mab Posted October 25, 2004 Posted October 25, 2004 Hi, Few other people are using my computer as well. If one of them installs a kind of software, which spies on my everything, for example like stealing my password or finding which sites I have visited or whatever I have done on my computer. My question is how can I know that such kind of software is installed on my system, as such kind of software is normally hidden. Thanks in advance.
SubJunk Posted October 25, 2004 Posted October 25, 2004 simply put, click here and download the program. It's free.
bloodhound Posted October 25, 2004 Posted October 25, 2004 there are plenty of threads about spyware and malware, if you look around.. anyway my fav combo is spybot and adaware. for particular virulent strains there are specific tools for the job.
mab Posted October 25, 2004 Author Posted October 25, 2004 Thanks to both of you for such a quick reply.
MolecularMan14 Posted October 25, 2004 Posted October 25, 2004 spybot search and destroy seems to get everything done for me. But for adware, I would suggest Adaware.
5614 Posted October 25, 2004 Posted October 25, 2004 yes, i use adaware and spybot S & D, however remember that both need constant updating to keep up to date with spyware. also it is most probable that your computer will be attacked by new spyware as the old stuff tends to die out quite quickly (except some exceptions) so theres not much point in using a spyware scanner which is way out of date. also checking which programs are starting on start-up: (in most windows OS) start > run > msconfig > startup and viewing which process are running whilst you are using a computer (windows task manager or suitbale alternative) and just check whether the programs are safe or not: http://www.liutilities.com/products/wintaskspro/processlibrary/ (to check your process, see above link) if your computer is running slowly or you are getting pop-ups etc then you may have spyware.
indignity Posted October 25, 2004 Posted October 25, 2004 if these are programs that other people with physical access to your computer are installing... it's not spyware (at least it's not what I think of when I think of spyware)... it's a trojan... what you need is first of all a good virus scanner... and more importantly, a good firewall (and the knowledge to keep it running properly) Also... some of the programs used to spy with are not detected by virus scanners... and if they have physical access to your computer anyway, the firewall might not do you much good... the only real protection you have is to either lock them out of your computer entirely, or set up restrictions to keep them from installing things on your computer
5614 Posted October 25, 2004 Posted October 25, 2004 hence i have seperate system and BIOS set-up passwords and have a spearate password on my user account (at home). on my other computer (for practice) i installed a key logger.. its not there anymore, but it got past all of the stuff (except that adaware picked it up!) hardware keyloggers are harder to detect unless you actually loo at your ports! i agree with all that indignity said, need AV and firewalls (up to date and all) however this thread is about spyware and not viruses and trojans, so it wasnt that topical. may i remind people that people who use wireless networks must encrypt their data to stop any random person from using it, random person using it allows for internal network hacking, which is easy as normally you set up your firewall to allow your network to have access to your computer. (again, suitbale but not topical in that this thread was meant for spyware)
bloodhound Posted October 26, 2004 Posted October 26, 2004 Most anti virus scanners have a pathetic detection rates for trojans by the way... its not their job of course. But Kaspersky antivirus seems to do better at detecting them than stand alone trojan scanners.... and that why i use it .. http://www.kaspersky.com (they are not paying me to say this) Sayonara would probably reccommend sophos. http://www.sophos.com norton doesnt detect trojans and geneneric trojan downloaders at all. But once i started use FireFox even those Antivirus trojan alerts stopped coming
5614 Posted October 26, 2004 Posted October 26, 2004 how does avast fare for AV (trojans and just in general)? (ive got avast as well as NIS 2005)
bloodhound Posted October 26, 2004 Posted October 26, 2004 avast has a great record as well for trojans and in general.. maybe a few false positives.. but overall, it is one of the better AV
ed84c Posted October 26, 2004 Posted October 26, 2004 how can you get rid of the anoying way IE opens sp.html (stored in the temp folder) every time you open aweb page. The address bar then displays about:blank. I am currently using windows explorer to display these pages as now netscape is also broken.
Sayonara Posted October 26, 2004 Posted October 26, 2004 By not getting infected with browser hijackers, which you can accomplish with any of the fine products mentioned above.
Perennial Posted October 26, 2004 Posted October 26, 2004 avast has a great record as well for trojans and in general.. maybe a few false positives.. but overall, it is one of the better AV Agree very much, from what I've collected people have been quite satisfied and personally the only problems I've had during the last couple of years have been a couple of false positives here and there.
bloodhound Posted October 26, 2004 Posted October 26, 2004 how can you get rid of the anoying way IE opens sp.html (stored in the temp folder) every time you open aweb page. The address bar then displays about:blank. I am currently using windows explorer to display these pages as now netscape is also broken. download HijackThis scan it. and post the log . http://www.spywareinfo.com/~merijn/downloads.html
ed84c Posted October 26, 2004 Posted October 26, 2004 thanks guys Logfile of HijackThis v1.97.7 Scan saved at 12:05:29 PM, on 10/26/04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE C:\WINDOWS\STARTER.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\KODAK SOFTWARE UPDATER.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\T8WFT14D\HJT[1]\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hkbrnhktzascj.uk/SItn2kBZ6V87Dj9wfXFit8fA9zbxQSz4mbOeWSxAXW2P17fgSAcROr5YT5UBfMS4.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pwxbbzsinapqlanr.com/SItn2kBZ6V9CKMdW2a3jX5zd/gB1EsMLI6IFH0sbrBY.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUNDLG32.DLL N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.zvjespxhix.com/SItn2kBZ6V9CKMdW2a3jXxhBz66P0Qx1I6IFH0sbrBY.html");\nuser_pref("browser.startup.page", 1); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\dggaj2w0.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\dggaj2w0.slt\prefs.js) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: (no name) - {68E8FCA1-16ED-11D9-815F-44454B42C461} - C:\WINDOWS\MADOPEW.DLL O2 - BHO: (no name) - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUNDLG32.DLL O2 - BHO: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {7C6026EB-6767-9A2F-05EF-88B085BBD6DD} - C:\WINDOWS\APPLICATION DATA\HOLEDUPE\BASE WAIT.EXE O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUNDLG32.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\PROGRAM FILES\ADVANCED SEARCHBAR\TOOLBAR.DLL (file missing) O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe O4 - HKLM\..\Run: [active lite noun bone] C:\WINDOWS\Application Data\LOGOVCACTIVELITE\Build Ref.exe O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinject.exe O4 - HKCU\..\Run: [proc long] C:\WINDOWS\APPLIC~1\ENCSIZ~1\LINK NEW.exe O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: &Advanced Searchbar (HKLM) O9 - Extra 'Tools' menuitem: &Advanced Searchbar (HKLM) O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now