What are the best spyware killers? Will antivirus programs start checking for spyware? Where in the registry do spyware processes launch?
June 3, 2004 6:26 AM Subscribe
Multipart question: Scumware, spyware, adware, it's all malware, I say. Currently using both Spybot and Adaware to catch and kill most of this crap.
1. Looking for feedback on the best spyware killers for home and work.
2. Are Norton and Macafee working on adding spware killers to their anti-virus packages?
3. Some of this stuff launches using svchost.exe. Where in the registry, besides
HKLM\Software\Microsoft\Windows\CurrentVersion\Run and its relatives, do services launch?
[Inside, there is more]
FYI, HKLM\Software\Microsoft\Windows\CurrentVersion\Run and
HKCU\Software\Microsoft\Windows\CurrentVersion\Run are obvious places to find some of the junkware that loads at boot. Quicktime is dandy, but I don’t need it in the System Tray.
I’ve had this crap install itself just from browsing the web (memo to self: don’t let teenage males use my pc), alter my hosts file, take over my start page, and annoy me half to death. It’s a growing problem at work, too. I want my processing power back. Thanks.
1. Looking for feedback on the best spyware killers for home and work.
2. Are Norton and Macafee working on adding spware killers to their anti-virus packages?
3. Some of this stuff launches using svchost.exe. Where in the registry, besides
HKLM\Software\Microsoft\Windows\CurrentVersion\Run and its relatives, do services launch?
[Inside, there is more]
FYI, HKLM\Software\Microsoft\Windows\CurrentVersion\Run and
HKCU\Software\Microsoft\Windows\CurrentVersion\Run are obvious places to find some of the junkware that loads at boot. Quicktime is dandy, but I don’t need it in the System Tray.
I’ve had this crap install itself just from browsing the web (memo to self: don’t let teenage males use my pc), alter my hosts file, take over my start page, and annoy me half to death. It’s a growing problem at work, too. I want my processing power back. Thanks.
1. The combination of Spybot S&D and Ad-Aware manage to get just about everything. There are some smaller specialty utilities that can take care of the weirder, more obscure things. Spybot seems to focus heavily on "dialers," whereas Ad-Aware seems to have a greater emphasis on adware and spyware.
2. Historically, no. This may be changing as the problem has reached epidemic proportions and there's a substantial market for it.
3. The Run, RunOnce, and Services keys are the places to look.
Given how much this stuff annoys you, and how Internet Explorer is the most common vector for a majority of it, you might want to consider going with another browser. There are lots of them out there, and a couple offer as much or more functionality than IE.
Whenever I find myself supporting a Windows rig for a less-than-savvy end user, the first thing I do is render IE helpless by pointing it at a nonexistant proxy -- I like localhost:0 -- and create a custom "zone" with ActiveX completely disabled, just to be sure. This breaks some web functionality in other programs that use IE components, but since a lot of those are just loading banner ads, it's no skin off my teeth.
posted by majick at 7:07 AM on June 3, 2004
2. Historically, no. This may be changing as the problem has reached epidemic proportions and there's a substantial market for it.
3. The Run, RunOnce, and Services keys are the places to look.
Given how much this stuff annoys you, and how Internet Explorer is the most common vector for a majority of it, you might want to consider going with another browser. There are lots of them out there, and a couple offer as much or more functionality than IE.
Whenever I find myself supporting a Windows rig for a less-than-savvy end user, the first thing I do is render IE helpless by pointing it at a nonexistant proxy -- I like localhost:0 -- and create a custom "zone" with ActiveX completely disabled, just to be sure. This breaks some web functionality in other programs that use IE components, but since a lot of those are just loading banner ads, it's no skin off my teeth.
posted by majick at 7:07 AM on June 3, 2004
The 2004 editions of the Norton and McAfee bundle packs (e.g "Internet Security") both have spyware cleaners. Don't know if they are any good though.
posted by mr.marx at 7:25 AM on June 3, 2004
posted by mr.marx at 7:25 AM on June 3, 2004
Spyware Blaster is king- it kills it before it even comes in. Since I've installed it, I've found virtually nothing with S&D and Ad Aware.
posted by headspace at 8:04 AM on June 3, 2004
posted by headspace at 8:04 AM on June 3, 2004
As far as #2 goes, I deal with both McAfee and Symantec where I work (as in, my company contracts with them). McAfee sells an AntiSpyware program, but there is no anti-spyware technology in their VirusScan or Internet Security Suite. Symantec does have some spyware detection in the 2004 AntiVirus, but it can not remove spyware. Detects it, but doesn't remove it.
So McAfee does have a stand-alone product for anti-spyware, Symantec effectively does not. But McAfee is a horrible company and I would never buy their products. And I won't say how I work "for" them, lest I be fired.
Sorry, mr.marx, the Internet Security programs do not have anti-spyware software in them. Symantec's does have the detection, but not the removal capability. McAfee claims to have it, but they're selling the stand-alone software now.
posted by MrAnonymous at 9:06 AM on June 3, 2004
So McAfee does have a stand-alone product for anti-spyware, Symantec effectively does not. But McAfee is a horrible company and I would never buy their products. And I won't say how I work "for" them, lest I be fired.
Sorry, mr.marx, the Internet Security programs do not have anti-spyware software in them. Symantec's does have the detection, but not the removal capability. McAfee claims to have it, but they're selling the stand-alone software now.
posted by MrAnonymous at 9:06 AM on June 3, 2004
McAfee sells an AntiSpyware program, but there is no anti-spyware technology in their VirusScan or Internet Security Suite.
sorry, but in internet securitysuite 6.0 there is.
McAfee claims to have it, but they're selling the stand-alone software now.
this sentence does not make any sense
you're right that symantec only detects, though. and that NA is a terrible terrible company.
posted by mr.marx at 10:07 AM on June 3, 2004
sorry, but in internet securitysuite 6.0 there is.
McAfee claims to have it, but they're selling the stand-alone software now.
this sentence does not make any sense
you're right that symantec only detects, though. and that NA is a terrible terrible company.
posted by mr.marx at 10:07 AM on June 3, 2004
I use CWShredder and HijackThis when I visit my Dad and have to help him straighten out his wrecked machine. There are forums where you can post the logs that you get when you run HijackThis and some volunteer dude will help you interpret it. I have found that once you read the forums for any length of time, you get an idea of what you should be seeing in your logs and what you shouldn't. Once your computer is relatively clean, and staying that way, I would recommend either switching browsers or disabling ActiveX if you use IE. The damndest thing about almost all of these nefarious malwares is that they run rampant on Windows machines running IE and yet people [not you theora, but I see this with my Dad and other people whose computers I fix] seem to think of it as an Internet malady in general. I just think it's someone's total-employment program for techies, so I don't complain too too much.
posted by jessamyn at 10:19 AM on June 3, 2004
posted by jessamyn at 10:19 AM on June 3, 2004
From what I've seen, McAfee ISS does little to remove spyware. Which is why they often sell the ISS bundled with the AntiSpyware. So their product says it has it, but take that with a grain of salt. Or just be smart and never buy McAfee.
posted by MrAnonymous at 10:33 AM on June 3, 2004
posted by MrAnonymous at 10:33 AM on June 3, 2004
what kind of stuff are you finding? purely curious, here--i don't seem to attract anything odd beyond tracking cookies which are easy to zap. i run zone alarm and norton antivirus and occasionally run adaware (on XP). . . i think this keeps me clean, but i wonder if i'm missing something.
posted by _sirmissalot_ at 3:29 PM on June 3, 2004
posted by _sirmissalot_ at 3:29 PM on June 3, 2004
I'm reading these answers with interest -- I started a new job on Monday where I use a PC which was formerly used by a bunch of interns, and the amount of malware on this machine is just amazing. For the past three days I've run AdAware, Spybot, Norton & CWShredder, and I'm still pulling off quite literally hundreds of files each time I run each of them. I've already moved over to Mozilla, but clearly something is reinstalling on startup, and since WindowsNT doesn't have a safe mode to reboot in, I can't seem to get rid of the whatever it is.... If anyone has any other ideas, I'm open to suggestions at this point.
posted by anastasiav at 8:13 PM on June 3, 2004
posted by anastasiav at 8:13 PM on June 3, 2004
One thing that drives me crazy about HijackThis--as a non-user--is that everytime I want to investigate a program that I suspect is spyware, I Google it, and my search results are inevitably stacked with pages containing listings of HijackThis logs that people want investigated. So it keeps getting harder to track down something suspicious, to find out if it is good, bad, or neutral.
posted by troybob at 9:10 PM on June 3, 2004
posted by troybob at 9:10 PM on June 3, 2004
Response by poster: _Sir, At work, we see CoolWebSearch, which requires CWShredder to clean, and other browserthiefs, whatever crap Weatherbug installs, whatever crap Kazaa installs, etc. Our corp. version of Macafee has an option to search for potentially unwanted and joke programs, but doesn't clean them. At home, I got CoolWebSearch, and my son, Mr. I-Never-Saw-A-Download-I-Didn't-Love gets a smorgasbord of malware.
Anastasiav, where's the new job? Congratulations!
Troybob, me, too.
thanks, everybody.
posted by theora55 at 12:47 PM on June 4, 2004
Anastasiav, where's the new job? Congratulations!
Troybob, me, too.
thanks, everybody.
posted by theora55 at 12:47 PM on June 4, 2004
This thread is closed to new comments.
Unfortunately, the removal process is a manual one and time consuming. But run this app, after adaware and spybot have done their thing, and you will find yourself informed.
posted by Fupped Duck at 6:59 AM on June 3, 2004