Spy/Adware invasion

[+ friendofsheila]

It seems I got a program downloaded to my computer on Xmas eve without opening any weird emails or anything. It advertised spyware called Winhound. It overtook my desktop, and had these windows that forced me I went in and uninstalled it and deleted the program from the Windows subdirectory and the desktop picture that kept popping up. I also ran my Spybot/Spyblaster program (a free program that cleans out but I don't think blocks stuff) right away, since I hadn't run it in a while.

 

At the same time, I got a message in a red "balloon" pointing from the desktop toolbar, supposedly from the Windows program, saying it has detected spyware or adware, and to click here to get a list of the best available spyware programs. It SOUNDED like another ad, disguising itself with Windows characteristics (the "Are you sure you want to close this?" window has my custom-set colors in it), but I'm wasn't sure so I ignored it.

 

Now the little red balloon is back, my computer runs slower, an ad pops up when I sign on to the internet, and when I'm offline, a Window message says "attempting to establish an online connenction - retry? work offline?".

 

Whew! Anybody else deal with this? What else should I do?

[Guest skrubber]

MacAfee is excellent for getting rid of spyware/adware and continuously scans your computer for such.

[OneFinger]

McAfee is great as a virus checker and it also has a very powerful firewall. But, on the down side, McAfee is expensive to maintain and usually runs $75 per year.

 

I had some recent problems with someone hacking into my system. In taking care of that problem and for compatibility with work I'm using Symantec for virus protection. For a firewall I'm using Sygate and really like that.

 

I also don't use Windows Internet Explorer and have switched to Mozilla FireFox. That has helped cut down on a lot of spyware stuff.

 

Good luck and let us know how things go.

 

-------------

"We need to have more respect for each other. Things have just gone really crazy, out of control. ... We're on a very weird kind of cycle." Stevie Wonder

[+ deej]

You can count me among the people who will NEVER use a McAffee or Symantec/Norton product again.

 

Norton AV was notorious for software conflicts years before Symantec bought it and ruined it. I used McAffee for many years until this most recent computer when it made surfing the web impossible. I kept getting truncated web pages, which stopped happening when I uninstalled McAffee.

 

Today I use AVG antivirus and firewall (and have been mightily impressed) from http://www.grisoft.com, and AdAware and Spybot Search & Destroy (Google should find them).

 

And I'm as liberal as Atilla the Hun about where I will/won't surf, or what I will/won't open in email. I use MailWasher Pro (http://www.firetrust.com) to pre-scan my inbox before I download any email. If a virus even makes it through my spam filter (Mailwasher), AVG kills it on arrival.

 

You were having performance issues before. Switch to AVG (and remove the viruses from Symantec or McAffee) and you'll probably find your system faster. And you'll save a lot of disk space, too.

[+ friendofsheila]

The red balloon does seem to be a valid Windows warning, so I followed it to a list of spyware to download. I guess SpyBot/SpyBlaster doesn't work for adware.

 

I downloaded and installed the free Ad-Aware. I ran it and it quarantined some stuff but when I clicked "next" it ran the "gas gauge" saying "deleting," then froze. So, I'm not sure it worked. I'll try again.

 

*Sigh* Looks like I'll have to take a tutorial somewhere on what a firewall is and what things I need to know about these things. Plus spend some $ (when I have it) to pay for something more powerful.

 

More as it occurs.

[+ deej]

>The red balloon does seem to be a valid Windows warning

 

Standard Windows warnings are yellow balloons. (Unless you're using non-default color settings.) Red sounds like a McAffee balloon.

 

>*Sigh* Looks like I'll have to take a tutorial somewhere on

>what a firewall is and what things I need to know about these

>things. Plus spend some $ (when I have it) to pay for

>something more powerful.

 

Firewalls are an absolute necessity, particularly if you have a broadband connection because you're "always on".

 

There are 1,024 "ports" (think "hailing frequencies") on your computer. Windows defaults to leaving most of them wide open, and vulnerable to attacking software/malware. Firewalls close them, except for usage that YOU approve.

 

Some (but not all <sigh>) broadband routers come with a firmware firewall that operates invisibly to you but it's best to also have a software firewall running on your pc.

 

You can get the free version of ZoneAlarm (http://www.zonelabs.com), which is an acceptable firewall. At least they USED to have a free version. I haven't looked recently.

 

To test your system's "openness", go to http://grc.com and run their "Shields UP!" tests. (I'll warn you in advance. It'll scare you.)

 

This isn't just for you, btw. It applies to everyone.

[+ friendofsheila]

As of today, I'm running Firefox. That seems to have slowed a file named c:\windows\win386.swp from ballooning to 400+ MB when I ran Explorer.

 

I'm running Ad-Aware, SpyBlaster and Spybot to some effect every other day or so, though not enough apparently. They are often impeded, but I've had some luck running them in "safe" mode. It's very difficult to shut down the computer even.

 

I guess an anti-virus pgm is my next move. I can get McAfee from school with a student discount.

[+ friendofsheila]

>

>You can get the free version of ZoneAlarm

>(http://www.zonelabs.com), which is an acceptable firewall. At

>least they USED to have a free version. I haven't looked

>recently.

>

>To test your system's "openness", go to http://grc.com and run

>their "Shields UP!" tests. (I'll warn you in advance. It'll

>scare you.)

>

 

I'll try these last 2 on my next marathon evening of booting and rebooting...

 

Boy this is work!

[Guest msclonly]

My computer was taken over by MYSTOPSPAM.COM

 

Removed the Windows address bar and slowed the computer down!

 

Messes up the firewall and permitted popups, when I didn't subscribe after the initial trial period, that I didn't want.

 

}(

[+ deej]

AVG virus scan (http://www.grisoft.com) has a free version you can download.

[DelawareGuy]

I use Spy Sweeper from Webroot Software (easily downloaded from their website http://www.webroot.com). It's a subscription program - about $30 a year but well worth it, in my opinion. It runs in the background so it's always working. It's updated frequently so you have the most up-to-date protection. It even has a nifty feature that lets you turn off advertising tracking cookies. It alerts you when a program wants to insert itself into your start file. I highly recommend it.

[+ deej]

People I know and trust recommend that package.

 

But folks, just a general word of caution. There are a ton of spyware/adware detection/removal programs out there that actually deliver a spyware/adware payload of their own. Sure they'll wipe out their competitor's spyware, but they'll install spyware of their own.

 

Don't accept claims of a website until you've checked them out on the security watcher websites out there.

[Boston Guy]

Delaware Guy pointed out one of the best solutions out there: Spy Sweeper from Webroot.

 

I used to be a big fan of Adaware and Spybot and other programs like them. But they miss a fair amount of stuff and you have to run several of them to have even a fair chance of getting everything that might have infested your computer. Spy Sweeper finds it all, all by itself.

 

There is a charge for the program and its live updates. But unchecked spyware can cause all sorts of problems, not least of which can be hours of frustration trying to deal with the stuff.

 

On some older computers, I keep Spy Sweeper disabled and let it run once a week. When combined with good antivirus protection, that's probably enough and Spy Sweeper can definitely impact the performance of slower systems. On new systems, though, I just let it run in the background.

 

I think it's the best product of its kind available today.

 

As for antivirus, I'm partial to Trend Micro and PC-cillin. It works well for me and has for quite some time. I find it effective but less intrusive than some of the other major programs.

 

Happy computing.

BG

[+ friendofsheila]

Boy, having a computer is like having a car. I wonder if I should find reliable "mechanic" to take it to for a tune-up every once in a while if I don't want to have to do all the learning/installing/"disinfecting" myself.

[+ deej]

Wouldn't hurt.

 

If you're not running the basics:

 

* CURRENT virus scan software

* Firewall

* Adware/Spyware protection

 

you're begging to have your system destroyed.

 

Once you're set up with the basics, they're pretty much self maintaining IF YOU KEEP THINGS CURRENT. Otherwise, you're having unsafe HEX. (That's a nerd joke.)

 

Then teach yourself the smart way to deal with junk mail/spam: DELETE IT! Don't open those attachments. Even out of curiosity. Remember:

 

* If it sounds too good to be true, it is.

* Nobody in Nigeria really wants to send you money.

* Talk to your doctor if you want a larger penis (or breasts).

 

:+

 

Most of the cretins who write malware rely on human engineering to get you to open things you KNOW you shouldn't open. Don't give them the satisfaction.

[Lookin]

This may be heresy, but have you considered using a Mac? Even if you buy a used one, and use it only for mail and web surfing, it may save you time and money.

 

I use only what comes with the Mac operating system, and have never had to look for or install any other protection. I've never had a virus, or system slowdown, or spyware, and I see a popup ad once every few months. The spam filter that comes with the Mail program does a great job, with little help from me.

 

I know I'm a wimp, compared with the tech studs who can keep their Windows systems running smooth and trouble-free; and they have my respect and admiration. But the less hassle there is between me and the newest Cover Boy review, the better I like it.

[+ deej]

Not a bad suggestion if the OP could afford it. :-(

 

A Mac is, indeed, less succeptible to attack. (Notice I didn't say completely safe.) That's because there are fewer of them. Virus/Malware authors go for biggest impact, and that means Windows. Most malware is written for the "Woo Hoo! Look what I did!" factor. They don't get much of that from hitting 12 Macs. ;-)

 

I write business software for a living, and that means Windows. Many people need to run the same software at home that they run at the office. That usually means Windows. (Sure, you could run Windows in a virtual PC on a Mac but why not just run Windows in the first place?)

 

It'll be interesting to see what happens when the Mac OS becomes available for x86 computers. I have a spare PC sitting here just waiting for it!

 

There is actually very little effort involved in keeping a Windows machine going. The effort is in initial setup.

[+ friendofsheila]

I think I've eliminated most of the problems with my computer. I deleted the .dll files in the system folder that had the same date as the infection and cleared up A LOT.

 

I also got rid of something important, which I found on the internet and replaced. Wow! Now, I only get the occasional pop-up, which might be happening because my ISP program opens Explorer instead of Firefox.

 

Anybody know how to force the ISP to open Firefox instead? (Firefox has been asking if I want it to be the default, but my "yes" responses haven't done the trick yet.)

[+ deej]

Good for you!

 

>Anybody know how to force the ISP to open Firefox instead?

>(Firefox has been asking if I want it to be the default, but

>my "yes" responses haven't done the trick yet.)

 

Depends on your ISP. It may be hard-coded to IE.

 

You can do away with most popups in IE by installing the (free) Google toolbar. It has a popup blocker that works quite well.

[+ friendofsheila]

>

>>Anybody know how to force the ISP to open Firefox instead?

>

>Depends on your ISP. It may be hard-coded to IE.

>

I learned that NetZero is in fact hard-coded to IE. Oh, well.

[+ deej]

Easy and obvious (and cheap) workaround: as soon as you fire up your connection, minimize IE and start Firefox. The only thing you need NetZero for is the connection.

 

It's the same thing I've been telling people to do with AOL's browser for years.