General discussion

Locked

Spyware/Malware

By rrdavis07 ·
I have a user who, on Friday, became infected with a whole slew of spyware/adware/malware troubles. She is our webmaster, and she knows how to protect herself online, but got bit anyway.

We have tried to rid her system of this malware, but have been having little luck. If anyone has had experience with this. We'd be thankful.

Her symptoms: Popup ads--even when IE is not currently running. She always has InterDev running and is continually being asked if she want's to debug various poorly written pop-up ads. When we've searched her system, she as the following:

AutoUpdate
msbb.exe
SaveNow
Power Scan
Bargain Buddy
EbatesMoeMoneyMaker
eZuLa
FunWebProducts
ISTsvc
xxxtoolbar
Interstitial Ad

They were all installed the day her problems started. We have run Ad-aware and cleaned her system with that, but continued to have some of the problems, but with less freqency. Some of the programs removed by Ad-aware have been reinstalled. We have tried to manually remove some of the software and have edited out all the malware run statements from her registry. However, we are still getting errant behavior every once in a while.

Another user on our network had very similar behavior on her computer and had the same programs installed. I thought this user was just surfing where she shouldn't have been.

Does this sound familiar to anyone? Is there something more I should be doing to protect our users and network from these malicious programs?

This conversation is currently closed to new comments.

16 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Ad-aware not the only way

by Cactus Pete In reply to Spyware/Malware

Also use SpyBot. They compliment each other well enough. Also, I would suggest getting CWSshredder. You can probably find all of these on TR's sister sites like download.com

Collapse -

If it's Win2K then disable the messenger service

by UsrBabSitr In reply to Spyware/Malware

If she's using windows 2000 then just disable the messenger service on her box... no more pop-ups. Unless she really needs it. And get yourself a decent firewall...

Collapse -

try this ...

by MTWallet In reply to Spyware/Malware

www.majorgeeks.com -- freeware/spykillers

Collapse -

spywareblaster

by PramodPatil In reply to Spyware/Malware

also try spywareblaster along with Spybot Search and Destroy. free utility which stops any installation of spyware

Collapse -

Getting sneakier

by TheChas In reply to Spyware/Malware

The authors of spy-ware and related mal-ware are getting trickier.

Since it is fairly easy to disable applications by removing executables and registry keys, they are moving into replacing system files.

We ran system file checker on a badly infected system and found a number of system files that had been replaced by files that were significantly larger than the originals.

The spy-ware authors actually have a stronger incentive than the virus writers in that they get paid for their work.

Chas

Collapse -

Also

by worker bee In reply to Spyware/Malware

Istsvc comes with an uninstall program. Search your registry for istsvc after it reinstalls itself and you will find the command to uninstall it.

Bargain Buddy and Power Scan come from a web search and home page hijacker. I cannot remember the name but if you google the name of the web search page your home page has been reset to you should find the link that in turn links to the place that has a program to remove it. As I recall there are two versions of the uninstall program and you will probably need the second one. I think it is called something like uninst2.exe.

Collapse -

Been there, done that, burned the t-shirt

by chuck In reply to Spyware/Malware

The same thing happened to me. After a couple of days searching the registry for web sites that matched the sites that kept popping up, with limited success, I decided a reload (or in my case a reimage, since we have Altiris) ws the way to go. A short couple of hours later, I was back in business. It's a pain but you could grow old and gray trying to remove all of the registry traps manually...

Good Luck!
Chuck

Collapse -

A temporary solution

by dbucyk In reply to Spyware/Malware

Run Zone Alarm Pro (if you aren't already). Prevent any software from accessing the internet like spyware, malware.

Run Spybot. You should be running at least two different types of removal programs for better success.

Do all your disk cleanup options as well as registry cleanup options.

Collapse -

Spy/Adware Removal

by beachrat35 In reply to Spyware/Malware

Run Spybot Search & Destroy. You may have to reboot and run it again. Run CWShredder (CoolWebSearch is nasty). Then run Adaware SE ( may also have to be repeated). Also, run Toolbar Cop and see what toolbars are being used.

Good luck and be vigilant!

Collapse -

Do This

by ssteinberg In reply to Spyware/Malware

Disconnect from the internet. Run AdAware as you did. Remove anything you can from Add/Remove programs. Run HiJack This (my favorite removal tool.) You will have to check certain things on another pc on the internet, to determine if it's spyware. (Just type in fghjfgj.exe or whatnot.) HiJack is more a manual registry removal tool, but it makes backups. Then, if some stuff won't remove, boot into Safe Mode and then delete the folder from Program Files, or wherever it may have nested.
If it's really ingrained in your pc, you may have to just reinstall like someone else suggested. I know, within a few minutes if that is what I need to do or not. But the spyware removal process I listed solves 95% of my issues.

Back to Hardware Forum
16 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums