adware/spyware suggestion needed
 

My desktop seems to be infected with a serious case of adware/spyware. The homepage is taken over by a porn site, windows pop up constantly and the task menu shows many many programs running that don't belong. Even when I terminate those the popup activity continues and system resources virtually disappear. Can anyone recommend a freeware/shareware software to deal with this? I am gun shy because it seems like a lot of the ads popping up are for this kind of software so I am wondering that I might be installing something that makes the problem worse!

I am running Win98 but plan to install Win2K once this problem is resolved. Would an install take care of it or only transfer the problem to the new OS? I have 2 drives in the machine, one old one of 6gig with the OS on it and a new one of 40gig that has only the format with command.com on it (and possibly now an infection?).

As you can likely tell I am not very well informed on OS/viruses/adware/spyware and would appreciate some input on what to do and what products might be useful.

thanks

Your best and only option IMHO: reinstall windows.

I've seen loads of badly infected machines, and unless you are capable of manually editing the registry and loads of other places this stuff can hide you'll never get rid of it with a spyware scanner, as soon as it's removed it simply returns again.

thanks for the quick reply
 

Scott,

thanks for the quick response and blunt opinion. If I do a resinstall of Windows do you think it is safe to preserve on floppy some word and xls files from my hard drive or would that risk reinfection? Would it be possible to move the 40gig drive to master, install the OS there, and then make the 6gig the slave and take files off it over to the 40gig (or would that risk infecting the 40gig new OS install?).

thanks,

Word and Excel files will be just fine as long as your Macro settings are set to "safe" (the default setting).

In the past what I did was simply put the bootable CD in the drive and do a clean reinstall without deleting anything prior to the installation of the OS.

Spyware digs itself into the windows directory, the ini files, boot files like config.sys and autoexec and in the registry, replacing all of them is what happens when you do a reinstall.

Any Office document should be safe to move off the computer (either to another hard drive or floppy disk). You may also want to make sure you have any important e-mails, contacts, bookmarks, etc. saved elsewhere, too. If you only have those two hard drives, you should be able to access the data on your 6gb hard drive (connected as a slave) after you reformat your 40gb hard drive and install Windows 2000. No adware/spyware will be able to survive a formatting, so your 40gb drive will be safe.

As for adware/spyware programs, look into Ad-Aware and SpyBot to help remove any nasty programs currently on your Windows 98 machine.

I would also look into using a web browser other than Internet Explorer. Check out Mozilla for some fine alternatives (Firefox, in particular).

Try Spybot and Ad-aware. Both programs are free and don't contain spyware. You can get them at www.download.com

Just like an anti-virus program, these program require regular updates to stay current. The updates are free as well. I recommend updating and running the scans once a week.

AdAware and SpyBot are good advice...but I believe you are infected with a varient of CWS (Cool Web Site). This is a particularly nasty infection that does not respond to AdAware or SpyBot. Get CW Shredder here. Run it first, AdAware second, and SpyBot last. Reboot. You should now be clean. No need to reinstall Windows.

You do have virus protection...yes? If you keep your virus protection updated (set it to automatically run at, say, 3:00 AM each morning) and run either AdAware or SpyBot weekly, you should be good to go.

Good luck...feel free to PM me if you need additional help. In case you haven't guessed, I'm speaking from painful experience on this one! :(

As an addendum to the important note Flying_budweiser (and others) made. Once you load Spybot, Ad-Aware, and CWShredder ensure you have the most recent variants installed. Initially downloading the programs may not ensure the most recent updates are installed. After you download the updates, close the programs first then reopen them, before you run the full scan.

I also have had success with Spysweeper, which used to be free for thirty days.

Finally, my McAfee virus subscription has located spyware that the free programs missed. Ensure your virus definitions are up-to-date, and run a full scan after the other spyware preventatives.

Keep in mind that if you have a "good" set of spyware (like the more recent CW's) then running a removal application will probably only make things worse, as soon as they notice one part of their set has been removed they replicate into more. The "Cool web" spyware package is a REAL PITA :(

I have had good luck with Ad-Aware and I agree technically with ScottC but it will get the porn off your desktop and let you operate somewhat normally. A reload is always best and I dont recommend upgrading win98 to win2k. I always do a fresh install and I would also recommend XP over win2k. Although both are a huge improvement I think over Win98 as once 98 gets running slow you might as well hang it up and just reload as nothing really ever gets totally cleaned up on Win98.

How do you get infected? Do you have to open an executable file or will visiting the wrong website get you?

There are loads of ways spyware can get onto your machine nowadays, it could be part of another application, infected software, pushed through Javascript, pushed through Activex etc...

Often people think that those that got infected were visiting porn sites, but this is certainly NOT the case, the main reason spyware gets onto a machine is through an unpatched browser. It's extremely important to keep your browser up to date!

Nasty enough that Merijn Bellekom has reportedly had to drop the project.

I believe someone (or some entity) will take up the cause. However, I also fully agree with the article that things like CWShredder only treat the symptoms, not the disease. Catching the losers who do this would be the real victory.

I had exactly the same problem. I down loaded Ad-AwareSE first. Then I down loaded SpywareBlaster. They worked miracles for me. Both are free. Ad-Aware scans and gets rid of adware and spyware already on your computer. SpywareBlaster prevents it from coming back. (Most of it) I run SpywareBlaster every time I crank up the computer. Before I go on line. It only takes seconds, and continues while you are online. Spybot is OK but very limited. Hope this helps. While you are downloading be sure to turn off any popup blocker you may already have. when finished you can turn back on.

I'm going to agree with Scott and say that your best bet is reinstalling. There was a recent article in the Wahington Post about a tech who spent 8+ hours cleaning up an infected machine and never quite got it right. Unless you've got oodles of free time on your hands, reinstall and get yourself a good Firewall and A/V software before you ever connect to the internet. On average, it takes less than 30 mins for an unpatched machine sitting on the Internet to get infected.

I have Adware at work, and Spybot at home. I had no choice in the Adware at work--network administrator's idea. The IT people for my cable internet highly recommened Spybot, and CNET gives it good reviews. So far, Spybot has been a better experience for me than Adware. Spybot seems to work much faster than Adware, and doesn't tie up/slow down my computer as much when it's running, and it snags updates much faster than Adware as well.

Last time I had a machine with over 400+ reported instances of spyware it took me 4 hours of non-stop work to clean. The machine was too important to reformat so the owner insisted I just clean it... Major task :(

I had a bad spyware problem and gave up and reinstalled Windows. No problems after that. Its time consuming but at least its a fresh start.

One of the major changes I made was dumping Internet Explorer as my main browser and going with Mozilla's Firefox. All the nasty programs and bugs on the Web attack IE and so best not to use it and avoid the traps.

Sometimes the virus is residing in memory
 

I had a nasty bug last year, I think it came over and activex controll. Regardless, it kept poping up as a service, and wrecking havoc. I would stop the service and delelte the file but no avail. Everytime I rebooted it was back there.

once I figured out it was resident in the memory, very nasty, I turned back to an old standbye. Norton. Now, I never really use norton today, use AVG and Panda for AV mostly. Plus Ad Aware. I don't use Spybot S&D anymore, since the latest version loaded something on my system too, which I didn't like.

But, to get rid of the memory resident I had to do a reboot and boot to the Norton CD. It then was able to purge the memory resident bug and that cleared up all the problems.

If you have something in memory, which is loading at boot, then nothing is going to clean it once the system is up and running.

Kept me from having to reinstall, which would have been costly from a time perspective. Too many financial and corporate apps to reload and configure.

Man, I gotta get better with backups.

good luck

And
 

when you finally get rid of it (I spent MONTHS getting rid of it on the computer my son uses)--get rid of Internet Explorer and use Mozilla Firefox for your browser.

You guys are full of good news

Thanks for all the good advice

Spybot is excellent. So excellent in fact, it would be worth a handsome amount of money!

PestPatrol is also a very good program to combat spyware and adware.

I’ve flirted with a small sideline business helping people clean this stuff off their machines, I’ve raised my hourly rates and there’s no end in sight. I think I can make more $$ doing this than from my full time job, and no travel, either!

The detect and remove programs out there do quite a good job. And none of the better ones require you to manually edit the registry. But, you have to invest time initially to use and understand them (or pay someone to install and explain them to you), and then later you must keep them up to date and also run scans frequently (this you can do yourself).

The current thinking is to use a layered approach (firewall, AV, malware prevention, malware detection/removal) to prevent malware from getting in your PC. In the detection and removal layer, using just one detect and remove program is not sufficient, you need to use three or four to completely detect and clean everything. If you have any doubts about this, the stories abound, for example today’s USA Today is typical.

It sounds like your immediate need is to detect and remove. So, here’s my opinion on some of the preceding suggestions, and some others not yet mentioned:

SpyBot is not what it used to be a few months ago, the others have gained ground on it, but it’s still one of the better free ones out there.

AdAware (make sure you get the new AdAware SE Personal Edition, it's greatly improved above previous versions) is very, very good.

TDS-3, stands for Total Defense Suite 3, you download a 30 day trial copy from http://www.diamondcs.com.au/ - As with all the others, get the latest definition updates, TDS-3 calls them ‘radius files’. This is considered the gold standard in malware detection and removal. If you were a corporate IT department faced with cleaning up a huge number of your employees PCs, you'd pay a license fee and use this. It works just as well for one person as for a large corporation, so download it, update the definitions and run it first before you run anything else.

"Spy Sweeper" from www.webroot.com is also top of the line. Note that there is a similarly named trojan out there, SpySweeper, (no space in the name). FYI, there’s a whole class of false malware removers out there, sometimes called ‘Rogue Spyware Removers’ -- they claim to clean up this scumware, but they really introduce more without cleaning up anything -- “SpySweeper” is one of these, “Spy Sweeper” from WebRoot is not.

The preceeding two tools are *not* free, but you can download trial versions good for 30 days. In my opinion, there are the only two detect and remove apps worth paying for, and if you buy just one, get Spy Sweeper, it sells for $25-$30. Spy Sweeper also has some prevention features in it, for example, it will tell you when something maliciously is added to your browser’s favorites, or when a new program in setup to run the next time you boot your PC (a common way to insert and persist malware).

One more worth noting, ‘HijackThis.exe’ is a somewhat specialized tool, it’s free, but you need to interpret the logs it produces. This is one of the best ways to clean up CWS (CoolWebSearch) in all it’s variations (although CWS is the one malware that continually evades cleanup). The people who wrote HijackThis constantly tweak it to discover the latest twist on CWS.

The simplest advice, if you’re up to it, is to start with TDS-3, and run it until it comes up absolutely pristine, or you can explain what each and every exception is. Then do the same with AdAware, and then SpySweeper, and then SpyBot. This would be the long hours previous posters have mentioned.

One more I want to mention, SpywareBlaster. It’s purely prevention, no detection or removal whatsoever, but it’s great at what it does. And it doesn’t need to be running to work (It simply writes values to the registry that IE and Mozilla use to add additional protection when visiting certain malicious web sites known to cause problems). It’s free, get it and update it regularly. SpywareBlaster, and using a browser other than IE, such as Mozilla or FF, could easily prevent a large majority of the malware infections going on out there.

The simple solution is to NOT use IE ever again.

I made the switch to Firefox/Thunderbird and have not had anything (I still scan just in case).

I have a friend who got the nasty Hot Kiss Porn dialler that made about $100 worth of phone calls (drops the connection and calls a premium rate number). Installed Mozilla (they have Win 95!) and they're fine now too.

So to the OP:

Reformat
Reinstall Windows/Applicatoins
Install and use Firefox/Thunderbird

This is exactly the combination I use (along with Norton Internet Security Pro - and I also occasionally sweep with Ad Aware as well). I've been malware (and popup) free with this combination.

Pest Patrol, in my experience, comes up with a lot of false positives.

I agree with using Firefox or Mozilla over IE, but bear in mind that you don't have to use a browser to get a malware/scumware infection. You can simply connect an unprotected PC to a broadband connection, and within X minutes, you're infected. In some reports, X is as low as three minutes.

If you're only using one or two of these apps, I'd expect you have some things that are going undetected. Use three or four of the top ones and you'll be OK.

Is Norton still the resource hog it used to be? I dumped it for McAfee when my machine took forever to boot and ran noticeably slower.