# Spyware attacks



## DonLandis (Dec 17, 2003)

Is it just me or has spyware attacks escalated this past week?

I had to disable many of the Google toolbars this past week as they seem to be the attractor of a number of ad campaigns which are opening my IE6 and launching various downloads of adware. One of the top annoying ads is for "Winantivirus" I spoke to a number of people this past week and all have been getting hit with this particular ad, including the Trojan worms.

My original spyware protection gave up the ship (Spysweeper) and did nothing on this stuff. My short research led me to PCTOOLS Spyware Doctor ($29.95)which did get rid of it but the attacks keep coming and Spyware doctor puts them in check. While logged on to this site, I have received over 570 attacks by this winantivirus ad campaign just today. BTW- winantivirus is not a real virus protector but more of another virus you pay for that makes things worse according to may reports.

By chance, am I doing something wrong? Is there another way to stop this?


----------



## Bogy (Mar 23, 2002)

I use Firefox most of the time, and that seems to help considerably with the popups. I do use the google toolbar on three different computers, and have not noticed a provblem there. What seems to be working for me is AVG for my virus protection and CCleaner. I run CCleaner at least every few days on each computer, and sometimes every day. Occasionally I run Adaware, Spywareblaster or Hijack This, but they never find anything of consequence since using CCleaner regularly. AVG did pick up two trojan worms last week and got rid of them. That was the first time AVG had picked up anything in months. One handy tool I have been using is McAfee Site Advisor. Its a plugin for FF. I wouldn't install McAfee for my virus scanner, but Site Advisor gives you a rating on the likelihood of websites that will install spyware. An icon in the bottom corner of the screen changes color to tell you the safety of the site you are currently on, and when you google it will give you ratings on the sites that are offered. I went to a few sites recently that Site Advisor warned me about, but they had information I wanted, so I risked it. Probably where I picked up the worms.


----------



## Cholly (Mar 22, 2004)

Don: This morning, I received the latest pdf copy of the newsletter of a computer club I've belonged to for some 20 years. In it, there was an article about spyware problems not caught by either AdAware or Spybot. The author tried two free products, both of which he recommends. The first is from AOL -- www.daol.aol.com/safetycenter/spyware -- and it eliminated a problem not found by either of the two previous programs. One caveat: you do have to sign up for it, giviing a lot of information, and also refuse other products they offer.
The second is from our friends at Microsoft - Windows Defender - and you can get it from www.windowsdefender.com

I haven't tried either of these products myself as yet. On my own computers, I use Firefox as my browser and Gmail is my email client. The computer I use most has Norton Internet Security installed. My laptop and secondary desktop computer both are using ZoneAlarm Pro, which in its latest incarnation also has an antispyware agent.


----------



## Bogy (Mar 23, 2002)

I have tried Windows Defender, and finally removed it from my computers. It slowed things down significantly, and wasn't finding anything the other measures I have described were catching.


----------



## DonLandis (Dec 17, 2003)

The PC Tools product seems to be working much better than spy sweeper which had been fine up until this past week. I stuill have one issue I doscovered that I need to clean out. There is an adware tracker in my registry. What it is doing now is launching my broaswe and going to various web sites. Since I come here often it apparently decided I like DBS and now launches IE which gors to a satellite online store for DBS hardware. Earlier I went to a link from the other forum to watch a YouTube video and soon up popped another IE window with a web site for refinancing my home. The PCTools product narrowed it to three lines of code in the registry. They sell that tool separately. Oh the cost of security these days! Glad this is my business! 

This morning I spoke to two of my clients who are getting hit with these same symptoms of IE popup windows going to some online store or web commerce site. 

I still wonder if this is a Google plant. 

Bogy- I still use AVG on all my computers. But, that seems to be good only for e-mail screening and any media virus scan, not for adware / spyware.


----------



## DonLandis (Dec 17, 2003)

Update- Well, it took me several days of Spyware detective work and I believe I finally got rid of the root cause of who planted this nasty Trojan on my system. It appears that the Google Toolbar freeware I began using some time ago without incident finally blossomed into the trojan horse that it was. After removing it and all it's remnants, approximately 26 files burried mostly in the windows system 32 folder onder disguise names, I was able to stop the insidious takeover of IE6 browser control. 

Typical issues would be, open up a web site such as dbstalk and shortly, I would get bomb barded with all sorts of online advertising for satellite hardware stores. I even got an ad for Subscribing to Dish Network. Hundreds of browser pages would open on their own. PC TOOLS spy doctor and Spy Sweeper would go to work and after a scan, quarantine them but I still had this root cause Trojan that continued to resurface. If I went to a website such as GNC general Nutrician center, I would get hundreds of health food related online ads open up. I even got sound files which, without any browser would begin to announce through my speakers radio style ads, one after another. I couldn't shut this off except to kill the speakers! When this first happened it sounded like a voice from God, trying to hypnotise me. Very creative but more so annoying. 

Finally, I suspected this was a Google move and decided to just shut down the Google toolbar. No real evidence but just a hunch. I killed all references to the Google tool bar and the associated files planted around my windows folders and manually deleted all references in the registry. This wasn't easy. I think I spent over 6 hours of work doing this as I could find no easy tool, just a way to detect the results and quarantine after the fact. 

Interestingly, I also got an e-mail during the process, from Google wanting to know why I shut them down. Can you believe their arrogance? I'd post my reply here but the dbstalks doesn't permit such language! 

I don't know what triggers the toolbar into action and starts the spy websearch tracking, keyloggers and such to bomb bard you with ads, but I do know that once you completely eliminate the Google toolbar and all files that software installs and all references to it in the registry, the trojan attacks will stop. At least I have been attack free now for 24 hours. 

If some of you are using Google Toolbar without incident, just know that I also did for, probably 6 months or so, and then one day last week, Bang! my computer went nuts. Spy sweepers and other tools would shut it down for a few minutes but not cure it. All these tools would do was chase the results.


----------



## CoriBright (May 30, 2002)

No popups here.. but no Google toolbar either. IE7 with the eBay toolbar.

Interesting though, I'll keep a look out for folks who experience something similar and ask.


----------



## DonLandis (Dec 17, 2003)

Update- So far, day and night difference, got rid of Google toolbar and no more attacks. Been working with my production team these past few days and all of them have the same problem with their computers. One non- tech guy said he just lets about 20 instances of google ads open and then minimizes them. ASfter about a dozen or so it stops. He then works that way. I asked him- doesn't your computer slow down? He said I guess so but at least the google ads stop. What a way to put up with this attack. Glad I got rid of mine but I miss the nice features Google offered in the tool bar. 
IT came preinstalled on my new laptop and I deleted it before it could do its nasty deeds.


----------



## quizzer (Aug 29, 2006)

can you guys tell me which one of the three suit is best for internet security:

ZONEALARM internet security suit 6.5
McAffee suit
Norton suit

Thanks


----------



## Nick (Apr 23, 2002)

I use ZA Pro with excellent results.


----------



## TBoneit (Jul 27, 2006)

Do what I do and just avoid toolbars.


----------



## JM Anthony (Nov 16, 2003)

Don, thanks for the timely post. Time for me to do some housekeeping so I can avoid the same problems.

John


----------



## ultranet (Oct 27, 2006)

i use antivir for virus and xoft spyware for spyware , adware, trojans etc..


----------



## Steve Mehs (Mar 21, 2002)

I still have never had a virus or spyware of anysort in now 11 years of computing and haven't received any spam on my main email account in over two years. I haven't used antivirus software since 2003, I just stopped using Zone Alarm Pro. The new versions have become so bloated and slow my machine down too much for my liking. I'm behind a router, have Windows Firewall enabled, keep Automatic Updates on so I’m always fully patched. Weekly scans with Ad Aware Pro and Windows Defender yield nothing but cookies. 

I don’t use toolbars or customizations on anything. I use all software stock. I browse the Internet with Internet Explorer, Outlook is my email client. I have millions of webmail accounts, but the only one I ever check on is my Yahoo account. All personal email from friends and family are on my RR email, along with TRUSTED companies, Visa, AMEX, TW Cable, Amazon, etc. 

Other then porn, punching the monkey, clicking yes to everything you see and entering your email address on every web form, I really don’t how people actually get virus’ and spyware.


----------



## sixr (Aug 18, 2006)

Steve Mehs said:


> Other then porn, punching the monkey, clicking yes to everything you see and entering your email address on every web form, I really don't how people actually get virus' and spyware.


Its pr0n surfing that gets most of them. AVG has kept tham all at bay since the last escalation in attacks a few months ago.


----------



## Cholly (Mar 22, 2004)

Steve: Seeing that you get email from friends and family, you still have the potential to have your computer infected. You apparently have been very lucky so aara.


----------

