Curse

Brianna · Jun 01, 2008, 06:04 PM // 18:04

Well, if it was a false positive, it was definitely a sign!

But considering that the statistics show it was trying to edit registry keys, and Symantec deleted those keys that it made, then I'm assuming it wasn't judging by all of it's activity.

I still need to make sure I don't have ad-ware, I'm noticing a lot more popups than I ever got before, they blow right through FF's popup blocker.

Tarun · Jun 01, 2008, 06:15 PM // 18:15

I'm here Snograt. Been very busy with my website and other issues as of late. Brianna made a post on Lunarsoft that I've been monitoring since I got up this morning.

SpywareDoctor and SpySweeper are garbage. SpywareDoctor is very well known among knowledgeable technicians for having copious amounts of false positives. Toptenreviews is pretty well known for being paid to raise the results of applications being reviewed. They've ranked Symantec/Norton stuff number one before. Same happens with magazines like PC Magazine and all those others. Yeah, I'd really want to trust the word of companies who accept money to raise ratings for products.

Malwarebytes Anti-Malware is an excellent anti-spyware and anti-adware application that takes care of more than what Ad-Aware used to get. The newer Ad-Aware versions are becoming bloated. Spybot still does an excellent job, though I personally think it's long overdue for a major overhaul. It feels like it has a Windows 95 interface.

Don't worry Brianna, I'll help you get your computer fully cleaned and help you tighten the security.

Snograt · Jun 01, 2008, 06:21 PM // 18:21

Thank god for that - I thought I was going to have to trawl for information for ever

Tarun · Jun 01, 2008, 06:56 PM // 18:56

Snograt, I've been slower on here to reply as I've been working on a project to help ease my work load and reduce bandwidth usage on my website.

I'm sure you and others are most likely familiar with my Anti-Malware packages. It started as one package called "AllApps.zip". To try and meet users needs I later changed this to the existing Anti-Malware packages, each one classified by a name such as Lite, Standard, Full and Professional. Over time, two of them became the exact same, so now there's Lite (appx 20MB), Standard (appx 40MB) and Professional (appx 50MB). It has become a tedious and very long process to update these programs. Mainly uploading them to my website at 50KB/s. 110MB at 50KB/s takes a while.

I have a program in development that will be able to help ease the bandwidth and space usage on my website and also allow people to only download the applications they need. I have some big plans for it as well to make things very easy for the user.

It will need .NET Framework which isn't really a problem anymore. It's becoming a standard for pretty much every mainstream OS. It has been tested and works on Windows 98SE through Windows Vista.

More information can be found here:
http://lunarsoft.net/forum/index.php?showtopic=1323

Brianna · Jun 01, 2008, 06:59 PM // 18:59

Is it safe to delete all of the items in the temp folder? C > Users > Me > AppData > Local > Temp?

Tried anyway, says that some things can't be deleted because they are in use.

Tarun · Jun 01, 2008, 08:15 PM // 20:15

Yep, nothing is meant to stay in the temporary folder.

Used to see people complain on CCleaner forums because they actually kept all of their important documents in the Temporary folders, then ran CCleaner and it deleted them. They blamed CCleaner for their own foolishness.

Brianna · Jun 01, 2008, 08:18 PM // 20:18

Well, by saying ''They kept" that implies that they put their stuff in the temp folder willingly?

I just don't want to delete something I need, that is all I care about.

lord_shar · Jun 01, 2008, 08:45 PM // 20:45

Quote:

Originally Posted by Tarun

...<SNIP>...

SpywareDoctor and SpySweeper are garbage. SpywareDoctor is very well known among knowledgeable technicians for having copious amounts of false positives. Toptenreviews is pretty well known for being paid to raise the results of applications being reviewed. They've ranked Symantec/Norton stuff number one before. Same happens with magazines like PC Magazine and all those others. Yeah, I'd really want to trust the word of companies who accept money to raise ratings for products.

I've encountered 1-2 false positives in the time I've used SD, so I agree with the above. I finally had to go in and manually exclude the file generating the alerts. SD also has a few modules that cause problems for Vista (file guard is one of them -- had to shut this down as well to speed up network file access). Still, SD was pretty useful for the most part, but I agree there are better options

Quote:

Originally Posted by Tarun

Malwarebytes Anti-Malware is an excellent anti-spyware and anti-adware application that takes care of more than what Ad-Aware used to get. The newer Ad-Aware versions are becoming bloated. Spybot still does an excellent job, though I personally think it's long overdue for a major overhaul. It feels like it has a Windows 95 interface.

...<SNIP>...
---------------------

I'm sure you and others are most likely familiar with my Anti-Malware packages. It started as one package called "AllApps.zip". To try and meet users needs I later changed this to the existing Anti-Malware packages, each one classified by a name such as Lite, Standard, Full and Professional. Over time, two of them became the exact same, so now there's Lite (appx 20MB), Standard (appx 40MB) and Professional (appx 50MB). It has become a tedious and very long process to update these programs. Mainly uploading them to my website at 50KB/s. 110MB at 50KB/s takes a while.

I have a program in development that will be able to help ease the bandwidth and space usage on my website and also allow people to only download the applications they need. I have some big plans for it as well to make things very easy for the user.

It will need .NET Framework which isn't really a problem anymore. It's becoming a standard for pretty much every mainstream OS. It has been tested and works on Windows 98SE through Windows Vista.

More information can be found here:
http://lunarsoft.net/forum/index.php?showtopic=1323

Lots of info to digest, but looks good

Brianna: CCleaner is fine. Many malware payloads enter your PC through the IE temp folders in your user-profile. CCleaner can clean them off before launching if you're proactive in using it.

EDIT: Give Netcraft Toolbar for Firefox and McAfee Site Advisor a try if you don't already use them. I'm finding them both very useful for identifying bad sites before even clicking on them from a google or yahoo search page.

Brianna · Jun 01, 2008, 09:34 PM // 21:34

Yeah I like McAfee site adviser, that is a good tool.

I do have CC cleaner installed on all my pc's, I should run that.

Tarun · Jun 01, 2008, 09:39 PM // 21:39

I'd avoid toolbars like the plague. I don't care how good the reputation may be, it's a toolbar that hooks into Windows Explorer (because Windows Explorer shares the Internet Explorer core) which can cause a user tons of problems just trying to browse their folders.

In Firefox, toolbars may be a bit safer though I really wouldn't use them. In fact, I only have one toolbar installed for my Firefox and it's to work on my website (Web Developer Toolbar) and even then I turn off the toolbar completely.

Brianna · Jun 01, 2008, 09:47 PM // 21:47

It says I have google toolbar for IE, but I don't use IE.

I can probably remove that from the ''Add / Remove programs'' list then.

Malice Black · Jun 01, 2008, 10:22 PM // 22:22

The Goggle toolbar always reappears even after uninstalling

I just left it, doesn't appear to do any harm. All scans show up clean. I run CCleaner everyday, and have Spybot etc set to run on a daily basis too.

Tarun · Jun 02, 2008, 12:06 AM // 00:06

Malice, try Toolbar Uninstaller.

SnipiousMax · Jun 03, 2008, 02:29 PM // 14:29

Just to drop a few more names:

Superantispyware is great
Spyware Terminator (you don't necessarily have to set up real-time scanning, just run the on-demand scanner)
A-squared (it's really a slow scan, but it's pretty through. It's also aimed at scanning for Trojans/dialers/worms.)

You could also use HijackThis as kinda a last ditch effort. It doesn't just list malware, it lists a bunch of stuff, so you'll have to do some google searching for HJT logs to see if anything on the list has been identified by others as adware/spyware. There are whole forums devoted to looking at HJT logs.

Finally you can use Revo Uninstaller and something like Task Killer to look through your installed programs and processes. If you find something that looks suspicious, just do a google search and see what others have said about it.

It might also not be a bad idea to clear out all of your temp files, cookies and such with Ccleaner.

If none of that takes care of it, then I'm not sure what else you can do.

*Edit*
Revo Uninstaller does a good job of removing Google Toobar, as it removes everything associated with the program.

Tarun · Jun 03, 2008, 02:50 PM // 14:50

A-Squared is a horrible scanner, and Spyware Terminator is a delisted rogue.

SnipiousMax · Jun 03, 2008, 03:01 PM // 15:01

Quote:

Originally Posted by Tarun

A-Squared is a horrible scanner, and Spyware Terminator is a delisted rogue.

It's been cleared by Spyware warrior. And it was only ever suspect, they had never really found any need for concern in any of their testing. I think it's still a slick program.

Quote:

Note on SpywareTerminator: We originally listed Spyware Terminator on this page out of concerns that Crawler, the company behind the product, had established connections with IBIS, a well known adware distributor responsible for such adware programs as Wintools, Websearch, & Huntbar. Although we found no problems in our initial testing with Spyware Terminator, and while the vendor itself announced that it was exiting the adware business (1), we decided out of caution to impose a three month probation period before we would consider re-testing and, if warranted, de-listing the the product from the Rogue/Suspect list. During that three month probation period we monitored the behavior of IBIS and Crawler. At the end of the three month probation period we re-tested Spyware Terminator, again finding no problems serious enough to justify listing the program on this page. As the vendor involved has not been involved in the distribution of adware for many months, and as the program itself exhibits no problems serious enough to warrant mention on this page, we have decided to de-list Spyware Terminator from the Rogue/Suspect list and can no longer regard the program to be "rogue/suspect."

A-squared has also been recently updated, it's much better now.

Tarun · Jun 03, 2008, 04:41 PM // 16:41

I know SpywareWarrior cleared it, thus why I said it was delisted.

I wouldn't recommend something that was once a rogue application to anyone. That's asking for trouble.

a-squared has tried to make a hijackthis replacement and other anti-malware applications. None of which have been up to par.

SnipiousMax · Jun 03, 2008, 05:24 PM // 17:24

Quote:

Originally Posted by Tarun

once a rogue application

It wasn't rogue for anything beyond vague suspicions into the parent company's other business connections (see above post) two years ago. It was only listed for three months as a precautionary measure. This is a completely different version of what was listed back then, the company's been clean, and this version has gotten nothing but good reviews that I've read. I'd understand your reservation if the program had been caught loading adware, blatantly ignoring adware, acting like malware itself... but it wasn't. It's effective, it's light and has tons of options.

Regardless, I like to rotate my Adware/spyware protection every so often. No one program is completely foolproof, and I like to scan with two or three programs just to be sure.

The Way Out · Jun 03, 2008, 05:36 PM // 17:36

At this point, your system is compromised somehow. Because you are here asking us for help, I would suggest trying this first...

http://housecall.trendmicro.com/

Once this is done, come back here and let me know. I will help you a bit more.

A-squared blows.

Brianna · Jun 03, 2008, 06:24 PM // 18:24

Heh, well It started out by me thinking it was ad-ware, which seems to be cleared up now. Then I found that old spyware and freaked out, but that is long since gone and I'm not worried about that bit anymore, I also cleaned up anything that could still be related to it and ran some more scans, and it comes up with nothing.

But, at least some new programs were suggested to check out, because it's not to say that I won't get anything in the future - I'll have more tools at disposal now.