Prevent spyware from installing in Windows 98
Hello all,
I have a problem with one user on our network. Her computer is contiually infested with spyware. We are currently running Windows 98 on the machine that she is using. I have booted Windows 98 in safe mode and have ran adaware and spybot repeatedly to remove spyware programs, but somehow they keep returning. In the begininning of my quest to rid her computer of spyware, I unistalled several programs (I2PP, etc). Today those came back as well! I removed them again using Adaware and Spybot and I uninstalled using Add/Remove programs. After doing this, I checked the installed programs and she does not have anything installed that uses spyware. In fact,all of the software installed on her computer is from "legitimate" software companies (Microsoft, Adobe, etc). Am I missing something here? Why does the spyware keep coming back?
Thanks,
knotty
I have a problem with one user on our network. Her computer is contiually infested with spyware. We are currently running Windows 98 on the machine that she is using. I have booted Windows 98 in safe mode and have ran adaware and spybot repeatedly to remove spyware programs, but somehow they keep returning. In the begininning of my quest to rid her computer of spyware, I unistalled several programs (I2PP, etc). Today those came back as well! I removed them again using Adaware and Spybot and I uninstalled using Add/Remove programs. After doing this, I checked the installed programs and she does not have anything installed that uses spyware. In fact,all of the software installed on her computer is from "legitimate" software companies (Microsoft, Adobe, etc). Am I missing something here? Why does the spyware keep coming back?
Thanks,
knotty
One of the main reasons why they come back are due to worm or advertisements.. use these pop-up blocker
Pop-up blocker:
---------------
http://home.rochester.rr.com/artcfox/Pop-Down/
http://www.panicware.com/product_psfree.html
http://zdnet.search.com/search?channel=56&cat=279tag=st.zd.sr.srch.zdnet&q=popup+killer
http://12ghosts.com/ghosts/popup.htm
http://www.webwasher.com/client/home/index.html?lang=de_EN
http://www.adsgone.com/download.asp
Google toolbar: toolbar.google.com
Sunray
Pop-up blocker:
---------------
http://home.rochester.rr.com/artcfox/Pop-Down/
http://www.panicware.com/product_psfree.html
http://zdnet.search.com/search?channel=56&cat=279tag=st.zd.sr.srch.zdnet&q=popup+killer
http://12ghosts.com/ghosts/popup.htm
http://www.webwasher.com/client/home/index.html?lang=de_EN
http://www.adsgone.com/download.asp
Google toolbar: toolbar.google.com
Sunray
Also use a good firewall like zonealarm.. Donot use p2p programs like kazaa....
Sunray
Sunray
Spyware Blaster
BootLIST 088
Date: 5/23/2003 9:59:18 PM Pacific Daylight Time
Prevent Spyware From Being Installed Utility
Mary Adams writes - I take good care of my Computer and don't
install any garbage or junk. But when my two teenage sons visit
for the weekend they always leave my Computer running slow and I
get errors I never had before their visits.
I then have to run Ad-Adware to get rid of all the Spy Software
they seem to install even though they never admit to installing
any Spy Software it's always there after they leave mucking up my
Computer. Is there a way to prevent them from installing Spy
Software in the first place?
*** Try the utility below, free of course:
http://www.javacoolsoftware.com/spywareblaster.html
**************************
SpywareGuard download, reviewed and rated at Spychecker.com - ...
http://www.spychecker.com/program/spywareguard.html
SpywareGuard 2.1
detect spyware programs
SpywareGuard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware is detected. If this is the case, it initially blocks access to the file and then allows the user to select an action. SpywareGuard provides a fast scanning engine, signature-based scanning, heuristic/generic scanning, a control panel, and an online-update utility for downloading of definition updates. It does not replace your anti-virus protection, but instead detects programs that may cause privacy concerns. The list of detected programs includes AdBreak, AdultLinks/LinkZZ, Brilliant Digital, CommonName, Cytron, FreeScratchAndWin, FriendGreetings, HighTraffic, HotBar, IEDisco, iGetNet, Lop.com, MoneyTree Dialer and others.
http://www.google.com/search?hl=en&ie=ISO-8859-1&q=SpywareGuard&btnG=Google+Search
BootLIST 088
Date: 5/23/2003 9:59:18 PM Pacific Daylight Time
Prevent Spyware From Being Installed Utility
Mary Adams writes - I take good care of my Computer and don't
install any garbage or junk. But when my two teenage sons visit
for the weekend they always leave my Computer running slow and I
get errors I never had before their visits.
I then have to run Ad-Adware to get rid of all the Spy Software
they seem to install even though they never admit to installing
any Spy Software it's always there after they leave mucking up my
Computer. Is there a way to prevent them from installing Spy
Software in the first place?
*** Try the utility below, free of course:
http://www.javacoolsoftware.com/spywareblaster.html
**************************
SpywareGuard download, reviewed and rated at Spychecker.com - ...
http://www.spychecker.com/program/spywareguard.html
SpywareGuard 2.1
detect spyware programs
SpywareGuard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware is detected. If this is the case, it initially blocks access to the file and then allows the user to select an action. SpywareGuard provides a fast scanning engine, signature-based scanning, heuristic/generic scanning, a control panel, and an online-update utility for downloading of definition updates. It does not replace your anti-virus protection, but instead detects programs that may cause privacy concerns. The list of detected programs includes AdBreak, AdultLinks/LinkZZ, Brilliant Digital, CommonName, Cytron, FreeScratchAndWin, FriendGreetings, HighTraffic, HotBar, IEDisco, iGetNet, Lop.com, MoneyTree Dialer and others.
http://www.google.com/search?hl=en&ie=ISO-8859-1&q=SpywareGuard&btnG=Google+Search
You could also make the user a member of the "users" group instead of "administrators" on the local computer. Registry changes and installations will not be allowed.
When I went home over Thanksgiving my father had the same problem and I ran the normal spyware tools I use only this time a few things were undetected. Its very possible that new spywares are around that go undetected.Take a look a what is being started up. Goto start->run and type in msconfig.
Click under startup and look for anything suspicious. If something does look suspicious type the same name in at google and see what you can find. You maight have to go farther and look in the directories wheree the start up program is being run. I found 2 wierd things one was rydok or something like that that and antoher was in weird binary characters. After removing the exe's and deleting this from the start up the problem was gone.
Click under startup and look for anything suspicious. If something does look suspicious type the same name in at google and see what you can find. You maight have to go farther and look in the directories wheree the start up program is being run. I found 2 wierd things one was rydok or something like that that and antoher was in weird binary characters. After removing the exe's and deleting this from the start up the problem was gone.
knoddydrd,
To prevent spyware from downloading into your computer, do not allow Install on Demand in the IE settings. With Internet Explorer open, go to Tools > Options > Advanced. Uncheck the two Enable Intall on Demand options.
Like some virii, some spywares are difficult to get rid of. You have to go directly into the registry and delete them. HijackThis has developed a tool to semi-automatic this process. Downlad HT from here
http://www.spywareinfo.com/downloads.php
Run the program and you will find many entries from the registries. Most are OK. Post the log. I will find the problem for you.
To prevent spyware from downloading into your computer, do not allow Install on Demand in the IE settings. With Internet Explorer open, go to Tools > Options > Advanced. Uncheck the two Enable Intall on Demand options.
Like some virii, some spywares are difficult to get rid of. You have to go directly into the registry and delete them. HijackThis has developed a tool to semi-automatic this process. Downlad HT from here
http://www.spywareinfo.com/downloads.php
Run the program and you will find many entries from the registries. Most are OK. Post the log. I will find the problem for you.
Possibly somewhere on the computer is a "self" exectuting file that reinstalls itself to the system.
I had a similar problem with a returning spy app. What I did too was run AdAware, SpyBot and Nortons AV Corp and removed the usual things but it didn't stop. If they don't find anything and it is still happening you need to get ZoneAlarm that sunray_2003 suggested. What it will do is allow you to approve an application or connection to the internet "before" it does it automatically.
After installing ZA I rebooted the computer. Immediately, after getting to the desktop, it started prompting me for approval of some applications that were trying to run. Most of which were the system starting that usually runs in the background. After about 3 minutes of this one particular app popped up for approval that I was not familiar with. If you don't recognize the app trying to run don't approve it to run and then do a search at google to find out what it is. If it is spyware do a system search of the computer(remember to include system and hidden files). It will give you the location where the problem is stored.
As long as ZA is running it will not allow any spyware to run unless you approve it.
I had a similar problem with a returning spy app. What I did too was run AdAware, SpyBot and Nortons AV Corp and removed the usual things but it didn't stop. If they don't find anything and it is still happening you need to get ZoneAlarm that sunray_2003 suggested. What it will do is allow you to approve an application or connection to the internet "before" it does it automatically.
After installing ZA I rebooted the computer. Immediately, after getting to the desktop, it started prompting me for approval of some applications that were trying to run. Most of which were the system starting that usually runs in the background. After about 3 minutes of this one particular app popped up for approval that I was not familiar with. If you don't recognize the app trying to run don't approve it to run and then do a search at google to find out what it is. If it is spyware do a system search of the computer(remember to include system and hidden files). It will give you the location where the problem is stored.
As long as ZA is running it will not allow any spyware to run unless you approve it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Status?
> Title: Prevent spyware from installing in Windows
Main prevention is .... upgrade IE to plug the hole(s) being exploited.
> Title: Prevent spyware from installing in Windows
Main prevention is .... upgrade IE to plug the hole(s) being exploited.
knoddydrd,
We have not heard from you? Did any comment help you solve your problem? Do you have any more questions? If an Expert help you, please accept his/her answer with an excellent or good grade.
Thanks, war1
We have not heard from you? Did any comment help you solve your problem? Do you have any more questions? If an Expert help you, please accept his/her answer with an excellent or good grade.
Thanks, war1
Spyware/Adware removal tools:
--------------------------
What is spyware : http://www.spychecker.com/spyware.html
SpyBot-S&D : http://www.webattack.com/download/dlspybot.shtml
Ad-aware : http://www.webattack.com/download/dladaware.shtml
Trojan Remover :http://www.simplysup.com/
HijackThis : http://www.webattack.com/download/dlhijackthis.shtml
KL-Detector :http://www.webattack.com/download/dlkldetector.shtml
X-Cleaner Free :http://www.webattack.com/download/dlxcleaner.shtml
SpywareBlaster :http://www.webattack.com/download/dlspywareblaster.shtml
SpywareGuard :http://www.webattack.com/download/dlspywareguard.shtml
SpySites :http://www.webattack.com/download/dlspysites.shtml
Keylogger Hunter :http://www.webattack.com/download/dlklhunter.shtml
Spycop: http://www.spycop.com/
BHODemon : http://www.spywareinfo.com/downloads/bhod/
Browser Hijack Blaster : http://www.wilderssecurity.net/bhblaster.html
Goodbye Spy http://www.topshareware.com/GoodBye-Spy-download-2012.htm
Other spyware removal instructions: http://www.pchell.com/support/click2findnow.shtml
online virus scanner:
---------------------
http://housecall.trendmicro.com/
http://security.symantec.com/
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://www.pcpitstop.com/antivirus/default.asp
DOS based : http://www.f-prot.com/download/download_fpdos.html
SUnray