INFOWORLD GRIPE LINE BY ED FOSTER Bookmark this page

  
Display: Sort:
Permission to Spy | 65 comments (65 topical) | Post A Comment
Hard to remove![ Parent | Reply to This ] (none / 0) (#4)
by pfaut on Mon May 31, 2004 at 06:51:49 AM PDT

Why, if this is all above board, is it so hard to remove?

My sister came over yesterday for a Memorial Day weekend barbecue. Unfortunately, we weren't able to spend a whole lot of time together. Her PC got infected with spyware/adware recently and she brought it along to see if I could eradicate it for her.

She had one spyware removal program which identified several packages installed on her machine and supposedly removed them. Next reboot, they were back. I downloaded another spyware removal tool and went through the same process again. Next reboot, they were all back.

I set her Norton firewall to its strictest settings and rebooted the machine. It didn't appear to be stopping anything before that. At this point, armed with a list of program names that were attempting to access the internet, we searched disk and registry for any references to those programs and removed them. By the time she left, I think we had removed enough so they weren't activating at boot time anymore. I'm sure there are still traces that remain.

The removal tools may find all traces of the programs but fail to find the installer programs. There's so much cruft in the Windows registry that it's very hard to tell what belongs and what doesn't. Tracing what runs at Windows startup and login is next to impossible. There are so many places for these things to hide to avoid detection.

I tried to make her a bit more paranoid about what she'll allow on her computer and told her a few things she could do to research things she might like to install. I'm still worried that she'll contract something else due to the sleazy way they attach to innocent sounding things or even real legitimate programs.

So my sister was at my house for about 7 hours and out of that we might have spent 2 away from her computer. As far as I'm concerned, whoever writes or distributes these things is guilty of everything a virus or worm writer could be charged with. There's absolutely no legitimate purpose for these things.



[ Parent | Reply to This ]


Help in finding startup programs[ Parent | Reply to This ] (none / 0) (#6)
by Anonymous User on Tue Jun 01, 2004 at 10:25:27 AM PDT

There are two handy utilities I use to find and control what is trying to run when my computer boots up or when I log in. They both search all the possible locations (except Services - those are easily controlled through the Control Panel) and allow you to disable their start-up run. Having one or both of these in your standard toolbox goes a long way to squashing the spyware and adware that plagues many windoze PCs these days. StartStop (TFI-Technology) <http://www.tfi-technology.com/startstop> Startup Control Panel <http://www.mlin.net/StartupCPL.shtml> Here are some others that purport to do the same thing, but I haven't tried them personally: Startup Cop <http://www.pcmag.com/article2/0,1759,1554244,00.asp> Startup Monitor <http://www.mlin.net/StartupMonitor.shtml>

[ Parent | Reply to This ]


registry cruft -- no longer a problem[ Parent | Reply to This ] (none / 0) (#7)
by Reziac on Tue Jun 01, 2004 at 11:26:49 AM PDT

Get a copy of ToniArts' Easycleaner, and run it religiously once a week. There is a v2.x out now (see http://personal.inet.fi/business/toniarts/ecleane.htm), but I prefer old v1.7 (eclea1_7*.exe, do a search and assorted download sites will come up. If all else fails, use filesearching.com ... I love the Russians, they never throw away anything :)

Be sure to exclude "norton" and "help", but you can safely let it nuke any other invalid registry entries it finds. I have hand-vetted what it wants to delete, and have never seen the registry cleaning part make a mistake; in any event it keeps undo files for the paranoid. It can be used on any Win9*/ME/2K/XP system.

The Start Menu cleaner component is also very good. However, the duplicate files finder component is buggy, so I recommend you don't use it.

[sorry if this got posted twice; had a connection glitch]

~REZ~
[ Parent | Reply to This ]



P.S. re toniarts[ Parent | Reply to This ] (none / 0) (#8)
by Reziac on Tue Jun 01, 2004 at 12:05:48 PM PDT

DON'T get suckered by "toniarts.com" or any of their many partners -- they hijacked Toni Helenius' original site and programs, and are now selling the programs and "site subscriptions" without Toni's permission. I'm sure there must be grounds for a lawsuit or even a criminal prosecution, if someone with the resources were to pursue it.

[And goes to show the danger of not owning your domain name outright -- it was evidently registered by the hosting company, not by Toni.]
~REZ~
[ Parent | Reply to This ]



Permission to Spy | 65 comments (65 topical) | Post A Comment
Display: Sort:

Menu
· create account
· faq
· search

Login
Make a new account
Username:
Password:

 HOME  NEWS  COLUMNS  BLOGS  PODCASTS  TECHNOLOGIES  TEST CENTER  EVENTS  CAREERS  IT EXEC-CONNECT   About Awards Contact Us 

Copyright © 2006, Reprints, Permissions, Licensing, IDG Network, Privacy Policy.
All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses,
phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services.

 ComputerWorld :: LinuxWorld :: Network World :: CIO :: PC World :: Darwin :: CMO :: CSO
IT Careers :: JavaWorld :: Macworld :: Mac Central :: Playlist :: GamePro :: GameStar :: Gamerhelp
ITWorld Canada :: Computerwoche :: Techworld UK :: tecChannel :: IDG.se :: IDG.no :: IDG.pl

create account | faq | search