Go Premium for a chance to win a PS4. Enter to Win


Prevent spyware from installing in Windows 98

Posted on 2003-12-02
Medium Priority
Last Modified: 2010-04-11
Hello all,

I have a problem with one user on our network.  Her computer is contiually infested with spyware.  We are currently running Windows 98 on the machine that she is using.  I have booted Windows 98 in safe mode and have ran adaware and spybot repeatedly to remove spyware programs, but somehow they keep returning.   In the begininning of my quest to rid her computer of spyware, I unistalled several programs (I2PP, etc). Today those came back as well!  I removed them again using Adaware and Spybot and I uninstalled using Add/Remove programs. After doing this, I checked the installed programs and she does not have anything installed that uses spyware. In fact,all of the software installed on her computer is from "legitimate" software companies (Microsoft, Adobe, etc).  Am I missing something here?  Why does the spyware keep coming back?

Question by:knottydrd
  • 3
  • 2
  • 2
  • +4
LVL 49

Expert Comment

ID: 9861356
LVL 49

Expert Comment

ID: 9861359
Also use a good firewall like zonealarm.. Donot use p2p programs like kazaa....

WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

LVL 10

Expert Comment

ID: 9861384
Spyware Blaster

BootLIST 088  
Date: 5/23/2003 9:59:18 PM Pacific Daylight Time

Prevent Spyware From Being Installed Utility

     Mary Adams writes - I take good care of my Computer and don't
     install any garbage or junk. But when my two teenage sons visit
     for the weekend they always leave my Computer running slow and I
     get errors I never had before their visits.

     I then have to run Ad-Adware to get rid of all the Spy Software
     they seem to install even though they never admit to installing
     any Spy Software it's always there after they leave mucking up my
     Computer. Is there a way to prevent them from installing Spy
     Software in the first place?

     *** Try the utility below, free of course:



SpywareGuard download, reviewed and rated at Spychecker.com - ...


SpywareGuard 2.1
detect spyware programs

SpywareGuard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware is detected. If this is the case, it initially blocks access to the file and then allows the user to select an action. SpywareGuard provides a fast scanning engine, signature-based scanning, heuristic/generic scanning, a control panel, and an online-update utility for downloading of definition updates. It does not replace your anti-virus protection, but instead detects programs that may cause privacy concerns. The list of detected programs includes AdBreak, AdultLinks/LinkZZ, Brilliant Digital, CommonName, Cytron, FreeScratchAndWin, FriendGreetings, HighTraffic, HotBar, IEDisco, iGetNet, Lop.com, MoneyTree Dialer and others.


LVL 43

Expert Comment

ID: 9861769
You could also make the user a member of the "users" group instead of "administrators" on the local computer.  Registry changes and installations will not be allowed.

Expert Comment

ID: 9862777
When I went home over Thanksgiving my father had the same problem and I ran the normal spyware tools I use only this time a few things were undetected. Its very possible that new spywares are around that go undetected.Take a look a what is being started up. Goto start->run and type in msconfig.

Click under startup and look for anything suspicious. If something does look suspicious type the same name in at google and see what you can find. You maight have to go farther and look in the directories wheree the start up program is being run. I found 2 wierd things one was rydok or something like that that and antoher was in weird binary characters. After removing the exe's and deleting this from the start up the problem was gone.
LVL 97

Expert Comment

ID: 9863267
   To prevent spyware from downloading into your computer, do not allow Install on Demand in the IE settings. With Internet Explorer open, go to Tools > Options > Advanced.   Uncheck the two Enable Intall on Demand options.

Like some virii, some spywares are difficult to get rid of.  You have to go directly into the registry and delete them.  HijackThis has developed a tool to semi-automatic this process.  Downlad HT from here


Run the program and you will find many entries from the registries. Most are OK. Post the log. I will find the problem for you.

Expert Comment

ID: 9875674
Possibly somewhere on the computer is a "self" exectuting file that reinstalls itself to the system.

I had a similar problem with a returning spy app. What I did too was run AdAware, SpyBot and Nortons AV Corp and removed the usual things but it didn't stop. If they don't find anything and it is still happening you need to get ZoneAlarm that sunray_2003 suggested. What it will do is allow you to approve an application or connection to the internet "before" it does it automatically.

After installing ZA I rebooted the computer. Immediately, after getting to the desktop, it started prompting me for approval of some applications that were trying to run. Most of which were the system starting that usually runs in the background. After about 3 minutes of this one particular app popped up for approval that I was not familiar with. If you don't recognize the app trying to run don't approve it to run and then do a search at google to find out what it is. If it is spyware do a system search of the computer(remember to include system and hidden files). It will give you the location where the problem is stored.

As long as ZA is running it will not allow any spyware to run unless you approve it.

LVL 24

Accepted Solution

SunBow earned 1000 total points
ID: 9876951
> Prevent spyware from installing in Windows 98

Then, Stay off the internet, and do not install anything.  I got spyware preloaded for me on a newly purchased machine (er, gee thanks).  THEY think we want it. Right. Think for me too.          :-(

> Her computer is contiually infested with spyware

Then, apparently, a single employee is consistently becoming more of a problem than any other employee. Take action. Inform of policy and act when policy is abused. (removal)

> Today those came back as well!

Since it is not clear whether or not it is the employee or PC that is the repeater, then switch out the PC with another one. Easy enough. If you haven't a spare (you should) then rebuild the machine from scratch, which will take less time than you current investment.

> and have ran adaware and spybot repeatedly

many people claim that you have to keep repeating and repeating before letting anyone use machine. Suggesting, that one adware may hide another until it is remved. THen you have to remove next layer etc

>  In fact,all of the software installed on her computer is from "legitimate" software companies

As I said above, some such companies think we want spyware (I do not mean adware) so they embed it. It is tough to root out, but once you find the culprit it can be done.  This happens more often, more visibly, with OEM software, including for OS, that preconfigures to make everything easier for you.  

> Am I missing something here?  Why does the spyware keep coming back?

My best guess - is that you let the employee reinstall it herself, first by leaving the browser with it's history links and favorites.  Remove them. Possibly.. the home page is redefined? For now I doubt it, for that is so obvious that you be stating the problem differently, such as using words like porn even.  Possibly, there's some personal choice made for skin or banner or background or screen save (etc etc), so I suggest the format/rebuild just to verify that the system was clean. Possibly another PC (with user who won't complain) keeps reinfecting, or there is something on a mapped drive you have not checked.

Be sure that all of the machines have all of the updates available from Microsoft, for they all (especially IE) have continual vulnerabilities that become known and exploited to do this.

Have employee spend a period off the network and watch
Also watch employee behavior. Does she like to get free music? Well, disable music. It may not be so free after all. Change IP address, install ZoneAlarm to watch packets better, remove all potential for snmp, icq, and anything relevant to a chat session. Consider swapping PCs among employees to better distinguish if it follows individual employee or individual PC.

Possibly .... you have another employee who is bent on snooping (rogue), who's been doing something you missed when you were not looking.

My best guess, is that you've just got an individual who likes to surf to find things for free, and gets similar things from 'friends' that just must be run to see what else is cute or free.  But you have to go through a good debug process to better identify what it is not. A good format/u command will do that.
LVL 24

Expert Comment

ID: 9884855

> Title: Prevent spyware from installing in Windows

Main prevention is .... upgrade IE to plug the hole(s) being exploited.
LVL 97

Expert Comment

ID: 9901383
   We have not heard from you? Did any comment help you solve your problem? Do you have any more questions? If an Expert help you, please accept his/her answer with an excellent or good grade.

Thanks, war1

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question