Making system spyfree

[mab]

Hi,

Few other people are using my computer as well. If one of them installs a kind of software, which spies on my everything, for example like stealing my password or finding which sites I have visited or whatever I have done on my computer.

My question is how can I know that such kind of software is installed on my system, as such kind of software is normally hidden.

Thanks in advance.

[SubJunk]

simply put, click here and download the program. It's free.

[bloodhound]

there are plenty of threads about spyware and malware, if you look around.. anyway my fav combo is spybot and adaware. for particular virulent strains there are specific tools for the job.

[mab]

Thanks to both of you for such a quick reply.

[MolecularMan14]

spybot search and destroy seems to get everything done for me. But for adware, I would suggest Adaware.

[5614]

yes, i use adaware and spybot S & D, however remember that both need constant updating to keep up to date with spyware. also it is most probable that your computer will be attacked by new spyware as the old stuff tends to die out quite quickly (except some exceptions) so theres not much point in using a spyware scanner which is way out of date.

 

also checking which programs are starting on start-up:

(in most windows OS)

start > run > msconfig > startup

and viewing which process are running whilst you are using a computer (windows task manager or suitbale alternative) and just check whether the programs are safe or not:

http://www.liutilities.com/products/wintaskspro/processlibrary/

(to check your process, see above link)

 

if your computer is running slowly or you are getting pop-ups etc then you may have spyware.

[indignity]

if these are programs that other people with physical access to your computer are installing... it's not spyware (at least it's not what I think of when I think of spyware)... it's a trojan...

 

what you need is first of all a good virus scanner... and more importantly, a good firewall (and the knowledge to keep it running properly)

 

Also... some of the programs used to spy with are not detected by virus scanners... and if they have physical access to your computer anyway, the firewall might not do you much good...

 

the only real protection you have is to either lock them out of your computer entirely, or set up restrictions to keep them from installing things on your computer

[5614]

hence i have seperate system and BIOS set-up passwords and have a spearate password on my user account (at home).

 

on my other computer (for practice) i installed a key logger.. its not there anymore, but it got past all of the stuff (except that adaware picked it up!) hardware keyloggers are harder to detect unless you actually loo at your ports!

 

i agree with all that indignity said, need AV and firewalls (up to date and all) however this thread is about spyware and not viruses and trojans, so it wasnt that topical.

 

may i remind people that people who use wireless networks must encrypt their data to stop any random person from using it, random person using it allows for internal network hacking, which is easy as normally you set up your firewall to allow your network to have access to your computer.

(again, suitbale but not topical in that this thread was meant for spyware)

[mab]

Thanks to everyone for advices

[bloodhound]

Most anti virus scanners have a pathetic detection rates for trojans by the way... its not their job of course. But Kaspersky antivirus seems to do better at detecting them than stand alone trojan scanners.... and that why i use it .. http://www.kaspersky.com (they are not paying me to say this)

 

Sayonara would probably reccommend sophos. http://www.sophos.com

 

norton doesnt detect trojans and geneneric trojan downloaders at all.

But once i started use FireFox even those Antivirus trojan alerts stopped coming

[5614]

how does avast fare for AV (trojans and just in general)?

 

(ive got avast as well as NIS 2005)

[bloodhound]

avast has a great record as well for trojans and in general.. maybe a few false positives.. but overall, it is one of the better AV

[ed84c]

how can you get rid of the anoying way IE opens sp.html (stored in the temp folder) every time you open aweb page. The address bar then displays about:blank. I am currently using windows explorer to display these pages as now netscape is also broken.

[Sayonara]

By not getting infected with browser hijackers, which you can accomplish with any of the fine products mentioned above.

[Perennial]

avast has a great record as well for trojans and in general.. maybe a few false positives.. but overall, it is one of the better AV

 

Agree very much, from what I've collected people have been quite satisfied and personally the only problems I've had during the last couple of years have been a couple of false positives here and there.

[bloodhound]

how can you get rid of the anoying way IE opens sp.html (stored in the temp folder) every time you open aweb page. The address bar then displays about:blank. I am currently using windows explorer to display these pages as now netscape is also broken.

 

download HijackThis scan it. and post the log .

 

http://www.spywareinfo.com/~merijn/downloads.html

[ed84c]

thanks guys

 

Logfile of HijackThis v1.97.7

Scan saved at 12:05:29 PM, on 10/26/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE

C:\WINDOWS\STARTER.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE

C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\KODAK SOFTWARE UPDATER.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\T8WFT14D\HJT[1]\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hkbrnhktzascj.uk/SItn2kBZ6V87Dj9wfXFit8fA9zbxQSz4mbOeWSxAXW2P17fgSAcROr5YT5UBfMS4.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pwxbbzsinapqlanr.com/SItn2kBZ6V9CKMdW2a3jX5zd/gB1EsMLI6IFH0sbrBY.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUNDLG32.DLL

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.zvjespxhix.com/SItn2kBZ6V9CKMdW2a3jXxhBz66P0Qx1I6IFH0sbrBY.html");\nuser_pref("browser.startup.page", 1); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\dggaj2w0.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\dggaj2w0.slt\prefs.js)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: (no name) - {68E8FCA1-16ED-11D9-815F-44454B42C461} - C:\WINDOWS\MADOPEW.DLL

O2 - BHO: (no name) - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUNDLG32.DLL

O2 - BHO: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll

O2 - BHO: (no name) - {7C6026EB-6767-9A2F-05EF-88B085BBD6DD} - C:\WINDOWS\APPLICATION DATA\HOLEDUPE\BASE WAIT.EXE

O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUNDLG32.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll

O3 - Toolbar: &Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\PROGRAM FILES\ADVANCED SEARCHBAR\TOOLBAR.DLL (file missing)

O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe

O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe

O4 - HKLM\..\Run: [active lite noun bone] C:\WINDOWS\Application Data\LOGOVCACTIVELITE\Build Ref.exe

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinject.exe

O4 - HKCU\..\Run: [proc long] C:\WINDOWS\APPLIC~1\ENCSIZ~1\LINK NEW.exe

O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: &Advanced Searchbar (HKLM)

O9 - Extra 'Tools' menuitem: &Advanced Searchbar (HKLM)

O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab

O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab