|
Search Tech-Forums - link takes you to our Forum's search page. Note: The following is only a text archive! To view the actual forum discussion, please visit our website at http://www.tech-forums.net Pages:1 Terminating Spyware With Extreme Prejudice(Click here to view the original thread with full colors/images)Posted by: ezysk I really gotta sympathize with this dude, since I'm going through pretty much the same dilemma myself: December 30, 2004 Terminating Spyware With Extreme Prejudice By RACHEL DODES THE end of the year is a time when people sit down, rethink their priorities and sometimes change their ways. Some quit smoking. Others join a gym. I chose to erase my hard drive and reinstall my operating system. Sure, it was a drastic move, but my two-year-old I.B.M. ThinkPad - equipped with a 1,000-megahertz Pentium III processor, a high-speed Internet connection and 256 megabytes of memory - was running about as fast as the Apple IIE I used in the mid-80's. After six months engaged in mortal combat with spyware - parasitic software that tracks your browsing habits, sends out pop-up ads and can even send your private information to an organized crime ring in Guam - I had two options: shell out $1,200 for a new ThinkPad, or wipe my hard drive and start from scratch - a huge production with potentially cataclysmic results. Since I enjoy new challenges (and more important, since I lack the funds to buy a new laptop), I decided to shoot for the moon and delete, delete, delete. It did not have to be this way. I can trace the decline of my computer's performance to an ill-advised download over the summer. In a pop-music-induced frenzy, I am embarrassed to admit, I went to [url]www.kazaa.com,[/url] downloaded and installed the free file-sharing service, then proceeded to download (a k a steal) Britney Spears's and Madonna's collaborative effort, "Me Against the Music." I was about to get my karmic retribution. In downloading Kazaa, I had inadvertently opened the floodgates to all manner of spyware. By the end of the summer, even after I had deleted Kazaa and installed Norton AntiVirus 2004 - which took care of the virus-related part of the problem - I was unable to open Internet Explorer without being deluged with pop-ups enticing me to buy everything from herbal weight-loss pills to obscure business publications. My home page would mysteriously try to redirect itself to a site called badgurl.grandstreetinteractive.com. Little gray dialog boxes would pop up in the center of my screen to inform me, shockingly, that my computer might be infected with spyware. Then it would crash. Spyware is "definitely the most annoying problem," said Tim Lordan, staff director of the nonprofit Internet Education Foundation, which joined with Dell Computer this year to mount a spyware awareness campaign ([url]www.getnetwise.com[/url]). Spyware is also ubiquitous: in October, a study by America Online and the nonprofit National Cyber Security Alliance found that 80 percent of computers were infected with it. As my frustration mounted, I sought the advice of fellow spyware sufferers. My friend Jesse, a lawyer at a large New York firm, told me he was forced to wipe his hard drive when his Dell Latitude laptop transmogrified into a purveyor of pornography advertisements. He sheepishly confessed that against his better judgment, he had downloaded a virus- and spyware-addled copy of the Paris Hilton sex video. "I contracted a sexually transmitted computer virus from Paris Hilton," said Jesse, who requested that his last name not be printed. (He feared his law firm - and his wife - would not be too happy about the download.) "It was chronic." Downloading dubious files is a surefire way to get spyware, but it can also be transmitted through seemingly innocuous e-mail, by clicking on a banner ad, or from wholesome Web surfing. The programs install themselves in several places on your computer, making it difficult to find and delete them. What's worse, even if you do delete them, many are programmed to reinstall themselves automatically when the computer is rebooted. What really distinguishes spyware from other computer security threats (viruses, worms and Trojans) is that it often seems to defy the products meant to exorcise it. McAfee introduced an anti-spyware program - aptly called McAfee AntiSpyware - in February, but it has met with mixed reviews. Symantec, the maker of Norton security software, will release its first anti-spyware product early in the new year. (Norton AntiVirus can detect some forms of spyware, but cannot get rid of it.) Microsoft also announced that it would release new anti-spyware software by the end of January. For now, though, computing experts recommend what they call a "multilayered approach" - translation: ad hoc, complicated and largely ineffective. I tried everything the experts suggested. I switched my default browser from Internet Explorer - the target of most spyware programmers - to Mozilla Firefox (available free at [url]www.mozilla.org[/url]) and downloaded and ran free expert-sanctioned software with all sorts of renegade names (CWShredder, Spybot Search & Destroy, AdAware and HijackThis). I submitted my "HijackThis log" - a three-page list of potentially dubious files - to a reputable online help forum and, following the experts' advice, manually performed a perilous bit of surgery on my computer's vital organs, deleting several keys from its Windows registry. The pop-ups continued unabated. A Norton AntiVirus scan informed me that despite my efforts, 77 spyware programs were still lurking on my hard drive. (Before this daylong production, I had more than 100 pieces of spyware on my computer, so indeed, it was an improvement.) Erasing my hard drive, long considered a last-ditch measure, was becoming more and more appealing with each passing virus scan. My friend the bankruptcy lawyer finally convinced me: "The catharsis cannot be understated." He recommended I talk to his friend Larry Wagner, an independent technology consultant who has become a self-styled sherpa in hard-drive erasure. At last count, he had helped six other people (including his in-laws, his parents, a colleague from work and my friend) deal with spyware problems. Mr. Wagner is particularly enthusiastic about deleting - and upon hearing my sordid tale, requested that I wipe my hard drive under his auspices. "It's like a baptism for your computer," Mr. Wagner said. "You cannot truly live a good life until you've taken that first step." I arrived at Mr. Wagner's Upper West Side apartment on a December evening with my laptop, a list of my computer's components, my original Windows XP Pro installation discs, a 20-gigabyte iPod and a bottle of Cabernet. It is important to note that some computers, including my own, contain a hidden, manufacturer-installed hard drive "partition," which houses operating system software that can be deployed in an emergency. But since not all computers have this feature, I chose to use the XP installation disks instead. (Some people will want to upgrade their operating system in the process - from Windows 2000 to Windows XP, for example - which requires installation disks anyway.) The first thing Mr. Wagner and I did, since my computer lacked a CD or DVD burner, was to save everything to an external hard drive. (You can buy a plug-and-play keychain drive for $20 to $250, depending on how much storage you want, but an MP3 player also doubles as a nice portable hard drive.) I decided to use my iPod, which was only half full. I simply plugged it into my laptop (it shows up as an "E" drive under My Computer), and copied onto it all of the files contained in My Documents, My Pictures and My Music. I then transferred the contents of my iPod to Mr. Wagner's desktop, on which we created a folder called Backup. The process took about 90 minutes. Then, using Mr. Wagner's DVD burner, I saved the entire Backup folder onto a five-gigabyte DVD. (If you are not so lucky as to know someone with a DVD burner, you can do the same thing using a regular CD burner and several CD's, which typically hold about 700 megabytes each, or many, many Zip disks, which hold 250 megabytes each.) I could have simply kept my files on the iPod or another external hard drive and transferred them back to my pristine hard drive after the procedure was over, but it would have been riskier, and I would have ended up with no backup discs. Now I had a backup of everything. Make that two: Mr. Wagner believes in what he refers to as "Noah's archiving," saving two copies of everything, just in case. Then I took a deep breath, toasted the New Year, and inserted the XP Pro CD-ROM installation disks into my own computer. My computer asked me if I wanted to reformat my hard drive (yes), and warned me that if I continued all files would be deleted (good). It took about an hour for XP to reformat my hard drive and install itself, and I just sat back and watched while the screens became progressively more colorful. When my computer rebooted, it had total amnesia. It was like the Kate Winslet character in "Eternal Sunshine of the Spotless Mind," who has brain surgery to erase the memories of a painful relationship. My computer asked me to enter my time zone, country and type of Internet connection I would be using (LAN, dialup, etc.). It thanked me for buying an I.B.M. and asked if I wanted to register my product. (I said I would do it later.) Now that I had a clean slate, I went online and downloaded all of the XP patches and updates from Microsoft's Web site (windowsupdate.microsoft.com). I made sure I connected to the Internet using an external router with a built-in firewall - after all this, I did not want spyware to sully my pristine hard drive. I plugged my computer into Mr. Wagner's network, and downloaded all of the necessary Microsoft updates, including Service Pack 2, and restarted my computer. This step took about 40 minutes. Now it was 12:30 a.m., so I thanked Mr. Wagner for his help and went home. The following morning, I was ready to reinstall all of my software. In keeping with the hypervigilant theme, I started with Norton AntiVirus. After installing it, restarting, and scanning my computer, I was elated to discover I had a clean bill of health. Not a rogue program in sight! Emboldened by this development, I reinstalled all of my programs - Microsoft Office, iTunes, FinalDraft - and all of my external components, like my printer, camera, CD burner and iPod. Fortunately, I had all of my software discs and their necessary registration codes in a file cabinet next to my desk. The drivers for the external components were not even needed because XP can recognize just about anything and procure the necessary driver online. The software installations took about eight hours over the course of two days, and involved downloading certain things, like Adobe Reader and Mozilla Firefox, from the Web. Between each installation, I restarted my computer, which made this process annoying and time-consuming. (For those who have tons of software, the prospect of reinstalling everything might be worse than the idea of peacefully coexisting with spyware.) Finally, it was time to upload all of my saved files. I plugged in my iPod, and just for good measure, deleted "Me Against the Music" from my music library before putting my songs back on iTunes. After all, it's almost 2005, and I did not want any ill-gotten gains to taint my perfect computer. Two weeks later, still no spyware. Yes, it was a huge production, but after struggling with spyware for the last six months, I have to say it was well worth it. [url]http://www.nytimes.com/2004/12/30/technology/circuits/30hard.html?pagewanted=print&position=[/url] Posted by: southernlady As one who reformats on the average of once every two months, this guy's angst is almost funny but his message is right on target. I realize that not everyone reformats as often as I do (LOL, I think I've done it twice in the last month and I haven't even been HOME near my computer since Dec. 23rd!!!) HiJack logs CAN be lifesavers if done early enough. I happen to disagree with using JUST Norton since I personally feel it's a resource hog. Microsoft is GIVING away a year's supscription to [URL=http://www.my-etrust.com/microsoft/index.cfm?&CFID=1340475&CFTOKEN=35643e8364d803c6-F75FB685-914B-A31F-AC9B410C23E1389A]e-Trust EZ Armor[/URL] But getting rid of spyware IS HARDER than keeping it off in the first place. Please READ this thread: [URL=http://www.tech-forums.net/showthread.php?s=&threadid=35181] How Did I Get Infected in the First Place?[/URL] Liz Posted by: ezysk I've posted this somewheres else I believe, where I mentioned that I have yet to find a viable spyware program that will effectively and permanently REMOVE keyloggers. Heaven knows I tried at least half a dozen of them, but they just keep coming back after reboot. Consequently, I'm going the 'partition' route as an alternative to the drastic desperate step of reformatting. Posted by: Roshi229 hope you disabled system restore before removeing these keylogers Posted by: propel1erhead hah ... he makes it sound like reformatting is a hard thing ... i have done it prolly 15+ times since fall of 2003. Posted by: lazerman Rachel Dodes is more of a girls name isn't it? Anyways I reformat monthly.... Posted by: southernlady It was written by Rachel Dodes for the paper but the story is Mr. Wagner's...there are many times when a reporter writes the story for the paper and is not the same gender as the person telling the story. Liz Posted by: DJ-CHRIS He makes it seem like rocket science. Which of corse is good, scares away normal people from doing it :P Posted by: Harper [QUOTE][i]Originally posted by propel1erhead [/i] [B]hah ... he makes it sound like reformatting is a hard thing ... i have done it prolly 15+ times since fall of 2003. [/B][/QUOTE] It's not that it's hard. It's just time consuming. Backing up your data - at least 1 hour Final check on your data - 15 to 30 minutes. Windows Xp Installation - 30 minute Windows Xp SP 2 :- another 30 minutes Reconfiguring Internet and Email :- 15 minute Installing and Updating Anti Virus :- 30 minutes (when you include the update process and the 3 reboots that Norton's Require) Installing Device Drivers :- 30 minutes to an hour Restoring Your Data :- 30 minutes If I have to do a complete system rebuild, i am looking at least 3 hours work just to get the basics back up and happening. And then I am spending the next week reconfiguring and fine tuning my software. And then we can had the MMOLRPGs where I will be spending at least half a day getting the updates for them. (It would not be so bad if they just had a quarterly cummulative update for download.) I reformate about once every 6 months. Normally around easter long week end, and labor day long week end (Sept/Oct). i am currently way over due for a format. But I might just wait until Easter as it only about 2 months away. Posted by: rythemposition Ive had spyware on my computer for a long time.. i had a huge hijack log and i didnt know what most of it meant.. then the other night Liz a.k.a "southernlady" looked over my hijack log and gave me links to a few programs that i didnt have and followed the steps.. now my computer is fine.. not one pop up yet.. everything is running super fast.. no more IE crashes. Its great! Thank you soo much Liz. Posted by: ezysk It looks more and more, that I'll be going the 'reformat' route. Only problem is, my HP pc didn't come with the XP install disk. The OS is stuck deep inside somewhere's, and I would have to dig it up. Probably the logical thing to do, is just do a clean install with XP pro. Posted by: klownkiller how do u remove a virus/spyware in the c:\_restore\* ? Posted by: ezysk [SIZE=4]Microsoft Warns of New Security Threat[/SIZE] System monitoring programs, called rootkits, may pose a serious danger to your PC. Paul Roberts, IDG News Service Thursday, February 17, 2005 Microsoft security researchers are warning about a new generation of powerful system monitoring programs, or "rootkits," that are almost impossible to detect using current security products and that could pose a serious risk to corporations and individuals. The researchers discussed the growing threat posed by kernel root kits at a session at the RSA Security Conference in San Francisco this week. The malicious snooping programs are becoming more common and could soon be used to create a new generation of mass-distributed spyware and worms. With names like "Hacker Defender," "FU," and "Vanquish," the programs are the latest generation of remote system monitoring software that has been around for years, according to Mike Danseglio and Kurt Dillard, both of Microsoft's Security Solutions Group. The programs are used by malicious hackers to control, attack, or ferret information from systems on which the software has been installed and are typically installed on a machine without the owner's knowledge, either by a virus or following a successful hack of the computer's defenses, they say. Running in the Background Once installed, many rootkits simply run quietly in the background but can easily be spotted by looking for memory processes that are running on the infected system, monitoring outbound communications from the machine, or checking for newly installed programs. However, kernel rootkits, which modify the kernel, or core request processing, component of an operating system, are becoming more common. Rootkit authors are also making huge strides in their ability to hide their creations, says Danseglio. In particular, some newer rootkits are able to intercept queries or "system calls" that are passed to the kernel and filter out queries generated by the rootkit software. The result is that typical signs that a program is running, such as an executable file name, a named process that uses some of the computer's memory, or configuration settings in the operating system's registry, are invisible to administrators and to detection tools, says Danseglio. The increasingly sophisticated rootkits and the speed with which techniques are migrating from rootkits to spyware and viruses may be the result of influence from organized online criminal groups that value stealthy, invasive software, says Dillard. One rootkit, called Hacker Defender, which was released about one year ago, even uses encryption to protect outbound communications and can piggyback on commonly used ports such as TCP (Transmission Control Protocol) port 135 to communicate with the outside world without interrupting other applications that communicate on that port, he says. Detection Options The kernel rootkits are invisible to many detection tools, including antivirus, host, and network intrusion detection sensors (IDS) and anti-spyware products, the researchers say. In fact, some of the most powerful tools for detecting the rootkits are designed by rootkit authors, not security companies, they say. There are few strategies for detecting kernel rootkits from an infected system, especially because each rootkit behaves differently and uses different strategies to hide itself. It is sometimes possible to spot kernel rootkits by examining infected systems from another machine on a network, says Dillard. Another strategy to spot kernel rootkits is to use Windows PE, a stripped-down version of the Windows XP operating system that can be run from a CD-ROM, to boot a computer, then comparing the profile of the clean operating system to the infected system, according to Dillard and Danseglio. Microsoft researchers have even developed a tool, named "Strider Ghostbuster" that can detect rootkits by comparing clean and suspect versions of Windows and looking for differences that may indicate a kernel rootkit is running, according to a paper published by Microsoft Research. Still, the only reliable way to remove kernel rootkits is to completely erase an infected hard drive and reinstall the operating system from scratch, Danseglio says. Although rootkits are not unique to Windows, the popular operating system is a rich target and makes it easy for malicious hackers to disguise the presence of such programs, according to Jonathan Levin, of Symantec's @stake division who attended the presentation at RSA. The operating system's powerful APIs (application programming interfaces) make it easy to mask behaviors on the system. The company's popular Internet Explorer Web browser is also a frequent avenue for malicious hackers, viruses, and worms that could drop a rootkit on a vulnerable Windows system, Levin says. Better tools could be built to detect the current crop of kernel rootkits. However, rootkit authors are adept at spotting new detection techniques and modifying their programs to slip around them, Danseglio says. "These people are smart. They're very smart," he says. vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited. PPC Management vB Easy Archive Final - Created by Xenon |