Top 10 rogue anti-spyware

[Cricket]

The worst offenders.

Oddly enough I just spent a couple of days cleaning PS Guard, Spyware Sheriff and SpyAxe off of one of my own computers after my sister and her kids came to visit with us. Luckily the kids only used that computer while they were here. "Thanks kids...Uncle just loves to clean stubborn spyware off computers."

Cricket

[HAL9000]

My wife ended up picking up that stupid Spyware Sherriff the other day.... she was looking for something that she shouldn't have been.

[RevCLB]

Thanks Cricket. Bookmarked this so I can study it more. Thanks again.

[rspassey]

Me = Lucky... as well as all the PCs I have serviced for spyware. I don't think I have had to deal with any of those spyware. Unfortunetly, some can't say the same.

[Alaron]

I got that SpySheriff once. I've fought off spyware before, but that one was easily the worst one. It installs a program to make it look like its trying to find spyware, when in fact it is installing more spyware!

[Cricket]

The thing that gets me is these things are drive-by silent installers that don't use those stupid popup ads that push these products. My niece told me she didn't get any of those "Your computer is infected, click here..." popups. She said she was surfing the web and then the computer froze up a bit while they just installed themselves silently and then on the next reboot the desktop wallpaper changed and then a popup saying "Virus alert! Click here to get the best anti-virus solution available yadda yadda yadda..." kept popping up over and over and over...ugh...took me two mornings to clean those stupid things up.

Cricket

[rspassey]

Ouch, sounds frusteration Cricket. What firewall are you running?

[786ARS]

another one is winfixer, it looks like a program but is actually a webpage, and some people might actually think it is a program, and therefore click the window and be covered in a landslide of spyware.

786ARS

[rspassey]

Quote:

Originally Posted by 786ARS the easiest way to stop the problem is get FIREFOX, that way you dont even need a firewall, its soooo much more secure...or get a mac

Okay, you use Firefox and disable your firewall for a few weeks and play around on the web as you normally would, and see how it turn out . I am not saying that FF isn't a decent way of preventing some forms of spyware, but a firewall is also an essential utility to have.

[Cricket]

Quote:

Originally Posted by ryan124712 Ouch, sounds frusteration Cricket. What firewall are you running?

All my computers are behind a NAT router and have WinXP SP2's firewall enabled. The computers all have SpywareBlaster, SpywareGuard, MS AntiSpyware, CookieWall, IE Spyad, a modified HOSTS file, a Block List file, AVG, Ad-Aware SE, Spybot S&D, Ewido (all updated several times a week and scans run almost daily) and the latest MS Critical Updates...it's not like these computers aren't protected.

Cricket

[rspassey]

Quote:

Originally Posted by Cricket All my computers are behind a NAT router and have WinXP SP2's firewall enabled. The computers all have SpywareBlaster, SpywareGuard, MS AntiSpyware, CookieWall, IE Spyad, a modified HOSTS file, a Block List file, AVG, Ad-Aware SE, Spybot S&D, Ewido (all updated several times a week and scans run almost daily) and the latest MS Critical Updates...it's not like these computers aren't protected. Cricket

That is interesting. I have am behind a smoothwall firewall and router, with ZA, spyware blaster, ewido, AdAware, SB, and Avast and use FF and for the last 3 months haven't even had a tracking cookie picked up in Adaware. I too update as often as possible and run daily scans on all my anti-bad programs except my Avast, which I do once a week.

[HAL9000]

HA!!.. Firefox... I'll say Flawedfox here... my wife heard how good it was against that stuff and asked to use it... nailed with an exploit... she's gone back to IE as I have always said... the ONLY safe browsing involves safe browsing habits.

[rspassey]

Quote:

Originally Posted by HAL9000 the ONLY safe browsing involves safe browsing habits.

Too True.

[blue60007]

Quote:

Originally Posted by HAL9000 the ONLY safe browsing involves safe browsing habits.

Yeah, you said it! I've heard people at school complaining, "Oh xxxx Anti-virus sucks, I just got a bunch of virus". I couldn't help but thinking, "well, either they haven't updated it in 3 years, or they went off and downloaded the latest songs off you know what".

Some people aren't educated about using firewalls, anti-virus software, and what not - and they get viruses.

Others think a good anti-virus/firewall package is magic and makes them invinsible from viruses and what - and they get viruses because either they don't bother to update, or they think they can go off and do stuff that would otherwise get them viruses for sure and not get the viruses (when they infact do get them).

[SGS]

As it points out in the article, the SpySheriff/Psguard/Spy Axe/Spy Trooper/etc. types of infections are all basiclly smitfraud. One of the biggest malware problems this year.

Smitfraud along with CoolWebSearch are activex downloads. I have never seen a computer that is running Fire Fox get infected with either of these. I have deliberately tried to infect my test computer, while using FF and just can't do it. It's easy to infect it while using IE (with default settings) though.

"Safe browsing" is a good start, but it's not everything.

[Cricket]

Yeah, that's the culprit...smitfraud...I found this information while doing research about it and it helped to get those things off my computer. Basically had to run everything twice from Safe Mode, reboot a couple of times, manually edit the Registry and manually delete some files from the system32 folder before I got the computer clean.

I may have to go through that all over again too...my niece and nephew are visiting again...oh boy...

Cricket

[rspassey]

Quote:

Originally Posted by Cricket I may have to go through that all over again too...my niece and nephew are visiting again...oh boy... Cricket

Good Luck!.... Perhaps you could pick up a 10GB harddrive and install Ubuntu or something on it and let them use that instead of your drive... That is what I would do.

[HAL9000]

Quote:

Originally Posted by SGS Smitfraud along with CoolWebSearch are activex downloads. I have never seen a computer that is running Fire Fox get infected with either of these. I have deliberately tried to infect my test computer, while using FF and just can't do it. It's easy to infect it while using IE (with default settings) though.

1) Obviously means there is a java varient, java being enabled by default on FF. Active X is not the only way to get something to execute on a computer, it's just pushed that way to all those that don't like IE so you develop a false sense of security with browser X.

2) Default settings with IE SP2 DO NOT have Active X allowing download without permission.

3) Yes, the only TRUE "safe browser" involves safe browsing habits. FF (or Browser X for that matter) is not as secure as everyone thinks and as it becomes more and more popular, more and more exploits are being found.

[Cricket]

Quote:

Originally Posted by ryan124712 Good Luck!.... Perhaps you could pick up a 10GB harddrive and install Ubuntu or something on it and let them use that instead of your drive... That is what I would do.

Nah, that computer is actually there for them to use when they come to visit. I have 3 other computers here so it's okay if that other one gets messed up. Besides it's helpful for me to see that kind of stuff because I know I'll be cleaning it off other people's computers soon enough. At least I have an idea how to tackle the problem and how long it'll take.

Cricket

[rspassey]

Quote:

Originally Posted by Cricket Nah, that computer is actually there for them to use when they come to visit. I have 3 other computers here so it's okay if that other one gets messed up. Besides it's helpful for me to see that kind of stuff because I know I'll be cleaning it off other people's computers soon enough. At least I have an idea how to tackle the problem and how long it'll take. Cricket

I was thinking of the same thing... To build a very cheap or pick one up second hand to work on removing the latest spyware and virus crap to facilitate the process of removing it on other computers.

[David M]

It has been my suspicion that a significant amount of anti-virus, anti-spyware and ad-killer software has not been on the up and up. Now my suspicions have been confirmed. Thanks Cricket for this very valuable thread.

The people who write viruses, spyware and advertising software drive an entire anti-industry in a seemingly symbiotic relationship.

Perhaps a sticky of a link to the Rogue/Suspect Anti-Spyware Products & Websites, website might be of help to others?
http://www.spywarewarrior.com/rogue_anti-spyware.htm

[rspassey]

Quote:

Originally Posted by David M Perhaps a sticky of a link to the Rogue/Suspect Anti-Spyware Products & Websites, website might be of help to others? http://www.spywarewarrior.com/rogue_anti-spyware.htm

WOW, thanks David... it looks like I have some work to do to load up those Domains so I can block them from establishing a connection with my PC.

[786ARS]

i have lesrnt the hard way about firewalls, first computer, i was naieve and ended up with a load of spyware that took a week to sort out,m but i seem to be mansging fine with my x64bit win pc with firefx and no extra firewall. and justa a normal built in virus clearner and spybot s&D. 3 months now and not a single problem.
786ARS

[catacon]

I am behind the Windows Firewall, a router, and am looking for another firewall just in case. I use FF and run Spybot S&D even day and have avast! Home Free running. No problems here. I agree with HAL, though, if you go and download a bunch of crap from sites you have never heard of before and expect not to get anything bad, you're in for trouble.

I do think IE causes some problems, though. I just reinstalled Windows and used IE while downloading Spybot, avast!, etc. and Spybot found about 10 things already wrong just from that short amount of usage. I dunno, maybe I just wasn't careful enough.

[SGS]

Quote:

posted by Hal9000 Obviously means there is a java varient, java being enabled by default on FF

I'm not really sure what you're saying here. There is no Java variant of either CWS or smitfraud that I'm aware of.

I think the reason that FF is considered to be a safer browser is the lack of ActiveX ability. Over the past few years CoolWebSearch has been one of the biggest malware problems. You can't get it using FF. You can get it using IE. This year smitfraud has been a pain in the collective butt of the internet. You can't get it using FF. You can get it using IE. Now this new 0 day exploit is hitting the internet. You can get it using IE but the new version of FF isn't susceptible.

FF sure seems safer.

[HAL9000]

I will repeat myself here... Active X is NOT going to allow a download WITHOUT your permission if you are running SP2 which you should be regardless.

FF is NOT a 100% secure browser... there is NO such thing... and when Spy Sheriff shows up on a computer when somebody isn''t using the IE (a check of history shows that and where it was picked up) it's a no brainer to see where it came from. Just because one isn't aware of an existance, doesn't mean that somebody hasn't figured out a way around another browser.

Living in a false sense of security with a different browser is a dangerous way to surf... education is what keeps one from becoming infected.

While on the subject, although it's not directly related to FF, but rather older versions of Java... take a look at this article to see how Spy Axe was installed on somebody who felt they were in a totally secure browsing world.

[TwoRails]

Thanks for the post, Cricket! It's a keeper

[Cricket]

Quote:

Originally Posted by HAL9000 Living in a false sense of security with a different browser is a dangerous way to surf... education is what keeps one from becoming infected.

Or not being connected to the internet at all .

Quote:

Originally Posted by HAL9000 While on the subject, although it's not directly related to FF, but rather older versions of Java... take a look at this article to see how Spy Axe was installed on somebody who felt they were in a totally secure browsing world.

Wow...this guy really thought he was safe. Gee, talk about a false sense of security. And I see in one of the comments that one person thinks she's safe because she's using Opera. Guess she didn't quite get the point of the article.

Cricket

[HAL9000]

EXACTLY.... Too many people go on and on about how FF or Opera or Browser X is "safer" than IE... but what people hear is "IE WILL get me infected, Browser X will keep me 100% safe"...... I've even met people that STOPPED running an AV and firewall because they were running FF and insisted that I was the crazy one because I was still running an AV when all I needed was a different browser. They figured wow, everyone says how safe it is, I can free up resources and drive space by getting rid of UNNECESSARY firewalls, spyware progs, and AV's.

[rspassey]

Quote:

Originally Posted by HAL9000 I've even met people that STOPPED running an AV and firewall because they were running FF and insisted that I was the crazy one because I was still running an AV when all I needed was a different browser. They figured wow, everyone says how safe it is, I can free up resources and drive space by getting rid of UNNECESSARY firewalls, spyware progs, and AV's.

This is another thing that gets me - but heck, doesn't bother me when people get infrected for senseless actions like that - Just helps keep the businesses which specialize in virus and spyware removal running.