Spyware Warrior

[YUGWEN]

I don't know if anyone noticed the HJT logs I posted other than the person/people who helped me work on it. But, I wanted to mention it here because I think it is relevant.

While I am still very new to this war, I have had a lot of success, even going it totally on my own. I got a bunch of tools from this great forum, learned a few tricks and I have been doing great up until these last three systems. One of which I did not work on myself, but I know that the person who was working on it is much better at fighting spyware than I am and has been at it longer. He ran into the latest VX2 juggernaut...

The two systems I ran into laughed at all of my tools. The first one just ignored them for the most part, but this last one which I spent 16-20 hours on defied and eluded them completely. It looks like whatever VX2 figured out is now going to be the standard fare for evilware??...

The system I worked on had Bargain Buddy, Cashback, 180Search, Navisearch, Spyware Deltere, and Bullseye network. I have dealt with 180Search before on my own and killed it. I was able to kill Spyware deleter in the registry through dumb luck when the script fix failed to stop it.

After using EVERY tool in my arsenal, including this forum, I managed to get the system "clean" to all of my scans, but on re-start they would all come back except for Spyware Deleter. I went online and used the uninstall option for each of the evilware programs and they went away finally.

However, there is still something on the system that none of my tools can detect or remove. When it activates on restart SG stops it and allows me to delete it. It registers as the msbe BHO URL programs that I deleted by hand from the registry and with my tools. I wnet through the registry line by line and with the search option to rip out everything that looked bad. Which, was a bad idea on my part since I am not that comfortable in the registry.

The Search option worked great in there, and pointed out how useless all of my tools have become. In my registry, after running both Ad-Aware and SS&D and finding nothing at all, I found folder after folder and file after file with names that no one on Earth could mistake for not being Adware and Spyware.

There were poker links, porn links, dialers, and everything else including files with the words "ad" "popup" in the name and more. Some of these obvious .exe files I found even said that they were WRITTEN AND COPYWRIGHTED BY MICROSOFT!! Even if Internet and computer law is lagging behind the real world, isn't fraud, slander and copywright infringement illegal in EVERY medium?

As you can guess I am very frustrated right now, as many before me have been I am sure. I let down two people who were counting on me to come to their rescue and help them out. Does it make more sense right now to just wipe systems clean and start over until our tools catch up to the evilware again? I have wiped and re-installed plenty of computers, and none of them have ever taken me 20 hours to complete
_________________
Absorb what is useful

[herbalist]

YUGWEN,
By far, you're not the first to feel that kind of frustration or sense of futility. Just a bit over a month ago, some very similar frustrations were let out in this thread:
http://spywarewarrior.com/viewtopic.php?t=5257
I've also questioned if this war can be won. The pests just keep getting tougher to remove. What frustrates me the most is that for every system cleaned and owner educated about the risks, several more new users come online, having no real idea of the scope of what faces them, and there's just no realistic way to reach the typical user ahead of time. If you consider each infected computer a battlefield, we win far more battles than we lose, either by defeating the enemy ourselves or by obtaining assistance from someone who's better, something I've been forced to do more than once. But for every battle we win or fight, there are so many more waiting to be fought. There's no doubt that there are more battles to fight than all of us combined can get to. Have you seen this:
http://news.bbc.co.uk/2/hi/technology/3708260.stm
91% of all PCs are infected to some degree, and that was just spyware. I can't help but wonder what the figure is when virus, worms, trojans, etc are included. If the first page a new user saw when going online for the first time was some form of an educational warning about what the risks are, perhaps the numbers could be changed, but it's not going to happen. Just from my own experiences, about 1 in 4 people look at me like I'm nuts if I use the word "spyware". How do you prevent such problems when the average user doesn't even accept the existence of the enemy until it has its hands around their throat?
On an overall basis, I doubt we can win this war, not on the terms we have to fight it now. But what options do we have? We only have 2 choices, fight or surrender. I don't consider the second one an option. Reformatting is the ultimate removal tool. So far, I haven't been forced to do that to clean a system, though on one occasion, if I'd had the disks for their system, I would have. I spent 4 days on that one PC, walked away from it more times than I care to admit, choking down the urge to knock it right off the desk. It forced me to learn and use tools I'd never used before. Looking back now, what that job taught me was worth the fight, though it sure didn't feel that way at the time. If nothing else, that job and the last six months have taught me just how much I don't know and need to learn. If some of these pests get much worse, reformatting could potentially become the only available option, but that can also be very time consuming, considering all the updating, patching, and re-installing that includes, especially if the system is old.
Our tools are always in catch-up mode. For every one that a way to defeat is found, another appears. Don't look at the idea of reformatting like a surrender, just a last resort tool that will give you back a clean unit, which is what you wanted in the first place.
JUst hang in there and give it your best shot. Rest assured that we all understand exactly how you feel.
Rick

[YourOldBuddy]

We have to start a WAR ON SPYWARE!! Next I suggest a war on smelly diapers and boybands (not just smelly boybands).

To answer the question... no... I dont think so. Its only going to get worse. I dont a have a solid basis for my opinion but just looking at the trend I cant see a solution anytime soon.

[java]

The war is won by informing all the people so that they know what they are fighting!! We at these forums are trying are best to help and inform these people. Yes the programmers are doing new things all the time to try to advoid us but, we as programmer to the good are doing the same to them. If we continue to inform the general public about them then they will know how to avoid the bad ones...We will WIN!!!!

Java
_________________
We are our own worst nightmares!
Please update your computers, update and run all anitvirus/spyware programs!

[YUGWEN]

I am feeling a lot better now. No less frustrated, but certainly more focused. I have decided to give myself a tool AND time limit for these systems. I'm sure most people are a little more practical in the first place than I am.

I will run my tools, and see what I am up against. Post my logs for help if I can, and then wipe it clean and start over if that will be more time wise. It didn't really don on me until I had wasted my weekend that I was giving the evilware people WAY too much impact on my life.

I'm a newbie to this. I'm not a programmer, so if my tools won't fix it with a little outside help, I am ahead to just wipe it clean and go from there. So from now on, I am Mr. Try, Mr. Wipe and Re-install, and Mr. Give the Bad Guys the Finger! Ok, maybe not the finger part, but I'll do it in my head at least

Thanks and good luck all!
_________________
Absorb what is useful

[herbalist]

It isn't hard to get frustrated with some of these pests. I never could set a time limit for myself. If a job was being especially difficult, it was more like reaching an aggravation limit, after which I'd walk away for a day or at least a few hours, cool off, think about something else, then come back to it.
If the CD burner works on what appears to be a hopeless case, then reformatting isn't that bad of an option, as long as the personal files can be saved on something. If nothing else is available for backup, a couple free webmail accounts can hold a good amount of data for a few days, especially now with several having 100mb mailboxes.
The more of this you do, the better you'll get at it. I'm no expert either. The time will come soon enough that I'll run into something I'll need help with. Fortunately, I see lots of good help right here in this forum. We were all newbies once.
Rick

[Mind control 01]

Hello spykiller's
Life's a battle !, computer's are part of it,
WHO DARE'S WIN'S (Rodney),

[Jeff007]

On the Technical Side: For what this may be worth, I find that I was able to delete everything on my HJT log with no apparent harm to my system. I'm not suggesting this, just letting you know it's worked for me. In addition to using the anti-spyware software suggested by some of the members, beginning with the honorable Devilin, I finally swtched over to Firefox as my browser of choice. I stilll use IE but only rarely. The combination of all of the above has been very effective. Just today, I tried out Trojan Hunter 4.0 as here suggested and thereby discovered a Trojan and got rid of that. So while the war may not be over, the enemy is getting the worst of it from me.
On the Political Front: The general public outcry against all spyware has forced trhe U.S. House of Representatives to enact proposed legislation making spyware illegal. An internet poll conducted afterwards shows the measure has widespread support, so widespread it must surely be bi-partisan. This measure is now before the Senate. We may soon have the law on our side unless the 180 crowd is able to successfully lobby against it.
So take heart and keep fighting! We really are making life miserable for these bastards.
_________________
Jeff007

[Nick]

[MisterJ]

I figured that might be so. If I go belly up I'll let you know. Everything in the long was saved just in case I need it.
My apologies to Suzi for causing confusion by allowing Jeff007 to come back to life. It's been so long that I forgot I had killed the poor fellow. It was an accident. As I understand from the SWF system, he really is finally dead and gone.
Back to you Nick. What horrible thing is supposed to happen to me that has not happened since I did this terrible thing two months ago?
_________________
MisterJ

[bch]

YUGWEN.

You wrote about finding things in your registry " ......I found folder after folder and file after file with names that no one on Earth could mistake for not being Adware and Spyware. "

Given that scans with Adaware and SpyBot came up empty, I can't help thinking that, if you have SpywareBlaster, and the immunisation feature of SpyBot activated, that, by removing these registry enties, you have disabled protection against a number of the protected items.

[MisterJ]

Interesting observation bch. I'll check it out. Thanks.
_________________
MisterJ

[MisterJ]

P.S. to bch: I just ran another hjt and found all systems go except for Adaware and Spyware Blaster. These I shall reinstall. Have a great day.
_________________
MisterJ

[MisterJ]

P.P.S. to bch. A check of files in my C drive show the continued presence of both Adaware and SpywareBlaster. Spybot had already popped up on the most recent hjt scan.
Anything else I should be concerned about?
_________________
MisterJ