1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Spies & who they are

Discussion in 'Security and Privacy' started by miniB, 2003/05/11.

Thread Status:
Not open for further replies.
  1. 2003/05/11
    miniB

    miniB Inactive Thread Starter

    Joined:
    2003/03/21
    Messages:
    489
    Likes Received:
    0
    If you want to know all about the spyware we are all teying to avoid look HERE
     
  2. 2003/05/20
    KenKeith

    KenKeith Inactive

    Joined:
    2002/01/09
    Messages:
    305
    Likes Received:
    0
    Thanks very much for the link. Popups were a minor annoyance and recently a major out-of-contol problem. Everything from **** loaders to lucky 7 casinos. Ads were being pumped without a browser!

    I found gator to be a problem and it appears on the list and I believe it is gone:

    Full Name: Gator Websearch
    Type: Adware
    Danger Level: 2 [Explain]
    Official Description: Gator is a software product that can automatically fill in passwords and other form-elements on Web pages. But its main purpose is to load an advertising spyware module called OfferCompanion, which displays pop-up ads when visiting some Web sites.
    Gator boasts that since it's software is always running, it can spam users with "Special Offers" and other ads anywhere they go (even competitors' sites) with remarkable targeting capabilities, since it can spy on what sites the user is visiting.


    Information URL: http://www.gator.com/

    Properties: Stays resident in background
    Stealth: hides itself from user
    Show advertisments
    Makes changes to browser settings
    Connects to the internet by itself


    Another source for pop-ups with XP is "messenger service ". That service is being misused by unwanted popup ads. It can be disabled without a problem. The original purpose for the service was to send messages to stations on the network.

    The link also includes "FreeScratchandWin ". I thought I had eliminated that pop-up! The link provides the source where specifically it resides on the system, and this should help. Thanks. There should be a law against this garbage as it had almost disabled my system from productive use.
     

  3. to hide this advert.

  4. 2003/05/20
    miniB

    miniB Inactive Thread Starter

    Joined:
    2003/03/21
    Messages:
    489
    Likes Received:
    0
    I Agree

    Hi

    Fully agree with you. I am spending more time trying to secure myself as much as possible that I am hardly using my pc as I should be !

    I have been trying to remove Netmeeting ( another post here .... ) as Anti-Torjan found a Port open on my PC !!!!

    I have messenger disabled - I have SpyBot checking - a Trojan Hunter searching - A Firewall & AV program & I am still worried !!!!!!

    I only ever had 2 pop ups - I didn't even take time to read them as they alarmed me. I have not had any since. I think I got them as my PC had XP loaded by someone else. I put my firewall on as soon as i got it back & disabled the services. Hopefully will not get any pop-up ads now.

    Is Gator a program you had used ?? I definitely have no spyware as I have just ran SpyBot ( updated )
     
  5. 2003/05/20
    BillyBob Lifetime Subscription

    BillyBob Inactive

    Joined:
    2002/01/07
    Messages:
    6,048
    Likes Received:
    0
    That is where I like Win98 SE MUCH better.

    If I want to get rid of On-line Services, NetMeeting, Outlook Express, MSN and any other Item I do not want I just go delete the folder and then do a bit of reg cleaning and it is GONE.

    The only way it will come back is if I re-install Windows again. And if it does come back it is gone again within minutes.

    And this seems to have no effect whatsoever on the running of the OS.

    I do not know for sure but I do not think this can be done with XP. I know it did not always work with Windows ME.
     
  6. 2003/05/21
    KenKeith

    KenKeith Inactive

    Joined:
    2002/01/09
    Messages:
    305
    Likes Received:
    0
    miniB,

    I had gator installed, now it is uninstalled for the reasons your link provided.

    The problem I experienced was my system was inundated suddenly with pop-ups six layers deep. With some difficulty, I removed the ads from the screen, but apparently I installed unwanted programs in the process. The problem was compounded.

    I downloaded Super Nuke a free program (it has its own popups!)
    for spyware. It found 7 highjacking files in the Reg, and 29 infected files in the C drive.

    Your link not only lists the culprits, it also is helpful to convenietly provide the target in the Reg or file to rid. I haven't experienced Netmeeting problems, but I suspect it is vulnerable also.

    BB,
    As I understand it the service with systems other than XP provide an option to enable. XP enables messenger service as a default setting, and it is a convenient routine for spyware to jam up someone's system!
     
  7. 2003/05/21
    miniB

    miniB Inactive Thread Starter

    Joined:
    2003/03/21
    Messages:
    489
    Likes Received:
    0
    Hi KenKeith

    Thanks for the info about Gator - thankfully I don't have this. I only ever used on porgram which I regretted - Gozilla with 98se.

    I was very new to the PC then & thought he would help - What a job I had to get rid of him completely.

    As for NetMeeting - I did empty the folder etc BUT just found out today the reason for the port being open. It is fax service that uses this port. I used fax from my PC when using 98se - installed it on my DT with XP - I am going to remove it ( this is easy to do this time )

    The port was probably open before but I didn't know about it.

    I found out when using the Anti-Trojan online scan. I downloaded the software - NO Trojans thankfully. It was the only online Port scan to show these ports to me. Others reported all was OK. The trial version is the full one which allows updates when they are issued during the 14 days. It certainly searches & reports. The online will just check for open ports the program will remove any trojans etc

    Here is the link if you would like to check the Ports on your PC. I am pleased the spy link has been of benefit to you.

    Anti-Trojan Hunter

    Thanks again for your feedback. :)
     
  8. 2003/05/21
    charlesvar

    charlesvar Inactive Alumni

    Joined:
    2002/02/18
    Messages:
    7,024
    Likes Received:
    0
    Most of these downloads occur because of lax Browser settings, specifically those of ActiveX. The default is enable. It should be prompt.

    While SpyBot thru the "immunize" feature does protect against unwanted ActiveX downloads, that protection is against "known" malware purveying sites.

    Regards - Charles
     
  9. 2003/05/21
    miniB

    miniB Inactive Thread Starter

    Joined:
    2003/03/21
    Messages:
    489
    Likes Received:
    0
    Hi

    I have my browser secured to prompt etc Thankfully it seems to be as safe as it can be to allow a fairly quiet browse.

    I have used the check browser privacy - yes - it is amazing what it can reveal about you. I have hopefully made the necessary changes. I don't think I can make it TOTALLY unknown - would be great if I could but then I would probably not be recognised by my ISP :eek:

    I certainly do not allow active scripting/paste etc + the active X downloads. I found a great site which showed just what to change and why.

    SpyBot helped with the datasource security hole.

    I don't think everyone realises that even with a firewall IE can reveal a lot :eek:
     
  10. 2003/05/21
    KenKeith

    KenKeith Inactive

    Joined:
    2002/01/09
    Messages:
    305
    Likes Received:
    0
    "Most of these downloads occur because of lax Browser settings, specifically those of ActiveX. The default is enable. It should be prompt. "

    With medium security, the default for ActiveX is disable for unsigned and disable for not marked safe; prompt for signed; enable for ActiveX and plug-ins and enable for marked safe for scripting. Is there a problem with those settings?
     
  11. 2003/05/21
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    Hi all

    Realy:)
    between SpyBot ,adaware,spywareBlaster, spywareGaurd, a good av program, a good firewall ,adshield (popup blocker)
    and keeping them all updated, seams thats all I do online anymore :eek:

    And they still find ways to get onto our system


    Thanks for the link MiniB, note some consider paypal to be mm
    spyware,or unethical. I read something about that at spybots forum.

    Lonny
     
  12. 2003/05/22
    charlesvar

    charlesvar Inactive Alumni

    Joined:
    2002/02/18
    Messages:
    7,024
    Likes Received:
    0
    Hi KenKeith,

    Your settings sound good to me.

    Its been awhile, I did those settings manually. I also set Java permissions/applets high and prompt for desktop downloads as well.

    Regards - Charles
     
  13. 2003/05/22
    KenKeith

    KenKeith Inactive

    Joined:
    2002/01/09
    Messages:
    305
    Likes Received:
    0
    Thanks to all for the very helpful info. It was necessary to restore the system files to a prior date.
     
  14. 2003/05/24
    miniB

    miniB Inactive Thread Starter

    Joined:
    2003/03/21
    Messages:
    489
    Likes Received:
    0
    Hi KenKeith

    Thought this article would be of interest to you re: Gator !

    Strange I had never heard of this program before you had explained it to me. Now there is another article about it ;)

    GATOR Investigation

    You will be more than relived to have this gone completely. A good eye opener for us all ~ Thanks.
     
  15. 2003/05/26
    KenKeith

    KenKeith Inactive

    Joined:
    2002/01/09
    Messages:
    305
    Likes Received:
    0
    Thanks miniB. Gator is indeed a problem app. Now I learn the downloaded spy finder, Spyware Nuker, that I used to find and delete problem files is itself a problem with its own spyware. Unbelievable!! However, I haven't experienced any further annoying ads that pop-up 3 and 4 times all at the same time.
     
  16. 2003/05/27
    miniB

    miniB Inactive Thread Starter

    Joined:
    2003/03/21
    Messages:
    489
    Likes Received:
    0
    Hi KenKeith

    I read more about Gator :eek: he can even download without you knowing - read about another Bonzi-Buddy - yet more to reall scare me.

    I have since installed SpyBlastor & SpyGuard - have IE armed with both - just to make sure ;)

    I am sure you have heard about these or your own software does the same job. If not let me know & I can give you the links. I am told you can even have Active X enabled and the software will keep anything from downloading itself. I play safe & disable / prompt but also have the software protect :eek:

    I thought I was safe with my Firewall & AV BUT now I know I had to secure IE a lot more ;)

    Will find the links for the software ( which was highly recommended to me ) if you would like to have these ( definitely do not have Spyware with them ..... ) Just post back ;)
     
  17. 2003/05/27
    brett

    brett Inactive Alumni

    Joined:
    2002/01/11
    Messages:
    2,058
    Likes Received:
    0
    KenKeith wrote:

    No, they're fine. IMO, people tend to spend far too much time installing/updating anti-spyware products (sorry, miniB, that wasn't aimed at you!) when simply applying sensible security settings within IE is perfectly sufficient to prevent the installation of unwanted foistware. SpywareBlaster, for example, is a completely pointless program which, assuming IE's security defaults have been set to (at least) Medium, does nothing (NOTHING!) other than prevent the appearance the occasional dialogue box ( "Do you wish to install and run <insert the name of your favourite foistware here>? ").
     
  18. 2003/05/27
    miniB

    miniB Inactive Thread Starter

    Joined:
    2003/03/21
    Messages:
    489
    Likes Received:
    0
    Hi Brett

    Thanks for this info. I presume Spyblaster is really only for those who do not have their browser configured properly ?

    I am a bit confused about spyblaster & spyguard etc It is like having an army on the Internet :eek:

    I certainly don't want to keep an unnecessary program running if it is not doing anything. If it is not doing anything - is it safe just to uninstall ?

    One other thing - do you think it is a good idea to have a separate anti-trojan hunter program ?
    I have NIS 2003 and have used the trial version of anti-trojan hunter just to check my PC for anything ( it did not find any trojans .... )

    The trial has just expired and I am wondering if I should purchase it or would it be OTT also ? Symantec have told me that I do not need a separate program but reading other posts it seems to be the opinion that one program cannot do everything i.e check for viruses / worms & trojans.

    I need to feel secure but at the same time I do not want things which I really don't need. I would be very grateful if you had an opinion on this.

    Hope you don't mind this extra question :eek: Thank you in advance
     
  19. 2003/05/27
    brett

    brett Inactive Alumni

    Joined:
    2002/01/11
    Messages:
    2,058
    Likes Received:
    0
    ... or those who are incautious when installing new software. I suppose it could be of some use to those who have kids who might be tempted to click the button to "install and run" (SpywareBlaster will prevent them from seeing the button!). 'Tis otherwise pretty worthless though, IMO.

    Perfectly. I'd suggest that you deselect the kill bits prior to uninstallation (I'm not sure whether this is necessary - but better safe than sorry).

    Hmmm. Dunno. AV's do detect trojans and some are better at it than others; in fact, some tests have shown that AV's have better trojan detection capabilities than the majority of AT's (but most tests show otherwise). I suppose the answer to your question really depends on how (and by whom) your computer is used - if you have midget sociopaths (AKA children) exchanging files over P2P networks or through IRC, then you need all the protection you can get; OTOH, if it's just you (a cautious user who's careful about where (s)he obtains downloads, doesn't open attachments from unknown sources, etc, etc), then an AV is probably sufficient. BTW, I have never heard of the AT which you are using so have no idea as to whether or not it's viewed as being an effective product. BOClean is probably the most respected (and easy-to-use) AT product (there's no demo available - but they do offer a no quibble money-back guarantee).

    These are only my opinions - I'm sure that others shall feel differently!
     
    Last edited: 2003/05/27
  20. 2003/05/28
    miniB

    miniB Inactive Thread Starter

    Joined:
    2003/03/21
    Messages:
    489
    Likes Received:
    0
    Thank you for the very detailed reply :)

    After reading the details - I know for sure I would be safe as I am the only one who uses the computer and would in no way click to download etc unless I had gone to get a download.

    I was just alarmed when someone told me that things can download without asking :eek:

    I really appreciate the 'better safe than sorry' tip about uninstalling as I did wonder if this should be done first. I will play on the safe side ;)

    Thank you for the other link for BOClean ~ I note it is mentioned quite a bit on BBS. Will investigate this.

    I downloaded from anti-trojan.net - I had used their online scan and it was the only one who found a possible Trojan port on my DT pc. I had none on my LT. The program itself will search for Trojans & remove them. There is also an AT guard - I did not run this as I had read that Symantec actually use this technology for their trojan security.

    The trial is over but I still haven't decided what to do as I defintely do not have any Trojans & have since found which program used the port & have it disabled now.

    I guess this all troubles me as I am very aware of security thus would most likely be OK as I don't go to dodgy sites nor do I download unknowns. I have my Firewall with AV etc & now lots more to contemplate !

    I really do appreciate your ' extra mile' help to me. Thank you very much :) Certainly BBS has great help on board with detail ;)
     
  21. 2003/05/28
    KenKeith

    KenKeith Inactive

    Joined:
    2002/01/09
    Messages:
    305
    Likes Received:
    0
    If one is very careful, brett's observation and conclusion that settings are effective has merit, but to be alarmed about downloads are not unwarranted.

    All to often relevant information to downloads are obscure and creative. After I was apprised of Spyware Nuker, I carefully read the licensing agreement. It asks for the agreement and discloses in small print there will be an added value app to enable the program to be abreast of any changes for a more effective protection. Now, I have learned value added app means spyware!!

    Another example, I must have inadvertently downloaded something that enabled Xupitor to take over my home page. I seldom go the home page, but it had been MSN (thought MSN made a change!). It kept appearing and sometimes it took my computer to the home page. From that page somehow Lot.com (****) got into the system with pop-ups and Xupitor probably played a role in the many other pop-ups and the pop-ups enabled other pop-ups. It esculated to an manageable situation very quickly.

    Ad-Aware and Nuker did not reveal Gator as a problems but didn't go deep enough to entirely rid Xupitor or Lot.com; Spybot did the job effectively. The nusiance is becoming very creative, and if what I have experienced could that be very much different from stealing passwords to secure sites?!
     
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.