If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#61
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
Walter,
I recently found some information regarding how some spyware/adware may use the AppInit_DLLs registry value to load their DLLs. I checked several non-infected machines and noticed that this particular registry value was null on all that I checked: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs = {blank} Obviously, Microsoft placed this registry value there for a reason. What might typically be a legitimate use of this value? I'm just trying to make sure that I do not take out something that belongs. Just to be safe, I typically just rename a copy of the registry key with its original value. But my curiosity compels me about this one. "Walter Clayton" wrote: Generally all I use is AdAware first followed by SpyBot. There's a lot of overlap in the two tools, but they also concentrate on non-overlapping areas. It's also wise to follow up with installing SpywareBlaster. None of these require run time presences although SpyBot will offer to install such. No harm in doing so and in some instances, especially with multi-user machines, a necessity. The biggest issue is remembering to run them periodically after checking for updates. The latter is one of the reasons, other than not changing usage habits, that people get reinfected. It's easier to avoid being click happy than it is to clean up the mess afterwards. There are instances where AdAware/SpyBot may be neutralized or unable to clean something. I handle those on a case by case basis since you're looking at going with some highly specialized tools that if misused will leave the machine unbootable (note that there is a nasty that the current version of AdAware had been cleaning incorrectly that would make it impossible to log on to the machine without taking corrective action). Depending on your level of expertise there are some tools that circumvent issues with removing nasties that are resident in memory even in safe mode. If an XP machine is being disinfected I use a bootable CD created using Bart's tools with fully updated AdAware, Trendmicro, McAfee and Kaspersky tools (all free versions) incorporated. This also allows me to correct any registry issues on the host machine without any major hassles other than knowing what parts of the registry need be hacked. The reason I include and run AV scanners is generally if some one has a load of spyware it's not unusual they'll have nastier stuff as well. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "Andrew" wrote in message ... I already know what Spyware can do and all to your computers but what is the best Spyware and Ad-aware remover programs out there I'm using Spybot 1.3 and Ad-aware 6.0 from Lavasoft and I heard having two good Spyware and Ad-aware remover programs that it will remove about 90% of Spyware and Ad-aware off your computer and keep it out. |
Ads |
#62
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
Outsource Victim #21199374 wrote:
Walter, I recently found some information regarding how some spyware/adware may use the AppInit_DLLs registry value to load their DLLs. I checked several non-infected machines and noticed that this particular registry value was null on all that I checked: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs = {blank} Obviously, Microsoft placed this registry value there for a reason. What might typically be a legitimate use of this value? I'm just trying to make sure that I do not take out something that belongs. Just to be safe, I typically just rename a copy of the registry key with its original value. But my curiosity compels me about this one. Found this on the MSDN website. quote Application Global Classes An application global class is a window class registered by an executable or dynamic-link library (DLL) that is available to all other modules in the process. For example, your .dll can call the RegisterClassEx function to register a window class that defines a custom control as an application global class so that a process that loads the .dll can create instances of the custom control. Windows NT/Windows 2000/Windows XP: To create a class that can be used in every process, create the window class in a .dll and load the .dll in every process. To load the .dll in every process, add its name to the AppInit_DLLs value in following registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows Whenever a process starts, the system loads the specified .dll in the context of the newly started process before calling its entry-point function. The .dll must register the class during its initialization procedure and must specify the CS_GLOBALCLASS style. For more information, see Class Styles. To remove an application global class and free the storage associated with it, use the UnregisterClass function. /quote About Window Classes (Windows User Interface): http://msdn.microsoft.com/library/en...asp?frame=true Or http://tinyurl.com/69na8 -- Regards, Ronnie Vernon Microsoft MVP Windows Shell/User Please reply to the newsgroup so all may benefit. http://www.dts-l.org http://www.mvps.org |
#63
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
What Ronnie said. :-)
The script "silent runners.vbs" from http://www.siltenrunners.org identifies anything unusual in this registry key. Since the core OS isn't dependant on anything being launched there, doing a rename is safe. At most the functionality of a legitimate app may be impacted, but doing renames instead of deletes makes it relatively easy to back out. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "Outsource Victim #21199374" Outsource Victim wrote in message ... Walter, I recently found some information regarding how some spyware/adware may use the AppInit_DLLs registry value to load their DLLs. I checked several non-infected machines and noticed that this particular registry value was null on all that I checked: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs = {blank} Obviously, Microsoft placed this registry value there for a reason. What might typically be a legitimate use of this value? I'm just trying to make sure that I do not take out something that belongs. Just to be safe, I typically just rename a copy of the registry key with its original value. But my curiosity compels me about this one. "Walter Clayton" wrote: Generally all I use is AdAware first followed by SpyBot. There's a lot of overlap in the two tools, but they also concentrate on non-overlapping areas. It's also wise to follow up with installing SpywareBlaster. None of these require run time presences although SpyBot will offer to install such. No harm in doing so and in some instances, especially with multi-user machines, a necessity. The biggest issue is remembering to run them periodically after checking for updates. The latter is one of the reasons, other than not changing usage habits, that people get reinfected. It's easier to avoid being click happy than it is to clean up the mess afterwards. There are instances where AdAware/SpyBot may be neutralized or unable to clean something. I handle those on a case by case basis since you're looking at going with some highly specialized tools that if misused will leave the machine unbootable (note that there is a nasty that the current version of AdAware had been cleaning incorrectly that would make it impossible to log on to the machine without taking corrective action). Depending on your level of expertise there are some tools that circumvent issues with removing nasties that are resident in memory even in safe mode. If an XP machine is being disinfected I use a bootable CD created using Bart's tools with fully updated AdAware, Trendmicro, McAfee and Kaspersky tools (all free versions) incorporated. This also allows me to correct any registry issues on the host machine without any major hassles other than knowing what parts of the registry need be hacked. The reason I include and run AV scanners is generally if some one has a load of spyware it's not unusual they'll have nastier stuff as well. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "Andrew" wrote in message ... I already know what Spyware can do and all to your computers but what is the best Spyware and Ad-aware remover programs out there I'm using Spybot 1.3 and Ad-aware 6.0 from Lavasoft and I heard having two good Spyware and Ad-aware remover programs that it will remove about 90% of Spyware and Ad-aware off your computer and keep it out. |
#64
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
"Chris Norred [MSFT]" wrote: Hello and welcome to our first Ask-the-Experts discussion, moderated by the Windows XP Expert Zone Community. This is a new trial effort and our goal is to make it easy for you to ask questions and find answers on a specific topic from a recognized expert in the online community. We’ll continue this discussion in the newsgroups for one week and our volunteer expert will select one or two questions each day and respond. Other experts and users online may also chime in with advice. At the end of the week, we hope to have a single thread filled with good information that can be preserved for the benefit of other users in the future. This week, our expert host is volunteer MVP Walter Clayton who will be discussing the topic of spyware and adware and his experience helping users in the newsgroups deal with spyware issues. Walter is an IT professional from Frankfort, Kentucky. He is a self-trained computing pro with 20 years of experience, and he has been helping people in the online community for many years. Walter is a recipient of the Microsoft Most Valuable Professional (MVP) award for his volunteer efforts helping Windows users over the past five years. A quote from Mr. Clayton: “I enjoy working the newsgroups because it forces me to think and learn. Everyday I get a slightly different perspective on something or see a new situation or problem. There is also the challenge of keeping communication skills sharp. Determining the answer to a problem, and communicating it in the newsgroups can present its own set of challenges, especially at times when the wrong answer can leave the user in a no-boot situation.” Our Ask the Experts discussion is different from the live chats hosted on the Windows XP Expert Zone Community site (http://communities2.microsoft.com/ho...iteid=34000077). In these discussions, you may not get an immediate answer. The hosts will check-in at a time convenient for them and answer questions. You can post a question any time. Then you may want to add the discussion to your Favorites list in Internet Explorer (Click Favorites, and then click Add to Favorites). You should check back later in the day, or the next day, to see if your question has been answered. Click the Refresh button to see if any new posts were added while you have been reading. If you’re more comfortable using Outlook Express or another newsreader, please do. To post a question or reply in this discussion, using the Web-based newsgroup reader: 1. Click Reply. 2. If prompted, sign in with your .NET Passport. 3. Edit the subject line if you like. 4. In the Reply form, type your message or question in the Message box. 5. Review the text you typed in the Body box to make sure it says what you want; you cannot revise your message after you click Post. 6. To receive e-mail notification when someone posts to this thread, select the Notify me of replies check box. 7. Click Send. This is a new trial effort and your feedback and assistance are appreciated. We’ll keep links to these discussions in the Windows XP Expert Zone Community Columns Archive (http://www.microsoft.com/windowsxp/e...s/archive.mspx). Truly Chris Norred Editor Windows XP Expert Zone Community |
#65
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
Recently I have been hounded by this search assisstant hijacker, and a
related one called Shopping wizard. It has disabled MS explorer, amongst other things. Also seems to be able to manipluate Spybot. They both show up in the "add/remove" control panel and lead to an URL with no .isu file they cannot be uninstalled. Oh, and here's where it gets really nasty, I reinstalled XP, and there it was again, in the Windows directory, just a collection of .dll's and an .lex file. The file folder cannot be deleted, or if you are successful, wait 5 seconds and it respwans. Is this some MS programmer's "Easter Egg"? By the way Norton does not catch it in a virus sweep. I tied the file to these .exe's using fileAlyzer: wuauclt.exe,lsass.exe,smss.exe,alg.exe, and I suspect it also has claws in a few others. Can you help? |
#66
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
"Michel" wrote: "Walter Clayton" wrote: Generally all I use is AdAware first followed by SpyBot. There's a lot of overlap in the two tools, but they also concentrate on non-overlapping areas. It's also wise to follow up with installing SpywareBlaster. None of these require run time presences although SpyBot will offer to install such. No harm in doing so and in some instances, especially with multi-user machines, a necessity. The biggest issue is remembering to run them periodically after checking for updates. The latter is one of the reasons, other than not changing usage habits, that people get reinfected. It's easier to avoid being click happy than it is to clean up the mess afterwards. There are instances where AdAware/SpyBot may be neutralized or unable to clean something. I handle those on a case by case basis since you're looking at going with some highly specialized tools that if misused will leave the machine unbootable (note that there is a nasty that the current version of AdAware had been cleaning incorrectly that would make it impossible to log on to the machine without taking corrective action). Depending on your level of expertise there are some tools that circumvent issues with removing nasties that are resident in memory even in safe mode. If an XP machine is being disinfected I use a bootable CD created using Bart's tools with fully updated AdAware, Trendmicro, McAfee and Kaspersky tools (all free versions) incorporated. This also allows me to correct any registry issues on the host machine without any major hassles other than knowing what parts of the registry need be hacked. The reason I include and run AV scanners is generally if some one has a load of spyware it's not unusual they'll have nastier stuff as well. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "Andrew" wrote in message ... I already know what Spyware can do and all to your computers but what is the best Spyware and Ad-aware remover programs out there I'm using Spybot 1.3 and Ad-aware 6.0 from Lavasoft and I heard having two good Spyware and Ad-aware remover programs that it will remove about 90% of Spyware and Ad-aware off your computer and keep it out. |
#67
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
Hi!
i have follows Problem: Der Übersetzer für Netzwerkadressen (NAT) konnte keine Anfrage des Übersetzungsmoduls des Kernelmodus stellen. Möglicherweise liegen eine falsche Konfiguration, unzureichende Ressourcen oder ein interner Fehler vor. Die Daten enthalten den Fehlercode. Mistake Nr is : 32003 Can you help me?? Thanks dagi "Michel" wrote: "Walter Clayton" wrote: Generally all I use is AdAware first followed by SpyBot. There's a lot of overlap in the two tools, but they also concentrate on non-overlapping areas. It's also wise to follow up with installing SpywareBlaster. None of these require run time presences although SpyBot will offer to install such. No harm in doing so and in some instances, especially with multi-user machines, a necessity. The biggest issue is remembering to run them periodically after checking for updates. The latter is one of the reasons, other than not changing usage habits, that people get reinfected. It's easier to avoid being click happy than it is to clean up the mess afterwards. There are instances where AdAware/SpyBot may be neutralized or unable to clean something. I handle those on a case by case basis since you're looking at going with some highly specialized tools that if misused will leave the machine unbootable (note that there is a nasty that the current version of AdAware had been cleaning incorrectly that would make it impossible to log on to the machine without taking corrective action). Depending on your level of expertise there are some tools that circumvent issues with removing nasties that are resident in memory even in safe mode. If an XP machine is being disinfected I use a bootable CD created using Bart's tools with fully updated AdAware, Trendmicro, McAfee and Kaspersky tools (all free versions) incorporated. This also allows me to correct any registry issues on the host machine without any major hassles other than knowing what parts of the registry need be hacked. The reason I include and run AV scanners is generally if some one has a load of spyware it's not unusual they'll have nastier stuff as well. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "Andrew" wrote in message ... I already know what Spyware can do and all to your computers but what is the best Spyware and Ad-aware remover programs out there I'm using Spybot 1.3 and Ad-aware 6.0 from Lavasoft and I heard having two good Spyware and Ad-aware remover programs that it will remove about 90% of Spyware and Ad-aware off your computer and keep it out. |
#68
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
Zyklon -B wrote:
Recently I have been hounded by this search assisstant hijacker, and a related one called Shopping wizard. It has disabled MS explorer, amongst other things. Also seems to be able to manipluate Spybot. They both show up in the "add/remove" control panel and lead to an URL with no .isu file they cannot be uninstalled. Oh, and here's where it gets really nasty, I reinstalled XP, and there it was again, in the Windows directory, just a collection of .dll's and an .lex file. The file folder cannot be deleted, or if you are successful, wait 5 seconds and it respwans. Is this some MS programmer's "Easter Egg"? By the way Norton does not catch it in a virus sweep. I tied the file to these .exe's using fileAlyzer: wuauclt.exe,lsass.exe,smss.exe,alg.exe, and I suspect it also has claws in a few others. Can you help? As you have seen, this parasite is a particularly nasty one. I would not recommend trying to get rid of it without some expert one-on-one help. Go to the following URL and download the Hijackthis.zip file. Expand the zip file and run setup to install the program. http://aumha.org/downloads/hijackthis.zip Next, go to this website and click on the Register link at the top of the page (Free). Read the "Announcement: INSTRUCTIONS FOR POSTING HJT LOGS HERE" at the top of the topics list and follow the instructions. AumHa Forums: http://forum.aumha.org/viewforum.php?f=30 Run a scan with Hijackthis and copy the log results. Paste the log to the Hijackthis forum, in a new thread, including the details of the problem. -- Ronnie Vernon Microsoft MVP Windows Shell/User |
#69
|
|||
|
|||
I need help!
My disc drive dosen't show up, at all, what should I do?
P.S. Only 11, need help fast! |
#70
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
"Michel" wrote: "Walter Clayton" wrote: Generally all I use is AdAware first followed by SpyBot. There's a lot of overlap in the two tools, but they also concentrate on non-overlapping areas. It's also wise to follow up with installing SpywareBlaster. None of these require run time presences although SpyBot will offer to install such. No harm in doing so and in some instances, especially with multi-user machines, a necessity. The biggest issue is remembering to run them periodically after checking for updates. The latter is one of the reasons, other than not changing usage habits, that people get reinfected. It's easier to avoid being click happy than it is to clean up the mess afterwards. There are instances where AdAware/SpyBot may be neutralized or unable to clean something. I handle those on a case by case basis since you're looking at going with some highly specialized tools that if misused will leave the machine unbootable (note that there is a nasty that the current version of AdAware had been cleaning incorrectly that would make it impossible to log on to the machine without taking corrective action). Depending on your level of expertise there are some tools that circumvent issues with removing nasties that are resident in memory even in safe mode. If an XP machine is being disinfected I use a bootable CD created using Bart's tools with fully updated AdAware, Trendmicro, McAfee and Kaspersky tools (all free versions) incorporated. This also allows me to correct any registry issues on the host machine without any major hassles other than knowing what parts of the registry need be hacked. The reason I include and run AV scanners is generally if some one has a load of spyware it's not unusual they'll have nastier stuff as well. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "Andrew" wrote in message ... I already know what Spyware can do and all to your computers but what is the best Spyware and Ad-aware remover programs out there I'm using Spybot 1.3 and Ad-aware 6.0 from Lavasoft and I heard having two good Spyware and Ad-aware remover programs that it will remove about 90% of Spyware and Ad-aware off your computer and keep it out. |
#71
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
Thanks Walter.
Does anyone know what happened to silentrunners.org web site? It seems to be having a problem all day today. If I could get to that site, I'd like to add their tools to my arsenal of spyware/adware/malware/crapware/foistware utilities. I'll try again later. "Walter Clayton" wrote: What Ronnie said. :-) The script "silent runners.vbs" from http://www.siltenrunners.org identifies anything unusual in this registry key. Since the core OS isn't dependant on anything being launched there, doing a rename is safe. At most the functionality of a legitimate app may be impacted, but doing renames instead of deletes makes it relatively easy to back out. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "Outsource Victim #21199374" Outsource Victim wrote in message ... Walter, I recently found some information regarding how some spyware/adware may use the AppInit_DLLs registry value to load their DLLs. I checked several non-infected machines and noticed that this particular registry value was null on all that I checked: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs = {blank} Obviously, Microsoft placed this registry value there for a reason. What might typically be a legitimate use of this value? I'm just trying to make sure that I do not take out something that belongs. Just to be safe, I typically just rename a copy of the registry key with its original value. But my curiosity compels me about this one. "Walter Clayton" wrote: Generally all I use is AdAware first followed by SpyBot. There's a lot of overlap in the two tools, but they also concentrate on non-overlapping areas. It's also wise to follow up with installing SpywareBlaster. None of these require run time presences although SpyBot will offer to install such. No harm in doing so and in some instances, especially with multi-user machines, a necessity. The biggest issue is remembering to run them periodically after checking for updates. The latter is one of the reasons, other than not changing usage habits, that people get reinfected. It's easier to avoid being click happy than it is to clean up the mess afterwards. There are instances where AdAware/SpyBot may be neutralized or unable to clean something. I handle those on a case by case basis since you're looking at going with some highly specialized tools that if misused will leave the machine unbootable (note that there is a nasty that the current version of AdAware had been cleaning incorrectly that would make it impossible to log on to the machine without taking corrective action). Depending on your level of expertise there are some tools that circumvent issues with removing nasties that are resident in memory even in safe mode. If an XP machine is being disinfected I use a bootable CD created using Bart's tools with fully updated AdAware, Trendmicro, McAfee and Kaspersky tools (all free versions) incorporated. This also allows me to correct any registry issues on the host machine without any major hassles other than knowing what parts of the registry need be hacked. The reason I include and run AV scanners is generally if some one has a load of spyware it's not unusual they'll have nastier stuff as well. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "Andrew" wrote in message ... I already know what Spyware can do and all to your computers but what is the best Spyware and Ad-aware remover programs out there I'm using Spybot 1.3 and Ad-aware 6.0 from Lavasoft and I heard having two good Spyware and Ad-aware remover programs that it will remove about 90% of Spyware and Ad-aware off your computer and keep it out. |
#72
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
A bit vague on the details, but, welcome to the world of serious crapware.
Cleaning these is a PITA at best. You can go the route that Ronnie suggested or if you want to take a serious stab at the problem yourself the easiest way is by creating a safe environment that you can then use to rip the nasty out by the roots. That requires some hefty technical expertise though. First shot is to give TrendMicro a shot. Not knowing the exact variety of the nasty you have I can't say one way or the other if Trend's package addresses this specific nasty. Get the scanner here http://www.trendmicro.com/download/dcs.asp and the signature file here http://www.trendmicro.com/download/pattern-cpr.asp Also, go here http://www.silentrunners.org/ and grab "silent runners.vbs". When you run it, NAV will scream bloody murder. Tell NAV to let it run. This will tell you what's hooked the system that's not part of a clean OS install. Use *extreme* caution if you decide to address anything that this tool points out. There are legitimate apps that hook the system in unusual ways and people have flatlined systems past the point of recovery by doing the wrong thing. If you need help analyzing the results, just copy and paste the output file back here. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "Zyklon -B" Zyklon wrote in message ... Recently I have been hounded by this search assisstant hijacker, and a related one called Shopping wizard. It has disabled MS explorer, amongst other things. Also seems to be able to manipluate Spybot. They both show up in the "add/remove" control panel and lead to an URL with no .isu file they cannot be uninstalled. Oh, and here's where it gets really nasty, I reinstalled XP, and there it was again, in the Windows directory, just a collection of .dll's and an .lex file. The file folder cannot be deleted, or if you are successful, wait 5 seconds and it respwans. Is this some MS programmer's "Easter Egg"? By the way Norton does not catch it in a virus sweep. I tied the file to these .exe's using fileAlyzer: wuauclt.exe,lsass.exe,smss.exe,alg.exe, and I suspect it also has claws in a few others. Can you help? |
#73
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
I just went there about 10 minutes ago without any problems.
You may also want to add Autoruns from http://www.sysinternals.com (as well as other nice tools they have) to your kit. Be careful about using it to disable startup items though. The way the do it doesn't quite work. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "Outsource Victim #21199374" wrote in message ... Thanks Walter. Does anyone know what happened to silentrunners.org web site? It seems to be having a problem all day today. If I could get to that site, I'd like to add their tools to my arsenal of spyware/adware/malware/crapware/foistware utilities. I'll try again later. "Walter Clayton" wrote: What Ronnie said. :-) The script "silent runners.vbs" from http://www.siltenrunners.org identifies anything unusual in this registry key. Since the core OS isn't dependant on anything being launched there, doing a rename is safe. At most the functionality of a legitimate app may be impacted, but doing renames instead of deletes makes it relatively easy to back out. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "Outsource Victim #21199374" Outsource Victim wrote in message ... Walter, I recently found some information regarding how some spyware/adware may use the AppInit_DLLs registry value to load their DLLs. I checked several non-infected machines and noticed that this particular registry value was null on all that I checked: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs = {blank} Obviously, Microsoft placed this registry value there for a reason. What might typically be a legitimate use of this value? I'm just trying to make sure that I do not take out something that belongs. Just to be safe, I typically just rename a copy of the registry key with its original value. But my curiosity compels me about this one. "Walter Clayton" wrote: Generally all I use is AdAware first followed by SpyBot. There's a lot of overlap in the two tools, but they also concentrate on non-overlapping areas. It's also wise to follow up with installing SpywareBlaster. None of these require run time presences although SpyBot will offer to install such. No harm in doing so and in some instances, especially with multi-user machines, a necessity. The biggest issue is remembering to run them periodically after checking for updates. The latter is one of the reasons, other than not changing usage habits, that people get reinfected. It's easier to avoid being click happy than it is to clean up the mess afterwards. There are instances where AdAware/SpyBot may be neutralized or unable to clean something. I handle those on a case by case basis since you're looking at going with some highly specialized tools that if misused will leave the machine unbootable (note that there is a nasty that the current version of AdAware had been cleaning incorrectly that would make it impossible to log on to the machine without taking corrective action). Depending on your level of expertise there are some tools that circumvent issues with removing nasties that are resident in memory even in safe mode. If an XP machine is being disinfected I use a bootable CD created using Bart's tools with fully updated AdAware, Trendmicro, McAfee and Kaspersky tools (all free versions) incorporated. This also allows me to correct any registry issues on the host machine without any major hassles other than knowing what parts of the registry need be hacked. The reason I include and run AV scanners is generally if some one has a load of spyware it's not unusual they'll have nastier stuff as well. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "Andrew" wrote in message ... I already know what Spyware can do and all to your computers but what is the best Spyware and Ad-aware remover programs out there I'm using Spybot 1.3 and Ad-aware 6.0 from Lavasoft and I heard having two good Spyware and Ad-aware remover programs that it will remove about 90% of Spyware and Ad-aware off your computer and keep it out. |
#74
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
Oops. I see the mistake. It's http://www.silentrunners.org !!
-- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "Outsource Victim #21199374" wrote in message ... Thanks Walter. Does anyone know what happened to silentrunners.org web site? It seems to be having a problem all day today. If I could get to that site, I'd like to add their tools to my arsenal of spyware/adware/malware/crapware/foistware utilities. I'll try again later. "Walter Clayton" wrote: What Ronnie said. :-) The script "silent runners.vbs" from http://www.siltenrunners.org identifies anything unusual in this registry key. Since the core OS isn't dependant on anything being launched there, doing a rename is safe. At most the functionality of a legitimate app may be impacted, but doing renames instead of deletes makes it relatively easy to back out. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "Outsource Victim #21199374" Outsource Victim wrote in message ... Walter, I recently found some information regarding how some spyware/adware may use the AppInit_DLLs registry value to load their DLLs. I checked several non-infected machines and noticed that this particular registry value was null on all that I checked: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs = {blank} Obviously, Microsoft placed this registry value there for a reason. What might typically be a legitimate use of this value? I'm just trying to make sure that I do not take out something that belongs. Just to be safe, I typically just rename a copy of the registry key with its original value. But my curiosity compels me about this one. "Walter Clayton" wrote: Generally all I use is AdAware first followed by SpyBot. There's a lot of overlap in the two tools, but they also concentrate on non-overlapping areas. It's also wise to follow up with installing SpywareBlaster. None of these require run time presences although SpyBot will offer to install such. No harm in doing so and in some instances, especially with multi-user machines, a necessity. The biggest issue is remembering to run them periodically after checking for updates. The latter is one of the reasons, other than not changing usage habits, that people get reinfected. It's easier to avoid being click happy than it is to clean up the mess afterwards. There are instances where AdAware/SpyBot may be neutralized or unable to clean something. I handle those on a case by case basis since you're looking at going with some highly specialized tools that if misused will leave the machine unbootable (note that there is a nasty that the current version of AdAware had been cleaning incorrectly that would make it impossible to log on to the machine without taking corrective action). Depending on your level of expertise there are some tools that circumvent issues with removing nasties that are resident in memory even in safe mode. If an XP machine is being disinfected I use a bootable CD created using Bart's tools with fully updated AdAware, Trendmicro, McAfee and Kaspersky tools (all free versions) incorporated. This also allows me to correct any registry issues on the host machine without any major hassles other than knowing what parts of the registry need be hacked. The reason I include and run AV scanners is generally if some one has a load of spyware it's not unusual they'll have nastier stuff as well. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "Andrew" wrote in message ... I already know what Spyware can do and all to your computers but what is the best Spyware and Ad-aware remover programs out there I'm using Spybot 1.3 and Ad-aware 6.0 from Lavasoft and I heard having two good Spyware and Ad-aware remover programs that it will remove about 90% of Spyware and Ad-aware off your computer and keep it out. |
#75
|
|||
|
|||
I need help!
Could you provide more details? Assuming this is not a new configuration
then I would check to see if you have a defective drive cable or maybe a defective drive. Thanks, Davidd \ "Me" wrote in message ... My disc drive dosen't show up, at all, what should I do? P.S. Only 11, need help fast! |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
I click on my spyware exe and Windows begins to install Windows Office XP | Snapper | The Basics | 5 | July 22nd 04 02:56 PM |
I click on my spyware exe and Windows begins to install Windows Office XP | Snapper | The Basics | 2 | July 22nd 04 11:13 AM |
I click on my spyware exe and Windows begins to install Windows Office XP | Snapper | The Basics | 5 | July 22nd 04 10:09 AM |
How do I remove Spyware? | Julian Milano | General XP issues or comments | 7 | July 16th 04 08:20 PM |
How do I remove Spyware? | Julian Milano | General XP issues or comments | 5 | July 16th 04 04:18 PM |