• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 533
  • Last Modified:

Need help preventing spyware

OK I have this client who's goal in life is to marry a gal from a foreign country.  With that said the websites and mail he gets, needless to say, is troublesome at best.

My question is:  what am I doing wrong or what more can I do to protect his machine?  I have Win Def installed and Spybot and Adaware.

About the time I get him clean, here comes another problem.  Like today I went over and he had the soap.exe.

Any thoughts and help will be rewarded.

Understand I will divide points.  BTW I have told him to stop!
0
Stardotstar
Asked:
Stardotstar
  • 17
  • 13
  • 3
  • +9
9 Solutions
 
Irwin SantosComputer Integration SpecialistCommented:
Download and install this
http://www.majorgeeks.com/HijackThis_d3155.html

Then copy the log and paste it in the analyzer
http://www.hijackthis.de/

Analyze the file and POST THE LINK here so that we can take a look at it..

In the mean time, there are several things to apply:

Go to MSCONFIG, START-RUN-type MSCONFIG <enter> then located any programs you recognize that you can turn off. Note your changes as you may need to re-enter them.  Restart your machine
---------------
Download Ewido, http://www.ewido.net/en/download/, install, open program, check for updates, restart computer, press F8 before windows logo appears, select safe mode, open Ewido, run full system scan. let Ewido delete all it finds, if anything is called serious by Ewido, disable Norton's Goback, and run Ewido again.
---------------
chkdsk /r
--------------
Windowsupdate everything except .NET items
0
 
StardotstarAuthor Commented:
Thanks, I have done that when a problem arises.  I'm looking for what I am doing, if anything, to prevent.

I've told him as long as he gets the mail and goes to the sites he does, he will always be vulnerable.  Am I wrong?
0
 
r-kCommented:
"Am I wrong?"

No, you are not wrong. The biggest threat to PC's these days is not external hackers, or even Microsoft, but the users themselves who will click on anything in sight. You might want to give him my top-ten list for safe computing, but seems like good luck will be a big factor as well:

(1) Backup all important files on a regular basis.

(2) Keep Windows updated with automatic updates from Microsoft.

(3) Enable the Windows Firewall that is included with XP (or install some other Firewall if using older versions of Windows).

(4) Treat all attachments, and all links within email with great suspicion. Do not click on them unless 110% sure.

(5) Do not click on web pop-ups. For suspicious pop-ups, use ALT-F4 to close the topmost window.

(6) Don't install unknown games, music-sharing programs etc.

(7) Get and install the free MS "Windows Defender" program from: http://www.microsoft.com/athome/security/spyware/software/default.mspx 

(8) Use any anti-virus program, and keep it updated.

(9) Be aware of what is "normal". Unusual disk or network activity, too many pop-ups, sluggish CPU, may all be signs of a virus or other malware.

(10) Backup all important files (worth saying twice).

Looks like items (1) (4) and (5) are what he needs the most!

0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
rpggamergirlCommented:
I agree with letting us look at his hijackthis log.

You can also check out Tony Klein's article: (actually use this link in my sig at the other forum)
How did I get infected in the first place?
http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I
0
 
StardotstarAuthor Commented:
Thanks, this is a middle aGED SINGLE DOCTOR.   As I stated he is "looking for love in all the wrong places".

Updates done/on
Antivirus, yes
Defender yes
Spybot Immunize

0
 
StardotstarAuthor Commented:
I dont have the current hijack log.  
0
 
r-kCommented:
Maybe you can make a mirror image of the hard drive, and just reformat and restore every time something bad happens. As a further precaution, you can add a second drive where you can copy important folders on a daily basis via a scheduled script.
0
 
Irwin SantosComputer Integration SpecialistCommented:
run hijack this again.. analyze and post your analyzed link here
0
 
adam_pedleyCommented:
Just a few extra suggestions

- Install IE 7 (i know its in beta 2 but the security is enhanced)
- AntiVirus (i use grisoft, its free and comes with an email scanner)
- In internet explorer set up a list of trusted sites and set the default security zone to restricted
- Also turn off any prompts such as do you wish to enable a plugin for this site (set to automatically deny)

Or just unplug their computer :)
0
 
soundguymikeCommented:
The best defense i found so far is to start with a hosts file.
Then in spybot imunize the system and block all bad pages.
Install a antivirus i recomend avg its biggest advantage is that is it free and you therefore dont have to rely on him to update a license
Next is to use firefox or change the settings in Internet explorer to block third party cookies and limit the use of java and activex scripting
that should take care of the webpages

for his email make sure he has an antivirus scanning all the emails (avg will do this) and tell him not to open anything in an email that he does not know the sender.

The third area is to clean his computer regularly mabey schedual spybot and ewido and antivurs to scan each night

The fourth area is to back up his computer frequently so that when it is badly infected he can just format and reinstall

Best of luck
Michael
0
 
StardotstarAuthor Commented:
Thanks all!  Remeber I am looking for preventative steps or to verify that I am doing all I can, not resolve a current problem.

As I have stated before, I know what his problem is but until he "selects" his bride, he will always be clicking and going places most of us would not!
0
 
javajwsCommented:
I like Ewido:
http://www.ewido.net/en/download/

The free version seems to work well for me.
0
 
Irwin SantosComputer Integration SpecialistCommented:
Here's an out of the box solution...

"TAKE THE COMPUTER AWAY!!!"

He can purchase a round trip ticket to Thailand ($750 includes hotel room and board for 5 days and plane ticket) and go buy his wife for $2500 (dowery to the family).  For $40 US dollars he can test his potential wife out for the evening. All it takes is $$ and about 1 year to import her from Thailand.  Once here, she has to be good for a period of 3 years.  They can divorce after that if he doesn't like the relationship.
0
 
StardotstarAuthor Commented:
Russia
0
 
tim_quiCommented:
irwinpks,

I've said this before, you're a riot...lol
0
 
fostejoCommented:
Stardotstar,

I presume he's doing his normal day-to-day stuff as a local administrator of the computer..?   While it may introduce 'other usability issues' (especially if he's used to being a local admin already), it may be worth while trying to get him to run as a non-administrative user, using 'Run As..' functionality if he really needs admin access to do a particular task...  If his normal account hasn't got the rights to install software, then any I.E. drive-by installs of malware won't be possible also...

cheers,

ps. irwinpks:   "..For $40 US dollars he can test his potential wife out for the evening.." - That'd get you a whole weekend where I'm from!!  ;)
0
 
Irwin SantosComputer Integration SpecialistCommented:
@tim_qui... ;-)

@*.*  ..... I'm sure in Russia the same will apply, except instead of $$, use food.
0
 
Irwin SantosComputer Integration SpecialistCommented:
@fostejo.."That'd get you a whole weekend where I'm from!!"

hey man....where you from.. do the babes look good...if so, I'm there! :D
0
 
StardotstarAuthor Commented:
Fostejo,

So if I understand you, simply shanging his rights and no more spyware?
0
 
fostejoCommented:
Stardotstar,

Basically, yes.

At 'home', everyone generally runs as a 'Computer Administrator' and quite a lot of companies still allow their users to do the same - while this makes your (and the IT depts.) life easier in one respect - ie. the users just get on with downloading and installing what they like! - the downside is that 'anything' else can do the same also - in this case malware of one form or another, either via IE or a virus from a floppy/email etc.

One the user is not longer a 'Computer Administrator', the chances of a piece of malware initially installing itself or causing any damage to the machine are greatly reduced (even in the case of an emailed virus that your A/V product doesn't manage to detect)

cheers,

[  @irwinpks:  well obviously they don't!! - otherwise I wouldn't be here typing, would I?!!?   ;P  ]



0
 
ashburyCommented:

Remove him from the Administrator group, and add him to Users group or Guest Group with least privilages

I think that application requires Admin previlages to install and If u deny him Admin previlages it will be nice.
0
 
SStoryCommented:
I agree with fostejo....not running as an admin helps a lot.
There is also a program called "DropMyRights" which drops rights of a browser when it is ran--to a very limited account.  This would help some...if he insists on running as an admin.
0
 
soundguymikeCommented:
Here is an off the wall idea
  Buy a second computer! (I figure a single doctor can afford one) one for bride hunting with one email address (Preferably webmail) You could also set this computer up using a live cd so that when there are problems  he can just restart .
 and a second computer for anything that is important with a seperate email address for it. this would contain anything he doesnt want the whole world konwing.
0
 
Irwin SantosComputer Integration SpecialistCommented:
soundguymike has a good idea... but let me add to that.  Get the pimpin' Russian babe computer up and running.  When you have everything all in place, Ghost or dupe the hardrive.  If ever it gets poisoned, then you can restore painlessly.
0
 
StardotstarAuthor Commented:
It's not that simple, its the sites he is using to find that single Russian Babe!

I just went and got it.
0
 
StardotstarAuthor Commented:
and I forgot, this is all he uses it for.
0
 
Irwin SantosComputer Integration SpecialistCommented:
There are times that you can't stop a druggie from an addiction, and this is a case of that.  If he wants to play with fire, be expected to be burned, it's part of the deal.  Just tell you client this.  Offer the best protection you can give.  If any future instances occur, charge him for the fix.  Make $$$ on his aggravation.
0
 
StardotstarAuthor Commented:
Thanks and believe me I am.  He is an OBYGN and I have told him as long as he does this, he will keep paying me.  What bothers me though is why is Win Defeneder not catching?

0
 
Irwin SantosComputer Integration SpecialistCommented:
OBYGN????

You mean he needs to tap into Russia to see pu-na-ni? What's up with that? He doesn't get enough at the office?

As for Windows Defender, and all the other spy-this & mal-that software catchers...there is no-one particular brand that I know that is impervious to threats.
0
 
soundguymikeCommented:
win defender cant catch everything because it takes time between when a spyware bug is made and the definition of it is updated to where it can be found.
If this is all he uses this computer for is to search for russian girls then what he needs to do is to start using a linux live cd there is a list of them here http://www.frozentech.com/content/livecd.php  i would suggest for what he is doing anonym OS this type of system is impervious to all virus attacks since the system is booted off of a cd It os will be loaded into memory when booted and therefore anytime you shutdown everything is erased.

P.S. the other great thing about this is that there is no risk just burn a cd stick it in the computer and boot. it writes nothing to the computers hard drive so if you dont like it just take it out the computer and reboot and your back to your old OS
0
 
StardotstarAuthor Commented:
OK back to spyware, this is interesting.  signed on in safe mode only.  Yet when I restart it is shoes shutting down network.

0
 
StardotstarAuthor Commented:
Is the MSCONFIG the same for all users?
0
 
tim_quiCommented:
Where's the HJT log?

remember the 1980's commercials jargon, where's the beef?
0
 
StardotstarAuthor Commented:
Screewed now!!!!!!!!!!!  Ran eiwido and Fix Vundo and now at startup, hal.dll and other files are missing or corrupted!

0
 
rpggamergirlCommented:
>>Screewed now!!!!!!!!!!!  Ran eiwido and Fix Vundo and now at startup, hal.dll and other files are missing or corrupted!<<

Did you use Atribune's VundoFix to fix vundo? vundo files runs before user logon and it's important to use the proper tool.
It might not even vundo files that was screwing it up, could be something else, Ewido can also delete legit files but it keeps a backup at least.

That's why we always like to look at your HJT log.
I've read reports when McAfee used to mess up systems because it removes infected wininet.dll without replacing it.(smitfraud infection cases)

That's when hijackthis would excel as a diagnostic tool, it can tell us what particular infection you have in your system and we can then suggest the right to to use.

Now you have an even bigger problem.
0
 
rpggamergirlCommented:
Edit:
That's when hijackthis would excel as a diagnostic tool, it can tell us what particular infection you have in your system and we can then suggest the right tool to use.
0
 
r-kCommented:
Your best bet might be to create a mirror from which you can restore a clean system every time it gets really unusable.

Good idea to post the HJT log, though harder now that you can't boot.

A reinstall of Windows probably in order (http://www.michaelstevenstech.com/XPrepairinstall.htm)

rpggamergirl: I think it made sense the way it was :)
0
 
Irwin SantosComputer Integration SpecialistCommented:
Hey Stardotstar...thanks for the grade.. but what really worked?
0
 
StardotstarAuthor Commented:
Format D:


My original post was prior to getting the PC.  So I wanted to assure I was doing all I could to help this client.  Basically the question then entered into an actual question, my bad,  and all went down hill from there.

This PC had 2 HD's.  I took the "d" formattted it and reinstalled XP Pro.  Loaded all updates, WinDef Eiwido (Now GRiSOFT), Spybot and AVG.

Created a new admin account with my name and just finished changing his to limited.

So to answer your question, I am sure there were answers there as usual, but the last snaffu killed the drive.  I know everyone kept yelling for the Hijack LOg.  I had run it and corrected it already.  Eiwido kept alerting on Winfixer.d.

When I ran one of the prograam, everything went the he** fast!

Thanks all!

0
 
Irwin SantosComputer Integration SpecialistCommented:
ok...thank you for the detailed explanation...and I can see $$$ in your near future :-)
0
 
StardotstarAuthor Commented:
Yeah I called him last night with the good, the bad and the ugly.  In the long run this will be better.  Fresh start with everything.

I had been prepping him though for quite some time that this day is coming.

Fortunately, all he uses his pc for is the emails.

Thanks!

0
 
Irwin SantosComputer Integration SpecialistCommented:
" he uses his pc for is the emails."

...and the webcam for "midnite rendevous" for his Russian babes... know what I mean?
0
 
StardotstarAuthor Commented:
No no webcam, he usually will take a month off and go over and look around.  The last time he went he found a keeper and the next time I saw him I asked what happened when was she coming and he told me somone else got her!

What a life, go figure!
0
 
Irwin SantosComputer Integration SpecialistCommented:
time for some Asian action in Thailand! :D
0
 
bigjimbo813Commented:
bust him down to a user....or even a guest?
0
 
StardotstarAuthor Commented:
Yes, I did.
0
 
Irwin SantosComputer Integration SpecialistCommented:
let me have his job as an OBGYN doctor... I'm game...great opportunity for me ;-)
0
 
StardotstarAuthor Commented:
You and me both!  I'm not allowed at the office on client day!
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 17
  • 13
  • 3
  • +9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now