Friends computer is bogged down with tons of spyware...

Locut0s · Jun 8, 2010

I've gotten rid of several piece of spyware that were showing up in the hijack this log but the problem still seems to be there. Every time he clicks a link in his browser, IE, he is directed to spam sites. I don't see any running processes any more that are spyware so I'm not exactly sure where it's hiding. I'm thinking I need to start the computer in safe mode and do a full system scan and startup log check. I'm also going to install a good 3rd party firewall and get him onto Firefox. Also I'm going to create a non admin account and make sure he uses that.

One question I have though is, are there any good spyware utils that will run from a bootable CD or even floppy? This would get around the possibility of the spyware hiding itself.

MadScientist · Jun 9, 2010

There's Avira's Rescue System bootable CD http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html and F-Secure's Rescue disk http://www.f-secure.com/en_EMEA/security/tools/rescue-cd/.

My approach would be to first use rkill in Safe Mode to stop any malware processes. http://www.technibble.com/rkill-repair-tool-of-the-week/ and then download, install, and run Malawarebytes Anti-Malware and if necessary Combofix.

StormSide · Jun 9, 2010

Also run Hitman Pro

Modelworks · Jun 9, 2010

Check the hosts file. A lot of malware puts re-directs there.
You can also run a program like process hacker or a packet sniffer to see what program is making DNS request on the system. Most malware makes DNS request for the server that host the malware links.

Locut0s · Jun 9, 2010

Thanks for the suggestions. I booted into safemode and ran several full scans using Spybot Search & Destroy, Malwarebytes and Combofix. All together they removed 9 or 10 different pieces of malware. I then installed Comodo Firewall and got him using Firefox instead of IE. He still uses an admin account which isn't good but he's too used to using that for me to get him to switch. I'm not even sure he will stick with Firefox though I said that he really should!

Lemon law · Jun 10, 2010

Locut0s said:
Thanks for the suggestions. I booted into safemode and ran several full scans using Spybot Search & Destroy, Malwarebytes and Combofix. All together they removed 9 or 10 different pieces of malware. I then installed Comodo Firewall and got him using Firefox instead of IE. He still uses an admin account which isn't good but he's too used to using that for me to get him to switch. I'm not even sure he will stick with Firefox though I said that he really should!

--------------------------------------------------------------------------------------------------
Partly missing in this last post is any indication that leads us to believe, one way or the other, that the computer is now malware free. But its clear, that before, its computer security set up was totally inadequate.

My other comment is that most of the anti-malware programs you used to get to this stage are fairly good as after the infection fact passive scanners and do almost nothing to add to preventing the infection in the first place. Certainly the comodo firewall if properly used can add to prevention, combofix and the freeware version of malware bytes are worthless at prevention, spybot seach and destroy is not a state of the arts passive scanner, and unless you use tea timers and the non default host files of spybot S&D, its not going to add much prevention. I would recommend adding spyware blaster for prevention, and at least one process control program like win patrol or similar. That and you have not mentioned anything about your anti-virus program

Locut0s · Jun 10, 2010

Lemon law said:
--------------------------------------------------------------------------------------------------
Partly missing in this last post is any indication that leads us to believe, one way or the other, that the computer is now malware free. But its clear, that before, its computer security set up was totally inadequate.

My other comment is that most of the anti-malware programs you used to get to this stage are fairly good as after the infection fact passive scanners and do almost nothing to add to preventing the infection in the first place. Certainly the comodo firewall if properly used can add to prevention, combofix and the freeware version of malware bytes are worthless at prevention, spybot seach and destroy is not a state of the arts passive scanner, and unless you use tea timers and the non default host files of spybot S&D, its not going to add much prevention. I would recommend adding spyware blaster for prevention, and at least one process control program like win patrol or similar. That and you have not mentioned anything about your anti-virus program

Oh right I also have Avira antivurs installed as of the first time I looked at his comp. He does have some freeware real time scanner installed but I can't remember the name of it.

Modelworks · Jun 10, 2010

Locut0s said:
Oh right I also have Avira antivurs installed as of the first time I looked at his comp. He does have some freeware real time scanner installed but I can't remember the name of it.

If he allowed lots of malware to be installed then I highly recommend getting him to use sandboxie. It will run whatever browser he likes inside it and prevent malware from getting into the rest of the system.
http://www.sandboxie.com/

Search

Friends computer is bogged down with tons of spyware...

Locut0s

Lifer

MadScientist

Platinum Member

StormSide

Diamond Member

Modelworks

Lifer

Locut0s

Lifer

Lemon law

Lifer

Locut0s

Lifer

Modelworks

Lifer

TRENDING THREADS