Solved

Prevent spyware from installing in Windows 98

Posted on 2003-12-02
11
950 Views
Last Modified: 2010-04-11
Hello all,

I have a problem with one user on our network.  Her computer is contiually infested with spyware.  We are currently running Windows 98 on the machine that she is using.  I have booted Windows 98 in safe mode and have ran adaware and spybot repeatedly to remove spyware programs, but somehow they keep returning.   In the begininning of my quest to rid her computer of spyware, I unistalled several programs (I2PP, etc). Today those came back as well!  I removed them again using Adaware and Spybot and I uninstalled using Add/Remove programs. After doing this, I checked the installed programs and she does not have anything installed that uses spyware. In fact,all of the software installed on her computer is from "legitimate" software companies (Microsoft, Adobe, etc).  Am I missing something here?  Why does the spyware keep coming back?

Thanks,
knotty
0
Comment
Question by:knottydrd
  • 3
  • 2
  • 2
  • +4
11 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9861351
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9861356
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9861359
Also use a good firewall like zonealarm.. Donot use p2p programs like kazaa....

Sunray
0
 
LVL 10

Expert Comment

by:LRI41
ID: 9861384
Spyware Blaster

BootLIST 088  
Date: 5/23/2003 9:59:18 PM Pacific Daylight Time

Prevent Spyware From Being Installed Utility

     Mary Adams writes - I take good care of my Computer and don't
     install any garbage or junk. But when my two teenage sons visit
     for the weekend they always leave my Computer running slow and I
     get errors I never had before their visits.

     I then have to run Ad-Adware to get rid of all the Spy Software
     they seem to install even though they never admit to installing
     any Spy Software it's always there after they leave mucking up my
     Computer. Is there a way to prevent them from installing Spy
     Software in the first place?

     *** Try the utility below, free of course:

     http://www.javacoolsoftware.com/spywareblaster.html


*********************************************

SpywareGuard download, reviewed and rated at Spychecker.com - ...


http://www.spychecker.com/program/spywareguard.html


SpywareGuard 2.1
detect spyware programs

 
SpywareGuard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware is detected. If this is the case, it initially blocks access to the file and then allows the user to select an action. SpywareGuard provides a fast scanning engine, signature-based scanning, heuristic/generic scanning, a control panel, and an online-update utility for downloading of definition updates. It does not replace your anti-virus protection, but instead detects programs that may cause privacy concerns. The list of detected programs includes AdBreak, AdultLinks/LinkZZ, Brilliant Digital, CommonName, Cytron, FreeScratchAndWin, FriendGreetings, HighTraffic, HotBar, IEDisco, iGetNet, Lop.com, MoneyTree Dialer and others.

http://www.google.com/search?hl=en&ie=ISO-8859-1&q=SpywareGuard&btnG=Google+Search



0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 9861769
You could also make the user a member of the "users" group instead of "administrators" on the local computer.  Registry changes and installations will not be allowed.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 2

Expert Comment

by:joele23
ID: 9862777
When I went home over Thanksgiving my father had the same problem and I ran the normal spyware tools I use only this time a few things were undetected. Its very possible that new spywares are around that go undetected.Take a look a what is being started up. Goto start->run and type in msconfig.

Click under startup and look for anything suspicious. If something does look suspicious type the same name in at google and see what you can find. You maight have to go farther and look in the directories wheree the start up program is being run. I found 2 wierd things one was rydok or something like that that and antoher was in weird binary characters. After removing the exe's and deleting this from the start up the problem was gone.
0
 
LVL 97

Expert Comment

by:war1
ID: 9863267
knoddydrd,
   To prevent spyware from downloading into your computer, do not allow Install on Demand in the IE settings. With Internet Explorer open, go to Tools > Options > Advanced.   Uncheck the two Enable Intall on Demand options.

Like some virii, some spywares are difficult to get rid of.  You have to go directly into the registry and delete them.  HijackThis has developed a tool to semi-automatic this process.  Downlad HT from here

http://www.spywareinfo.com/downloads.php

Run the program and you will find many entries from the registries. Most are OK. Post the log. I will find the problem for you.
0
 

Expert Comment

by:elixxer
ID: 9875674
Possibly somewhere on the computer is a "self" exectuting file that reinstalls itself to the system.

I had a similar problem with a returning spy app. What I did too was run AdAware, SpyBot and Nortons AV Corp and removed the usual things but it didn't stop. If they don't find anything and it is still happening you need to get ZoneAlarm that sunray_2003 suggested. What it will do is allow you to approve an application or connection to the internet "before" it does it automatically.

After installing ZA I rebooted the computer. Immediately, after getting to the desktop, it started prompting me for approval of some applications that were trying to run. Most of which were the system starting that usually runs in the background. After about 3 minutes of this one particular app popped up for approval that I was not familiar with. If you don't recognize the app trying to run don't approve it to run and then do a search at google to find out what it is. If it is spyware do a system search of the computer(remember to include system and hidden files). It will give you the location where the problem is stored.

As long as ZA is running it will not allow any spyware to run unless you approve it.

0
 
LVL 24

Accepted Solution

by:
SunBow earned 250 total points
ID: 9876951
> Prevent spyware from installing in Windows 98

Then, Stay off the internet, and do not install anything.  I got spyware preloaded for me on a newly purchased machine (er, gee thanks).  THEY think we want it. Right. Think for me too.          :-(

> Her computer is contiually infested with spyware

Then, apparently, a single employee is consistently becoming more of a problem than any other employee. Take action. Inform of policy and act when policy is abused. (removal)

> Today those came back as well!

Since it is not clear whether or not it is the employee or PC that is the repeater, then switch out the PC with another one. Easy enough. If you haven't a spare (you should) then rebuild the machine from scratch, which will take less time than you current investment.

> and have ran adaware and spybot repeatedly

many people claim that you have to keep repeating and repeating before letting anyone use machine. Suggesting, that one adware may hide another until it is remved. THen you have to remove next layer etc

>  In fact,all of the software installed on her computer is from "legitimate" software companies

As I said above, some such companies think we want spyware (I do not mean adware) so they embed it. It is tough to root out, but once you find the culprit it can be done.  This happens more often, more visibly, with OEM software, including for OS, that preconfigures to make everything easier for you.  

> Am I missing something here?  Why does the spyware keep coming back?

My best guess - is that you let the employee reinstall it herself, first by leaving the browser with it's history links and favorites.  Remove them. Possibly.. the home page is redefined? For now I doubt it, for that is so obvious that you be stating the problem differently, such as using words like porn even.  Possibly, there's some personal choice made for skin or banner or background or screen save (etc etc), so I suggest the format/rebuild just to verify that the system was clean. Possibly another PC (with user who won't complain) keeps reinfecting, or there is something on a mapped drive you have not checked.

DO:
Be sure that all of the machines have all of the updates available from Microsoft, for they all (especially IE) have continual vulnerabilities that become known and exploited to do this.

Have employee spend a period off the network and watch
Also watch employee behavior. Does she like to get free music? Well, disable music. It may not be so free after all. Change IP address, install ZoneAlarm to watch packets better, remove all potential for snmp, icq, and anything relevant to a chat session. Consider swapping PCs among employees to better distinguish if it follows individual employee or individual PC.

Possibly .... you have another employee who is bent on snooping (rogue), who's been doing something you missed when you were not looking.

My best guess, is that you've just got an individual who likes to surf to find things for free, and gets similar things from 'friends' that just must be run to see what else is cute or free.  But you have to go through a good debug process to better identify what it is not. A good format/u command will do that.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 9884855
Status?

> Title: Prevent spyware from installing in Windows

Main prevention is .... upgrade IE to plug the hole(s) being exploited.
0
 
LVL 97

Expert Comment

by:war1
ID: 9901383
knoddydrd,
   We have not heard from you? Did any comment help you solve your problem? Do you have any more questions? If an Expert help you, please accept his/her answer with an excellent or good grade.

Thanks, war1
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now