Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#257587 - 03/06/2005 06:49 Infected with spyware?
CrackersMcCheese
pooh-bah

Registered: 14/01/2002
Posts: 2489
While browsing the other day I got caught up in pop-up hell and when one of those 'install software' ones came up I clicked yes in my panic. I don't know what it was but when I googled the name it came back with results that indicate its for trawling my pc for passwords and sending them somewhere, same with key presses. Is this possible?

I've run ad-aware but what else should I use? Is there also something that will tell me what each process is thats running?

Thanks!

Philip

Top
#257588 - 03/06/2005 07:32 Re: Infected with spyware? [Re: CrackersMcCheese]
Schido
enthusiast

Registered: 29/03/2005
Posts: 364
Loc: Probably lost somewhere in Wal...
This is a good one (just a wrapper for a lot of free spywarescanners)
http://www.hitmanpro.nl/

Sorry, couldn't find an english page for it.

Taskinfo is great for monitoring processes:
http://www.iarsn.com/taskinfo.html

Oh, and maybe try firefox next time instead of internet explorer, altough it won't protect you from clicking yes to installing:
http://www.mozilla.org/
_________________________
Empeg Mk1 #00177, 2.00 final, hijack 4.76

Top
#257589 - 03/06/2005 07:59 Re: Infected with spyware? [Re: CrackersMcCheese]
Shonky
pooh-bah

Registered: 12/01/2002
Posts: 2009
Loc: Brisbane, Australia
"HijackThis" is good but doesn't really identify spyware. It points out all the things in your system that could be spyware. It will pick up things like "Google's Toolbar" for example which is prefectly fine.

You really need to know what you're doing. If you run a scan, I can let you know what looks suss at least.

If you know what you installed, there's probably a howto on how to (hmm...) get rid of it.

And yes, although AdAware is a good start, it certainly doesn't find everything.
_________________________
Christian
#40104192 120Gb (no longer in my E36 M3, won't fit the E46 M3)

Top
#257590 - 03/06/2005 11:57 Re: Infected with spyware? [Re: Shonky]
Attack
addict

Registered: 01/03/2002
Posts: 599
Loc: Florida
This FAQ is very good. It's a bit out of date but still very helpful. I personally use SpyBot, AD-Aware SE, Microsoft AntiSpyware and HiJackThis.
_________________________
Chad

Top
#257591 - 03/06/2005 13:13 Re: Infected with spyware? [Re: CrackersMcCheese]
tman
carpal tunnel

Registered: 24/12/2001
Posts: 5528
If you're really worried then the only solution is to wipe clean and then just reinstall keeping only your documents. The documents you'll probably have to scan anyway just in case of nasty macro/whatever viruses.

Top
#257592 - 03/06/2005 17:44 Re: Infected with spyware? [Re: CrackersMcCheese]
g_attrill
old hand

Registered: 14/04/2002
Posts: 1172
Loc: Hants, UK
As mentioned, SpyBot is great, then possibly the MS product (although manually review everything because I got a lot of false positives).

Then go here and download and play with these:
http://www.sysinternals.com/ntw2k/utilities.shtml

Filemon: Monitors file access. Play with the filtering to reduce the output.

Process Explorer: Excellent process monitoring tool.

TCPView: Basically tells you what processes are listening on ports and sending/receiving traffic.

Autoruns: Lists all entries in Windows where a process can automatically start up.

RootkitRevealer: Possibly try this, but it's probably not necessary for simple malware.

--
Gareth

Top
#257593 - 03/06/2005 18:50 Re: Infected with spyware? [Re: g_attrill]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12345
Loc: Sterling, VA
Ditto on Process Explorer. I use that all the time. Task Manager's got nothing on that program.

I'll have to check out their other software. I've been to their site dozens of times to download Process Explorer, but never looked at their other stuff. It sounds good.
_________________________
Matt

Top
#257594 - 03/06/2005 21:12 Re: Infected with spyware? [Re: Dignan]
eliceo
enthusiast

Registered: 18/02/2002
Posts: 335
Process explorer is great especially in win98 when you dont even have a task manger.

I just got rid of New dot new . Argh

Top
#257595 - 04/06/2005 01:45 Re: Infected with spyware? [Re: CrackersMcCheese]
FireFox31
pooh-bah

Registered: 19/09/2002
Posts: 2494
Loc: East Coast, USA
<Ahnuld voice> "Dooo it! Dooo it naaow!"

The SysInternals tools are awesome. ProcessExplorer's ability to show which processes are linked to which DLLs really helps.

The latest versions of HiJack This also have a process explorer that is helpful. I'm not even sure if the program cleans spyware, but it sure can detect it.

I would suggest installing the MVPS Host File when you are done, and updating it weekly at least. It prevents your computer from even THINKING about talking to malicious websites.

Yes, than Mozilla and SpySweeper (which I still think is plotting to take over the world, but that's another story).

Good luck, you can do it, unless its a rootkit, in which case SysInternal's Root Kit Revealer may help, though I haven't tried.
_________________________
-
FireFox31
110gig MKIIa (30+80), Eutronix lights, 32 meg stacked RAM, Filener orange gel lens, Greenlights Lit Buttons green set

Top