Spyware Stormer

CharlesL

PFG, Picture Framing God

In Memorium

Rest In Peace



Joined
Apr 9, 2001
Posts
7,255
From
Clayton, NC
I haven't done much 'internetting' other than the G lately. But recently, I've started going to ebay, and doing MSN searches, trying to build up a small soft drink bottle collection.

I have Ad-Aware and Spyware Stormer. I'd seldom get more than one or two 'low risk' annoyances, or 'hits' on Spyware, but since I've been doing more searching, the record is 84...so far. After ONE session on the 'net!

Some of the same ones keep re-appearing, although I go through the 'quarantine' procedure each time, which leads me the believe they're inextricably tied in with some other, innocent software, and I can't delete it. I know this because when I DO try and delete 'em, by going to My Computer, or wherever Spyware says the things are lurking, I get a message that, well, basically says so. "The file(s) cannot be deleted because they are connected to yada, yada, yada."

Most of them are 'High Risk', per Spyware, and many more of them are 'Extreme Risk'. I have several 'dial out' programs, which is scary.
Many of them are imbedded in some sort of file called HKEY_LOCAL, and several other HKEY_'s. Some are in Program Files. There's one called eZula that's found a home in C:\\Windows AND HKEY_CLASSE.. One that is particularly disturbing is a file that's an .exe file called conscore.exe. It, too is embedded in C:\\Windows as well as HKEY_LOCAL. (What the heck is HKEY anyway?)

Anybody got any ideas? I'm on a dial-up, and that's my only choice. Seems I remember someone mentioning that a router, between the dial tone and the modem would eliminate this crap. It's far more pervasive, INvasive and annoying than spam!

Help :confused:
help.gif


Oh, and why does the Spyware screen give only PART of the file location? And I can't print from Spyware, so I don't have any way to generate a list of what's on there.

I think I'm gonna change my 'off-line' background to a grassy knoll...

Oh #2, I have emailed Spyware, and they promise to get back in touch in 24 hours, but I suspect that's false hope. If a router WOULD work, and Lord knows HOW, I'll rush to BestBuys, or anywhere that sells what I need today!

[ 12-12-2004, 09:52 AM: Message edited by: CharlesL ]
 

JbNormandog

SGF, Supreme Grumble Framer
Joined
Apr 8, 2004
Posts
3,751
From
NJ
There is free ware called SPYBOT-search and destroy. It works great for me and I've never had a problem.

I would go to google and search for it there.

There is also blocking software so other people can't see you called PeerGuardian. It is also free and works well for me.

I hope this helped. Bob
 

Phoneguy

MGF, Master Grumble Framer
Joined
Dec 1, 2004
Posts
678
From
New Westminster, B.C. Canada
The thing I hate most about these "diseases" is that they steal processor time and slow down the computer. If you are on dial up you definately need to worry about dialer spyware. Most spyware just reports your surfing habits (and locations) to some data collectors who then sell that info to advertising companies. They will send the information 'behind the scenes' when you are on line anyway. Personally I use Spybot and Adaware together. That combo seems to do a good job of keeping the uninvited down.
James
 

CharlesL

PFG, Picture Framing God

In Memorium

Rest In Peace



Thread starter
Joined
Apr 9, 2001
Posts
7,255
From
Clayton, NC
I'm using 'Spyware Stormer' and AdAware.

Apparently, I'm getting bombarded by ebay and the old bottle sites with this junk. It's scary when several are 'dialers', and try as I might, I can't find most of them, and the ones I DO find are undeletable because they say they are tied into other programs.

I think, and this is personal, that if some outfit downloads this junk into YOUR own computer, without asking, the Spyware Stormer ought to give you ALL the info on where it originated.

I apologize beforehand, but I'm no better off now than I was. Although I appreciate you guys taking time to try and help me...you have no idea how computer illiterate I am. I'm looking for something to stop this spyware, out-dialers, monitoring of sites I visit before it ever gets on my HD.

Thanks!
 

Mike Labbe

Administrator
Forum Support Team
Forum Donor
Joined
Jun 25, 2002
Posts
18,242
From
Lincoln, RI
Business
Get The Picture
Hi Charles

One thing you can be sure of: The spyware/adware isn't from the Grumble or Ebay. (not that you thought it was)

It's a really big problem right now, and i'd say just about everyone has it. The biggest players are AD-AWARE (the free version does a scan to identify and remove problems, but doesn't intercept them in real time - unless you buy the full version), and Spybot Search & Destroy (This one works real-time but is somewhat flaky and can slow down the computer)

What kind of infections were they? Did they have names, or were they just minor issues such as tracking cookies? The ones with names are the ones to be concerned about, and many of them come from free game sites on the internet.

The mention of "hkey" that you saw means the critter has probably modified your Windows REGISTRY file, and changed some parameters. (either settings to track its own progress, settings so it will automatically re-install itself every time you boot the computer, etc) Most programs, legitimate or not, make use of your registry. This is where serial #s and other things are often stored.

Ezula is fairly common and comes as part of an optional browser Plug-in for Internet Explorer "TopText". Here are some details and instructions for removal: http://www.whirlywiryweb.com/removeezula.htm

Aren't computers fun?


Mike
 

Phoneguy

MGF, Master Grumble Framer
Joined
Dec 1, 2004
Posts
678
From
New Westminster, B.C. Canada
The other thing that Spybot does, if the 'program' is currently being used in memory...so it cannot be deleted. It asks you if you want it to run on reboot. Answer yes, it will run partway thru reboot, before all the background programs are loaded, and go after the software that is left behind. Just let the puppy run. It will make for a looooong reboot, depending on the specs of your computer though. Maybe walk away and get a coffee, or go do something else.
 

CharlesL

PFG, Picture Framing God

In Memorium

Rest In Peace



Thread starter
Joined
Apr 9, 2001
Posts
7,255
From
Clayton, NC
Mike, well, it's dwindled from 84 to 11. Here's what I have:

Name Risk Type Location

Sidefund Extreme Hijacker C:\ProgramFiles
ITSBar[Tiny... " Adaware HKEY_CURREN...
" " " HKEY_Local...
Misc Spyware " Spyware HKEY_Local
" " " C:\ProgramFiles
Local NRD " " C:\ProgramFiles
ATDMT High Risk Tracking Cookie owner@atdmt[2]
double click " " "
Mediaplex " " owner@mediapal
Valueclick " " owner@valueclick
XXXToolbar " " owner@xxxtoolbar


This is all the info Spyware Stormer gives me. I can't print the window, or copy it.

I'm sure when I go back to do searches, looking for bottles and Christmas presents, I'll be filled up again!

I was thinking that a while back, someone mentioned using a router on a dial-up. I have no idea what a router does, but will it work, and is it practical?

I was especially upset when the spyware detected an 'outdial' file. I've tried to delete them, from the software, and they always come back the next time I'm checking out 'vintage bottle' websites. I'm also being plauged with Yahoo popups.

I wish I weren't so stupid when it comes to computers!

Any help or suggestions will be appreciated!

Thanks,
Charles
 

Mike Labbe

Administrator
Forum Support Team
Forum Donor
Joined
Jun 25, 2002
Posts
18,242
From
Lincoln, RI
Business
Get The Picture
Howdy

The most important thing is to get rid of that SPYWARE STORMER. That might be the cause of your problems, ironically. According to some websites, the company is actually owned by a web popups company (CASALE) and they give "false positives" to get you to buy the $30 program - then send ads your way. It has also been known to allegedly damage computers by removing the wrong files. This program has been removed from download.com and other sources.

Ad-AWARE and Spybot are still the best alternatives.

See
http://www.spywarewarrior.com/viewtopic.php?t=4309&highlight=casale

http://www.spywarewarrior.com/rogue_anti-spyware.htm

http://servicenews.symantec.com/cgi-bin/displayArticle.cgi?article=31549&group=symantec.support.generic.virus_corporate.general&tpre=ent&

http://www.pcworld.com/news/article/0,aid,118362,pg,3,00.asp

http://computercops.biz/article5275.html


ISTBAR/TINYBAR is an old toolbar and will spam you with pornography. The ONLY toolbar thats safe, in my opinion, is the GOOGLE TOOLBAR. If you have XP with service pack 2, you don't even need the google one. (pop up stopper is built into sp2) Common places to get this one include SearchBarCash, MSCache, XXXToolbar, the OUTWAR online game, Rapidblaster, DownloadPlus.

Details http://www.doxdesk.com/parasite/ISTbar.html


I couldnt find any info on Local NRD or Sidefund. They might be very new.

I would suggest going into start -> control panel -> add/remove programs to make sure none of the above names are installed. Sometimes its just a matter of removing them there and running ad-aware one more time.

Mike
 

Mike Labbe

Administrator
Forum Support Team
Forum Donor
Joined
Jun 25, 2002
Posts
18,242
From
Lincoln, RI
Business
Get The Picture

CharlesL

PFG, Picture Framing God

In Memorium

Rest In Peace



Thread starter
Joined
Apr 9, 2001
Posts
7,255
From
Clayton, NC
Mike,
I uninstalled it this morning. There are definitely programs, or software that weren't there before.

When I click on 'Uninstall' on a few of them, it fails to act at all. The computer just sits there.

There are also some 'foreign' programs that tell me that if I uninstall them, it will cause other software to not run. Which tells me that not only have the b@st@rds INVADED my computer, but they've enmeshed THEIR stuff with essential Windows XP programs.

The one that particularly bothered me was the 'Outdial' thing. Obviously it plans to look for dial tone, and dial some number, possibly finding and sending Social Security #'s, bank card numbers, ad infinitum. This invasion really pisses me off!
 

Mike Labbe

Administrator
Forum Support Team
Forum Donor
Joined
Jun 25, 2002
Posts
18,242
From
Lincoln, RI
Business
Get The Picture
The good news is that you can uninstall it, I'd even un-install AD-AWARE and then re-install that, then run it one more time to make sure it wasn't modified or damaged by the other program.

Make sure you get the newer "AD-AWARE SE" version.

You should be completely clean after that.

Mike
 

Jay H

PFG, Picture Framing God
Joined
Dec 8, 2003
Posts
9,908
From
KY
Kim Komando and Leo Laport (two computer geniuses) recommend both spybot and ad aware. I use them both. But I get the feeling that if I would update my virus scanner I would need both, less. What do I know?

Carry on.
 

Mike Labbe

Administrator
Forum Support Team
Forum Donor
Joined
Jun 25, 2002
Posts
18,242
From
Lincoln, RI
Business
Get The Picture
The virus scanner takes care of viri, and is still VERY important. They (real time) intercept infections that come in via email, instant message programs, the web, etc. They will update automatically, 1-2 times per week, to get the newest definition files. The new versions have script blockers too.

The adware/spyware removers take out parasites that give popup ads, and programs that collect personal data against your will. Spybot and Ad-aware do the same thing. You really only should need one or the other.

Of the above, the A/V software is the most important. (in my opinion at least)
 

Jay H

PFG, Picture Framing God
Joined
Dec 8, 2003
Posts
9,908
From
KY
I have experienced and others have as well where ad aware found a few things that spybot didn't the other way around. But I question the seriousness of most of the “infections”.
 

Mike Labbe

Administrator
Forum Support Team
Forum Donor
Joined
Jun 25, 2002
Posts
18,242
From
Lincoln, RI
Business
Get The Picture
exactly
Especially cookies
 

Mike Labbe

Administrator
Forum Support Team
Forum Donor
Joined
Jun 25, 2002
Posts
18,242
From
Lincoln, RI
Business
Get The Picture
There was a news article today about Microsoft developing a new spyware removal tool, to be released soon. The first one is free, but future versions may be for sale.

Mike
 

CharlesL

PFG, Picture Framing God

In Memorium

Rest In Peace



Thread starter
Joined
Apr 9, 2001
Posts
7,255
From
Clayton, NC
Mike,
I was online tonight, visiting various sites: BestBuys, Lowes, etc. I was on for about 3 hours. When I disconnected, I opened, or ran AdAware SE, and, at last count it had found close to 1700 invasive programs. Most of those were 'Modification to Registry Key'.

A friend of mine told me that I didn't want anybody messing with the registry keys, as, apparently, they tell the computer what to do.

I presume AdAware SE picks 'em off before they can invade. Does it? Why am I getting so many, with the mundane sites I visit? And, lastly, will switching IP's and/or email address cut this out?

Thanks


PS: I was looking at routers at the BestBuy site, and they're really inexpensive. Is it for-sure-certain-true that they also block anythng that you don't ASK to be downloaded??? Several of them claimed to do so.


EDIT: Like, for instance THIS ONE ???

[ 12-17-2004, 02:46 AM: Message edited by: CharlesL ]
 

Mike Labbe

Administrator
Forum Support Team
Forum Donor
Joined
Jun 25, 2002
Posts
18,242
From
Lincoln, RI
Business
Get The Picture
If you're using a dialup connection, I wouldn't bother with a router. I doubt they still make em for dialup. Running Windows Update several times to get all the fixes, installing SP2 and enabling the firewall, etc will suffice. The newest a/v programs also have script blocking features.

A residential router's main purposes is to take a single internet feed and share it with (up to 252 or so) computers within your house/shop. Since it uses NAT (Network address translation) to assign "fake" internal-only IP addresses within your home, it acts like a firewall. Since the fake addresses can't be reached from the outside, the internet sees the router itself as your 'pc' - or the last point it can reach. The router is basically a "traffic cop" that sends packets to the various pc's in your home.

The web and email are places you will still find trouble, because you're going to those places manually. It concerns me that you're still getting these infections.

Some random ideas to speed up the computer and find potential problems:

- Check start -> programs -> add/remove programs and seen if anything odd is in there. If you want, email me the list of programs and i'll be glad to look through and let you know if anything is suspicious.

-Hit control-alt-delete, click on PROCESSES, and send me a list of whats there.

-Check start->all programs-> startup and remove anything you don't need (autostart items) from this folder. I keep mine empty.

-Check start -> run -> msconfig -> ok -> startup. Uncheck unwanted items but be careful not to stop ScanRegistry, TaskMonitor, SystemTray, LoadPowerProfile, or your A/V software (may have several files for a/v).

-If you don't use Windows Messenger, you can disable it as follows: Start -> Programs -> Windows Messenger -> Tools -> Options -> Preferences. Uncheck "Run when windows Starts".

-Remove any unnecessary items from the system tray (bottom right near clock). These are resource hogs. Things such as Apple Quicktime, AOL startup, ATI controls, WinAmp, Music Match Jukebox, Adobe Tray tool, PDA s/w, IM programs, DirectCD, mouse driver icon, RealPlayer, etc. (you may want to keep some of these too, so be careful)

- Within IE, go to TOOLS -> INTERNET OPTIONS. Make sure the default home page is something you recnogize, and isn't going somewhere else first. (browser hijack). If so, change it and save.

- Within IE, go to Tools -> INTERNET OPTIONS -> SECURITY. Click on each of the 4 zones and hit DEFAULT LEVEL. Click on the SITES list for each and make sure nothing odd is listed. Click on the ADVANCED tab and hit defaults. hit OK to exit. This sets everything back to factory defaults. You'll get a couple security warning popups the first time you use the web, and this is normal.

-Within IE, go to VIEW -> Toolbars. Look for any oddball items there. Should have standard, address, links, Norton ? a/v. If you see any other toolbars installed, remove them per above suggestions (add/remove programs). Google is the only one I trust, and you don't even need that if you have SP2. SP2 has a decent popup blocker bundled with it.

AD-ADAWARE SE doesn't remain resident and doesn't intercept infections in real-time. It's an "after the fact" scanner/remover. They do offer a commercial version, for a small fee, that runs in real-time.

Spybot search and destroy will work in real-time to intercept these things, at the expense of making the computer go a bit slower. It's a decision you'd have to make. In your case, maybe Spybot makes more sense?

If you end up getting DSL or CABLE in the future, I suggest the Linksys WRT54G router. It's very inexpensive (about $50-59) and has all the features you could want. (hardwired AND 54g wireless technology, security, port forwarding, dhcp, etc) This is actually a very inexpensive Unix machine, and the software inside can be updated to perform other tasks. (I replaced the brain in mine, it takes about 2 mins and gives you additional toys) If you get one of these, make sure you disable wireless or add lots of security if you do use wireless. We have a wireless laptop at the frame shop that serves as a second "floater" pos terminal and is used by customers to browse the Art Explorer DB (from the loveseat usually). At home we use the same model router for 3 hardwired pc's and 2 wireless laptops. Wireless security is a really big issue and there's another thread with some suggestions, if you go this route. DSL is probably about $5 more than AOL dialup, frees up your phone line/msg units, works well with a router, and is up to 20 times faster. Once you go broadband, you won't look back


Sorry for such a long msg. I hope some of the info is helpful to figure out the source of your trouble. As with anything else, use this advice at your own risk. (insert standard disclaimer here)

I hope you're able to figure out what's going on. If none of this helps, it might be a place you're intentionally visiting on the web. (game sites are notorious for installing stuff on your PC, etc)

Mike
 

Rogatory

SGF, Supreme Grumble Framer
Joined
May 8, 2003
Posts
1,077
From
Lubbock, Texas
The Linksys BEFSR41 is also a good router.

I use AdAware and SPYBOT; they are good for what they do. But if you wanna find out what’s really going on behind the scenes try Bazooka Adware and Spyware Scanner. It's a small and free utility that digs into your registry and will find stuff that the others don't.
This program does not repair anything but will take you to their web site and give you suggestions, most require doing some reg editing. Print out the instructions then follow the instructions to a T. (I STRONGLY suggest backing up first)
I had a VERY annoying adware called "Ebates Moe Money Maker" that I wouldn't wish on my ex wife. AdAware and SPYBOT didn't see it but Bazooka did and more.

http://www.kephyr.com/

Also try their PopUp Killer Test, it might surprise you.
http://www.kephyr.com/labs/index.phtml
 

Mike Labbe

Administrator
Forum Support Team
Forum Donor
Joined
Jun 25, 2002
Posts
18,242
From
Lincoln, RI
Business
Get The Picture
BEFSR41 was my personal favorite until these came out. I've installed more than 30 BEFSR41's for clients & friends, but more than half a dozen have dropped dead recently. Reflashing the bios sometimes fixes em, other times they're just dead.

I'm not sure why. I've been replacing em with WRT54g's.
 

Jay H

PFG, Picture Framing God
Joined
Dec 8, 2003
Posts
9,908
From
KY
Charles I would try this.

Run Ad-Aware
Reboot
Open IE
Run Ad-Aware again.

If you have have any new non-negligable items go to Ad-Awares forums. They will clean your computer up. Its free and I think they use it as R&D to stay on top of the latest bugs.

Here is the link to thier site.

http://www.lavasoftsupport.com/
 
Top