Getting rid of spyware

Discussion in 'Computers and Technology' started by Scottroo, Aug 10, 2004.

Put it out there
  1. sblack

    sblack #shady

    Brisbane Lions
    Other teams:
    Sixers, Eagles, Man Utd, Georgetown
    Joined:
    Apr 07
    Posts:
    17,634
    Location:
    Sydney
    What is it that keeps popping up? And have you punched it into a search engine to check the severity of it?

    Run Malwarebytes and see what it says
     
  2. Juddy88

    Juddy88 Brownlow Medallist

    West Coast
    Other teams:
    Tottenham, East Perth
    Joined:
    Apr 07
    Posts:
    10,480
    Location:
    West Coast
    Recently picked up a trojan in a scan in an application (not on this comp, on a separate one) I'd already launched. Initially it wouldn't let me delete it but my antivirus put the file in to the virus vault. I've ran plenty of scans, spybot, malwarebytes, Rkill in safe mode, combofix, and nothing has come up.

    Is it gone? Anything else I should do?
     
  3. Upton Sinclair

    Upton Sinclair Account Cancelled by User

    Collingwood
    Other teams:
    Joined:
    Jul 11
    Posts:
    5,453
    To everyone with malware: download ComboFix, get log, post on BleepingComputer...

    Rinse and repeat....
     
  4. Donners

    Donners Premiership Player

    Sydney
    Other teams:
    Rushden & Diamonds FC (RIP :( )
    Joined:
    Sep 02
    Posts:
    4,023
    Location:
    Vic
    I was just casually browsing the Internet (legit sites too, mind you) when my browser abruptly crashed. That being nothing unusual, I thought nothing of it - until two other things crashed.

    Then one of those nasty ransomware messages popped up (ie. Your computer has been locked by the Australian Federal Police and you must pay a fine of $100 to unlock it, etc). There was no way around it through Task Manager or logging out.

    Thankfully I had read about those, so I restarted in safe mode and loaded up system restore - only for the computer to abruptly restart. Sneaky! I restarted in safe mode with command prompts, and thankfully was able to run system restore that way, and kill off the bastard.

    Looking through the event log was quite terrifying. My anti-virus was going utterly berserk, taking out eight trojans in a matter of seconds (one of them must have dropped/downloaded a bunch), including some pretty nasty ones. Then one of them managed to switch it off, as well as taking out my firewall, minimising my browser's security settings and fiddling with a whole bunch of other things before launching the ransomware interface.

    I still have no idea how it happened, given that I was browsing popular and legit sites which have not caused me problems before or since, but it was quite an experience.
     
  5. The Passenger

    The Passenger Mr. Mojo Risin'

    West Coast
    Other teams:
    Pittsburgh Penguins, Dallas Cowboys
    Joined:
    Mar 03
    Posts:
    24,837
    Location:
    The City of Light
    you've probably had some sort of java plug in issue. even if it isn't this advice should be heeded by all:

    https://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

    unless you have a compelling reason to running a java plug in, then you should have it disabled at the moment. in fact i can't think of one reason to have the java plug ins running right now. maybe enable them temporarily when you need to do something but that would be it. there have been some serious security issues discovered in the past month. i'm not 100% sure if it affects older versions, but it all came to a head when oracle released java 7 update 10 in early to mid january.

    if you do need to run a java applet permanently, then most likely your a developer of some sort so you should know of the security risks. if not, then what i would recommend is to have two profiles with chrome or firefox. one for your regular browsing and one for your secure browsing such as banking, e-mails etc,. with your secure profile ONLY visit the sites that you need to, and ALWAYS close your regular profile whilst on those sites.

    i don't run any java plug ins (java is the number one cause of internet infections every single year) so i haven't followed it too closely... so i may not be 100% accurate here but my understanding is what was discovered was that it was possible to run java plug ins automatically, getting around the user setting "ask before running plug ins". so someone could write a malicious applet such as a keylogger, inject it into a legitimate looking site and have it run automatically when you open that page. so whilst you continue to have that page open the applet is logging your keystrokes. that was my understanding of the main flaw that was found.

    Donners you may have been browsing what you thought were legit web sites, but it isn't out of the realms of possibility that they were temporarily compromised or something like that.

    going a bit further, i don't see much of a reason why anyone should have java on their computer at all. i'd recommend, uninstalling and only reinstall (which is easy to do) if something stops running. the whole java platform has fallen to shit in recent years. android is about the only thing keeping it relevant at the moment imo (and it's a pretty handy trump card to be fair). if you do need to have java on your computer, make sure you have java 7 update 13 or java 6 update 39.

    someone might ask about android now because it's pretty much based on java which is true. as at this moment though there doesn't appear to be any major security holes on the android. the reason for this is because android uses a virtual machine called Dalvik to process java files. Computers use a virtual machine called the Java Machine Virtual (original), and it's the JVM that is compromised at the moment.

    That's not to say Dalvik is completely secure, I'm sure there are some exploits out there that are unknown at the moment.
     
  6. The Passenger

    The Passenger Mr. Mojo Risin'

    West Coast
    Other teams:
    Pittsburgh Penguins, Dallas Cowboys
    Joined:
    Mar 03
    Posts:
    24,837
    Location:
    The City of Light
  7. Donners

    Donners Premiership Player

    Sydney
    Other teams:
    Rushden & Diamonds FC (RIP :( )
    Joined:
    Sep 02
    Posts:
    4,023
    Location:
    Vic
    There was a zero-day Java exploit which was noticed in mid-January and my issue was on the morning of 19 January, so it fits. I'm mostly using my iPad for browsing these days; it's not the first time I've had issues.
     
  8. The Passenger

    The Passenger Mr. Mojo Risin'

    West Coast
    Other teams:
    Pittsburgh Penguins, Dallas Cowboys
    Joined:
    Mar 03
    Posts:
    24,837
    Location:
    The City of Light
    almost certainly that is the case man. this java thing is bad. oracle have pretty much stuffed up java.
     
  9. efbe

    efbe Draftee

    Sydney
    Other teams:
    Joined:
    Mar 14
    Posts:
    2
    Linux is the answer, you will never have Malware or any virus problems again...
    Try Zorin OS, Linux Mint or Ubuntu. If your not into heavy gaming, then Linux will suit your needs without the fear of viruses.
     
  10. 4realinmel

    4realinmel Rookie

    Carlton
    Other teams:
    Joined:
    Mar 14
    Posts:
    28
    get rid of windows is what you need to do....
     
    The Passenger and MadMac like this.
  11. The Passenger

    The Passenger Mr. Mojo Risin'

    West Coast
    Other teams:
    Pittsburgh Penguins, Dallas Cowboys
    Joined:
    Mar 03
    Posts:
    24,837
    Location:
    The City of Light
    Mint is sweet.

    Currently using Fedora 19 at work for a project and that's pretty good. Had to dual boot onto my laptop so I can use that too and the laptop is running considerably slower since installing it, even when I'm using Mint. The machine is on the back end of it's life though.
     
  12. I hate trolls

    I hate trolls Rookie

    North Melbourne
    Other teams:
    Joined:
    Apr 14
    Posts:
    30
    Make sure you have an awesome anti virus software program because if you don't you're in trouble with trojans and other things that go wrong with your computer.
    What I have on my computer is Kaspersky 2014 internet security. It's great because it protects you for 2 years.
     
  13. Big Sauce 21

    Big Sauce 21 Premiership Player

    Brisbane Lions
    Other teams:
    Joined:
    Oct 13
    Posts:
    4,051
    Location:
    Brisbane
    Every time I come onto Bigfooty i'm getting popups with my blocker on and Security active.
     
  14. Xtreme

    Xtreme Brownlow Medallist

    Hawthorn
    Other teams:
    Joined:
    Jul 06
    Posts:
    10,577
    Location:
    Melbourne
    I logged on to Skype and someone NOT on my contact list was instant messaging me like they were already on it, acting like they knew me AND then tried to get me to click on a website link. After a brief conversation (in a nutshell i said that unless they can verify that they know me the conversation is stopping now), i blocked and then clicked on the "report" button.

    The skype account i was on has not been hijacked and taken over (that i know of anyway), i changed the password to that and the other websites i was using at the time. I deleted the saved password history that my browser had and changed the passwords to my important accounts (e-mail, several forums, internet banking etc).

    Clearly my computer is compromised in some way but without knowing, i'm actually going to the effort of backing up the important stuff (music, movies, photos - not all of it is porn!) and then will format and reinstall windows. To add to the paranoia i am also going to change the password to my router and SSID password in case the mystery person now knows what it is.

    I don't remember what the site url is now, but it was some social network link (not twitter or fb), i looked up the address and did a whois on the domain and such, it's registered to someone in Texas that used a yahoo address to register the domain, the domain itself expires in November. Strangely enough i googled a few of those sites that give a ranking or say whether a site is safe or not. Most of the sites i ran the url through said the site was safe, only one gave it a bad rating. The Alexa traffic for it is another reason for me to think it was a phishing scam - the Alexa traffic for it doesn't match up, obviously only a few hundred people are dumb enough to click on it each day...................... but there was something like 80,000 visitors over the last month.

    Am i over reacting or doing the right thing in formatting my pc and starting again ?
     
  15. Kidd Vicious

    Kidd Vicious Tyson Chandler Parsons

    North Melbourne
    Other teams:
    Joined:
    Sep 04
    Posts:
    17,017
    Location:
    Here
    Im a complete noob at this. Had to get a new harddrive so everything was wiped. Ive got windows 7.

    At the moment Ive got malwarebytes anti-malware.

    DO I need to get an anti-virus or will the malware byte program cover it?

    Do I need to get a firewall?
     
  16. Zim^zuM

    Zim^zuM Club Legend

    Western Bulldogs
    Other teams:
    Western Bulldogs
    Joined:
    Sep 05
    Posts:
    1,718
    Anybody ever have the issie with bettermarkit adds? Never encountered anything so annoying in my life. All the sites say use something like malwarebytes free etc. But these programs after a scan requite an activation code to do any clean up. I've done all the over manual stuff but its all hidden and still there.

    So what programs clean for free or can anyone point me in the wright direction of locating these files.
     
  17. Big Sauce 21

    Big Sauce 21 Premiership Player

    Brisbane Lions
    Other teams:
    Joined:
    Oct 13
    Posts:
    4,051
    Location:
    Brisbane

    Malwarebytes clears it for me, always asks to upgrade but gives me an option to skip and it cleans the computer. Also go through your control panel and uninstall programs, anything that looks weird get rid of it
     
    Zim^zuM likes this.
  18. Zim^zuM

    Zim^zuM Club Legend

    Western Bulldogs
    Other teams:
    Western Bulldogs
    Joined:
    Sep 05
    Posts:
    1,718
    Ive done that bit. Everytime intry install malwarebytes there is errors on the install. Then when I try open it says cant find it
     
  19. Engimal

    Engimal Norm Smith Medallist

    North Melbourne
    Other teams:
    Joined:
    Apr 10
    Posts:
    7,395
    Location:
    Tasmania
    Malwarebytes shouldn't be used alone. I'm pretty sure it even states itself that it's supposed to be used "alongside your antivirus". I'd go with a free antivirus such as AVG.
     
  20. Zim^zuM

    Zim^zuM Club Legend

    Western Bulldogs
    Other teams:
    Western Bulldogs
    Joined:
    Sep 05
    Posts:
    1,718
    I have anti virus. I just needed to specifically remove the bettermarkit crap. Seems to be gone properly now. Fingers crossed
     
    Engimal likes this.
  21. raptalia

    raptalia All Australian

    Port Adelaide
    Other teams:
    Joined:
    Mar 14
    Posts:
    710
    Chapter one...

    I inherited Sweet Page from an attempted download of Firefox. In case anyone is wondering I had a program that claimed only to work in IE or Firefox, as it was not working in IE I decided to try Firefox. The Mozilla mirror site was obviously infected with this pest.

    I then fell for one of the oldest ruses going in that I Googled sweet page removal and took what looked to be good option. I should have then Googled Reimage and read what others had to say, had I read the reviews of this lemon I would not have used it. Reimage creates more problems than it solves as I suspect it removes some Windows settings and replaces them with it's own. Reimage is one of those programmes that is just as bad as the malware it claims to remove.

    The really annoying bit is that I could have removed Sweet Page with Windows uninstall. In the end I uninstalled sweet page with Windows. I also inherited a pest called Clean Adds or a similar name which planted itself in IE. Not sure if this was part of the Sweet Page problem or a separate issue or if it was something the Reimage lemon bought with it.

    Getting rid of Reimage and this Clean Adds pest was not easy. If you try to uninstall Reimage with Windows you get a pop up loop which tells you that Reimage has to restart your computer before it can uninstall. Of course there is no uninstall just a loop.

    I finished up doing a Windows Refresh which took Windows 8.1 back to its installation settings which meant that I had to reinstall video drivers and software. I had attempted a System Restore but McAfee kept blocking this action and switching McAfee off is no simple task.

    All this was my own fault but be careful of Firefox downloads and this Reimage mob.

    Chapter two...

    Have you ever locked yourself out of the house and had no spare key? A similar thing happened to me yesterday. I recently bought a new system with Windows 8.1. Those of you with 8.1 will know that Gates Inc. do everything they can to get you to open a Microsoft User Account. I resisted but eventually went shopping in the Microsoft on line store and found that I had to have an account. Once you open an account in 8.1 you need to register a password. The problem is this then means that every time you want to boot up your system you need that password. The password is a good idea if you have multiple devices using the same OS but if like me you only have a desktop it is bloody annoying. The password can can be switched off by running [netplwiz] at the command prompt then unchecking the user password box. I did this and all was fine but...

    Yesterday I became curious and decided to take a look in my system settings. I noticed that my system did not have a name it was simply labelled PC. I decided that it would be nice if my friend had a name so I gave it one. Big mistake because when prompted I rebooted and low and behold there it was, a please enter password box. The problem was I had forgotten the password and my record of it was on the computer. How to get in? Windows told me that if I had forgotten my password I could simply use a password reset disk. Err, what is that I thought had never heard of this. No way of getting in.

    Then I remembered I had backed up my data files to a USB the day before and there was a chance my password would be on it. I still had my old system so I hooked it up, inserted the USB and there it was... my password. After re hooking the new system I was right but boy you can easily get locked out of 8.1 if you do not create a password reset when you open a Microsoft Account and if you play about with things. It would have been helpful if Windows had told me that changing the computer name would mean I needed my password to get back in but the Gates Empire is not so helpful these days.

    The moral in this is, if it ain't broke don't try to fix it and if you do succumb to opening a Microsoft Account thus providing Gates with your details, make a password reset disc and keep it in a safe place just in case.
     
  22. raptalia

    raptalia All Australian

    Port Adelaide
    Other teams:
    Joined:
    Mar 14
    Posts:
    710
    I am pretty sure that AVG is not free these days. You get a 28 day trial before they want you to purchase.

    I cannot understand why people feel the need for free anti virus anyway. We spend money on a system or multiple devices yet balk at paying $50-70 for effective anti virus. I have McAfee Total Protection and it only cost me $39.00 this year and it is worth the money to protect my investment. I am not trying to flog McAfee over other products as has its problems and Kaspersky, Norton etc. probably do the same job but I would not buy a new car and not insure it so I will not buy computer devices and not safeguard them.

    In any case even the best anti virus is not going to stop malware or PUPs as some it comes from supposedly safe sites and is not really a virus. In the previous post I explained that I picked up Sweet Page with an attempted Firefox download via the Mozilla site. You would not expect to get malware from Mozilla.
     
  23. Engimal

    Engimal Norm Smith Medallist

    North Melbourne
    Other teams:
    Joined:
    Apr 10
    Posts:
    7,395
    Location:
    Tasmania
    Agreed. I just didn't want to recommend someone a paid product like it was their only option. I haven't used AVG is years so I'll take your word on its price.
     
  24. noloyaltylol

    noloyaltylol Debutant

    Western Bulldogs
    Other teams:
    Joined:
    Oct 14
    Posts:
    66
    I haven't read everything but THE simpliest way to get rid of any malware is as follows
    Run Task Manager (CRTL+ALT+DELETE > Task Manager)
    Go to "Processes"
    Google any suspicious processes, you'll know a suspicious process when you see it
    Find out what program/app/add on is causing it
    Uninstall it in the "Install and Uninstall" option in the control panel (Control Panel\All Control Panel Items\Programs and Features)
    Run malwarebytes
    Malwarebytes should be able to delete anything leftover
    Then run CCleaner, including the Registry Cleaner and fix all issues

    This should get rid of essentially all malware and their registry keys/rootkits

    Finally download BitDefender for future reference, it's a great FREE antivirus.

    NOTE:
    If you are unable to uninstall said program before running malwarebytes, just skip it and then run malwarebytes
    If malwarebytes is unable to delete it, proceed as usual and BitDefender will most probably be able to dispose of it

    If not, then you're tough outta luck, time to back up everything you need and reinstall windows
     
  25. OhhhhhCyril

    OhhhhhCyril Club Legend

    Hawthorn
    Other teams:
    Joined:
    Jul 12
    Posts:
    1,672
    I keep getting this warning your java is out of date crap.. anybody else had this before, very annoying

    java.png