Prevent spyware from installing in Windows 98

Hello all,

I have a problem with one user on our network.  Her computer is contiually infested with spyware.  We are currently running Windows 98 on the machine that she is using.  I have booted Windows 98 in safe mode and have ran adaware and spybot repeatedly to remove spyware programs, but somehow they keep returning.   In the begininning of my quest to rid her computer of spyware, I unistalled several programs (I2PP, etc). Today those came back as well!  I removed them again using Adaware and Spybot and I uninstalled using Add/Remove programs. After doing this, I checked the installed programs and she does not have anything installed that uses spyware. In fact,all of the software installed on her computer is from "legitimate" software companies (Microsoft, Adobe, etc).  Am I missing something here?  Why does the spyware keep coming back?

Thanks,
knotty
knottydrdAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sunray_2003Commented:
0
sunray_2003Commented:
Also use a good firewall like zonealarm.. Donot use p2p programs like kazaa....

Sunray
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

LRI41Commented:
Spyware Blaster

BootLIST 088  
Date: 5/23/2003 9:59:18 PM Pacific Daylight Time

Prevent Spyware From Being Installed Utility

     Mary Adams writes - I take good care of my Computer and don't
     install any garbage or junk. But when my two teenage sons visit
     for the weekend they always leave my Computer running slow and I
     get errors I never had before their visits.

     I then have to run Ad-Adware to get rid of all the Spy Software
     they seem to install even though they never admit to installing
     any Spy Software it's always there after they leave mucking up my
     Computer. Is there a way to prevent them from installing Spy
     Software in the first place?

     *** Try the utility below, free of course:

     http://www.javacoolsoftware.com/spywareblaster.html


*********************************************

SpywareGuard download, reviewed and rated at Spychecker.com - ...


http://www.spychecker.com/program/spywareguard.html


SpywareGuard 2.1
detect spyware programs

 
SpywareGuard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware is detected. If this is the case, it initially blocks access to the file and then allows the user to select an action. SpywareGuard provides a fast scanning engine, signature-based scanning, heuristic/generic scanning, a control panel, and an online-update utility for downloading of definition updates. It does not replace your anti-virus protection, but instead detects programs that may cause privacy concerns. The list of detected programs includes AdBreak, AdultLinks/LinkZZ, Brilliant Digital, CommonName, Cytron, FreeScratchAndWin, FriendGreetings, HighTraffic, HotBar, IEDisco, iGetNet, Lop.com, MoneyTree Dialer and others.

http://www.google.com/search?hl=en&ie=ISO-8859-1&q=SpywareGuard&btnG=Google+Search



0
JFrederick29Commented:
You could also make the user a member of the "users" group instead of "administrators" on the local computer.  Registry changes and installations will not be allowed.
0
joele23Commented:
When I went home over Thanksgiving my father had the same problem and I ran the normal spyware tools I use only this time a few things were undetected. Its very possible that new spywares are around that go undetected.Take a look a what is being started up. Goto start->run and type in msconfig.

Click under startup and look for anything suspicious. If something does look suspicious type the same name in at google and see what you can find. You maight have to go farther and look in the directories wheree the start up program is being run. I found 2 wierd things one was rydok or something like that that and antoher was in weird binary characters. After removing the exe's and deleting this from the start up the problem was gone.
0
war1Commented:
knoddydrd,
   To prevent spyware from downloading into your computer, do not allow Install on Demand in the IE settings. With Internet Explorer open, go to Tools > Options > Advanced.   Uncheck the two Enable Intall on Demand options.

Like some virii, some spywares are difficult to get rid of.  You have to go directly into the registry and delete them.  HijackThis has developed a tool to semi-automatic this process.  Downlad HT from here

http://www.spywareinfo.com/downloads.php

Run the program and you will find many entries from the registries. Most are OK. Post the log. I will find the problem for you.
0
elixxerCommented:
Possibly somewhere on the computer is a "self" exectuting file that reinstalls itself to the system.

I had a similar problem with a returning spy app. What I did too was run AdAware, SpyBot and Nortons AV Corp and removed the usual things but it didn't stop. If they don't find anything and it is still happening you need to get ZoneAlarm that sunray_2003 suggested. What it will do is allow you to approve an application or connection to the internet "before" it does it automatically.

After installing ZA I rebooted the computer. Immediately, after getting to the desktop, it started prompting me for approval of some applications that were trying to run. Most of which were the system starting that usually runs in the background. After about 3 minutes of this one particular app popped up for approval that I was not familiar with. If you don't recognize the app trying to run don't approve it to run and then do a search at google to find out what it is. If it is spyware do a system search of the computer(remember to include system and hidden files). It will give you the location where the problem is stored.

As long as ZA is running it will not allow any spyware to run unless you approve it.

0
SunBowCommented:
> Prevent spyware from installing in Windows 98

Then, Stay off the internet, and do not install anything.  I got spyware preloaded for me on a newly purchased machine (er, gee thanks).  THEY think we want it. Right. Think for me too.          :-(

> Her computer is contiually infested with spyware

Then, apparently, a single employee is consistently becoming more of a problem than any other employee. Take action. Inform of policy and act when policy is abused. (removal)

> Today those came back as well!

Since it is not clear whether or not it is the employee or PC that is the repeater, then switch out the PC with another one. Easy enough. If you haven't a spare (you should) then rebuild the machine from scratch, which will take less time than you current investment.

> and have ran adaware and spybot repeatedly

many people claim that you have to keep repeating and repeating before letting anyone use machine. Suggesting, that one adware may hide another until it is remved. THen you have to remove next layer etc

>  In fact,all of the software installed on her computer is from "legitimate" software companies

As I said above, some such companies think we want spyware (I do not mean adware) so they embed it. It is tough to root out, but once you find the culprit it can be done.  This happens more often, more visibly, with OEM software, including for OS, that preconfigures to make everything easier for you.  

> Am I missing something here?  Why does the spyware keep coming back?

My best guess - is that you let the employee reinstall it herself, first by leaving the browser with it's history links and favorites.  Remove them. Possibly.. the home page is redefined? For now I doubt it, for that is so obvious that you be stating the problem differently, such as using words like porn even.  Possibly, there's some personal choice made for skin or banner or background or screen save (etc etc), so I suggest the format/rebuild just to verify that the system was clean. Possibly another PC (with user who won't complain) keeps reinfecting, or there is something on a mapped drive you have not checked.

DO:
Be sure that all of the machines have all of the updates available from Microsoft, for they all (especially IE) have continual vulnerabilities that become known and exploited to do this.

Have employee spend a period off the network and watch
Also watch employee behavior. Does she like to get free music? Well, disable music. It may not be so free after all. Change IP address, install ZoneAlarm to watch packets better, remove all potential for snmp, icq, and anything relevant to a chat session. Consider swapping PCs among employees to better distinguish if it follows individual employee or individual PC.

Possibly .... you have another employee who is bent on snooping (rogue), who's been doing something you missed when you were not looking.

My best guess, is that you've just got an individual who likes to surf to find things for free, and gets similar things from 'friends' that just must be run to see what else is cute or free.  But you have to go through a good debug process to better identify what it is not. A good format/u command will do that.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SunBowCommented:
Status?

> Title: Prevent spyware from installing in Windows

Main prevention is .... upgrade IE to plug the hole(s) being exploited.
0
war1Commented:
knoddydrd,
   We have not heard from you? Did any comment help you solve your problem? Do you have any more questions? If an Expert help you, please accept his/her answer with an excellent or good grade.

Thanks, war1
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.