Spyware infection, courtesy of Trainorders.

This is one thing I don't have to battle at work, thankfully!

If machine gets too many problems, Norton Ghost ot the rescue.

However, I'm sure you know that we support the pc's for our families, our friends, their friends, and anyone who thinks they may have known us in a past life. [:o)] I have dealt with some spyware problems but it's really super to have the repairs all in one neat little checklist.

Thanks again.

tom

QUOTE: Originally posted by fiatfan Ryan, Thanks for the excellent tutorial on spyware. I have copied it and will use it for future reference. Tom

Hello my Friend!

No problem! I have had first hand experience with removing this type of infection on too many PC's to count! They all have involved no less than countless hours of labor each in their removal, very time consuming for the very hard ones to get rid of!

All in a days railroading!!!!!

And trying to help out where I can!

- Ryan

Ryan,

Thanks for the excellent tutorial on spyware. I have copied it and will use it for future reference.

Tom

Randy and Joe,I am setting behind a hard case firewall(don't know the name as my son installed it) and Road Runner Business connection.I been on the Internet now for 4 years and yet to any type of virus and I go where I please on the net..I never open mail from spammers nor do I need to worry about pop ups because I have a pop up stopper installed..So in my case its not a matter of opening spam or clicking on pop ups.A lot of the spy ware comes from some of the more popular on line hobby shops and popluar railroad sites including some forums...[:(]

Also, you should be aware that what one program calls spyware, others don't. Some will label all cookies from certain sites as "problems" when in fact they are simply harmless tracking cookies to determine who gets paid a commission when an ad is clicked.

For example a visitor to one of my websites sees an ad for Model Railroader Magazine and clicks on it. A tracking cookie will let the third party that manages the affiliate ad program know that the visitor came from a link on my site and my website would get a small commission. (That's how many if not most content-filled websites stay alive.) Some anti-spyware programs treat these cookies as spyware, though they are not..

So it is possible that you might run one program and find so-called "problems" that the Microsoft program or another wisely chose to ignore.

Wayne

Just watch out, Ad-Aware and Spybot both trigger up a few false positives, and if you delete EVERYTHING they want you to delete, you will have problems. It's OK if it's just a cookie. But sometimes it flags a critical program.


--Randy

I also have downloaded the new Beta version so spyware that Microsoft has put out, but I don't find it as good as Ad-aware and SpyBot which I also use. Usually I will run Ad-aware first and it will find about 12 items on average. Then I run the Microsoft program and it has yet to find anything. Then I run spybot after these other two programs and it will find about 5 items on average.

Here is a link to the microsoft new offering - its free.

http://www.microsoft.com/athome/security/spyware/software/default.mspx

I found the Giant's Anti Spyware cleaner to be the best. Microsoft bought them out just before I purchased the retail version. I did download the free beta from MS and it seems to keep me clean. I also use spybot and Mozilla (Not internet explorer)

thanks guys!...i'm just good with trains and have all the patience in the world with them.....not good with computers and i want to scream when i get in front of one with a problem...in fact, I hate computers (with a passion[banghead]..Chuck[:D]

I've almost completely stopped going to trainorders. Only thing I do anymore is look at the railcams and a couple forums. The ad-aware works great.

RMas1

I just downloaded and ran MicroSoft's Anti-Spyware program. I had run Spybot 2 days ago. At any rate, MS did not find anything. I must be living clean. (But I keep around 6 IE windows constantly.)

QUOTE: Originally posted by cwclark how do i remove spyware from my computer?..i purchased symantec norton anti virus and the norton firewall and it's still on my computer...

Here's the link for Microsofts free program: http://www.microsoft.com/athome/security/spyware/software/default.mspx
Good luck.

Wayne

Chuck,

Norton anti-virus or firewall will not prevent or remove Spyware. You will need to install the other applications as mentioned above for removing Spyware infections. The documentation below also has a few other applications listed. I would try these four first and in this order: CWShredder, SpyBot Search and Destroy, Ad Aware, and finally HiJack This. As mentioned above, HiJack This is more technically involved as it identifies files that are not necessarly Spyware related but useful and should be kept. You have to be careful with that one.

Here is a short primer on Spyware removal techniques:

Techniques to prevent spyware

Need a few more tools

You should add SpyBot Search and Destroy, CWShredder and HiJack This to the list of software that you need to run in order to remove spyware from your machine. I like to run them in the following order:

CWShredder
SpyBot Search and Destroy
Ad Aware
HiJack This

These are all very useful tools, but they seem to work best if you run them in safe mode, preferably Safe Mode Command Prompt. You can run all of them from the Command Prompt if you copy them to the hard drive from the GUI first. Keep in mind also that you have to run all the tools in each profile, including the Administrative profile.

Try Spy Sweeper also (www.webroot.com) its part of my tool kit.


Here are a few more:
RegSeeker
RegCleaner
Script Defender
Script Sentry
Crap Cleaner
Swat It
KL-Detector
xp-AntiSpy
Bazooka

Get BHODemon to clean your BHO list & prevent new BHO's from gaining access. Another good tool for the list.

Spyware Removal/Prevention Checklists

I created a couple of checklists that I use to battle spyware. Despite that, I still have to manually edit the Windows Registry on occasion to get rid of some nasties such as WinTools, KeenValue, and Incredimail (Incredi-anything). Here are my checklists:

Spyware Removal Checklist

1. Boot into Safe Mode with Networking (some spyware can only be removed in Safe Mode).
2. Open Add/Remove programs and remove any application that both you and the principal user do not recognize or deem to be spyware.
3. Launch HijackThis and click the Scan button. (WARNING: Reference the HijackThis tutorial
at http://www.spywareinfo.com/~merijn/htlogtutorial.html before removing anything.)
4. Install Spybot Search & Destroy, update it, and run it on the infected system.
5. Install Ad-Aware, update it, and run it on the infected system.
6. Reboot and run both Ad-Aware and Spybot again until the system is clean.
7. Launch Internet Explorer and browse the Web to verify Winsock was not broken while removing
spyware. If you cannot browse the Web, run the WinSockFix utility and perform another Web test.

Spyware Prevention Checklist

Consider using Firefox for all web browsing unless functionality of business critical web applications require Internet Explorer. If you can use Firefox exclusively, then steps 2, 3, 5-9, & 11-15 still apply.

1. Open Internet Explorer, click Internet Options, click the Security tab, and click Default Level on each Security Zone.
2. Install all Windows Critical Updates.
3. Install Spyware Blaster and click the link to Enable All Protection.
4. Install a recognized popup blocker such as the Google Toolbar (NOTE: XPSP2 adds a popup blocker to IE).
5. Either manually disable the Messenger service or run GRC's Shoot the Messenger applet.
6. Either manually disable the Universal Plug & Play service or run GRC's Unplug & Pray applet (Windows XP Only).
7. Run GRC's DCOMbobulator, click the DCOMbobulate Me! tab and then click the Disable DCOM button.
8. Execute DSOStop2 and click the Protect Internet Explorer button.
9. Execute HTAStop and click the Protect Internet Explorer button (WARNING: Only run on Windows XP or Add/Remove Programs will cease to function).
10. Install IE-Spyad.
11. Run GRC's SocketLock utility.
12. Test browse the Web.
13. Rename the default Windows Hosts file located at %windir%\system32\drivers\etc and place the Gorilla Design Hosts file in the same directory.
14. Test browse the Web. If it is significantly slower than the first test, revert to the original Windows hosts file.
15. Educate the principal user on Internet best practices.

Ad-Aware - http://www.lavasoftusa.com
CWShredder - http://www.spywareinfo.com/~merijn/downloads.html
DSOstop2 - http://www.wilders.org/downloads.htm
Firefox - http://www.mozilla.org/products/firefox/
Google Toolbar - http://www.google.com/options/index.html
Hosts File - http://accs-net.com/hosts/get_hosts.html
HTAStop - http://www.wilders.org/downloads.htm
IE-Spyad - http://www.pcworld.com/downloads/file_download.asp?fid=23332&fileidx=1
Shoot The Messenger - http://www.grc.com/freepopular.htm
SocketLock - http://www.grc.com/freepopular.htm
Spybot Search & Destroy - http://www.safer-networking.org/en/download/
Spyware Blaster - http://www.javacoolsoftware.com/spywareblaster.html
Unplug & Pray - http://www.grc.com/freepopular.htm
WinSockFix - http://www.spychecker.com/program/winsockxpfix.html

Good luck,

Ryan

My business is entirely dependant my websites and on my computers and I've tried a lot of anti-spyware software. As sirknight said, Microsoft's Anti Spyware Beta1 is free for the time being and it has been finding many things the others have not. I recommend it.

Silverspike is correct that you need to be careful when visiting any unknown site. Nothing in the Trainorders announcement is unique to them. Any site that contains links to other sites, including this forum poses the same risk. It's common practice for a webmaster to remove links to sites that attempt to download spyware (or any software) on your computer without your knowledge. I would assume that if Trainboards went to the trouble of posting their common-sense warning, they would also remove links that they know to be hazardous.

Windows users should always have their security settings set so as to prompt the user for downloading any ActiveX controls.This will at least give you a headup that a drive-by download is being attempted.

Wayne

how do i remove spyware from my computer?..i purchased symantec norton anti virus and the norton firewall and it's still on my computer...it's really freaking me out now....any suggestions?..I hate computers and have a hard time with them when things like this go wrong..this computer is at my work and no problem but my home computer has a spyware program and it won't go away even with the new program i loaded....chuck

QUOTE: Originally posted by jsalemi QUOTE: Originally posted by BRAKIE It seems to me even if you launch your Internet bowser you are guarantee to pick one up.[V] Not if you use Firefox. [:D]

Never found one on my computer when I used IE exclusively. Now I use IE and Firefox, depending on the site.
The way to not get spyware is to not click on popups! And don't open emails that look obviously like something you didn't ask for.

--Randy

QUOTE: Originally posted by BRAKIE It seems to me even if you launch your Internet bowser you are guarantee to pick one up.[V]

Not if you use Firefox. [:D]

I find spyware to be a nuisance more then a real threat..So I use Spybot twice a week to clean off Spyware..It seems to me even if you launch your Internet bowser you are guarantee to pick one up.[V]

in addition to a subscription to antivirus software I use the free anti-adware/spyware software from Microsoft. This is a new service which began last month and it really works. if interested: microsoft.com

Which links off of Trainorders caused the problem? From this post, I would be hesitant to follow any link from Trainorders, although I'm sure most are legitimate and Spyware-free. Have the suspicious links been removed?

I regularly use HijackThis (google for it) to clean up our family's machines, particularly those used for teen internet gaming. It's not for beginners, but if you are interested in Spyware and want to dig deeper, this is a valuable tool. When you find your home page re-directed to something you'd rather not have your kids look at, this is what you need.

HiJackThis and CWShredder are two other Spyware removal tools that also work, I have used these and the others posted above. I work in IT and this has been the most time consuming issue when having to clean up an infected computer. There are so many variants of Spyware that even the virus scan apps cannot keep up. The best policy I can tell people is to be careful what sites you visit, but that is not always easy when you are visiting new sites!

Good luck,

Ryan

Thanks, SpaceMouse. I use both products and run each once a week. There are things out there you don't know about until the search product finds it.

Hi,

If you don't have these already, here are two programs that are a must for Internet users. Both are free to single users.

Spybot
http://www.safer-networking.org/en/index.html

Ad-aware
http://www.lavasoftusa.com/software/adaware/

Run them every week or so to clean up spyware. If you use Internet explorer, you have downloaded spyware.

Thanks so much for looking out for the rest of us!

You're Top Notch! [:)][:D][4:-)][C=:-)][C):-)][tup]

Thank you for posting this, locomotive3.