Ok, the last post got a bit long with the hijackthis log, but I wanted to include the whole picture. I put a few comments in, but thought it might be useful to include the notes I took at the time. For starters I leave it unplugged from the network. (There is no network card in this machine.) It’s important when working on an infested PC to leave it isolated so that it can’t continue to spread viruses or spam or whatever it may be doing. Assume if it’s infested with something that it could be spewing out bad stuff. If you must, isolated it and prevent it from routing to the outside world… the safest is usually to leave the cable unplugged for the initial look over.
Category: Spyware
-
A couple warnings related to fake security sites
Sunbelt has this warning about yet another fake security site. This one is laid out a bit different than the others we’ve seen in recent days. It’s not quite the same spoof of the Windows Security Center, but it makes use of Microsoft’s security logo. (And it does say Security Center at the top of the page along with “Help protect your pc”.) From sunbelt…
For your block lists:
amaena[dot]com -
Disinfecting a PC… part 1
This is the first in a several part series documenting the cleaning of an infected PC. The only real noteworthy item is that it was a dial-up only connection and was rather infested for that. (On par with some of the broadband connected pc’s I’ve seen. It’s also an interesting counterpoint to the network security series.)
-
Spyware’s likely suspect sites.
Spyware Confidential is writing of complaints from Wrestling fans of several wrestling related sites that have become sources of unsolicited spyware and adware installs. Some of them are aware of the spyware and encourage users to sign up for the ad-free service (pay) to avoid the problem. The spyware in many cases are installs that start without user intervention (or consent.)
-
Spyware news and musings
It’s funny, in the last couple days 180solutions had a blog post that was somewhat… what’s the term I’m looking for ? well they were quite defensive and concerned about “anti-spyware zealots” about “Scanning companies” and trying to work with them to explain their business model. Of course, legal action is not something they want to pursue, but if the business talks with the scanning companies fail, well it’s an option. Some months ago they claimed to be trying to clean up their act. Supposedly they were to crack down on “affiliates” using unscrupulous means to spread their ad content.
-
MS IE Javascript exploit for zero-day (0-day) vulnerability
An exploit for last weeks zero-day (0-day) javascript vulnerability in Microsoft’s Internet Explorer is in the wild. I saw this post from Sunbelt a couple nights ago go up and disappear, at the time I didn’t have long enough to read it… It’s back today and there are instructions for mitigating the risk. However, there is still no patch from Microsoft and no word on when to expect one. According to the Sunbelt post the exploit in the wild is being used for browser hijacking/spyware install stuff.
-
Keyloggers a growing problem
It’s interesting some years ago when viruses on Windows machines were SOOOO plentiful it seemed like that’s all I spent my time cleaning up, I thought… “you know, most viruses are prankster-ish programs. They rearrange icons, maybe cause Windows to crash, or send random files out to others, but they could be MUCH worse.” Since then, we’ve seen viruses used as delivery tools for mail relays (so that spammers can have more “safe havens”, we’ve seen viruses bring in spyware, both of the last two for “fun and profit”. I don’t know that we’ve really seen the WORST that a virus could be designed to do. However, I’m afraid we’re getting there.
-
TRUSTe will offer certification for adware
TRUSTe has announced a program to certify software downloads. Among them are certifications for adware and “trackware” (spyware?). The bullet summary for the article claims this will bring an end to “unwanted popups”. A clip from the article reads as follows…
To be placed on the whitelist, adware and trackware must prominently disclose the types of advertising that will be displayed, personal information that will be tracked, and user settings that may be altered, and must obtain user opt-in consent for the download. An easy uninstall with clear instructions must be provided, and advertisements must be labeled with the name of the adware program. Program participants must maintain separate advertising inventory for users of certified applications. To move legacy users to certified advertising inventory, they must obtain new opt-in consent.
-
FTC’s message to Enternet Media has not quite sunk in…
In spite of the FTC’s raid of Enternet Media and charges against them for various details such as deceptive install practices, unfair installation of code, failure to disclose nature of bundled software and furnishing code to others that interferes with the use of the computer… well, Enternet Media seems to be proliferating their wares just fine… in spite of a temporary restraining order. According to Spyware Confidential there are still downloads of searchmiracle/elitebar as written up here.
-
CJB sites spawning spyware downloads?
You might be cautious visiting the free sites at cjb.net according to the sunbelt blog many of them are unwittingly providing spyware downloads to users. The download is for a 180solutions pest. If you have a free cjb site, you would be well served to test your page to see for yourself what your visitors may be greeted with.