Removing spyware off other people's accounts?

[OzzieGT]

Hey,

I just spent 4 hours removing spyware from my in-law's computer last night. Now today, after my wife's little sister logged in, the toolbars are back. WTF??? Is there any way I can make sure ALL spyware is removed and not just off one account???

I ran ad-aware, S&D, and installed spyware blaster.

 

[styrafoam]

They love the cute cursors and screen savers! Seriously though, if you log in as admin and disable 3rd party browser extensions under Tools<Internet options<Advanced tab<Browsing list item it may get rid of it. Or you could make them use Firefox.

 

[cmp1223]

geez, read the sticky: http://forums.anandtech.com/me...6173&amp;enterthread=y

hijackthis will probably fo it. tell em to use firefox too.

 

[mechBgon]

Sounds like it's time for some prevention 🙂

Run MBSA and see if the system has weak/blank passwords on its Administrator-class accounts. If so, correct that (as well as other issues). Until those accounts have a password, preferably a strong one, the system's a sitting duck for Trojans and worms, which frequently play a part in adware/spyware installation nowdays. A strong password might be OzzieGT@AT for example, not dictionary-based, and contains a symbol, and is adequately long to stave off a casual brute-force attack.

If it were me, I'd create a new account called ~Admin~ that's an Administrator-class account, protect it with a strong password, and only tell that password to the responsible adults who understand how spyware gets in the door and can avoid it. Make everyone use Limited-class accounts for daily usage. No power to install spyware, no tempting ActiveX popups urging them to click Yes to install stuff.

Aside from that, do they have antivirus software that detects adware/spyware? If they're on some old Norton 2003 or something, upgrade to Norton 2005 or McAfee 9.0 (both of which detect a certain amount of common spyware/adware and also the Trojans that drag them in), and configure them thoroughly. Go through the system's Services list (example) and make sure there are no rogue services like WinTools For IE (if so, disable and stop them). Then head on to Schadenfroh's thread and he'll get you fixed up 😎


edit: to get at the system's built-in Admin-class account(s), Owner or Administrator, log in with Safe Mode and they'll appear in User Accounts so you can assign passwords to them.

 

[OzzieGT]

Well I found some spyware in their application data folders, and also in all users. I got rid of those.

These are total novices I don't think they could handle the move over to firefox. Also we live about 500 miles away so I can't restrict them to an admin account. I DID remove admin priveldges off the 10 year old's account though.

The problem with that thread is it's 18 freakin pages of people asking for help instead of starting their own threads. I'm not about to wade through all that.

 

[mechBgon]

All you need to do is download the latest 1.99 version of Hijack This, save it in its own folder, run it from that folder, and post the text out of the logfile for Dr. Shad to analyze, and he will reply back the next time he surfaces for air from WoW 😀 and he'll advise you how to proceed. 😎

If you cannot restrict them to Limited accounts, then at least set strong passwords on all the Admin-class accounts so that Trojans can't help themselves to the Admin powers using a backdoor approach, and get them McAfee 9.0 or Norton Antivirus 2005 plus make sure they've got Automatic Updates set up, etc.

I picked Norton 2005 for my little sister's rig recently because it will back-scan all the data on the hard drives whenever it gets fresh virus definitions, one way of ensuring that it gets done at least weekly. If you get Norton, you might look at my principles of antivirus configuration, which is down the page a ways under Ongoing Prevention. Side note: Norton's options can be password-protected 🙂