Curse

Brianna · Jun 01, 2008, 06:28 AM // 06:28

I think have Ad-Ware on my PC now, and I need suggestions to remove it.

I have Ad-Aware SE 2007 on here, but it messed up Vista when I ran it.. I got like 20 stop codes or something saying host processes cant start, and the scan was really slow and bogged out..

Any help is appreciated.

EDIT: Basically while my browser is up, I just get random popups, primarily in new windows. And since my browser is nearly always up, I don't know if it happens while I'm on my desktop, but I am suspicious because it's happened 3 times now and just a few ago it happened when I opened MSN.

I have Google Toolbar installed apparently, bad? Uninstall? My other computer with FF doesn't have it installed, I have no idea how it got on here.

Snograt · Jun 01, 2008, 07:07 AM // 07:07

All I can think of is to install AdAware free, the latest 2008 version. Spybot S&D on top of that should find and remove pretty much everything.

I'm just running NOD32 these days (plus Comodo for a firewall) - I don't know if I'm running the risk of adware, but I think NOD clears out most crap like that.

Try Tarun's site - he seems to be an expert on malware.

[edit]I never install any toolbars - what does Google toolbar actually do anyway? FF and IE can both have their default search set to google anyway - mine are.

[editt]Link to Spybot - http://www.safer-networking.org/en/download/index.html Can't link to the latest AdAware - this work PC isn't too good with java, but check http://lavasoft.com

Luce · Jun 01, 2008, 07:22 AM // 07:22

Try using Windows Defender and maybe try using SpyBot too. You can also just goto download.com and look through the spyware section.

Brianna · Jun 01, 2008, 07:29 AM // 07:29

Says that Symantec found a Spybot Worm thing named W32.Spybot.Worm - rBot.exe one month ago..

Symantec on my other computer found it too, it came from limewire.exe or something, i haven't used limewire in a million years.. so it must be from some old hard drive I had around.

I am going to lunarsoft.net yeah.. I really need Tarun's help right now.

But I think I'm going to F-Disk every comp and hard drive I have soon, I'm way too paranoid about having potential crap floating around, I never would have even known that this spyware was around. According to Symantec's auto-protect statistics, it caught the spyware trying to edit registry keys - stopped it - deleted the keys - and dealt with it apparently.. And all of this was under the cover, a month ago. But I don't know what to do still.

NeonXero · Jun 01, 2008, 08:29 AM // 08:29

I frequently use:
Lavasoft Ad-Aware
Spybot S&D
CCleaner
AVG Free 8

Those things all seem to do a good job keeping everything in line, but sometimes it just is necessary to format. I had a big mess with formatting this computer (macbook pro) - both the mac and windows partion (NTFS and HFS) as well as my external, which was in FAT32 to support both operating systems. I did back stuff up, but the recovery process effed up... and I lost some data

Not sure how I got onto that... but yeah, good luck.

Snograt · Jun 01, 2008, 08:35 AM // 08:35

Apparently, the W32.Spybot.Worm is a different trojan to rbot.exe - you may have had 2 there.

The first one is either contracted via the kazaa network OR mIRC. RBot is spread by Messenger, or by any open network shares (so could be LimeWire again, I suppose)

Brianna · Jun 01, 2008, 08:38 AM // 08:38

Well, I have calmed down some so now maybe I can explain things better.. I tend to freak out in bad situations.

Basically there is some file or something that I had backed up - and transferred it over somehow to my other computers. I believe this infected file came from an older hard drive that had some pretty odd stuff on it - I used to be really stupid with computers.

So, basically, Symantec has an auto-protect feature that scans and blocks anything trying to harm my files - and what happened was just that, both of my computers caught it, and got rid of it. Else I'd be in some deep doo-doo, but into further inspection of the way the system works on it, it told me to delete the backup copy too as it can still contain the infected file, so I did that, now everything appears to be clean and multiple scans don't pick anything up.

Later, I am going to boot up XP on this machine and see if that hard drive caught the file too, I haven't used it in months so we'll see what it finds, but both of my computers found that virus on the same exact date, so It's making me suspicious.. Either way.. I'm going to try to get some more anti-spyware and anti-adware programs to run later - Ad-Aware 2007 borks my Vista 64 bit so that is a huge no-no right now. I'll figure something out, hopefully Tarun runs by.

Snog;

*I have used mIRC in the past.

*I have used Limewire.

*I do use Instant messengers such as MSN, Yahoo, Skype, and AIM.

My friend told me the same thing when he looked up that baddie, so I'm assuming that what you say is correct - and I indeed did get it via one of these sources. However I am most likely assuming it was limewire because the other computer picked it up as limewire.exe (it doesn't have limewire on it, the old backup drive did, which used to be plugged in but a while ago I removed it.) and I have only briefly ever been on IRC, and never clicked links or files from IRC. I have transferred files Via my IM's with friends, so there is some likely hood there too. But I can't be certain at all, I will have to find some way to find out the real source. As for now, all limewire related folders will be deleted from the system, even after scanning the old MP3's in there too. I still can't believe myself for actually using that garbage in the past.. but I have since learned.

KZaske · Jun 01, 2008, 08:39 AM // 08:39

I use Spybot S&D, but I do not leave it running all the time. For 64Bit (I think you said you were using a 64bit OS) try Avast, AVG is nice but 64bit support is a little iffy last I knew it was not supported, but not sure about version 8. If you are willing to pay there is always Nod32, one of the best out there.

Brianna · Jun 01, 2008, 09:27 AM // 09:27

Bah, well apparently this all happened in April, a month before I thought.

So after two months.. it wold seem logical that by the history of events that my AV already dealt with it, and it is long gone. I would assume so at least.

We shall see. Is it safe to assume that I am fine by now? I feel it's kind of daft asking that, but the infection has not shown any signs since, and I have had no troubles - I never knew it was even there and that my AV did any of this, so for two months I was in the dark about it, and if everything has been fine for that long, I think I'm ok.

As for Ad-Ware, still unsure about that, but I'm less worried about that.

Snograt · Jun 01, 2008, 09:48 AM // 09:48

Should be fine. The paranoia method is to temporarily disable System Restore and run all your AV and malware checks in safe mode. That should get pretty much everything.

Those who know say NOD32 is the best AV protection - use the version without the firewall though. Comodo is a good bet fore a reliable and free firewall. NOD32 costs, but is well worth it. Defeats as many viruses as anything else on the market and has a VERY low footprint, that is it doesn't hog resources like most do.

Brianna · Jun 01, 2008, 09:56 AM // 09:56

Thanks for the tip, I'll look into NOD32 later.

I kind of have anxiety.. so paranoia is a word I know all too well. I suppose that I will run a scan in safe mode to be sure - however, System Restore has long since made a lot of backup points since the infection was last detected two months ago, so if anything was done there, it's done.

I am still most likely going to reformat and purge every file that I have left to make sure these things are gone, and this is the first infection I have had in two and a half years.. so it's pretty spooky for me, I'm most likely going to up my security as much as possible.

Snograt · Jun 01, 2008, 10:16 AM // 10:16

You mention you have no problems with your "other" PC that runs FF. What are you running on this PC? IE, or something esoteric like Safari or Opera?

You know, the easiest solution is to run FF on this system too - download the V3 release candidate NOW, then upgrade to the "proper" version shortly. It's amazing now - pisses all over IE8.

Oh, and let it block pop-ups - it does that well

Brianna · Jun 01, 2008, 10:21 AM // 10:21

Well, I think I may have jumbled things in my rush.

Both of my systems run FF2, and they both run the same AV, however Vista uses its built in firewall, because the Vista version of my AV doesn't have one supplied.

Pretty much the only problem on my other computer is that I can't watch youtube because it keeps telling me to update flash, and I have 10000 times, and rebooted, the 9 yards. Does the same thing on IE and FF, so I don't know what that problem is - but that is irrelevant.

I kind of refer to one PC or another because I use them to differ problems from eachother.. to maybe pinpoint things, but it's also 3:21 AM and this is the latest I've been up in ages.. seriously need some sleep.

awesome sauce · Jun 01, 2008, 03:41 PM // 15:41

To avoid getting malware in the future, I always scan everything suspicious under 10 mb at virusscan.jotti.org. You upload the .exe / .zip / .xxx and it scans it with 20 different programs.

lord_shar · Jun 01, 2008, 04:01 PM // 16:01

I'm running McAfee Antivirus and SpywareDoctor together under Vista32 Premium. It's been able to intercept everything so far. SD can also detect rootkits.

SD does have a try-before-buying demo... perhaps you can use it to identify the exact Adware title that infected your PC. It receives updates pretty much every other day. You can download it from www.pctools.com.

Snograt · Jun 01, 2008, 04:22 PM // 16:22

Quote:

Originally Posted by lord_shar

It's been able to intercept everything so far.

...as far as you know.

That's the problem, if a virus gets through, you wouldn't know until it unleashed its payload on you.

McAfee has gone downhill a lot. SpywareDoctor gets laughed at by the malware experts. Try looking up some independant virus/malware detection rate comparisons - some products out there are shockingly bad.

AV comparisons - http://www.av-comparatives.org/seite...se_2008_02.php

Firewall comparisons - http://www.matousec.com/projects/fir...ge/results.php (scary)

Hmm, matbe SD isn't too bad - it's hard to find a definitive comparison that includes it. I'm keeping my eye on http://www.antispywarecoalition.org/ - will be great when they finally get off their butts and actually DO something!

lord_shar · Jun 01, 2008, 04:59 PM // 16:59

Quote:

Originally Posted by Snograt

...as far as you know.

That's the problem, if a virus gets through, you wouldn't know until it unleashed its payload on you.

McAfee has gone downhill a lot. SpywareDoctor gets laughed at by the malware experts. Try looking up some independant virus/malware detection rate comparisons - some products out there are shockingly bad.

All the google searches I ran on SD 5.5 / 2008 were above-avg to very-good (PCMag, ZDNet, etc...) The bad reviews I did find were from older 2005 versions.

Webroot's SpySweeper was top-ranked according to this list:

http://anti-spyware-review.toptenreviews.com/

However, I didn't find any real-time scanning with Spy Sweeper on the version we run at work, so I don't know what to think of it. I also found some errors in their SD review, like scan-scheduling being absent (it's actually there... found it very quickly too).

From what I've seen, the rankings can shift very quickly depending on version#'s and reviewers, so I try not to put to much faith on any one source.

EDIT: Lastly, SD intercepted some spyware payloads on guru's ad-banner above a few times last month. Not sure if you guys have corrected this, but I'm using Firefox with No-Script enabled just to be safe for now.

I also forgot to mention that SD isn't all that good for viruses since anti-spyware is its focus. However, it does a decent job in that department

Snograt · Jun 01, 2008, 05:08 PM // 17:08

Yeah, after some research it appears I may have been a bit harsh on SD. Where's that Tarun when you need him?

Brianna · Jun 01, 2008, 05:43 PM // 17:43

Last night I came to a realization, I know what the spyware was from.

I was trying to get a song back then, and my brother gave me a limewire installer stub thing, and when I transferred it over to my computer, Symantec went haywire and all up in arms, blocking it and stuff. It did this on both computers so I'm assuming it was bad, and that is why both computers detected it on the same date. Thing is, is that I wasn't actually going to use it, because by the time I got it on my PC anyways I decided I didn't want to download the song from there, because I knew that I could probably get infected.

So basically it was limewire indeed, and I told him that it may have a virus but he said it didn't. He uses McAfee on Vista 32 bit as well, I tried it a long time ago but didn't trust it. Either his AV didn't catch the spyware, or it is a false-positive on my end.. but I'm kind of doubting that it's a false positive.

Snograt · Jun 01, 2008, 05:55 PM // 17:55

I think sometimes the limewire stub installer itself gets flagged as malware - best to be safe, of course