Solved

Prevent spyware from installing in Windows 98

Posted on 2003-12-02
11
953 Views
Last Modified: 2010-04-11
Hello all,

I have a problem with one user on our network.  Her computer is contiually infested with spyware.  We are currently running Windows 98 on the machine that she is using.  I have booted Windows 98 in safe mode and have ran adaware and spybot repeatedly to remove spyware programs, but somehow they keep returning.   In the begininning of my quest to rid her computer of spyware, I unistalled several programs (I2PP, etc). Today those came back as well!  I removed them again using Adaware and Spybot and I uninstalled using Add/Remove programs. After doing this, I checked the installed programs and she does not have anything installed that uses spyware. In fact,all of the software installed on her computer is from "legitimate" software companies (Microsoft, Adobe, etc).  Am I missing something here?  Why does the spyware keep coming back?

Thanks,
knotty
0
Comment
Question by:knottydrd
  • 3
  • 2
  • 2
  • +4
11 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9861351
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9861356
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9861359
Also use a good firewall like zonealarm.. Donot use p2p programs like kazaa....

Sunray
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 10

Expert Comment

by:LRI41
ID: 9861384
Spyware Blaster

BootLIST 088  
Date: 5/23/2003 9:59:18 PM Pacific Daylight Time

Prevent Spyware From Being Installed Utility

     Mary Adams writes - I take good care of my Computer and don't
     install any garbage or junk. But when my two teenage sons visit
     for the weekend they always leave my Computer running slow and I
     get errors I never had before their visits.

     I then have to run Ad-Adware to get rid of all the Spy Software
     they seem to install even though they never admit to installing
     any Spy Software it's always there after they leave mucking up my
     Computer. Is there a way to prevent them from installing Spy
     Software in the first place?

     *** Try the utility below, free of course:

     http://www.javacoolsoftware.com/spywareblaster.html


*********************************************

SpywareGuard download, reviewed and rated at Spychecker.com - ...


http://www.spychecker.com/program/spywareguard.html


SpywareGuard 2.1
detect spyware programs

 
SpywareGuard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware is detected. If this is the case, it initially blocks access to the file and then allows the user to select an action. SpywareGuard provides a fast scanning engine, signature-based scanning, heuristic/generic scanning, a control panel, and an online-update utility for downloading of definition updates. It does not replace your anti-virus protection, but instead detects programs that may cause privacy concerns. The list of detected programs includes AdBreak, AdultLinks/LinkZZ, Brilliant Digital, CommonName, Cytron, FreeScratchAndWin, FriendGreetings, HighTraffic, HotBar, IEDisco, iGetNet, Lop.com, MoneyTree Dialer and others.

http://www.google.com/search?hl=en&ie=ISO-8859-1&q=SpywareGuard&btnG=Google+Search



0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 9861769
You could also make the user a member of the "users" group instead of "administrators" on the local computer.  Registry changes and installations will not be allowed.
0
 
LVL 2

Expert Comment

by:joele23
ID: 9862777
When I went home over Thanksgiving my father had the same problem and I ran the normal spyware tools I use only this time a few things were undetected. Its very possible that new spywares are around that go undetected.Take a look a what is being started up. Goto start->run and type in msconfig.

Click under startup and look for anything suspicious. If something does look suspicious type the same name in at google and see what you can find. You maight have to go farther and look in the directories wheree the start up program is being run. I found 2 wierd things one was rydok or something like that that and antoher was in weird binary characters. After removing the exe's and deleting this from the start up the problem was gone.
0
 
LVL 97

Expert Comment

by:war1
ID: 9863267
knoddydrd,
   To prevent spyware from downloading into your computer, do not allow Install on Demand in the IE settings. With Internet Explorer open, go to Tools > Options > Advanced.   Uncheck the two Enable Intall on Demand options.

Like some virii, some spywares are difficult to get rid of.  You have to go directly into the registry and delete them.  HijackThis has developed a tool to semi-automatic this process.  Downlad HT from here

http://www.spywareinfo.com/downloads.php

Run the program and you will find many entries from the registries. Most are OK. Post the log. I will find the problem for you.
0
 

Expert Comment

by:elixxer
ID: 9875674
Possibly somewhere on the computer is a "self" exectuting file that reinstalls itself to the system.

I had a similar problem with a returning spy app. What I did too was run AdAware, SpyBot and Nortons AV Corp and removed the usual things but it didn't stop. If they don't find anything and it is still happening you need to get ZoneAlarm that sunray_2003 suggested. What it will do is allow you to approve an application or connection to the internet "before" it does it automatically.

After installing ZA I rebooted the computer. Immediately, after getting to the desktop, it started prompting me for approval of some applications that were trying to run. Most of which were the system starting that usually runs in the background. After about 3 minutes of this one particular app popped up for approval that I was not familiar with. If you don't recognize the app trying to run don't approve it to run and then do a search at google to find out what it is. If it is spyware do a system search of the computer(remember to include system and hidden files). It will give you the location where the problem is stored.

As long as ZA is running it will not allow any spyware to run unless you approve it.

0
 
LVL 24

Accepted Solution

by:
SunBow earned 250 total points
ID: 9876951
> Prevent spyware from installing in Windows 98

Then, Stay off the internet, and do not install anything.  I got spyware preloaded for me on a newly purchased machine (er, gee thanks).  THEY think we want it. Right. Think for me too.          :-(

> Her computer is contiually infested with spyware

Then, apparently, a single employee is consistently becoming more of a problem than any other employee. Take action. Inform of policy and act when policy is abused. (removal)

> Today those came back as well!

Since it is not clear whether or not it is the employee or PC that is the repeater, then switch out the PC with another one. Easy enough. If you haven't a spare (you should) then rebuild the machine from scratch, which will take less time than you current investment.

> and have ran adaware and spybot repeatedly

many people claim that you have to keep repeating and repeating before letting anyone use machine. Suggesting, that one adware may hide another until it is remved. THen you have to remove next layer etc

>  In fact,all of the software installed on her computer is from "legitimate" software companies

As I said above, some such companies think we want spyware (I do not mean adware) so they embed it. It is tough to root out, but once you find the culprit it can be done.  This happens more often, more visibly, with OEM software, including for OS, that preconfigures to make everything easier for you.  

> Am I missing something here?  Why does the spyware keep coming back?

My best guess - is that you let the employee reinstall it herself, first by leaving the browser with it's history links and favorites.  Remove them. Possibly.. the home page is redefined? For now I doubt it, for that is so obvious that you be stating the problem differently, such as using words like porn even.  Possibly, there's some personal choice made for skin or banner or background or screen save (etc etc), so I suggest the format/rebuild just to verify that the system was clean. Possibly another PC (with user who won't complain) keeps reinfecting, or there is something on a mapped drive you have not checked.

DO:
Be sure that all of the machines have all of the updates available from Microsoft, for they all (especially IE) have continual vulnerabilities that become known and exploited to do this.

Have employee spend a period off the network and watch
Also watch employee behavior. Does she like to get free music? Well, disable music. It may not be so free after all. Change IP address, install ZoneAlarm to watch packets better, remove all potential for snmp, icq, and anything relevant to a chat session. Consider swapping PCs among employees to better distinguish if it follows individual employee or individual PC.

Possibly .... you have another employee who is bent on snooping (rogue), who's been doing something you missed when you were not looking.

My best guess, is that you've just got an individual who likes to surf to find things for free, and gets similar things from 'friends' that just must be run to see what else is cute or free.  But you have to go through a good debug process to better identify what it is not. A good format/u command will do that.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 9884855
Status?

> Title: Prevent spyware from installing in Windows

Main prevention is .... upgrade IE to plug the hole(s) being exploited.
0
 
LVL 97

Expert Comment

by:war1
ID: 9901383
knoddydrd,
   We have not heard from you? Did any comment help you solve your problem? Do you have any more questions? If an Expert help you, please accept his/her answer with an excellent or good grade.

Thanks, war1
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With healthcare moving into the digital age with things like Healthcare.gov, the digitization of patient records and video conferencing with patients, data has a much greater chance of being exposed than ever before.
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question