Lately in our shop, we have been running into persistant adware trojans that defy removal usually the kind of crap that's picked up from porn sites and other trash. Im sure it's some kind of CWS variant or something similar. We try all of the tricks of the trade as we know them but with limited results including editing the registry and so on. Forget AdAware, Spybot and so on. We have had some results by closing the Explorer through task manager and opening regedit and deleting the entry and then unplugging the system so as to dump the trojan in memory before it can refresh itself and recreate the registry entry.
We are getting more and more systems like this that even our experts can't deal with it and we're groping for solutions. We have gotten to the point the if we cant get a grip on it in a reasonable amount of time, its Format C: time.
I dont think there are any "magic" programs out there or silver bullet solutions. If virus writers ever get the same concepts of stickability that these spyware jerks have, heaven help us.
Any thoughts?
Robert
Discussion on:
The Spyware Of Death !!
Tags: hardware
View:
Show:
If it's a CWS have you tried CWShredder? I had a system with a CWS and no matter what I did I couldn't remove it using all the methods you described and more. I tried that and sure enough it removed it completely from the system after a couple reboots.
I have since added it to my toolkit just for CWS variants, (in addition to multiple spyware/adware and virus scanners since one never catches everything).
Good luck, adware should be a fricken crime.
I have since added it to my toolkit just for CWS variants, (in addition to multiple spyware/adware and virus scanners since one never catches everything).
Good luck, adware should be a fricken crime.
Thanks for the input but CWS shredder is in teh toolbox and it wont touch this stuff. Thanks for the input though
Last I checked, the creator/maintainer of CWShredder had announced EOL for the utility. Some people have made noises about being willing to take over maintenance of the thing, but I would say you shouldn't expect the same ubiquitous, nigh-infallible performance from it as you previously could, because new CoolWebSearch versions probably won't be addressed as effectively or as quickly as they once were.
C'est la vie. The world moves on.
C'est la vie. The world moves on.
Great input...We've just implemented & are happy with Spysubtract who (I guess) now own CWshredder. I did not know this was a standalone utility. (We also use Webroot Spysweeper beside it.)
Anyway, we've rolled out Intermute Spysubtract(Enterprise) product which includes CWshredder on two large networks this month. I appreciate (value) your comments & will suggest that additional care be taken with the CWshredder side.
The latest version is 2.1 released this month, so time will tell.
Thanks again!
Anyway, we've rolled out Intermute Spysubtract(Enterprise) product which includes CWshredder on two large networks this month. I appreciate (value) your comments & will suggest that additional care be taken with the CWshredder side.
The latest version is 2.1 released this month, so time will tell.
Thanks again!
I'm happy to help. Feel free to hire me as a consultant any time, or even to make full time employment offers to me. My distaste for Windows largely arises from my extensive experience with it, which has the upside for MS shops of meaning that I know my sh*t on the Windows side as well as the *nix side. Heh.
But you'd probably hate the 24" of snow that just fell & the -24C wind blowing out there right now.
Then again, your choice in Operating Systems enjoys that climate.
I'll tell you this though - Once we've worked ourselves out of a job, your real skills will come front and center:
The true Wordsmith.
DAFE2
Then again, your choice in Operating Systems enjoys that climate.
I'll tell you this though - Once we've worked ourselves out of a job, your real skills will come front and center:
The true Wordsmith.
DAFE2
Y'know, if I were to take a job in that area, it would have to be either A) contract basis with paid travel and expenses or B) relocation paid and a VERY good job offer. I'd have to buy a bunch of new clothing, too.
Thanks for the compliments.
Thanks for the compliments.
For now anyway, we've succesfully implemented spysubtract on many of our networks. It's available here:
http://www.intermute.com/products/spysubtract.html
It includes a tool called CWshredder & others.
Hope you find it usefull.
http://www.intermute.com/products/spysubtract.html
It includes a tool called CWshredder & others.
Hope you find it usefull.
Another major pain is VX2. A finder and removal assist program is available at link below. I have found it highly effective and only way to really eliminate VX2. It is for Win 2000 and Win XP only.
http://subratam.org/?page=removal
VX2Finder can be a difficult program to find if you don't alrady know about it.
Might want to give it a try. VX2 also has new variants fairly often.
Add it to your toolbox.
Dalton
http://subratam.org/?page=removal
VX2Finder can be a difficult program to find if you don't alrady know about it.
Might want to give it a try. VX2 also has new variants fairly often.
Add it to your toolbox.
Dalton
go to www.download.com and seach for adware se version. It's the latest / greatest. It works great and easy to use.
You've got a typo? I think you meant Ad Aware.
Just google for Ad Aware.
We're trying to avoid Adware right?
Just google for Ad Aware.
We're trying to avoid Adware right?
The regularity with which I see people refer to Ad-Aware as "Adware" drives me up the wall. I know that some of them must certainly be people trying to push Ad-Aware knockoffs that carry adware payloads and trojans.
It makes me want to just smack someone around when I see that sort of "error" arise, honest or otherwise. I can understand an occasional typo, but most of these have to be more than typos: I'm sure many (aside from intentionally leading people astray) are people that, in many circumstances, would complain about my intent attention to careful spelling.
It is in cases like this that attention to detail in correctly spelling out what you're trying to say most pays off. By not knowing the correct name and spelling, and by not bothering to check through the extremely easy process of a quick Google search, some people are actually leading others astray and causing (further) problems for others rather than alleviating them.
Kudos, dafe2, for catching the error. If only others paid such attention to what they were typing.
It makes me want to just smack someone around when I see that sort of "error" arise, honest or otherwise. I can understand an occasional typo, but most of these have to be more than typos: I'm sure many (aside from intentionally leading people astray) are people that, in many circumstances, would complain about my intent attention to careful spelling.
It is in cases like this that attention to detail in correctly spelling out what you're trying to say most pays off. By not knowing the correct name and spelling, and by not bothering to check through the extremely easy process of a quick Google search, some people are actually leading others astray and causing (further) problems for others rather than alleviating them.
Kudos, dafe2, for catching the error. If only others paid such attention to what they were typing.
Been there, done that, got the T-Shirt.
Thanks for the reply and the concern.
Robert
Thanks for the reply and the concern.
Robert
It is about time that a conscious approach is the only solution. I've noticed that within the past year, spyware, malware, trojans, etc, have been taking over user systems to the point of no real software solution. There are no magic solutions for this sort of activity, even in the virus world. This is prevalent in the the existence of removal tools and instructions on your AV's website.
Email address exploitation is something that I deal with everyday. People don't understand that a message can be sent out using their own address. The kind of problems that arise from "social engineering" are becoming more serious. The intelligence of this activity is growing exponentially. I guess that we should feel lucky, in that we will always be employed while there are threats like this floating around on the internet.
As far as viruses go, on my home home PC, I encounter a problem maybe once or twice a year. This is usually do to my own stupidity and negligence. Though I have never had to settle for wiping the slate clean and losing vital data, I have had a damaged OS before. This is no big deal in my world, but when it comes to a client's PC, well... I'm sure that we've seen it all. What a pain it is to deal with this garbage.
Email address exploitation is something that I deal with everyday. People don't understand that a message can be sent out using their own address. The kind of problems that arise from "social engineering" are becoming more serious. The intelligence of this activity is growing exponentially. I guess that we should feel lucky, in that we will always be employed while there are threats like this floating around on the internet.
As far as viruses go, on my home home PC, I encounter a problem maybe once or twice a year. This is usually do to my own stupidity and negligence. Though I have never had to settle for wiping the slate clean and losing vital data, I have had a damaged OS before. This is no big deal in my world, but when it comes to a client's PC, well... I'm sure that we've seen it all. What a pain it is to deal with this garbage.
For protection against malicous active x components, I highly recommend the freeware 'spyware blaster'.
It is not unusual to find hundreds of bad products on even the most 'puritanical' of systems. As for pcs that are used to visit porn sites, over a thousand bad products are common.
I use it on my own system and it finds more bad code after every update.
Greg
It is not unusual to find hundreds of bad products on even the most 'puritanical' of systems. As for pcs that are used to visit porn sites, over a thousand bad products are common.
I use it on my own system and it finds more bad code after every update.
Greg
Since using AdAware, Spybot Search & Destroy, and AVG anti-virus (all free versions, though I'm going to donate some money to these lifesaving folks and/or upgrade when I get some more cash in my life), I've had little or no trouble with spyware, adware, and/or viruses.
I've also added WinPatrol (also free) which is another great utility for watchdogging registry changes and has a resident icon in the system tray for easy access to lists of services, startup processes, cookies, etc.
I also installed Spyware Blaster (another free basic edition) on advice from one of apotheon's posts and it's been working so well that AdAware hasn't found anything in it's last 8 scans.
I've also added WinPatrol (also free) which is another great utility for watchdogging registry changes and has a resident icon in the system tray for easy access to lists of services, startup processes, cookies, etc.
I also installed Spyware Blaster (another free basic edition) on advice from one of apotheon's posts and it's been working so well that AdAware hasn't found anything in it's last 8 scans.
Check into the following software packages for help (some, I know, you've already used, but I'll mention them all anyway for the sake of completeness). The list is in alphabetical order, and each item includes some (brief?) discussion of its purpose, functionality, usefulness, and quirks. I hope this helps.
Ad-Aware - http://www.lavasoft.com
This is one of the most common and is extremely easy to use. It's a point-and-click GUI interface, and doesn't require much user interaction.
Avast! - http://www.avast.com
This is a very good anti-virus product, and there is usually a free (though slightly neutered) version available. I find it rather more annoying than AVG, and it actually is only marginally more functional than McAfee or Norton AV (though quite a lot less of a resource thief and system hijacker than either, thank goodness). I recommend it only if you are, for some reason, dissatisfied with ClamAV or AVG.
AVG - http://www.grisoft.com
There's a fully-functional, single-system version of AVG (the excellent anti-virus solution from Grisoft, far better in my experience than the installed McAfee and Norton anti-virus solutions combined.
Bazooka - http://www.kephyr.com
This is for slightly more advanced users than most of the rest. If you're comfortable with the registry, but not necessarily an expert, you'll find this extremely easy to use and will probably learn an awful lot while you're at it (if you end up using it a lot). I definitely recommend it when the automated cleanup tools fail you, and for the experienced I recommend it anyway as it is lightweight, lightning fast, and more thorough at detection than the major automated tools. If using the tool in the traditional manner proves problematic, or is not sufficiently complete enough in its treatment of a given issue, you can output raw data logs from system sweeps to a text file and use that to diagnose. Such forms of diagnosis are for experts, though, and a rank amateur runs the risk of screwing up the OS if he does stuff he doesn't understand. Also for experts is using the information from the standard Web-enabled use of Bazooka not only for explicit solutions, but also to glean hints about how to find additional files about which the Bazooka people might not yet know.
ClamAV - http://www.clamav.net
This is an open source, cross-platform antivirus solution, available primarily on the various Unices and on Windows. On Unix systems, it's mainly intended as a virus checker for mail servers (since you pretty much have to be a willing participant for Unix-targeted virus software to do any damage), and the Windows version is a port of the Unix version, so if you're a Windows-only person you may find it not as intuitive at first as AVG. ClamAV is my favorite option, at present, but I'm well-versed in Linux as well, so the Unixlike behavior of ClamAV isn't any kind of detriment for me. It seems to be thorough and highly effective (on par with AVG), though I haven't used it as much as AVG (for instance) yet, both because I don't typically manage mail servers and because I haven't been using it on Windows long, so your mileage may vary.
Firefox - http://www.mozilla.org/products/firefox
I recommend using this browser instead of Internet Explorer. There are other browsers that are probably just as effective on Windows as replacements for IE, in terms of security, stability, and functionality, but this is the one I like and I think it's the one that will be most immediately familiar in the way it works when IE "power users" get their hands on it, and it also offers a lot more functionality that I actually want without burdening me with great scads of functionality that I don't want. This has much to do with Firefox's extensions capability. Note: Even if you, for some reason, cannot or will not use Firefox most of the time, it is a VERY GOOD IDEA to use it when you are engaged in Web-related activity while cleaning up malware on your system. The reason for this is simple: When you already have malware on the system, using IE can cause that malware to (further?) activate even when it is dormant, or when some of the malware's functionality is dormant. Using IE when you currently have malware on the system is just begging for trouble. Unfortunately, the most user-friendly functionality of Bazooka defaults to IE, even if Firefox is the default browser on your computer, but I guess you can't have everything.
HijackThis - http://www.tomcoyote.com/hjt
If you are not an expert, DO NOT USE THIS without guidance from someone (trustworthy) who is. This tool does nothing but show you raw data from configuration files and the like that commonly show traces of malware. It can be used by diagnosis by someone that knows what he's looking for. If you just delete everything it shows you, though, not realizing that a lot of what it shows has nothing to do with malware, I can guarantee that any Windows system you do this with will cease functioning. This is a last-resort tool, if nothing else works. Much of the same usefulness as this can be gained from Bazooka's logfile output, though.
Linux, BSD, MacOS X, and Solaris x86
I don't list URLs for these because there are literally thousands of URLs you can use to get to a solution along these lines. My point here is that for many the solution may simply be to use an operating system other than Windows. The rest of the solutions in this list are very Windows-centric (except for ClamAV). This one is the "anti-Windows". Windows suffers significant security problems, many of which have absolutely nothing to do with its popularity (and, in fact, many server roles that receive attacks all the time are more commonly deployed with one of these OSes instead of Windows, but they still end up being more secure options). If you have the option of migrating some or all computer operations to non-Windows systems, you might try it out. Of the OSes I've listed in this entry, only MacOS X and Solaris are not fully open source. MacOS X is closed source proprietary interface functionality on top of an open source core, and most Solaris implementations are very expensive closed source software though Sun Microsystems is now making a fully open source x86 version available. What open source means to you, among other things, is that you can get it for free if you want to without breaking any laws. For a long-time Windows-only user, though, migrating to another OS is a very involved, often very complex process, if you don't have the aid of a very helpful and knowledgeable friend in the process. If you choose to go this route, you may or may not find that the process can be difficult for a first-timer. If you just want "just works" without being any kind of power user, I recommend MEPIS Linux http://www.mepis.org or SuSE Linux http://www.suse.com/en if you don't have a "guru" handy to help walk you through.
Spybot Search and Destroy - http://www.safer-networking.org
This is my favorite automated GUI tool for cleaning up malware. It's easy to use, very thorough, and very helpful. It also provides active system protection and is always 100% free (unlike its chief rival, Ad-Aware, which has both a pay version and a less-functional free version). When installing, configure it so that it starts in the advanced mode when you open it up (trust me on this), and get into the checkboxes in the configuration to make sure that expert buttons will be shown when using it. Those so-called "expert buttons" should be default, but for some reason they are not. I think that's to help prevent clueless users from accidentally disabling adware that is attached to something like Kazaa, but really you shouldn't have any malware on your system anyway, and if you're willing to keep Kazaa-related malware on your system you may as well let it all in.
Spyware Blaster - http://www.javacoolsoftware.com
This is most renowned for its usefulness as protection, rather than clean-up. It is helpful on both ends, however, and by all accounts does a decent job of it. Because I always use Spybot Search and Destroy, Bazooka, and Ad-Aware before resorting to Spyware Blaster, and because of a great deal of skill in cleaning stuff up even without the aid of such tools, I have yet to run across malware that Spyware Blaster detects and protects against that the others don't. Your mileage may vary.
SystemRescueCD - http://www.sysresccd.org
This LiveCD Linux distribution is a system rescue tool, not an OS offering for desktop system installation. I recommend making a bootable CD with this, if you have the inclination to learn Linux enough to use its utilities. This thing is great for the Linux-competent Windows administrator. When you've got malware controlling your Windows system so that it's "impossible" to fix Windows even by booting into DOS or Safe modes, you can boot your computer from this CD and use Linux-based system rescue tools to clean the crap out. You can also perform a great many other tasks, such as resizing partitions after they've been created (make sure you have backups before trying it, especially with NTFS volumes). This is something that requires skill, though. This is potentially the most useful tool at your disposal out of all those I mention (other than, perhaps, just switching to a non-Windows OS, if that's to your liking), but it is the most difficult (by far) for someone to learn from scratch to properly and effectively use in Windows system maintenance and recovery.
Thunderbird - http://www.mozilla.org/products/thunderbird
NEVER use Outlook Express if you have any reason to believe that you will ever run any risk of coming into any contact with any email-related virus or other malware activity of any kind, ever. Period. If you use Outlook Express, I guarantee you'll run that risk (I'd bet money, and with enough people betting I'd make a very steady living). Just don't use OE. Thunderbird is a pretty much perfect drop-in replacement for OE, but it also has additional functionality, is more intuitive, is far FAR more secure and stable, is not nearly as slow and bloated, and is generally just more spiffy. If you have other email clients that you prefer, that's fine, but whatever you do, avoid OE at all costs. I'm serious (in case you weren't aware).
This post can be linked to using this URL: http://tinyurl.com/7y5f5
Ad-Aware - http://www.lavasoft.com
This is one of the most common and is extremely easy to use. It's a point-and-click GUI interface, and doesn't require much user interaction.
Avast! - http://www.avast.com
This is a very good anti-virus product, and there is usually a free (though slightly neutered) version available. I find it rather more annoying than AVG, and it actually is only marginally more functional than McAfee or Norton AV (though quite a lot less of a resource thief and system hijacker than either, thank goodness). I recommend it only if you are, for some reason, dissatisfied with ClamAV or AVG.
AVG - http://www.grisoft.com
There's a fully-functional, single-system version of AVG (the excellent anti-virus solution from Grisoft, far better in my experience than the installed McAfee and Norton anti-virus solutions combined.
Bazooka - http://www.kephyr.com
This is for slightly more advanced users than most of the rest. If you're comfortable with the registry, but not necessarily an expert, you'll find this extremely easy to use and will probably learn an awful lot while you're at it (if you end up using it a lot). I definitely recommend it when the automated cleanup tools fail you, and for the experienced I recommend it anyway as it is lightweight, lightning fast, and more thorough at detection than the major automated tools. If using the tool in the traditional manner proves problematic, or is not sufficiently complete enough in its treatment of a given issue, you can output raw data logs from system sweeps to a text file and use that to diagnose. Such forms of diagnosis are for experts, though, and a rank amateur runs the risk of screwing up the OS if he does stuff he doesn't understand. Also for experts is using the information from the standard Web-enabled use of Bazooka not only for explicit solutions, but also to glean hints about how to find additional files about which the Bazooka people might not yet know.
ClamAV - http://www.clamav.net
This is an open source, cross-platform antivirus solution, available primarily on the various Unices and on Windows. On Unix systems, it's mainly intended as a virus checker for mail servers (since you pretty much have to be a willing participant for Unix-targeted virus software to do any damage), and the Windows version is a port of the Unix version, so if you're a Windows-only person you may find it not as intuitive at first as AVG. ClamAV is my favorite option, at present, but I'm well-versed in Linux as well, so the Unixlike behavior of ClamAV isn't any kind of detriment for me. It seems to be thorough and highly effective (on par with AVG), though I haven't used it as much as AVG (for instance) yet, both because I don't typically manage mail servers and because I haven't been using it on Windows long, so your mileage may vary.
Firefox - http://www.mozilla.org/products/firefox
I recommend using this browser instead of Internet Explorer. There are other browsers that are probably just as effective on Windows as replacements for IE, in terms of security, stability, and functionality, but this is the one I like and I think it's the one that will be most immediately familiar in the way it works when IE "power users" get their hands on it, and it also offers a lot more functionality that I actually want without burdening me with great scads of functionality that I don't want. This has much to do with Firefox's extensions capability. Note: Even if you, for some reason, cannot or will not use Firefox most of the time, it is a VERY GOOD IDEA to use it when you are engaged in Web-related activity while cleaning up malware on your system. The reason for this is simple: When you already have malware on the system, using IE can cause that malware to (further?) activate even when it is dormant, or when some of the malware's functionality is dormant. Using IE when you currently have malware on the system is just begging for trouble. Unfortunately, the most user-friendly functionality of Bazooka defaults to IE, even if Firefox is the default browser on your computer, but I guess you can't have everything.
HijackThis - http://www.tomcoyote.com/hjt
If you are not an expert, DO NOT USE THIS without guidance from someone (trustworthy) who is. This tool does nothing but show you raw data from configuration files and the like that commonly show traces of malware. It can be used by diagnosis by someone that knows what he's looking for. If you just delete everything it shows you, though, not realizing that a lot of what it shows has nothing to do with malware, I can guarantee that any Windows system you do this with will cease functioning. This is a last-resort tool, if nothing else works. Much of the same usefulness as this can be gained from Bazooka's logfile output, though.
Linux, BSD, MacOS X, and Solaris x86
I don't list URLs for these because there are literally thousands of URLs you can use to get to a solution along these lines. My point here is that for many the solution may simply be to use an operating system other than Windows. The rest of the solutions in this list are very Windows-centric (except for ClamAV). This one is the "anti-Windows". Windows suffers significant security problems, many of which have absolutely nothing to do with its popularity (and, in fact, many server roles that receive attacks all the time are more commonly deployed with one of these OSes instead of Windows, but they still end up being more secure options). If you have the option of migrating some or all computer operations to non-Windows systems, you might try it out. Of the OSes I've listed in this entry, only MacOS X and Solaris are not fully open source. MacOS X is closed source proprietary interface functionality on top of an open source core, and most Solaris implementations are very expensive closed source software though Sun Microsystems is now making a fully open source x86 version available. What open source means to you, among other things, is that you can get it for free if you want to without breaking any laws. For a long-time Windows-only user, though, migrating to another OS is a very involved, often very complex process, if you don't have the aid of a very helpful and knowledgeable friend in the process. If you choose to go this route, you may or may not find that the process can be difficult for a first-timer. If you just want "just works" without being any kind of power user, I recommend MEPIS Linux http://www.mepis.org or SuSE Linux http://www.suse.com/en if you don't have a "guru" handy to help walk you through.
Spybot Search and Destroy - http://www.safer-networking.org
This is my favorite automated GUI tool for cleaning up malware. It's easy to use, very thorough, and very helpful. It also provides active system protection and is always 100% free (unlike its chief rival, Ad-Aware, which has both a pay version and a less-functional free version). When installing, configure it so that it starts in the advanced mode when you open it up (trust me on this), and get into the checkboxes in the configuration to make sure that expert buttons will be shown when using it. Those so-called "expert buttons" should be default, but for some reason they are not. I think that's to help prevent clueless users from accidentally disabling adware that is attached to something like Kazaa, but really you shouldn't have any malware on your system anyway, and if you're willing to keep Kazaa-related malware on your system you may as well let it all in.
Spyware Blaster - http://www.javacoolsoftware.com
This is most renowned for its usefulness as protection, rather than clean-up. It is helpful on both ends, however, and by all accounts does a decent job of it. Because I always use Spybot Search and Destroy, Bazooka, and Ad-Aware before resorting to Spyware Blaster, and because of a great deal of skill in cleaning stuff up even without the aid of such tools, I have yet to run across malware that Spyware Blaster detects and protects against that the others don't. Your mileage may vary.
SystemRescueCD - http://www.sysresccd.org
This LiveCD Linux distribution is a system rescue tool, not an OS offering for desktop system installation. I recommend making a bootable CD with this, if you have the inclination to learn Linux enough to use its utilities. This thing is great for the Linux-competent Windows administrator. When you've got malware controlling your Windows system so that it's "impossible" to fix Windows even by booting into DOS or Safe modes, you can boot your computer from this CD and use Linux-based system rescue tools to clean the crap out. You can also perform a great many other tasks, such as resizing partitions after they've been created (make sure you have backups before trying it, especially with NTFS volumes). This is something that requires skill, though. This is potentially the most useful tool at your disposal out of all those I mention (other than, perhaps, just switching to a non-Windows OS, if that's to your liking), but it is the most difficult (by far) for someone to learn from scratch to properly and effectively use in Windows system maintenance and recovery.
Thunderbird - http://www.mozilla.org/products/thunderbird
NEVER use Outlook Express if you have any reason to believe that you will ever run any risk of coming into any contact with any email-related virus or other malware activity of any kind, ever. Period. If you use Outlook Express, I guarantee you'll run that risk (I'd bet money, and with enough people betting I'd make a very steady living). Just don't use OE. Thunderbird is a pretty much perfect drop-in replacement for OE, but it also has additional functionality, is more intuitive, is far FAR more secure and stable, is not nearly as slow and bloated, and is generally just more spiffy. If you have other email clients that you prefer, that's fine, but whatever you do, avoid OE at all costs. I'm serious (in case you weren't aware).
This post can be linked to using this URL: http://tinyurl.com/7y5f5
Heres a useful general tool that has saved my butt a few times. It is a compiler which creates a minimalistic version of windows that can be run from CD with certain windows compatible software. The compiler has a plug-in interface for easy software installation (provided the plugin has been created).
I did not investigate much time into finding a solution to effectively work with spyware apps, but it's worth a look. On the other side, I've found it especially useful to work from a windows interface that bypasses the system's configuration when I want to edit the registry, run certain scans, change windows user passwords etc..
Heres what the website (www.nu2.nu/pebuilder)says:
"Bart's PE Builder helps you build a "BartPE" (Bart Preinstalled Environment) bootable Windows CD-Rom or DVD from the original Windows XP or Windows Server 2003 installation/setup CD, very suitable for PC maintenance tasks.
It will give you a complete Win32 environment with network support, a graphical user interface (800x600) and FAT/NTFS/CDFS filesystem support. Very handy for burn-in testing systems with no OS, rescuing files to a network share, virus scan and so on.
This will replace any Dos bootdisk in no time!
PE Builder is not a Microsoft product and does not create Microsoft Windows Preinstallation Environment ("WinPE"). Using PE Builder does not grant you a license to Microsoft WinPE or to use the Windows XP or Server 2003 binaries in a manner other than stated in the End-User License Agreement include in your version of Microsoft Windows XP or Windows Server 2003. Microsoft has not reviewed or tested PE Builder and does not endorse its use."
I did not investigate much time into finding a solution to effectively work with spyware apps, but it's worth a look. On the other side, I've found it especially useful to work from a windows interface that bypasses the system's configuration when I want to edit the registry, run certain scans, change windows user passwords etc..
Heres what the website (www.nu2.nu/pebuilder)says:
"Bart's PE Builder helps you build a "BartPE" (Bart Preinstalled Environment) bootable Windows CD-Rom or DVD from the original Windows XP or Windows Server 2003 installation/setup CD, very suitable for PC maintenance tasks.
It will give you a complete Win32 environment with network support, a graphical user interface (800x600) and FAT/NTFS/CDFS filesystem support. Very handy for burn-in testing systems with no OS, rescuing files to a network share, virus scan and so on.
This will replace any Dos bootdisk in no time!
PE Builder is not a Microsoft product and does not create Microsoft Windows Preinstallation Environment ("WinPE"). Using PE Builder does not grant you a license to Microsoft WinPE or to use the Windows XP or Server 2003 binaries in a manner other than stated in the End-User License Agreement include in your version of Microsoft Windows XP or Windows Server 2003. Microsoft has not reviewed or tested PE Builder and does not endorse its use."
Try Bart?s PE...You can make your own tool that will allow you to fix without even being on the OS. It might keep you from having to unplug the machine.
http://www.nu2.nu/pebuilder/
Richard
http://www.trianglespywarerepair.com
http://www.nu2.nu/pebuilder/
Richard
http://www.trianglespywarerepair.com
I've often used Knoppix to edit my NTFS partitions to help battle viruses. It is a bit of a pain though, because I need to play around with the permissions first. I think that I will check out Bart's PE.
I've used a variety of Bart's boot disks. What a wicked site this guy runs. I've learned so much by simply developing and tweaking his disks for my own personal use.
I've used a variety of Bart's boot disks. What a wicked site this guy runs. I've learned so much by simply developing and tweaking his disks for my own personal use.
For a very complete, extensive, in-depth, and (in my honest opinion) thoroughly intriguing explanation of one man's dealings with the VX2 malware and its purveyors, check out this link:
http://www.livejournal.com/users/tacit/125748.html
Really. If you want a look at what is going on with much of the malware with which you deal, this is a good place to start. Having been dealing with various bits of malware for quite some time and quite extensively (and getting paid to do so) before I came across this, not much of it was a surprise to me, but it was still quite interesting. Have a read. Caution: It's a little long. It is well-written, though.
http://www.livejournal.com/users/tacit/125748.html
Really. If you want a look at what is going on with much of the malware with which you deal, this is a good place to start. Having been dealing with various bits of malware for quite some time and quite extensively (and getting paid to do so) before I came across this, not much of it was a surprise to me, but it was still quite interesting. Have a read. Caution: It's a little long. It is well-written, though.
That was a great article. I am forwarding it on to some compatriots, so they can blackhole this puppy out of existence.
CounterSpy by Sunbelt Software is the best I have found.
They have a 15 day trial and the software is reasonably priced. There is also an interprise version but I have not tried it yet.
This is the same software that was available until recently as Giant Antispyware. Giant is no longer available since Microsoft bought the company.
{don}
They have a 15 day trial and the software is reasonably priced. There is also an interprise version but I have not tried it yet.
This is the same software that was available until recently as Giant Antispyware. Giant is no longer available since Microsoft bought the company.
{don}
Get rid of your IE, and teach your users how to browse the internet...
Surfing the web nowadays is no different than having sex. If you don't use protection, you are going to catch something....
Start using FireFox - you can get it for free from Mozilla.org.
Tell your users that they need to stop downloading all of those cute games and screensavers and backgrounds or you're going to fire their asses...
That in itself will take care of it.
I can tell you this much, I got regularly to sites that I wouldn't recommend most people go to and I have yet to catch something... It's all about paying attention to what you are doing and using the right tools...
Mrafrohead
Surfing the web nowadays is no different than having sex. If you don't use protection, you are going to catch something....
Start using FireFox - you can get it for free from Mozilla.org.
Tell your users that they need to stop downloading all of those cute games and screensavers and backgrounds or you're going to fire their asses...
That in itself will take care of it.
I can tell you this much, I got regularly to sites that I wouldn't recommend most people go to and I have yet to catch something... It's all about paying attention to what you are doing and using the right tools...
Mrafrohead
This information has been posted indirectly, just want to ensure that everyone is aware of what's transpired.
CWShredder was taken over by Intermute and incorporated into their SpySubtract Pro software. It is being updated to address latest variations of CoolWebSearch.
However, CWShredder is still available as a free stand-alone program. Link is:
http://www.intermute.com/spysubtract/cwshredder_download.html
Hope this provides assistance to those fighting adware battles.
Dalton
CWShredder was taken over by Intermute and incorporated into their SpySubtract Pro software. It is being updated to address latest variations of CoolWebSearch.
However, CWShredder is still available as a free stand-alone program. Link is:
http://www.intermute.com/spysubtract/cwshredder_download.html
Hope this provides assistance to those fighting adware battles.
Dalton
I'd checked this morning, as we use Spysubtract and had missed the statement:
"Originally developed by Merijn Bellekom of the Netherlands, CWShredder? is now owned and maintained by InterMute. CWShredder has been updated to include new CoolWebSearch variants. Use in conjunction with SpySubtract for the strongest defense against Spyware threats."
Big fan of Spysubtract, but I'll still keep an eye on the CWshredder updates & results.
Nice catch
"Originally developed by Merijn Bellekom of the Netherlands, CWShredder? is now owned and maintained by InterMute. CWShredder has been updated to include new CoolWebSearch variants. Use in conjunction with SpySubtract for the strongest defense against Spyware threats."
Big fan of Spysubtract, but I'll still keep an eye on the CWshredder updates & results.
Nice catch
I visit Merijn's site occasionally and had been keeping up with CWShredder status since he was trying to find someone to take it over. That's how I found out about InterMute.
Big relief. Don't want to be without CWShredder and HiJack This.
Also check my post about VX2Finder. It's a good one also.
Dalton
Big relief. Don't want to be without CWShredder and HiJack This.
Also check my post about VX2Finder. It's a good one also.
Dalton
Yesterday I downloaded the tool that Intermute is offering free that includes version 2.0 of CWShredder is not removing the latest version of CWS, at least it didn't do it for me...
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
