Spyware

Startup process list

Bleeping computer startups (I’m not sure if it is the computer that is bleeping or someone swearing at the computer) has a list of known startup processes,what they do and whether they can be disabled or not. I’ve got rid of quite a few entries from the new machine and it was useful for some of the hp related utilities that I hadn’t come across. I like this site as it actually gives you useful information whereas something like liutilities.com seems to be vague and prompts you to purchase their utility to get more information.

New desktop

We purchased a new computer from shudder Compusa this morning. We got a very decently spec’ed HP Pavillion A1030N desktop with 512MB memory, 200GB hard disk, 3GHz Intel processor with HT (appears as 2 processors) technology,DVD writer (with lightscribe so I can pay a fortune and have my dvd labels laser engraved – ooooohhhh) and a dvdrom. We also purchased a Norwood Micro 17″ TFT screen to go with it, some speakers, blank dvd’s and a small UPS to power it all. I also got a USB2 wireless adapter so the pc can be set up in the basement (or anywhere we feel like) without being confined to the computer room. This is made by Hawking Technologies (who I’ve never heard of) so it was a bit of a risk buying it, but at $20 after rebates it was cheap enough and I could always return it – but it seems to be working fine.
The whole lot is way cheaper than buying it in the UK and the price gets better as the rebate checks come in (3 for this lot!)
After switching the machine on, going through the boot up procedure it was time to install the wireless adapter which went through without a hitch and connected to the wireless Lan a lot easier than other things I’ve connected. Then it was off to Windows Updates……
18 items and 19MB to download (and it then detects I have some GDI vulnerable programs). The machine also came bundled with some new antispyware software called SpySubtract which I must admit I’d never heard of. It had a 60 day trial so thats enough to let me see what its like.
The other bundled software includes Norton’s Internet protection suite (which will be uninstalled asap), Microsoft Works (useful for Word only), Microsoft Money (will be very handy for keeping track of our balances) and interestingly some WildTangent games. Now supposedly these games are not spyware, according to WildTangent’s support site but other spyware detection programs detect them as spyware as they report back pc specs and each user has a unique id. It will be interesting to see what spysubtract thinks of it. Personally I will remove it if SpySubtract doesn’t – I want to keep this machine as clean as possible.
Down points

  • Spysubtract keeps bugging me that it needs a new download to update it, even though the download program then says that the patch has already been applied
  • Adobe Reader 6 is installed not 7
  • WildTangent
  • HD has a recovery partition on it, but no instructions on how to use it (that I can see so far)

More updates as I carry on the installation of the machine.

MS Spyware alerts and alerts and alerts….

I installed the MS antispyware on the parents in law (PIL) computer and although it didn’t find anything it does have some funny things going on.
If I log on as me I get no alerts from the application. However if I log off and then log on as the PIL I get 3 alerts pop up as below. However these only occur if I’ve logged on before they have. I can’t work out what application keeps changing these settings as there is nothing obvious in the startup list. Any ideas?
Interestingly, the url redirects to altavista.com

Internet Explorer URLs alert

Internet Explorer URL for Search Bar has been allowed to be changed from http://go.compaq.com/1Q00CDT/0409/bl8.asp to http://www.google.com/ie. This URL is in the user’s allowed Internet Explorer URL list

Internet Explorer Security Settings alert

Occured on: 4/27/2005 at 10:12:49 AM

An Internet Explorer security setting & Warn about invalid site certificates and has been granted permission to be changed. This setting is in the user’s allowed security settings.

Internet Explorer Explorer Bars alert

Occured on: 4/27/2005 at 10:12:48 AM

Internet Explorer Bar Microsoft Shell Browser UI Library c:\windows\system32\browseui.dll has been granted permission to be installed. This program is in the user’s allowed Explorer Bar list.

About Internet Explorer Explorer Bars: An Explorer bar (band) is a panel like the Favorites, History or Search panels that you see in Internet Explorer or Windows Explorer.

11 reasons to run antivirus and a firewall…..

TR/dldr.delf.CB.1*2
BDS/Haxdoor.BH*3
TR/dldr.small.ait
TR/Drop.Funweb.A
Drop.Small.NK
BDS/Haxdoor.BH.1*2
PMS.WildTangent.B.1

Interestingly Norton had already detected and deleted a couple of these files but didn’t detect any of the others. I had to boot from a Windows UltimateBootCD, download new dats for avpersonal and then run a scan. The Avpersonal only took 30 minutes to run, the Trendmicro one has been going for about an hour and is still going. Its a good job I don’t charge by the hour.

Microsoft Spyware update

Microsoft released a new version of their Windows AntiSpyware (Beta) for download. What is weird is that the existing beta software had an update routine in it, but when you ran it, it did not detect a new version. Apparently the changes are to do with extra real time protection agents, new threat categories and improved stability and performance (although I never had any performance problems with it).

Ca Antivirus/Firewall

I installed the CA Antivirus firewall on the parents-in-law computer. The firewall is almost identical to zonealarm. I’ve not used zonealarm for several months/years now so I can’t tell if it is the same as the newer versions, but all the popup dialog boxes and the traffic meters in the taskbar are practically identical. The Antivirus is different and also includes spyware and popup blockers so it will be interesting to see how good they are – i’m sure I’ll have plenty of practise as I’ve already removed lop from the computer twice, amongst many other spyware infections on it. I’ve also installed SpywareGuard which aims to stop the driveby installations (and i’ve also installed firebird for my own surfing)

Adaware vs Search&Destroy

Had a major problem with a spyware infection yesterday. User told me that their pc was incredibly slow and Search&Destroy would not fire up. S&D was actually running minimised but it was not possible to restore or maximise it. Turns out that the pc was actually running slowly due to the machine trying to constantly access a faulty cd! I ran hijack this as the user had a toolbar named “lslyfqudprl” and homepage was set to mysearchnow. That found the toolbar and an autorun app called dseeglpr.exe -quiet in the registry (which I had already spotted by hand to start with!). I cleaned this and then ran adaware and it found IGetNet and Lop.com. These were cleaned and then the system ran with Search&Destroy which found another 5 objects, although these were pictures from lop. A slow scan of the computer with AntiVirus software (why oh why do these not detect lop.com components as virus’s or malicious software?) and the user eventually got his pc back a couple of hours later.