Spyware without even realising it

[Ian]

I'd like to think of myself as a savvy surfer, but I seem to get an infection of spyware every couple of months. I've got no idea how I get it, as I never install anything which you would think contains spyware (ActiveX controls, Desktop rubbish, screensavers etc...).

Makes you wonder where some of it hides. I know Adobe now force you to install the Yahoo Toolbar if you want to upgrade to the latest free version - that bugs me!

 

[TECHGUNS]

The webmasters learned how to use Java to do it.
When you open a web page that has java the bug is on that page. I think these are still called webbugs.
It takes very little space. It would be the size of the period in this font.
Photographers do the same kinda thing sometimes to photos in the watermarks, but thats not spyware.
They can make it the same color as the page so ya cant see it.
When the page fully opens the webbug automation takes place to install the spyware from the site using Java.
Even when ya do spy cookie blockin they find another way.
All this happen without you knowing it. Steath.

Some Webmasters are hackers and they do the same thing to install trojans. That way they dont have to trick ya with social enginerring to click on something. Its all automated.

People found out that if ya turn off Java in the browser. They dont get that stuff.

I use the IE browser for trusted sites and Mozzilla with Java off for surfing.

 

[muckshifter]

Sorry TG you're getting your wires crossed.

WebBugs are harmless, even when used in the wrong context. They are just another way of tracking your movement on the web. WebBugs cannot install Spyware.

However, spammers are using the same trick in emails ... you still need to open the email for it to work ... once one of these emails is opened then the spammer knows he/she has a valid email address and can then start a spaming campaign.

Don't open unrecognised emails.


Don't be confused with "drive by" websites that exploit a vulnerability in your browser.

 

[TECHGUNS]

Thanks mucks.
I dont know what the Terms for this pest is.

If ya like to experiment to find this stuff. Use a browser with out Java.
Surf in the dangers zones like music, xxx, and yes building hardware, ect. In your browser go to File, Save as, then make a file to save the page to.
Ya might want to save a lot of web pages to find this stuff.

Scann the file with antivirus, anti-trojan.

I tryed to rip the pages to apart to find what the scanners detected. I have found some stuff with proxomitron web page comment viewer. I helps ya see some of the hidden.

It must be small or steath, but it has to be in the web page that downloads into the browser.

I know this stuff uses automation. The pest files are about the size of webbugs.

Cant find much at the antivirus info sites about it.

Mucks do ya know more about how these pest work. I think this is what Ian Cunn post is about.

 

[tomsega]

I'd like to think of myself as a savvy surfer, but I seem to get an infection of spyware every couple of months. I've got no idea how I get it, as I never install anything which you would think contains spyware (ActiveX controls, Desktop rubbish, screensavers etc...).

Makes you wonder where some of it hides. I know Adobe now force you to install the Yahoo Toolbar if you want to upgrade to the latest free version - that bugs me!

I NEVER get spyware - with 4 simple techniques-

1. I always use an alternative browser like Mozilla or Opera
2. I always have Zonealarm's free firewall running
3. I use only respectable pornographers (!)
4. I use 'HiJack this' - I tiny program that purely shows you all launch/background programs, and allows you to delete any of them if you so wish.

 

[Breadcake]

2. I always have Zonealarm's free firewall running

Zonealarm is a program for closing down ports and preventing unwanted accessand is unrelated to malware

4. I use 'HiJack this' - I tiny program that purely shows you all launch/background programs, and allows you to delete any of them if you so wish.

If your using HJT you need to know what you are doing with it, it is no use just deleting entries you feel are suspect otherwise you can seriously damage your system. Also deleting certain entries will not delete infected files. HJT logs need to be researched fully using the correct resourses, for instance.. what would you do if you came across this entry :

O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\vtstr.dll

Is it good or is it bad.... Maybe it could be linked up to an 020 entry which would then indicate a vundo trojan which in turn uses a special removal tool rather than deleting the entry using HJT as the trojan will replicate certain file names in reverse and with different file extensions, Using HJT on its own the fix will be useless and the trojan will replicate again. If you suspect you have malware on your system you need to send your log off to be anylized by a HJT remover who will then provide a vailid fix, some fixes take more than one run of HJT depending on the type of infection. If you ever come accross this line in a log - O4 - HKLM\..\Run: [Desktop Search] C:\WINNT\isrvs\desktop.exe then you could be in deep trouble, this is a bube infection, this type is particulary nasty as it opens the doors to other spyware and your system could be infected with over 100 types of malware, this includes malware such as about blank2/4, nail, Qoologic which in themselves are a pain to remove.

Remember HJT is a specialist detection tool not a standard removal tool. Different infections are delt with differently, one thing to remember is to never ever follow someone elses fix for your own fix, all fixes are user specific. Also remember that malware is getting clever, malware can replicate files using genuine system files names but place them in diferent folders, and also malware takes advantage of confusing users with uppercase and lowercase ie: - lsass and Isass....... one uses a capital I the other uses a lowecase L.. delete the wrong one and you could be heading for serious problems.....

Sorry for the rambling on here... Im not saying dont use it, just be carefull with it, it is not your standard removal toy.....

 

[Dormie]

i use spybot and adaware
still get clickspring when run the adaware

 

[muckshifter]

1. Open Task Manager (by pressing CTRL+ALT+DEL) .
2. From processes list, select and terminate the processes winservs.exe.
3. Click Start, select Programs then Startup, right click and select Browse All Users to open the Startup foler.
4. Delete the shortcut to winservs.exe or purityscan.exe.
5. Open Windows Explorer, search and delete the file winservs.exe .

http://sarc.com/avcenter/venc/data/adware.purityscan.html