Thread: Ask Windows XP Expert Walter Clayton About Spyware
View Single Post
  #74  
Old August 20th 04, 08:13 PM
Walter Clayton
external usenet poster
  
Posts: n/a
Default Ask Windows XP Expert Walter Clayton About Spyware
Oops. I see the mistake. It's http://www.silentrunners.org !!

--
Walter Clayton - MS MVP(WinXP)
Associate Expert
http://www.microsoft.com/windowsxp/expertzone
Any technology distinguishable from magic is insufficiently advanced.
http://www.dts-l.org
http://support.microsoft.com/servicedesks/fileversion/default.asp|


"Outsource Victim #21199374"
wrote in message
...
Thanks Walter.
Does anyone know what happened to silentrunners.org web site? It seems to
be
having a problem all day today. If I could get to that site, I'd like to
add
their tools to my arsenal of spyware/adware/malware/crapware/foistware
utilities. I'll try again later.

"Walter Clayton" wrote:

What Ronnie said. :-)

The script "silent runners.vbs" from http://www.siltenrunners.org
identifies
anything unusual in this registry key. Since the core OS isn't dependant
on
anything being launched there, doing a rename is safe. At most the
functionality of a legitimate app may be impacted, but doing renames
instead
of deletes makes it relatively easy to back out.

--
Walter Clayton - MS MVP(WinXP)
Associate Expert
http://www.microsoft.com/windowsxp/expertzone
Any technology distinguishable from magic is insufficiently advanced.
http://www.dts-l.org
http://support.microsoft.com/servicedesks/fileversion/default.asp|


"Outsource Victim #21199374" Outsource Victim
wrote in message
...
Walter,

I recently found some information regarding how some spyware/adware may
use
the AppInit_DLLs registry value to load their DLLs. I checked several
non-infected machines and noticed that this particular registry value
was
null on all that I checked:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs = {blank}

Obviously, Microsoft placed this registry value there for a reason.
What
might typically be a legitimate use of this value? I'm just trying to
make
sure that I do not take out something that belongs. Just to be safe, I
typically just rename a copy of the registry key with its original
value.
But my curiosity compels me about this one.

"Walter Clayton" wrote:

Generally all I use is AdAware first followed by SpyBot. There's a lot
of
overlap in the two tools, but they also concentrate on non-overlapping
areas. It's also wise to follow up with installing SpywareBlaster.
None
of
these require run time presences although SpyBot will offer to install
such.
No harm in doing so and in some instances, especially with multi-user
machines, a necessity. The biggest issue is remembering to run them
periodically after checking for updates. The latter is one of the
reasons,
other than not changing usage habits, that people get reinfected. It's
easier to avoid being click happy than it is to clean up the mess
afterwards.

There are instances where AdAware/SpyBot may be neutralized or unable
to
clean something. I handle those on a case by case basis since you're
looking
at going with some highly specialized tools that if misused will leave
the
machine unbootable (note that there is a nasty that the current
version
of
AdAware had been cleaning incorrectly that would make it impossible to
log
on to the machine without taking corrective action).

Depending on your level of expertise there are some tools that
circumvent
issues with removing nasties that are resident in memory even in safe
mode.
If an XP machine is being disinfected I use a bootable CD created
using
Bart's tools with fully updated AdAware, Trendmicro, McAfee and
Kaspersky
tools (all free versions) incorporated. This also allows me to correct
any
registry issues on the host machine without any major hassles other
than
knowing what parts of the registry need be hacked. The reason I
include
and
run AV scanners is generally if some one has a load of spyware it's
not
unusual they'll have nastier stuff as well.

--
Walter Clayton - MS MVP(WinXP)
Associate Expert
http://www.microsoft.com/windowsxp/expertzone
Any technology distinguishable from magic is insufficiently advanced.
http://www.dts-l.org
http://support.microsoft.com/servicedesks/fileversion/default.asp|


"Andrew" wrote in message
...


I already know what Spyware can do and all to your computers but
what
is
the best Spyware and Ad-aware remover programs out there I'm using
Spybot
1.3 and Ad-aware 6.0 from Lavasoft and I heard having two good
Spyware
and Ad-aware remover programs that it will remove about 90% of
Spyware
and Ad-aware off your computer and keep it out.
Ads