Spyware is software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge; it has also come to include programs that engage in various kinds of electronic fraud. Anti-spyware is software that removes or blocks that software; some common vendors include Malwarebytes, McAfee, Spybot-Search and Destroy, Ad-Aware and BitDefender.

Share tech news, updates, or what's on your mind.

Sign up to Post

BitDefender is deleting my computer ID.  Thus every time I log into various sites, I have to do two factor authentication.  Not sure what setting is called or what to look for to disable or not have it run every single night.   My computer is locked down and doesn't have any passwords remembered etc. so I feel comfortable turning this off.

Any ideas what I look for?
HTML5 and CSS3 Fundamentals
LVL 13
HTML5 and CSS3 Fundamentals

Build a website from the ground up by first learning the fundamentals of HTML5 and CSS3, the two popular programming languages used to present content online. HTML deals with fonts, colors, graphics, and hyperlinks, while CSS describes how HTML elements are to be displayed.

We had a none critical server get infected with the Cheetah virus.  I have run Sophos and Malwarebytes and neither has fixed it.  I can change the extensions manually but that will take forever.

There must be a simple solution that one of you have tried.   HELP!
My Google searches seem to have been hijacked

Every query comes up Search Encrypt

And the contents are not Google search results.

What's going on??
Mysterious Z: drive in Windows 7.  Client called today with Excel files missing from documents and instead all of the files he had deleted some time ago returned.  I have removed the unwanted files, no problem there.  The missing files were in the apps\roaming\Microsoft\network folder.  This is a stand alone PC, what would move them?  Next I noticed a Z: drive???  The drive has the same physical space used and capacity of C:, but doesn't have the same contents.  The Z: drive doesn't appear in the registry or Disk Management.  There is not 2 physical drives in the machine.  Norton is the AV and failed to detect (Full scan) Poweliks.  Roguekiller, ADWcleaner and website detected the virus.  I believe things are cleaned up now, but still suspicious of this Z: drive.  It only contains log files and copy of PDF files (From documents).  The logs are were updating as of this morning.  They don't appear to be updating this afternoon yet (Post removal of virus).

I was wondering if EEs could give me some suggestions for managed  AV software. I have tried norton, avg, bitdefender (current), webroot, kaspersky, virus kept on slipping through.

Any ideas?  thanks
Google hijacked by

Every time I search using Google in Firefox I get this crap.

In Chrome, it works fine.

How do I get rid of this & prevent it in the future?

Somehow, when I go to, I now get this.

How do I fix that?

I'm using Firefox, I don't have time to try other browsers.

Hallo Experts
I would like to collect the following Threat Artifacts from a compromised Windows System:
  • CPU
  • Routing-, ARP- & Process tables
  • Memory
  • Temporary files
  • Relevant data from storage media
What would you collect? Is there any best practice from NIST or anyware?
Thanks a lot
Hallo Experts
For our Security Operations Center (SOC), we are searching for a tool that can collect “Threat Artifacts”. When I worked with McAfee in the past, they used GetSusp to collect information about undetected malware on their computer.
We are searching for a similar tool that we can use in the network to collect information remotely. What would you recommend us? It would be nice, if the tool would work on Windows & Linux, albeit this is not a must.
Thanks a lot
It's not uncommon to go to a website that gives you a frowny face and guilt tripping you that "We see you have an ad blocker. But that's how we make our money." So then if you really want the site you can white list them. And then typically you forget about it. Is there any way to tell in what ways the sites have taken advantage of your white listing? If they gave you spyware or something else malicious can you trace the malware to the site that gave it to you?
Amazon Web Services
LVL 13
Amazon Web Services

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Does anyone know of a tool that can successfully remove EMOTET?
Hi guys

I've installed an anti-theft application on my laptop, in case some thieves break into my home and take it (there's been burglaries in the area). I'm trying to think further down the line. The issue I have with these applications is that if someone takes my laptop, they may be cunning enough to take out the disk inside at which point, I can kiss goodbye the anti-theft application I installed.

Are there any tracking devices out there that I could plant into my laptop, to locate it in the event of an unfortunate event?

Thanks for helping
Hello, I have a windows 10 system that a pop up on the right corner of windows keeps popping up with virus removal if you click on it, it takes you to a webpage doing a scan so I assume it malware or virus, I ran Malwarebytes, McAfee and MS Defender with no luck .... any suggestions on removing this?
Windows Defender Service pegged 100% CPU.  Any way to fix it?  Do I need to reboot the VM?
This is win 2016 server std edition.  Single CPU 8GB ram
I’m trying to compare the two solutions, between Webroot anywhere secure with DNS protection or Sophos interecptX advanced with EDR.
I do have a Sophos Firewall, but I’ve been using Webroot for now and just tested InterceptX and I have to decide which route to take.

Does anyone have any recommendations?
The client complains about the expense on antivirus software. What solution are you using for a company running over 150 computers?
This client has been using Trend Micro for over a decade, which is installed on servers and PCs. Every year when renewing the software, the client always questions
- Is there anything cheaper but doing the job?
- Can we disable internet access on certain computers and save the license on them?

I am so fxxking annoyed.

referring to above link, it did not give the hash for the malware but I need to check if signature has been released by Trendmicro.

Once I have the hash value, can enter into virustotal to check
Microtech scam/ransomware was on a computer at a remote location.  Said they needed to call a 1800 number to get virus removed.  This user did that and paid $300 dollars to have fake company remove virus.  Got a text from him and said they are in there right now controlling computer and "trying" to remove  virus.  Should he power off right away or should he let them do their thing so he can use his pc again since he paid the money?  I told him to immediatley power off computer and wait for them to call again.
We have 3 apps that a user runs on his computer every other day: 'SUPERAntiSpyware', 'Spy-Bot Search and Destroy' and 'Comodo Antivirus'.  The user runs the 3 apps at that same time whenever cleaning up is desired.  The user would leave theses tools running overnight.

The app 'Comodo Antivirus' never finds a virus.  The apps 'SUPERAntiSpyware' and 'Spy-Bot Search and Destroy' always finds spyware.  In  the morning the user would first click 'SUPERAntiSpyware' to delete or isolate the threats reported and then do the same to 'Spy-Bot Search and Destroy'.  Finally restart the computer.   Note, prior running the apps, the user would run cCleaner to cleanup any junk in his drive.

To-Date, there is no problem we have identified and all seems to be ok.  Our question is more directed to know EE opinion on:

  • Why 'SUPERAntiSpyware' and 'Spy-Bot Search and Destroy' display different results?
(Spy-bot would show registry entries and superantispyware would show files)
  • Any negative effect by running these 3 apps simultaneously?
  • Finally, is it necessary to run cCleaner prior running the apps?
Learn Ruby Fundamentals
LVL 13
Learn Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

If I use a Solaris server as repository server to get from Internet
ClamAV updates, can it be used by other platform 'satellite'
ClamAV such as Windows, Linux?   Ie can freshclam on
Windows/Linux pull signature updates from a Solaris ?

Are the 3 cvd files (main, daily, bytecode) inter-useable
between Solaris x86, RHEL & Windows ?
What is a good, legitimate antivirus for a Samsung Tab E? I am getting lots of pop ups and the performance is slow.

Thank you.

Hacked e-mail account help required.

Last night a client received an e-mail that starts out:
My nickname in darknet is konstantine23.
I hacked this mailbox more than six months ago, through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

They then list the actual password correctly to her account.  It is an Office 365 account.  She does access her account on her personal laptop, which I will have this afternoon in my possession.   I am currently scanning her work computer, and having everyone else check for the same e-mail in their SPAM folder (Where she found hers).  We are in process of changing password to all of her online accounts (Including e-mail) on another computer, not part of their network.  The business does have a UTM router in place, and logs will be looked at next.  TDSS Killer did not find any rootkits, but more scanning will be done.

Looking for information on this possible.
I'm trying to establish if my Officescan  has Officescan's Ransomware protection below :

Ransomware Protection Enhancements in OfficeScan 11.0 SP1 Critical Patch 6054
Detection details of the OSCE 11.0 SP1 Critical Patch 6054 Ransomware Prevention Summary widget

Above 2 lines are extracted from link below:

Last screen in the attached shows  Scheduled Scan is disabled : is it a good idea to enable it
& I thought to have it enabled either during lunch hours (for users who bring home their
laptops) or in the night (for users who leave their PCs/laptops powered on in the office at night):
I've heard many recommendations that on-demand scheduled scan is quite essential too.
Just that it's hard to determine which laptops are being brought home

attachment is what's shown on my laptop
a couple of years back, Trendmicro's  .DAT file can be searched using (find or grep command) for
certain malware names.

I'm now using OfficeScan V12.0.1352 & I think the signature file is VsapiNT.sys

I'm trying to track if  globeimposter  ransomware is in our current officescan signature &
the 2 links below seems to say that TM has documented them quite some time ago:

but when I searched for "glob"  (I suppose FakeGlobal as it's known to Trendmicro) would have it
listed in the latest VsapiNT.sys signature but it's not there:
appreciate steps on how to list the malwares covered by Officescan's signature file:

C:\foren>find/i "glob" *.sys |more

---------- TMPREFLT.SYS

---------- TMXPFLT.SYS

---------- VSAPINT.SYS
JungUm Global
Corel Global Macro(GMS)
When clicking "Disable these  Cookies" we get a message of 3rd cookies to select (see below).   We noticed that all are SQL.  Can some EE explain why these cookies?  Why SQL have 3rd party cookies? - please shed some light on the topic

Spybot issue


Spyware is software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge; it has also come to include programs that engage in various kinds of electronic fraud. Anti-spyware is software that removes or blocks that software; some common vendors include Malwarebytes, McAfee, Spybot-Search and Destroy, Ad-Aware and BitDefender.