NationStates Jolt Archive


Awful spyware

Chicken pi
19-11-2004, 13:06
I've got the worst piece of spyware ever on my computer. I keep on getting popups and when I'm on the internet I keep on getting redirected to advertising and porn sites.
When I scan for spyware I keep on finding new spyware on my computer even if I haven't used the internet at all since I last scanned. I've used two different anti-spyware programs, neither of which have solved the problem and Norton Antivirus can't find any viruses.

Bugger.
Torching Witches
19-11-2004, 13:21
Have you got a firewall?

Try ZoneAlarm - it might stop the spyware accessing the internet.

I'm no expert though so I can't suggest anything else
Chicken pi
19-11-2004, 13:27
Have you got a firewall?

Try ZoneAlarm - it might stop the spyware accessing the internet.

I'm no expert though so I can't suggest anything else

Yeah. I've got Norton Internet Security. I might increase the security level of it though. I've got it on the medium setting and it doesn't seem to stop much.
I never get computer viruses but I get a lot of mild spyware on my computer.
Fuhkers
19-11-2004, 13:35
use spybot search and destroy or ad aware to remove spyware.. then start to use firefox as a browser..
1337 h4x0r5
19-11-2004, 13:35
Seriously, AOL is the biggest piece of crap. That's your porblem, right there, if you're using it. Also, if your using 'real' programs, like Norton, I'd suggest getting something like Spybot: Search and Destroy, or AdAware, they're both very good at saving the day. Also, clear all of your internet cookies, even if it is a pain. That should fix your problem.
Ankh Morpock
19-11-2004, 13:40
I use Webroot spy sweeper and its really effective. You can download a free trial at www.webroot.com.
Korarchaeota
19-11-2004, 14:25
use spybot search and destroy or ad aware to remove spyware.. then start to use firefox as a browser..

i'll second that, but i'd recommend running *both* spybot s&d and adware. sometimes one picks up something the other does not...
Myrth
19-11-2004, 14:26
Seriously, AOL is the biggest piece of crap. That's your porblem, right there, if you're using it. Also, if your using 'real' programs, like Norton, I'd suggest getting something like Spybot: Search and Destroy, or AdAware, they're both very good at saving the day. Also, clear all of your internet cookies, even if it is a pain. That should fix your problem.

I can see it's not AOL.
Firstly, you want to click Start, then Run, and type in msconfig. Click the Startup tab and untick anything that looks spurious. Then, hit ctrl+alt+delete and terminate any applications that aren't marked SYSTEM or Local or Network Service. Apart from your browser window, obviously.
Now when you run Ad-Aware (http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10319876.html?tag=lst-0-2) you should catch it all and stop it reinstalling itself elsewhere. Run it twice just to be sure it catches it all. Restart your computer, scan again to check it hasn't reinitialised itself and go here (http://www.mozilla.org/products/firefox/) to rid yourself of the horrors if Internet Exploder.
Chicken pi
19-11-2004, 14:37
I use spybot search and destroy and spyware doctor. I find they both find spyware that the other doesn't. I also make a point of clearing my internet cookies, because it's a real pain to tick all of the tracking cookies in Spyware Doctor and delete them.
My ISP is BTinternet, not AOL. AOL is an ISP, right?

Thanks for the tip Myrth, I'll try that.
Jello Biafra
19-11-2004, 14:39
Have you been regularly updating your spyware programs?
Chicken pi
19-11-2004, 14:41
Have you been regularly updating your spyware programs?

Just did it half an hour ago.

EDIT: Haven't updated Norton, though. I've been meaning to get round to that.
Utopio
19-11-2004, 14:43
My ISP is BTinternet, not AOL. AOL is an ISP, right?
Yeah, but it's also a gastly browser on it's own. Follow Myrth's advice and get Firefox. Faster, safer, better.
Chicken pi
19-11-2004, 14:46
Errrr... I tried what Myrth suggested and I can't see anything really spurious looking. There are a few files which I don't recognise - rncr, zhotkey, nwiz, nvcpl, sndmon, etc. Do these ring any bells with anyone?

Argh! Looked on tasklist.org and some types of spyware have names like norton.
Utopio
19-11-2004, 14:53
Errrr... I tried what Myrth suggested and I can't see anything really spurious looking. There are a few files which I don't recognise - IAMAPP, rncr, zhotkey, shwicon2k, nwiz, nvcpl, jusched, sndmon, navapw32, etc. Do these ring any bells with anyone?

'zhotkey' sounds especially dodgy. If in doubt, Google the name. There's a load of sites dedicated to tell you whats nasty stuff and what's essential for your comp.

Try Tasklist (http://www.tasklist.org)

EDIT: actually zhotkey isn't too dodgy, according to Tasklist. Makes my point that you should check before you delete anything.
Chicken pi
19-11-2004, 15:02
EDIT: actually zhotkey isn't too dodgy, according to Tasklist. Makes my point that you should check before you delete anything.

Yeah, I've got a hotkey keyboard,so I can do things like cut and paste with one key.
UpwardThrust
19-11-2004, 15:03
I can see it's not AOL.
Firstly, you want to click Start, then Run, and type in msconfig. Click the Startup tab and untick anything that looks spurious. Then, hit ctrl+alt+delete and terminate any applications that aren't marked SYSTEM or Local or Network Service. Apart from your browser window, obviously.
Now when you run Ad-Aware (http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10319876.html?tag=lst-0-2) you should catch it all and stop it reinstalling itself elsewhere. Run it twice just to be sure it catches it all. Restart your computer, scan again to check it hasn't reinitialised itself and go here (http://www.mozilla.org/products/firefox/) to rid yourself of the horrors if Internet Exploder.
We do this same procedure here (head of the residential hall network)

Myrth is correct though I would like to add spybot s&d scan (we have found out that a combination scan of spybot and ad-aware is the most effective)

Also recommend running the scans in safe mode (sometimes the programs don’t do process termination and if you don’t guess right in the task manager) So rather then shutting off all non system processes I would just start it in safe mode (by pressing f8 on boot and selecting safe mode or safe mode with networking)

And running your scans there

Like he/she said also make sure you do msconfig and don’t have anything start that you do not recognize

Oh and if it REALLY is not working after that try a program called hijackthis … (google it) sometimes it catches some tough ones like DSO exploit and such that even the other two don’t catch
Jindrak
19-11-2004, 15:12
Just go to downloads.com, assuming you can still access the internet with that spyware, they have millions of spyware eliminating things.

But I think I know what piece of spyware it is, I've had it. I believe it's called AdRoar, it hijacks your browser.
UpwardThrust
19-11-2004, 15:21
Just go to downloads.com, assuming you can still access the internet with that spyware, they have millions of spyware eliminating things.

But I think I know what piece of spyware it is, I've had it. I believe it's called AdRoar, it hijacks your browser.
A long with hundreds of other kinds ;)

but I will try to find the article but pcmag had a comparison of freeware and paid spyware removal tools

Go freeware ... specificaly ad-aware and spybot ... two most powerfull tools on the web right now
Ventelation Systems
19-11-2004, 15:23
if you are running Windows XP delete your System Restore Points as I had the same syptoms as i did where My virus checker can't find them as they are in the system volume information folder and programs or users cannot access the information so you have to disable restore shut down reboot enable it again then run spyware programs again eg. adaware, and Norton Anti-Virus hope this helps.
UpwardThrust
19-11-2004, 15:25
if you are running Windows XP delete your System Restore Points as I had the same syptoms as i did where My virus checker can't find them as they are in the system volume information folder and programs or users cannot access the information so you have to disable restore shut down reboot enable it again then run spyware programs again eg. adaware, and Norton Anti-Virus hope this helps.
Very true … but this condition is more indicative of viral activity then spyware

Also may want to note that this is recomended for anything win ME or newer (so me 2k xp 2003)
Neo-Tommunism
19-11-2004, 15:41
Hijack This is a very powerful tool, and will fix most internet browser problems. Just be very careful with it, as it can be damaging to your computer's health. Not everything in it's scan is bad, so double check, or back up before you delete them. Just a warning for anyone who uses it.
Chicken pi
19-11-2004, 16:51
I ran a couple of anti spyware programs and a virus scan in safe mode. Hopefully that will have sorted out the problem. If it hasn't worked, I'll use HijackThis.

Didn't work. I tried AdAware as well, which found a lot of spyware but didn't sort out the problem.
Chicken pi
19-11-2004, 20:11
I used HijackThis and I think I found my problem. I checked the description of a suspicious looking file, which said that it was a plugin. They're normally used for applications like Quicktime, but if they are used in spyware they can keep on reinstalling stuff, which was my main problem. I made sure that it was spyware and deleted it. So, now I shouldn't have loads of spyware reappearing on my computer.

Thanks for the help, everyone!
Keruvalia
19-11-2004, 20:13
Try Linux.
The Sacred Toaster
19-11-2004, 20:41
If you're running on a newish pc maybe system restore will help. I had the same problem with my old pc, had to reformat it :( but i did get my new pc which is great for running halflife 2 :D
Chicken pi
19-11-2004, 21:23
If you're running on a newish pc maybe system restore will help. I had the same problem with my old pc, had to reformat it :( but i did get my new pc which is great for running halflife 2 :D

Nah, I've pretty much solved the problem now. I'm still getting a few popups now and then but it's nothing like as bad as what it was.
Chicken pi
23-11-2004, 12:07
I've completely solved the problem now, but I thought I'd post some tips.
I found that if my computer was in safe mode then I found more dodgy stuff when I did the "msconfig" thing, but I may be wrong about that.
Also, I found that a combination of spybot s&d and spyware doctor seems to be the best. Ad-aware doesn't seem to find a lot if you've run the other two and it's quite slow.
Personally, I'm going to change my virus protection software. I'm beginning to doubt Norton Antivirus's ability to actually find viruses and it scans really slowly, too.