Maker tech hub — AI · 3D print · Pi · ESP32 · plus the classic tech archive.

Free ESP32 kit · Books · Network Ninja · Archive

Archive: Spyware

Classic tech tips filed under Spyware.

  • Clever Smitfraud....
    Classic tip Aug 18, 2008

    Sometimes you see a malware implementation that you have to have respect for the cleverness/ingenuity of the design. These pests can be dastardly to get rid of, but essentially this pest was occasion…

  • Would you like spyware with that? Apple too....
    Classic tip Oct 17, 2006

    These stories come up from time to time. A free giveaway of some sort and it turns out that there's spyware or a virus embedded, company gives a big "whoops" and fixes things by replacing them.... Mc…

  • Beware with video codec downloads....
    Classic tip Sep 11, 2006

    Some time back I remember an article I had on vcodec not being a legitimate video codec. At the time there was some malware claiming to be vcodec and "required" to view some content.... well, posing …

  • Another wolf among us... and more spyware news
    Classic tip Jun 15, 2006

    Yes, it's another wolf in sheeps clothing. This time around Sunbelt is reporting on "Trust cleaner". Keep your eyes out for this one, among other things it plants an altered version of the Google pag…

  • Another wolf in sheeps clothing to watch for
    Classic tip Jun 9, 2006

    Wolves in sheeps clothing are the label I give to those rogue antispyware, or antivirus programs that bring pests instead of protect against them, or are otherwise questionable in their tactics. Tita…

  • The Great Cyberwar
    Classic tip Jun 8, 2006

    It went un-noticed by most people for a few years. After all, the ones that were affected were just those that were "asking for it". Where to start. Let's see, back in the day there were some that se…

  • Bad malware storms brewing
    Classic tip Jun 8, 2006

    ADTMAG.com has an interesting article talking of the convergance of spyware and more sophisticated phishing attacks. They talk about the convergance of viruses and spam engines that happened in 2003 …

  • New malware sightings
    Classic tip Jun 8, 2006

    Incidents.org had an entry in the last couple days on a malware infestation that was interesting and showed a couple things. 1) You can't bet on antivirus to keep you safe (the initial installer was …

  • Interesting spyware push download tactic...
    Classic tip May 11, 2006

    Incidents.org has another interesting post about a spyware site. One of the handlers ran across it while doing a search for an educational institution. (They've used a wildcard in the dns record so t…

  • Antispyware products put to a test
    Classic tip May 10, 2006

    There is no doubt that spyware is a problem, but when a vendor of anti-spyware software claims 87% of pcs have on average 34 pieces of spyware per machine installed...... you do have to wonder. And w…

  • Another Spysherriff clone
    Classic tip Jan 18, 2006

    Sunbelt blog has the details on a spysherriff clone called pesttrap (distributed through pesttrap.com). I guess clone is not the best word as they're calling it a "variant" which suggests to me that …

  • How-to Remove SpyAxe and SpywareStrike
    Classic tip Jan 10, 2006

    There's a good post at Spyware Confidential about the removal of the SpyAxe and SpywareStrike pests that are circulating widely these days. There is a good CastleCops Wiki page with Malware removal i…

  • AIM worm
    Classic tip Jan 6, 2006

    Strange AIM worm going around. It apparently includes an interesting combination of rootkits, a rootkit detector, spyware/adware, and a specialized bittorrent client. The machines can then be control…

  • Warning - old wolf in sheeps clothing cloned...
    Classic tip Jan 6, 2006

    Our "good friend" spyaxe, which is one of the "wolves in sheeps clothing" that masquerade as security software, but in actuality are delivered WITH spyware, has a new clone. Apparently SpywareStrike …

  • More testing on the second WMF exploit
    Classic tip Jan 2, 2006

    After my Windows 98 tests which failed to exploit the system with either the first or the second vulnerability, I started wondering how well the antivirus companies were doing in detecting this secon…

  • Version 2 of the WMF exploit vs Windows 98 SE
    Classic tip Jan 1, 2006

    Ok, I wasn't quite satisfied with the results of the tests against the first version of the WMF (Windows Metafile) zero day exploit that's now up to 4 or 5 days or so... Windows 98 is listed as being…

  • More WMF exploit testing on Windows 98
    Classic tip Jan 1, 2006

    I've spent some more effort on trying to infect Windows 98 SE in a virtual machine with some of the exploit samples I can find. The first attempt was at a website with the .wmf download. No luck infe…

  • WMF exploit situation summary...
    Classic tip Jan 1, 2006

    Since there's been quite a bit of flux the last couple of days I thought I'd try to "reset" the situation and give a general overview of where we stand now with regards to the recent WMF zero-day exp…

  • WMF Exploit -- it's worse...
    Classic tip Jan 1, 2006

    This is going to be a rough start to the new year for IT staff and computer users.... There's coverage at Incidents.org, the sunbeltblog and f-secure of the latest twist in what will likely be a BIG …

  • NEW exploit for the WMF vulnerability
    Classic tip Dec 31, 2005

    Just when you thought we had a good understanding of the recent zero-day WMF (Windows metafile exploit) it's worse. Sans is reporting on a new variation on the exploit released today. They have gone …

  • WMF exploit and DEP
    Classic tip Dec 30, 2005

    There's a bit of controversy over the suggestion that Hardware DEP seemed to protect against the WMF zero day exploit. Sunbeltblog has responded to the controversy. George Ou in the first link above …

  • Lotus Notes WMF vulnerability
    Classic tip Dec 30, 2005

    This is really the same zero-day wmf vulnerability, but there is a twist. It's been found that Lotus Notes v. 6.x and up are vulnerable to the Windows Meta File (WMF) exploit that's making the rounds…

  • Another workaround for the 0-day WMF Exploit
    Classic tip Dec 29, 2005

    I notice that the Sunbelt Blog has some instructions up for blocking the zero-day Windows Meta File (WMF) exploit with their newly acquired kerio firewall. (Free or full version.) Either version can …

  • Spyware, viral cleanup disabling system restore
    Classic tip Dec 29, 2005

    Sorry, but to get into the guts of what I found in the wake of the WMF exploit, I did leave out another important step in the cleanup process. IF you are trying to clean up an infested machine one of…

  • Update on the WMF exploit - more sites to block
    Classic tip Dec 29, 2005

    I haven't checked to see if these are already on other block lists for the WMF exploit, but the following addresses are advised to be blocked (from f-secure).... toolbarbizbiz toolbarsitebiz toolbart…

  • http://60.topnssearch.com popups in infestation
    Classic tip Dec 29, 2005

    One other note from the previous series on WMF exploit infestation cleanup. Among the multiple popups that came when launching internet explorer, most were directed at the site http://60.topnssearch.…

  • Cleaning up after WMF Exploit - summary
    Classic tip Dec 29, 2005

    Can I say enough times that after a bad trojan infestation you should format and reinstall? I've cleaned up the infested image that I "sacrificed" to the WMF exploit and as I've said you're pestware …

  • Cleaning up after WMF exploit - BHO removal
    Classic tip Dec 29, 2005

    Browser helper objects (BHO's) are listed in the registry and load with explorer when it runs (Internet Explorer/ File explorer are so closely tied it affects both.) I've used BHOdemon in the past to…

  • Cleaning up after WMF exploit - is it clean?
    Classic tip Dec 29, 2005

    So, I've got most of the baddies cleaned out and I'm not getting popups anymore. No nags on boot, the boot process is quicker, but is it really clean? I found a few files (winlogon.exe, alg.exe in pa…

  • C:\windows\system32\kernels64.exe not found
    Classic tip Dec 29, 2005

    On the next boot I was greeted with the above message C:\windows\system32\kernels64.exe not found please make sure the path......correct.... blah blah blah. Back to msconfig. Everything there now loo…

  • Cleaning up after WMF exploit third party boot disc
    Classic tip Dec 29, 2005

    At this point, I needed to rename or delete some files that windows would not let me touch. I had this winlogon.exe running from a suspect directory c:\windows\inet20001 and windows wouldn't let me k…

  • Removing items from MSCONFIG after WMF exploit
    Classic tip Dec 29, 2005

    OK, so, I'm busy killing off running processes and fire up MSConfig to try to keep them from coming back on the next boot. To launch msconfig go to start, run... type in msconfig and click ok. The st…

  • Task Manager Suspicious Processes after WMF exploit
    Classic tip Dec 29, 2005

    After getting into Task Manager I saw a number of suspicious processes. There were a lot of things running as my user that I didn't recognize. kernels64.exe, vxgame6.exe, vxgame4.exe, mm4.exe, vxh8jk…

  • Task manager has been disabled by your administrator
    Classic tip Dec 29, 2005

    The first problem I ran into in cleaning up after my infested Windows XP image was this error message. One of the first things I do in cleaning an infested system is try to kill off running process t…

  • Keeping the new PC spyware free
    Classic tip Dec 28, 2005

    Spyware Confidential has the top 10 tips to keep that new pc spyware free. Some good tips here and these should be on the checklist when setting up a new pc any time of the year... Paraphrased here..…

  • A Tip for cleaning up an infected PC
    Classic tip Dec 25, 2005

    There's a joke that many people bring out when new Windows viruses hit big.... it goes along the lines of, "download a fix here" and the link points to a knoppix linux livecd download, or a Mandriva …

  • Disinfecting a PC… part 11
    Classic tip Dec 24, 2005

    All in all, what I've documented was a bit over three hours worth of attention to the machine (much more for the full scans, but I didn't have to stand and watch them.) I didn't document a sidetrip t…

  • Disinfecting a PC… part 10
    Classic tip Dec 23, 2005

    Before I get things wrapped up, I like to scan rinse and repeat until the scans come up clean. So, this scan of AVG gives a chance to delete the archive entry I mentioned the first pass it took. And …

  • Disinfecting a PC… part 9
    Classic tip Dec 22, 2005

    Ok - about 22 or 23 critical updates for Windows ME. I'm suspecting it's never visited the Windows update site. While it's going I make sure that the adware scanners and antivirus scanner get to pull…

  • Spyaxe Spytrooper spysherriff et al removal
    Classic tip Dec 21, 2005

    There are so many "wolves in sheeps clothing" or maybe I should say wolves in sheepdogs clothing... Anyway, so many nasty malware's that pose as protective utilities. Spyaxe, spytrooper, spy sherriff…

  • Disinfecting a PC… part 8
    Classic tip Dec 21, 2005

    All right, now it's time to give ad-aware a spin. I like being able to use several spyware scanners to get full coverage and cleaning. Ad-aware and spybot s&d are usually my first two choices. Realiz…

  • Lawsuit against 180solutions, eXact, Direct Revenue
    Classic tip Dec 20, 2005

    Things are going to be interesting. A lawsuit has been filed against the three listed above, everyone's favorites.... 180solutions, Direct Revenue, and eXact Advertising. This is coming from the Sunb…

  • Top 10 spyware tricks of 2005
    Classic tip Dec 20, 2005

    You can tell we're in the last 10-12 days of the year when we start seeing all sorts of year end retrospectives, year's in review, countdowns of the top ___ of ___year ending___. Well, spyware has se…

  • Disinfecting a PC… part 7
    Classic tip Dec 20, 2005

    Ok, another reboot after the BHO cleaning. Things are a good deal more responsive now, less disc swapping going on. (I suspect that those three missing BHO entries may have been causing the slow down…

  • Another example of how we're vulnerable for identity theft
    Classic tip Dec 19, 2005

    The SecurityFix is reporting on a security breech at reevesnamepins.com a company that supplies (among others) law enforcement personnel. Apparently, CardCops (which monitors for possible stolen data…

  • More wolves in sheeps clothing - rogue or suspect antispyware
    Classic tip Dec 19, 2005

    (or for that matter, rogue or suspect antivirus.) What's fascinating about this category is most of these products either use security vulnerabilities to get into a system, or merely convince a perso…

  • Disinfecting a PC… part 6
    Classic tip Dec 19, 2005

    Ok, it's BHOdemon time... installed from cd and on starting: BHOdemon bhotb-all.html not found, no web connection downloading on other machine. Finally get it to work copying from another machine. Bu…

  • Disinfecting a PC… part 5
    Classic tip Dec 18, 2005

    OK, we're moving on to BHOdemon to take care of the browser helper objects. Unfortunately it looks like BHODemon is not being currently maintained, the developer has had a housefire. I am very sorry,…

  • Disinfecting a PC… part 4
    Classic tip Dec 17, 2005

    So, AVG has been scanning away finding things we've really got a foothold on the system and the malware has a fight on it's hands. It's good to see progress. Up to this point we've had multiple Spool…

  • Disinfecting a PC… part 3
    Classic tip Dec 16, 2005

    Picking up from last time... AVG was failing to install with a peculiar registry error. (Which I didn't see much reference to online.) OK, so here is another fruit of the online search (so many bugs …

  • Disinfecting a PC... part 2
    Classic tip Dec 15, 2005

    Ok, the last post got a bit long with the hijackthis log, but I wanted to include the whole picture. I put a few comments in, but thought it might be useful to include the notes I took at the time. F…

  • A couple warnings related to fake security sites
    Classic tip Dec 14, 2005

    Sunbelt has this warning about yet another fake security site. This one is laid out a bit different than the others we've seen in recent days. It's not quite the same spoof of the Windows Security Ce…

  • Disinfecting a PC... part 1
    Classic tip Dec 14, 2005

    This is the first in a several part series documenting the cleaning of an infected PC. The only real noteworthy item is that it was a dial-up only connection and was rather infested for that. (On par…

  • Spyware's likely suspect sites.
    Classic tip Dec 2, 2005

    Spyware Confidential is writing of complaints from Wrestling fans of several wrestling related sites that have become sources of unsolicited spyware and adware installs. Some of them are aware of the…

  • Spyware news and musings
    Classic tip Nov 30, 2005

    It's funny, in the last couple days 180solutions had a blog post that was somewhat... what's the term I'm looking for ? well they were quite defensive and concerned about "anti-spyware zealots" about…

  • MS IE Javascript exploit for zero-day (0-day) vulnerability
    Classic tip Nov 30, 2005

    An exploit for last weeks zero-day (0-day) javascript vulnerability in Microsoft's Internet Explorer is in the wild. I saw this post from Sunbelt a couple nights ago go up and disappear, at the time …

  • Keyloggers a growing problem
    Classic tip Nov 18, 2005

    It's interesting some years ago when viruses on Windows machines were SOOOO plentiful it seemed like that's all I spent my time cleaning up, I thought... "you know, most viruses are prankster-ish pro…

  • TRUSTe will offer certification for adware
    Classic tip Nov 17, 2005

    TRUSTe has announced a program to certify software downloads. Among them are certifications for adware and "trackware" (spyware?). The bullet summary for the article claims this will bring an end to …

  • FTC's message to Enternet Media has not quite sunk in...
    Classic tip Nov 15, 2005

    In spite of the FTC's raid of Enternet Media and charges against them for various details such as deceptive install practices, unfair installation of code, failure to disclose nature of bundled softw…

  • CJB sites spawning spyware downloads?
    Classic tip Nov 14, 2005

    You might be cautious visiting the free sites at cjb.net according to the sunbelt blog many of them are unwittingly providing spyware downloads to users. The download is for a 180solutions pest. If y…

  • The wolf in sheeps clothing, software that claims to be anti-spyware, but installs more spyware on your pc
    Classic tip Nov 13, 2005

    The bad news is that the spyware situation for home pc users can be murkier every day. I remember a particular user who once installed an antivirus program because a popup appeared claiming to have f…

  • Looks as though the FTC has broken up a spyware ring
    Classic tip Nov 10, 2005

    A bit of good news on the spyware front, the FTC has announced that it's frozen the assets of a spyware ring. Apparently they spread spyware through a network of sites and blogs that pushed ringtones…

  • VideoC is not a real video player
    Classic tip Nov 8, 2005

    Sunbeltblog has a story about the "VideoC" video player... apparently they discovered this when visiting a site. A video starts to play and then abruptly stops and claims that "VideoC" player needs t…

  • Illegal to disable some spyware?
    Classic tip Nov 8, 2005

    OK - for starters, the keylogger that sunbelt talks about here is a legitimate piece of software for sale. Like anything though it could have illegit uses. Apparently retrocoder is upset that Sunbelt…

  • Botnets and spyare
    Classic tip Nov 4, 2005

    "It outta be illegal" is the first thing I usually hear as I start the long process of sanitizing a spyware infested windows machine. The fact is some parts of it ARE, some are just ethically questio…

  • Adware, spam, bots, keyloggers, 180solutions, etc. etc. etc. oh my...
    Classic tip Sep 1, 2005

    Spyware Confidential has an article and there are more details at the spyware warrior. Of a particularly bad spyware infestation triggered by the visit to ONE web site. Apparently she was investigati…

  • Another Dumaru variant
    Classic tip Aug 24, 2005

    Sunbelt has found another keylogger in the dumaru family and has updated their free tool to scan for it and clean it up. This is the same family of trojans/keyloggers that contributed to the large ID…

  • Wishlist of spyware slime....
    Classic tip Aug 24, 2005

    The sunbeltblog has uncovered a fairly interesting document. (Dated May 16 and originally in Russian) which appears to be the wishlist of a spyware criminal. (Slime was my own definition...) It's an …

  • More on the spyware front, should banks assume information is stolen?
    Classic tip Aug 24, 2005

    Sunbelt blog is reporting on some of the countermeasures that some banks are starting to use to frustrate keyloggers. One trick is to request that your pin - number be entered in reverse or a specifi…

  • Spyware is bad....
    Classic tip Aug 24, 2005

    Surprise... what is surprising is how high it's infiltration is reported to be. Spyware confidential is reporting on a Webroot survey claiming that spyware in the enterprise is at 80% (does this mean…

  • US-CERT talks spyware
    Classic tip Aug 22, 2005

    US-CERT is addressing the issue of spyware. According to Spyware Confidential, they've released a document (pdf) on the matter, including techniques to guard against spyware. Education and awareness …

  • Junk mail can be REALLY nasty
    Classic tip Aug 16, 2005

    As if you needed another reason to not like SPAM ( no, not the hormel product, we're talking junk mail here.) A couple days ago I mentioned a post at the sans institute talking about an email that wa…

  • My * messed up my computer
    Classic tip Aug 16, 2005

    Since the massive id theft ring was uncovered, I've been reading the Sunbeltblog frequently. Today, they have an interesting post about the various explanations for spyware on peoples computers. They…

  • Computer security software nets $2.6 Billion over last two years.
    Classic tip Aug 15, 2005

    SecurityFix is talking about the computer security industry. Further, computer users spend $9 billion a year on computers repairs from spyware and antivirus. This reminds me of a recent story of a ma…

  • Sunbeltblog has more info on the identity theft keylogger and will offer removal tool
    Classic tip Aug 11, 2005

    There another two fascinating posts in the saga of the massive identity theft that was reported in the Sunbelt blog. For starters they detail the beast here. It sounds truly devious, MAY still be rel…

  • Web smarts is the main defence against spyware
    Classic tip Aug 9, 2005

    Over at the Security Fix, Brian Krebs is talking about spyware and the fact that keeping up-to-date on patches, and running current antivirus with current definitions is not enough to protect your ma…

  • Itunes adware?
    Classic tip Aug 9, 2005

    It's an older post, but I just discovered it.... July 21st... spware confidential reports on a virus masquerading as an itunes installer that actually brings along some adware (4 different applicatio…

  • Identity theft protection and update on Massive Identity theft story
    Classic tip Aug 8, 2005

    Sunbeltblog has another update related to their earlier story about the massive identity theft ring. In this story they make clear that the keylogger was NOT directly related to coolwebsearch. It was…

  • Huge identity theft ring discovered by spyware research
    Classic tip Aug 8, 2005

    Sunbelt blog, reports that they have uncovered a MASSIVE amount of personal data, ranging from usernames to passwords to banking information and much more while investigating spyware. They found keyl…

  • Progress...
    Classic tip May 28, 2004

    Well, things are shaping up a little better today on some fronts. My webhosting provider apologized for the offensive tone of the subject of their message to me. (Given that they provided the script …