and reload Windows. Great, anyone can do that - but what about the several hundred application programs (in my case) which must be reloaded? Many of these would require extensive research to recover install unlock keys, etc. - so this kind of "shotgun" approach to a repair is not satisfactory in many cases and since there are a number of users who fall into my category the next best approach is to methodically remove the offending files.

Also, there are programs specifically dedicated to the Coolweb hijack issues. Below is a link to one which I find useful for both removing most of the Coolweb code and when it can't do so to help locate the files to remove manually:

http://www.intermute.com/spysubtract/cwshr...hredder/092704/

Best regards,

Lin

Posted

Lin,

Seeing as you have "Quoted my Post" its only fair that I take the oppurtunity to reply to your's...

1)

I have absolutely no issues concerning your Post wherein you recommend 'SpyDoctor' and your personal approach to rectifying the effects of the 'CoolWeb Search' parasite, so I wonder why it was necessary for you to "Quote" me in the 1st instance ?....What's your point ?

2)

It's regrettable that you suffered the 'Coolweb' infection, but please be aware that many Forum Contributors have suffered the same fate over the past 2 years and if memory serves me correctly I was one of the first Engineers to tackle this problem on this Forum,some two years ago.

3)

When 'Posting' to the Forum ONE MUST AT ALL TIMES consider those PC Users who are not technically competent to undertake the 'remedial actions' you propose, particularily in the case of 'CoolwebSearch' which ultimately requires manual intervention by the PC.User and therin lies the 'crux' of the problem ~ the vast majority of Forum Members simply do not have these skills.

4)

On your viewpoint of 'Windows Date Stamping' everything ~ that's simply not true. There are variants of 'Coolweb' which alter the System Clock and others which are perfect clones of the origional Dll's (date and all) and others which have no other function but to alter various BHO Objects within 'Windows Internet Explorer' which I am sure you are aware is virtually unfixable once certain 'core components' are damaged.

So the moral of the story remains the same:-

* DONT BECOME INFECTED

* PREVENTION IS BETTER THAN CURE

* PRACTICE GOOD PC.MANAGEMENT

* CHOOSE YOUR A/V SOFTWARE CAREFULLY

And for god's sakes let Microsoft get on with their job of cleaning up their Software with 'Beta-1' which is free for everybody....

Brian.Conflow.

Posted

Just as an addendum on Spyware Doctor - It was just awarded PC Magazine's Editor's Choice - I just received this email:

Lin

Dear Lin,

We are excited to announce that Spyware Doctor 3.2 from PC Tools has been awarded the prestigious PC Magazine Editors' Choice Award for the best anti-spyware software!

PC Magazine reviewers found Spyware Doctor to be the most effective of all products tested in both blocking and removing spyware and keyloggers.

In celebration we would like to take this opportunity to offer you and your friends a $10 discount coupon (EDITORSWIN) on new orders of Spyware Doctor 3.2 until the end of July 2005. You are welcome to share this special discount with your family and friends and help them to eradicate spyware from their PCs with the world's best anti-spyware software at a discounted price.

If you already own Spyware Doctor and you are using an older version, we strongly recommend that you upgrade to the latest version 3.2 at your earliest convenience. All registered users of Spyware Doctor are entitled to FREE upgrades and updates within 12 months from the initial purchase.

Last but not least, we would like to thank all our users for the feedback that has helped us make Spyware Doctor the world's leading AntiSpyware choice.

Posted
I have absolutely no issues concerning your Post wherein you recommend 'SpyDoctor' and your personal approach to rectifying the effects of the 'CoolWeb Search' parasite, so I wonder why it was necessary for you to "Quote" me in the 1st instance ?....What's your point ?

I'm not certain what you mean. The purpose of quoting is for clarity so the reader has a clue which of the many posts the reply references.

Yes, there are a number of variants of the Coolweb problem and some, as you say, are very sophisticated. This is why I linked to the site containing the free CW Shredder software which is compliments of a engineer/programmer who has been working specifically of the Coolweb problem since it was first detected. It's widely acknowledged as one of the best tools for eliminating these. The programs comes with Spyware Doctor but can also be downloaded free. It's not perfect, but then with these problems as you note, nothing is.

Best regards,

Lin

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...