Computer Help

General discussion

4/1/05 Removing malware that just won't die!

by Lee Koo (ADMIN) CNET staff/forum admin / March 31, 2005 2:01 AM PST

A big thank you to everyone who participated in this past week's Q&A! Tom, I hope this week's members' advice and software recommendations give you some direction to your issue. And I hope you return to let us know if these solutions provided helped out.

Members, if you have more questions, or additional advice on this topic, by all means feel free to post them in this thread below. The more we discuss about spyware/malware the more we gain knowledge of how we can ultimately avoid spyware without heavily relying on spyware utilities. It?s all up to you as a community to contribute and learn from one another. So keep on posting.

Take care and thanks again everyone!
-Lee Koo
CNET Community

Question:


My daughter's Windows XP SP2 computer is full of spyware.
I've used Spybot, Spy Doctor, and Ad-aware, and they've
recognized some spyware and removed it, but some just won't
go away. What's driving me crazy is her computer starts
spitting out pop-ups (30 to 40 in 10 minutes) without me
opening a single program while the computer is still booting
up! Whatever this is, it's active as soon as the computer is
on. Disconnecting my cable modem so far is the only way to
stop all the pop-ups. Please help!! What's a dad to do?

Submitted by: Tom

(Answers by members are found in the thread below.)

Post a reply
Discussion is locked
You are posting a reply to: 4/1/05 Removing malware that just won't die!
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: 4/1/05 Removing malware that just won't die!
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Miguel K's winning answer
by Lee Koo (ADMIN) CNET staff/forum admin / March 31, 2005 2:01 AM PST
Answer:

Dear Tom,

While you alluded to the use of various antispyware utilities, you failed to mention whether your daughter's computer is protected by a firewall. This is a key consideration and the first part of the solution to your problem.

You are being bombarded with pop-ups as soon as you boot the PC because of adware configured to run whenever Windows starts. Adware is a type of spyware that monitors your Internet behavior, then "calls home" without your knowledge. The information collected and shared with a third party is used to select advertisements tailored to your surfing habits, which are then downloaded and displayed as pop-ups. As you have realized, this process does not depend on any other programs running, so SP2's pop-up control - an Internet Explorer add-on - is of no help. But successful adware depends on access to the Internet, and this is where a solid firewall comes into play.

A strong firewall like ZoneAlarm blocks such unauthorized connections to the Internet, thus preventing adware from downloading ads. When you disconnected your cable modem, you essentially blocked outgoing Internet traffic just like a good software firewall does.

Since you have SP2 installed in your daughter's PC, chances are you are running Windows Firewall. This is a very basic firewall that prevents intruders from getting into your computer, but it doesn't prevent spyware already in it from accessing the Internet. In contrast, a more powerful software like ZoneAlarm monitors and controls both incoming and outgoing Internet traffic. Any spyware present will be unable to phone home. If you are currently relying on Windows Firewall - or have turned it off for some reason - do yourself a favor and install ZoneAlarm Personal as soon as possible. You can download this excellent firewall for free by visiting http://www.zonelabs.com/.

Sometimes, antispyware utilities detect a known spyware program but fail to remove all of its key components. Active or potentially active spyware "fragments" that remains in your computer might not be detected during future scans. In addition, restoring your computer to an earlier point might also restore registry values that allow adware and spyware components to run once again. (Because of this, it would be a good idea to disable System Restore while you perform the following troubleshooting!) Thus, it is imperative that any spyware leftovers are removed manually, or kept from running during startup. Adware that is unable to download ads because of a firewall might still display blank pop-ups, which would be just as annoying!

Since you indicated that you have Spybot Search & Destroy and Ad-Aware SE, let's start the next phase of troubleshooting by making sure the latest detection definitions are installed. Download any newer software versions and definitions, then scan your computer first with Ad-Aware SE, then with Spybot S&D.

After removing any spyware detected during the scans, click the Immunize button on Spybot S&D's toolbar, and follow the prompts. The Immunize function will provide real-time protection against the installation of some spyware. Real-time protection is indispensable if you want to keep your computer free of spyware. Another excellent tool you should consider is Microsoft Windows AntiSpyware (http://www.microsoft.com/athome/security/spyware/software/default.mspx )

Next, start Spybot S&D it in Advanced Mode, if it is not configured to do so already. (To switch modes, click on Mode on Spybot S&D's menu bar, then choose Advanced Mode from the drop-down menu). On the left, you will see the toolbar with several buttons. Click on the one labeled Tools, then choose System Startup. This is a very helpful utility that lists all the programs that run when you start your computer. When you click an entry in the main window, Spybot S&D will provide a brief description of the program. (If you are unable to see the descriptions, click on the gray bar with the two navy arrowheads, and drag it towards the main window to display the additional window, which has a pale yellow background.)

If any program is identified as spyware or adware, deselect the entry by clicking on its corresponding box. Understand, you are not actually deleting these items from your computer. By removing the check-marks, you are preventing spyware (or any other program you choose) from running the next time you Windows starts. You do have the option of deleting the entries, but it is a good idea to just disable them for the time being, lest you accidentally delete something you actually need, like your antivirus or a Windows component. You can always run the System Startup utility after you are sure everything works fine, and delete the offending entries.

(Incidentally, you can disable programs set to run on startup with the Windows XP System Configuration utility (Msconfig.exe), but the latter lacks program descriptions. Because many of the programs have very cryptic names, you are likely to end up guessing and disabling the wrong things!)

Once you have disabled any spyware components listed under System Startup, restart your computer.

Hopefully the pop-ups will be gone, but if any are still displayed, you can use the Windows Task Manager to see which processes are running at that time. Write down their names, and look them up in the Task List Programs database found at http://www.answersthatwork.com/.

Again, if there is anything identified as spyware or adware, you can disable it using either Spybot S&D's System Startup utility, or Msconfig. If you are unfamiliar with the Windows Task Manager and Msconfig utilities, you can find a description of these tools by clicking your computer's Start button, choosing Help & Support, and entering the corresponding terms in the search box.

One last consideration: It is possible that you may be running a legitimate program that has adware components or functionality. For example, if you complement your broadband connection with, say, America Online, many of the pop ups might come from AOL itself. These might not be recognized as spyware when you scan your computer. Moreover, because a firewall would grant Internet access to AOL and its components, it might take some trial and error before your firewall is configured to block access to those components responsible for a pop-up blitz.

Having said that, I am pretty confident that if you follow the preceding troubleshooting advice, you will solve the pop-up issue to your satisfaction.

Best wishes,

Miguel K.


Submitted by: Submitted by: Miguel K. of Columbus, Ohio
Collapse -
Unbelievable
by phardstaff / March 31, 2005 7:14 PM PST

I have just about had gutfull of reading this tyoe of stuff. I mean is it really that hard to just come out say, your operating system is a pile of crap, please look at Linux or a Mac. And as for " Microsoft Windows AntiSpyware" what a joke, they can't even make an solid OS so lets buy someone else's solution to fill the holes, not very funny at all ! what, they can't make an OS so you are going to trust them with an Anti Spyware, only good reason to trust them is that they didn't write it, and for the record it doesn't work that well anyway, it stuffed up so much stuff on my work PC it lasted a day.

Not to mention that no mention is made at all of using alternative browsers here ...... Like duh !

Ho Hum ..

Collapse -
re unbelievable
by Rough / March 31, 2005 7:51 PM PST
In reply to: Unbelievable

In reply to a some what distasteful post!!
There are those of us who do not have a problem with our original OS or Browser!!There are ways and means to keep everything running smoothly,I call it sweep and mop in my computer,as it is in our houses,flats,aparts or whatever!!However some folks just download and download, the first thing they see that seem's to be a "good thing",I'll download that as well!! and music and photos and use word pad and high end games etc....etc....
That's ok when the puter is new but then they start to delete and reinstall etc..etc..
The computer will NOT die!! It will work until it cannot work anymore because there is no room to move in it's little room,because it's full of junk,meaning leftover bit's and pieces from downloads and deleted install files which are never fully deleted etc... etc...
There is more work in keeping a computer running free and strong than to using word pad or playing a game on it.
Most computer's are badly adjusted from the start to give more "pretty looks" than workability!!
I am not for one or the other OS,it just gets my (nah)when ppl criticize without knowing what they are bleating about!!
by the way (nah)=goat in MSN MESSENGER which works an absolute treat on my THREE computers all micosoft OS's from 98 to xp pro with a xp home between them

Collapse -
Don't known what I am "bleating" about !
by phardstaff / March 31, 2005 8:28 PM PST
In reply to: re unbelievable

> when ppl criticize without knowing what they are >bleating about!!

So how do did you arrive at that amazing conclusion, I do this for a living, what about you ?

P

Collapse -
Don't known what I am "bleating" about !
by Rough / March 31, 2005 9:35 PM PST

If you do "this" for a living then why such a negative response to someone who needs help!!
Or I have completely mis-understood your post
AS for me,I am a professional jockey,licensed Tour Guide,Qualified ddec3,4,5,6 detroit diesel tech,Qualified diesel pump and injector tech,and i help my friends when they have a prob with their puter's
I was not "attacking" you,I found your post to be negative,these forums are here to help,so i thought:p

Collapse -
Give it up
by appsman / March 31, 2005 10:13 PM PST

You do realize that you are beating a dead horse. This persons posts are the ones that you read the first line in a forum and realize that its useless and move to another for a relevant solution. He is the type the loves to write about nothing. As long as you continue to respond to his inadequacies it will go on forever. Like I said earlier, read his first line then move on to a post that is worth reading.

Collapse -
you make me laugh
by Stride / April 2, 2005 1:43 AM PST
In reply to: Give it up

full of pearls of wisdom ain't ya dude. Practice what you preach coz its rich for you to be dissin someone for writing about nothing when you've done your fair share and more.

Collapse -
I agree with appsman
by kal9000 / March 31, 2005 10:49 PM PST

Instead of trying to help someone, a person that fires that kind of reply is'nt even worth reasoning with.

Collapse -
Fix it ??
by Highball / April 2, 2005 3:43 AM PST

I'm not a self centered geek nor a self serving comp-nerd, [not that all geeks and nerds are] I'm just an ignorant jerk, that hopes and prays my computer works, just like I hope my car runs and toilet flushes. When they don't, I fix em. That seems to be the problem here, how do I fix it? Although that diesel guy reminded me of the "if my toilet worked as well as my computer" joke, I agree, lets get back to business.

Collapse -
Not an IT Guy
by deadZone28 / March 31, 2005 10:39 PM PST

I am not an I.T. guy, nor do I have alot of computer knowledge. However I have been running Windows XP for around 5 years and have had no trouble with the issues presented here. I run Adarware and Norton Antivirus and I keep everything updated. I also clear my browser regularly. It's just a matter of housekeeping and takes only a little time if you do it regularly and is a small price to pay to be able to use all the applications that I have come to like.

Collapse -
Re; Not an I.T. Guy
by deadZone28 / March 31, 2005 10:45 PM PST
In reply to: Not an IT Guy

I also use Spysubtract Se.

Collapse -
In responce to you not having any trouble
by aholgate / March 31, 2005 11:13 PM PST
In reply to: Not an IT Guy

You may have been running XP for 5 years without any of these issues. Because you 1. Run anti-virus software, and 2. Because you have ONE spyware package on your system. Could it occur to you that you just don't KNOW what else may be running on your machine? These issues that are being explained I think have been extreme cases off issue. Like the articles I have been reading, one software package will find and error and the other will not. Maybe for kicks you should try, and buy another spyware app and see if it finds anything?

Ashley Holgate

Collapse -
Good Point
by mudhawaii / April 1, 2005 12:15 AM PST

But try to tone the attack down a few knotches.

Collapse -
Totally...
by aholgate / April 1, 2005 3:26 AM PST

Not trying to say anything in any other way other than try something else to see if it finds anything. I read my post again and it did sound like I was sticking my chest out but I didn't mean it in that was at all...

Ashley

Collapse -
Also not an IT guy
by bill_b / April 1, 2005 8:11 AM PST
In reply to: Not an IT Guy

Right on, I have been using windows for 3 yrs. and read up on what I'm trying to do before I do it.Common sence works 99% of the time and luck works 1%. Not a serious problem in 3 yrs.

Collapse -
Now this is good advice!
by funkid7 / April 2, 2005 5:08 PM PST
In reply to: Also not an IT guy

Do your homework and practice prevention, many problems will never arise.
I do not run all that extra junk, though.
Instead I run WinXP/sp2, Windows firewall and Yahoo toolbar, with built-in spy blocker. My results after 6 months: Never ever get a spy and I only do a scan about once a week, with Yahoos Anti-spy. Yahoo only finds cookies. My computer is lightning quick too! I visit the worst sites on the net and still spies never come up, never pop-up, never install. I have no virus protection, other than yahoos built-in mail scan; I never get a virus either.
My theory is; somebody's hiding something from us non- techies, who is paying for all these un-needed utilities? Not me.

Collapse -
you're either right and very lucky or
by sidey / April 2, 2005 5:37 PM PST

you've got a whole lot more infections than you think ... im willing to bet you're not that lucky.

#1 Yahoo Anti-Spy misses more than it catches and fine if your main concern is tracking cookies.
#2 Not having an anti virus is probably as dumb as standing on the roof of a speeding car.
#3 If you have no anti virus how do you know if your computer isn't infected ... guess work isn't an option.
#4 I am a tech and if you want to keep on blissfully travelling through life as you are then fine because one day in the not too distant future some tech near you is gonig to be putting your money in his/her pocket.
#5 Its not just you that you need to consider. If you use e-mail for example and you are infected ... if not now, you will be soon ... the almost certain probability is you're going to pass on your infections to others via e-mail.
#6 Why is it that kids think they're bullet proof right up until the time they get drilled right between the eyes.
Sorry dude but you're dreaming.

Collapse -
kid you must be kidding
by Aussie_jack / April 2, 2005 8:43 PM PST

Win XP/SP2 firewall is about as secure a firewall as a perforated condom is as a contraceptive and the Yahoo spy blocker is a joke. You don't use an anti-virus either!!!

Kid how can you possibly say that you don't get viruses either. How the hell would you know, you have no means of detecting them dummy.

You my fine but stupid friend are dumber than a bucket of mud if you think your computer is free of infections and sidey is right, im sooooo happy you don't have my e-mail address and for your sake I hope im not the tech you call to part you from your cash because I would be inclined to charge you double.

Collapse -
old timer
by woody38 / March 31, 2005 11:33 PM PST

Well, I have made a good living doing this for nearly 20 years. One of the biggest problems that I confront is people who make their living by giving out defective and sometimes evil advice. I have seen many office systems totally screwed up by people who "make their living" by screwing up and then blaming MS.

Collapse -
For Old Timer
by ELLobo / April 1, 2005 8:33 PM PST
In reply to: old timer

You know Old Timer I have to agree whit you I have also been at this Hobby of mine for about 40 years, (totally screwed up by people who "make their living" by screwing up and then blaming MS.) This type of people has maid me a good living.

Reguards: ELLobo at your service

Collapse -
old timer2
by woody38 / March 31, 2005 11:37 PM PST

I was so POed by the arrogance of the message I forgot to praise the quality of the winning answers. All three were of amazingly high quality and very useful--even to those of us who make our living doing this stuff.

Collapse -
Woody watz up.
by funkid7 / April 2, 2005 5:17 PM PST
In reply to: old timer2

I been saying the same thing, for what seems like forever! 99% operator error, is a good guideline to follow.
I run no anti-virus for 10 years and never have got a virus. Why is that, I wonder?
I 86ed the anti-spy utilities(Adaware6/Spybot/SpySweeper) and nearly all spies ceased to pop up; why is that?

Collapse -
Phard....don't you have a sci-fi movie to critique?
by hey_hey / March 31, 2005 11:42 PM PST

Are you an *** for a living too? Because you do it very well.

Collapse -
Sure but...
by STenorio / April 1, 2005 12:30 AM PST

You probably are in the low end of the people working on the business...

You lack lots of brains little kid...

You certainly are idiotic and most certainly DO NOT REALLY KNOW WHAT YOU ARE TALKING ABOUT. You are a perfect ignorant.

Collapse -
Don't known what I am "bleating" about !
by Jim Farris / April 1, 2005 2:13 AM PST

>> when ppl criticize without knowing what they are

>>bleating about!!

> ...I do this for a living, what about you ?

Whoah! You post insensitive and annoying responses to internationally viewed message boards for a living?! Cowabunga, dude! How do I get a job like that, and what does it pay?!

Collapse -
mucho believable
by googey10 / March 31, 2005 8:31 PM PST
In reply to: Unbelievable

OK, I like Linux, but I'm an IT pro.
My daughter isn't. I did try to install the latest Novell/SUSE 9.2 on her laptop, no way (old laptop, no drivers for a lot of stuff, etc.).
On my Linux box, she hated the lack of apps she's used to (e.g. Adobe Photoshop - and don't mention GIMP, pls.).
So in order to use Linux, she would need a new PC/notebook, new printer (no working Linux drivers for most Canons), plus a lot of knowledge.
So we went back to Win 2000.
I definitely do agree that IE should be avoided, and Miguel should have mentioned Firefox / Thunderbird or whatever he likes, as IE is the main gateway to malware hell.

Collapse -
Firefox, Thunderbird or other alternate browsers...
by Bignap / April 2, 2005 9:58 PM PST
In reply to: mucho believable

As I read the replies I thought the same thing as googey, but I have a question about these other browsers. Are they resistant to these malware attacks or just to new to be targets?

Collapse -
Not immune
by Aussie_jack / April 2, 2005 10:25 PM PST

I used to have little doubt that Firefox is less vulnerable than IE until I found out that its in fact had possibly thousands of updates for vulnerabilities that the good folks of Mozilla kept secret over a period of years ... guess no one can be trusted anymore.

But in truth I think you would be probably more right to say they're just not as widely used and therefore not as high profile as targets to the hackers of the world.

What I mean is, if you accept that Firefox is the second most used browser and yet IE still supposedly holds 90% market share its reasonable to suggest that IE will be more likely to gain the attention of the malicious. But it seems that Firefox has been increasingly attracting attention of the malicious too so who knows what the future holds for it. Probably when IE7 comes out the so called Firefox faithfull will convert back.

Bottom line is there is no such thing as totally secure anything and certainly there's not one browser that can or will be able to offer that guarantee.

Collapse -
Gotcha
by Bignap / April 5, 2005 5:23 AM PDT
In reply to: Not immune

Thanx Aussie_jack, I appreciate your reply.

Collapse -
yet another stupid and totally unhelpful comment
by sidey / March 31, 2005 8:35 PM PST
In reply to: Unbelievable

I get so tired of reading inane, simple minded and totally unhelpful comments obviously written by people with a huge anti Microsoft chip on their shoulder.

This ********, bias and poisoned view is not motivated by a desire to add something constructive to the topic, but totally motivated by a need to belittle anyone who does not share the same misguided idiotic reasoning.

Ok so I think by now we all get it. Some of you hate Microsoft. So what? Personally I dont give a hoot if you hate MS or not, but if you hate it that much go bite an Apple and stop insulting everyone else who doesnt voice your distain for something you clearly know little about. More to the point, be constructive rather than rant hate over an OS, after all how dumb is that.

Now onto the issue. I totally agree with Miguel K?s comments and there is certainly no harm in using the Microsoft anti-spyware. Its only a beta version and clearly needs some work from the developers who are Giant not MS. Just because MS bought Giant that doesnt make the application bad.

I run Ad Aware, Spybot and Spyware Doctor. Between the three, plus ZoneAlarm and Norton AV, I have done what I can to limit my risks. However, your risks to spyware, adware, malware, browser hijackers etc is also dependant on where on the web you surf and that was one good reason I decided to part with the cash and bought Spyware Dr. It warns me about potential harmful web sites before the page is loaded. Not only that, it does a great job with a thorough scan and very regular updates for definitions and software. Also make sure you virus scan anything you download from the net. Better to be safe than sorry and it only takes a short time.

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech for the holiday

Find recipes for July 4 with these foodie apps

The Fourth of July means fireworks, fun and food. If you're planning on a barbecue this weekend, we've got the apps to help you find holiday-inspired recipes.