Browser infiltrators - help

Discussion in 'Off Topic' started by Streaky, Feb 7, 2008.

Thread Status:
Not open for further replies.
  1. Scott_L

    Scott_L Palm til it's gone!

    Messages:
    615
    Likes Received:
    1
    Trophy Points:
    68
    That comes as a shock to me. I've used and trusted SpywareBlaster for years! I've never read anything bad about it. I know McAfee AV and some versions of Symantec products render its update function near useless and the companies recommend removing SB to resolve - but these are just known incompatibilities, nothing bad about the product is reported. I'll do some research now, but I can imagine with all of the reading I do on this stuff that one of my Top 10 tools could be evil. Please supply any reliable sources of info you have on this.
     
  2. jigwashere

    jigwashere Mobile Deity

    Messages:
    17,935
    Likes Received:
    14,793
    Trophy Points:
    288
    I'm less convinced SpywareBlaster is malware after doing limited research. TrendMicro only seems to refer to it on their website a couple of times when talking about anti-malware programs that can be monitored by trojans.
     
  3. RickAgresta

    RickAgresta Peanut, leader of the Peanutty Forces

    Messages:
    21,871
    Likes Received:
    19,526
    Trophy Points:
    288
    I'm also thinking it isn't a baddie; I can't recall where, but a reputable online source recommended using it. Although I have it loaded on my desktop, I use it rarely, now.
     
  4. lelisa13p

    lelisa13p Your Super Moderator Super Moderator

    Messages:
    23,649
    Likes Received:
    9,093
    Trophy Points:
    288
    Great post, Konrad, for which you earned a heaping helping of lovely Red Rep. :D I was striving for the Perfect Number :cool: but it looks like I fell short. :(

    To ye who are infested, I say "Tsskkk. I hope you work it out and I will keep my fingers crossed. Please excuse any badd typign that results." :)

    By the way, Trend is what I've been running for the last several years with no problems, thankfully.
     
    Last edited by a moderator: May 18, 2015
  5. dmccunney

    dmccunney Mobile Deity

    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    198
    Nope.

    Spyware Blaster is from Javacool Software. It's not spyware/malware/Trojan horse. I've run it before. It installs a resident anti-spyware process that tries to block such things. See http://www.javacoolsoftware.com/

    I don't run it these days because I don't need it: I use Firefox as my default browser, and don't get hit with the stuff Spyware Blaster tries to guard against. I have Ad-Aware and Spybot Search and Destroy, run them occasionally in ad-hoc mode, and all they ever find is "tracking" cookies.

    But it's not malware in a clever anti-spyware disguise.
    ______
    Dennis
     
  6. Streaky

    Streaky I can't remember

    Messages:
    11,852
    Likes Received:
    18
    Trophy Points:
    258
    Hey, if ever there was a thread meant for hijacking it's this one. :)
     
  7. Hook

    Hook Caught Watching Prawn

    Messages:
    19,973
    Likes Received:
    12,399
    Trophy Points:
    288
    So, do we now have to hit Konrad with green rep for slipping up? ;)
     
  8. Streaky

    Streaky I can't remember

    Messages:
    11,852
    Likes Received:
    18
    Trophy Points:
    258
    The jury seems to be out on SpywareBlaster (maybe), but Konrad still sounds the most authoritative.

    Come to think of it, I only installed ErrorKiller, AdwareAlert and SpywareBlaster after I started getting the infiltrators. In any event, I'm going to start following most of Konrad's incredible advice.

    By the way, anyone heard of appdata\local\zkpoubi.exe? Win Defender is aking me about it but Ican't find it anywhere (sounds ominous, I know).

    Edit: I recall that one or more of those new doosies accused both Google Earth and FlashGet as being security dangers so I scrubbed them.
     
  9. Streaky

    Streaky I can't remember

    Messages:
    11,852
    Likes Received:
    18
    Trophy Points:
    258
    Currently running the Vista beta of F-Secure thingy. Only runs in IE, and the full scan looks set to take most of the night (it's 0018 here). As much as I hate to leave something like this running, I might go to bed and check it in the morning.

    Edit: this is fun: it's just popped up with one spyware found and two skipped files.

    Edit 2: I wonder what the "F" in "F-Secure" stands for. No viruses yet, but it's only about 6,000 files out of some 80,000 from memory).
     
  10. Konrad Pierce

    Konrad Pierce Village Idiot 2.0

    Messages:
    4,704
    Likes Received:
    9
    Trophy Points:
    213
    Ah, um, oops. I was going off my personal notes ... which, it seems are - as always - in need of constant updates.

    Javacool Software's SpywareBlaster is indeed a perfectly legit, safe, clean product. My apologies for being an alarmist, and my sincere apologies to the folks at Javacool - I had no intention of maligning their product. (Take note, though, that it doesn't seem to have done Streaky much good ...)

    My error is based on my old (circa 2005) notes, in which "SpywareBlaster" was yet another name of Streaky's ErrorKiller, aka Spyware Warrior, Spy Sheriff, Spyware Assassin, and many other names. These are - by and large - the exact same piece of malware, made by the same people, just distributed under different names. They tend to share the same scanning engine, similar appearance, and slightly different malware payloads. Yes, they might actually scan for spyware, they may or may not even remove some of what they find (competitor's products); but they certainly infest the machines they're installed on with a generous load of crap which they'll utterly ignore. And once they're in, more starts arriving on a regular basis. Beyond the obvious annoyance factor, they gradually place a heavy impact on system stability and performance. More seriously: they create an accumulating number of actual security vulnerabilities, ranging from simple invasion of privacy to keylogging/datatheft to turning your machine/network into a "server" for anybody who can get ahold of certain (public) client software. Very bad.

    It seems like these fake scanners are now endemic. What to get? What to avoid? Spyware Warrior is a continuously updated reference that helps spot the badness; here's their list of Rogue (and Suspect) Anti-Spyware Products. You can often find free cleanup tools by googling something like "remove Spy Sheriff" (or whatever) on a case-by-case basis.

    (Yes, the names are confusing. This is the precise intent of the "internet advertising" companies that produce this crap.)

    Sorry about the F-Secure problems ... it's always worked fine for me, I don't know what to say. Perhaps actually install something from their Downloads page instead of running on-line scans through a browser. I'd like to also mention the products made by Sophos: they are (like Avast! and AVG) not quite as aggressively developed as the "mainstream" security products (Symantec/Norton, F-Secure, Trend Micro, McAfee, etc) ... but their scanning tools do have a surprising tendency to detect/repair/remove nasty stuff that the mainstreamers selectively choose to not consider threatening. There's been longstanding controversy over whether certain things get ignored because of corporate structuring or payoffs (bribes) or whatever ... so much has been written about these arguments that it's impossible to conclusively discover the real truth, but the simple fact remains that Norton, McAfee, etc will not remove certain malware elements that other companies consider undesirable or threatening. Decide as you will, maybe google around to see how many of Symantec's programmers were involved in the initial release of LOP.COM ...

    [Edit]
    There's no real sure-fire way to determine whether the security product under consideration is legit or fake. Or even whether a legit product is superior, decent, or worthless. (Take note, people, of all the stuff you already have installed which is not fixing your existing PC problems...)

    Product reviews, various spyware/antispyware organization websites, online commentary, and all the rest is usually pretty valuable ... but most people won't bother doing much in-depth research unless the product is massively expensive.

    I've found that a fairly decent indicator (which doesn't always tip me off) is the fact that the people who produce REAL security software are typically interested in selling it to you. You might get a wimped out eval version, or a time-limited trial, or somesuch ... you might even get a good freebie product. But as a rule of thumb, they will ALWAYS offer a "commercial" solution of some kind ... so, if you don't see a shopping cart on the website, there's a good chance it's a fake. The guys who make and distribute spyware won't charge you - they make their money from all their advertisers, and the more ads in your face they can get you to keep clicking on the better for them ... they will do anything they can to entice you to install your first piece of spyware. (Incidentally, whenever some unsolicited little ActiveX/script applet pops open in your browser claiming that you need to install this or that or whatever, just right-click on it and select "Close" instead of actually pressing any of the offered buttons - these guys are treacherous.)

    REAL security companies also hope to make some big bucks from their products. Again, there's always exceptions, but as a rule of thumb you won't see tangled grammatical constructs, bad translations, and terrible typos littering their pages. Corporate websites (<ahem> HP being an exception) don't tend to look like amateur hobbyist stuff slapped together in less than an hour, the sort of babbly stuff you'd see me post all over Brighthand.

    Ah - don't forget to actually run your scanners once a week or so, and keep them updated. Active "realtime" scanning doesn't hurt, but I don't find it urgent if you actually clean house once a week or so, unless perhaps your PC is expected to endure heavy abuse at the hands of disreputable sites (warez and porn sites being the most dangerous of these). Ye have been warned. <g>
     
Thread Status:
Not open for further replies.

Share This Page