A new record

[Menno Hershberger]

New record for me anyway... however someone in alt.privacy.spyware claims
to have topped me.. And I'm sure they did.
http://www.mewnlite.com/aaw.gif
Anyway, to make this "on topic" I ran SpyBot S&D next (another 200 hits),
and finally MSAS which got another 300+ hits.
It was Service pack one, and I didn't want to do the SP2 update till I got
it cleaned up a bit. And I didn't want to install MSAS until after the SP2
upgrade. Otherwise I'd have run MSAS first. The next one I get in like that
I'll try MSAS first.
AdAware just froze when I tried to delete all those at once. I had to go
back and nibble at them... about 750 at a time, until I finally got them
all.

 

[Andre Da Costa]

I would just do a format instead.

 

[plun]

I would just do a format instead.

Hi

Why format ?

MSAS can´t for sure handle this but a combination with
MSAS, Adware and Spybot fix this.

A normal PC used perhaps 1 year has 500 to 700 hits
when you first time runs a anti spywareprogram.
I´ve seen this many times.

If you open your eyes and look a little bit longer then
Microsofts world you will see this. Im sure !

Happy hunting.......

 

[Bill Sanderson]

Good one. Want to charadterize the human bean that managed to acquire all
that stuff?

I haven't seen any issues here that I can tie to a given SP level,
fwiw--i.e. I think it works well regardless.

The ability to clean bit by bit is definitely a strength of Ad-Aware.

 

[AndyManchesta]

I have to agree with Andre on this one,The amount of
damage and time it would take to clean isnt worth the
effort in my opinion.A format and clean install plus
reloading all your software would be far quicker,even if
you could manually remove the entries the damage that
half these programs could of caused will still be there
to haunt you,A lot of these could of opened ports or
affected hosts and system files so only time would tell
if everything is completly gone.
Adaware is good but doesnt remove everything so there
could be tons more stuff that is hidden even on Virus
scans.I helped with a promlem the other day that was
tricky but showed just basic adware using spybot,adaware
and cwshredder but using various other programs we then
revealed worms,viruses,search,host & domain hijackers
plus other malware files and security settings had been
changed to restrict the user getting to control panel and
internet options,even after removing the malware these
settings stayed in place but once found we reset
everything easily enough,Im still advising that user as
even though they thought everything was fixed there is
still some issues that need repairing in all the logs i
received of them.
So i wouldnt assume adaware has repaired your problems
even if you use adaware,spybot,cwshredder,MS
antispy,Trend Housecall etc... and they all show clear
there is alot more that can be happening without being
detected and think Andre's advise of a fresh install
would be best in this case and then getting the right
protection before going onto the net once clean

Regards Andy

 

[plun]

Hi

Well, say that to a user with no backups.................

And this is not a problem, it only takes some time to clean.

If don´t have time, Format.

 

[Menno Hershberger]

Good one. Want to charadterize the human bean that managed to acquire
all that stuff?

A guy with a wife and two sons... 12 & 14, all with different user names.
Judging by the IE histories, the boys are both sex maniacs, and the wife
likes to gamble. The "guy" is into sports stuff.
I have now got it cleaned up. They were using AOL, dialup, but are going to
DSL now. AOL had put a proxy (localhost actually) in Internet Explorer.
After all the cleaning, one account was still hijacked. I finally got rid
of that with HiJack This. Notepad.exe got cleaned out, but I got that
replaced OK. Actually it came out pretty good. I've had lots of them with
lots less that I gave up on and went the format route. In those cases, I
clone their drives to a spare and then get their documents, favorites, emai
back off the cloned drive.

 

[Bill Sanderson]

A guy with a wife and two sons... 12 & 14, all with different user names.
Judging by the IE histories, the boys are both sex maniacs, and the wife
likes to gamble. The "guy" is into sports stuff.
I have now got it cleaned up. They were using AOL, dialup, but are going
to
DSL now. AOL had put a proxy (localhost actually) in Internet Explorer.
After all the cleaning, one account was still hijacked. I finally got rid
of that with HiJack This. Notepad.exe got cleaned out, but I got that
replaced OK. Actually it came out pretty good. I've had lots of them with
lots less that I gave up on and went the format route. In those cases, I
clone their drives to a spare and then get their documents, favorites,
emai
back off the cloned drive.

Well-the plus of DSL is you may hear from them sooner rather than later--it
takes a lot less time to muck up a machine at higher speed. I've heard that
the newest AOL versions are much improved--and might even help them out
rather than get in the way. Lets hope they can keep the kids in line a
bit--that can be dangerous territory, even with all the right gear in place.

 

[Ron Chamberlin]

Menno,
Did they learn anything from their adventure?

Ron Chamberlin
MS-MVP

 

[privatenews.microsoft.com]

--

--- A Freudian slip is when you say one thing but mean your mother. ---

I thought that a Freudian slip is long female underwear sprinkled with cigar
ash. I learn something new everyday...

 

[privatenews.microsoft.com]

Hi

Well, say that to a user with no backups.................

external drive and cobian backup

 

[Menno Hershberger]

They haven't come after it yet. But *I* sure did!
(Those boys won't be happy campers)

Menno,
Did they learn anything from their adventure?

Ron Chamberlin
MS-MVP

 

[Menno Hershberger]

Well-the plus of DSL is you may hear from them sooner rather than
later--it takes a lot less time to muck up a machine at higher speed.
I've heard that the newest AOL versions are much improved--and might
even help them out rather than get in the way. Lets hope they can
keep the kids in line a bit--that can be dangerous territory, even
with all the right gear in place.

Virus definition subscription had been out for over a year. There was no
kind of antispyware installed. It was SP1 with NO updates done, not even
the ones for SP1. How they escaped Blaster and Sasser is beyond me.
It's going home with SP2, Norton Internet Security, and MSAS for real
time protection, plus AdAware, Spybot S&D, and SpywareBlaster which
they'll probably never run. And two limited accounts with parental
controls. I have no idea how effective that is, but if there's a way to
get around it, those boys will find it. The parents' accounts are
password protected, of course.

 

[plun]

Menno Hershberger wrote:

Hi

Virus definition subscription had been out for over a year.

Common problem,

There was no kind of antispyware installed.

Common problem,

It was SP1 with NO updates done, not even
the ones for SP1. How they escaped Blaster and Sasser is beyond me.

Common problem, if you use a dial up connection you can
survive, but not with broadband.

It's going home with SP2, Norton Internet Security, and MSAS for real
time protection, plus AdAware, Spybot S&D, and SpywareBlaster which
they'll probably never run.

Common problem,

And two limited accounts with parental
controls.

Don´t work for kids ! I really hope with no keystroke
loggers and other
spying beacuse that is child abuse.

I have no idea how effective that is, but if there's a way to
get around it, those boys will find it. The parents' accounts are
password protected, of course.

Well to use SP2, with automatic update and alarms for
antivirus/firewall problem
is enough.

Most important is that this family talks about Internet and
how to use it.
Microsoft has this site about this:

http://www.microsoft.com/athome/security/children/kidtips13-17.mspx

 

[plun]

external drive and cobian backup

Well, how many home users have that ?

 

[Menno Hershberger]

Menno Hershberger wrote:

Hi


Common problem,


Common problem,


Common problem, if you use a dial up connection you can
survive, but not with broadband.


Common problem,


Don´t work for kids ! I really hope with no keystroke
loggers and other
spying beacuse that is child abuse.


Well to use SP2, with automatic update and alarms for
antivirus/firewall problem
is enough.

Most important is that this family talks about Internet and
how to use it.
Microsoft has this site about this:

http://www.microsoft.com/athome/security/children/kidtips13-17.mspx

Thanks for that one. I think I'll print it out for him.

 

[plun]

Thanks for that one. I think I'll print it out for him.

Hi

"Boys are boys" don´t be to hard against them....

 

[Bill Sanderson]

We can all watch for the posts from the kids asking how to "fix" the
problems with limited accounts!

 

[Andre Da Costa]

Limited accounts issue is gonna be around for a really, really, long time.

 

[A McGuire]

Probably one of these types of users - see attached.