Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

One More for the Toolbox 3

Status
Not open for further replies.
carrr

carrr

Technical User
Sep 10, 2001
3,543
US
In the interest of keeping up on malwares, etc., I practice a rather masochistic routine in my spare time on a spare pc. I go out on the web and actively seek infection. This way, I figure, I get lots of hands on when it comes to removal methods.

Lately, I've noticed that the knuckleheads who write this stuff (malwares, trojans, etc.) have gotten meaner, nastier, downright rotten. Many of us have seen variants that actually go after existing tools (SpyBot, AdAware, etc.) and actually interfere with their functionality or disable them.

I recently picked up a cocktail of infections by the likes of: Apropos, Look2Me, Virtual Bouncer, and a few other. SpyBot was crippled. AdAware could go, but would hang partly through a scan. Hijack This! was picking up nada.

I was getting a bit irritated, when I remembered a recent download that I'd yet to test. I recently found a tool offered by the good people at Kephyr .

The freeware is called Bazooka Spyware Scanner. I like it...a lot.

I like it because it's chock full of definitions for the newer, meaner stuff.

I like it because it's a slick little package.

I like it because it detects, but then makes you do a little work. Once the scan is finished, you don't get to select anything for removal. You get to get busy. You're given a list of links to that with which you're infected. You get info on how you got it, who makes it, any removal tools that exist, but most importantly, a good manual removal walkthrough. This is important to me...the is the stuff that makes us better techs.

I'm not touting this little item as an end-all, be-all. Nor am I suggesting that we abandon the old staples...just suggesting that you try it. I think you'll be pleased with the results.

"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
All right let's see - you seek out infection just to play with cleaning it up. You are one sick individual. ;-)

I'll have to check that out. I'm currently working in a small shop catering to small business and home users. Just when you think you've seen it all, someone brings in another box that their teen got onto and you get a new one. Some of these things are unbelievable.

These days you need a structured approach and as many weapons as you can find.


Jeff
The future is already here - it's just not widely distributed yet...
 
Thanks carrr, I'll check it out too...

Terry
**************************
* General Disclaimer - Please read *
**************************
Please make sure your post is in the CORRECT forum, has a descriptive title, gives as much detail to the problem as possible, and has examples of expected results. This will enable me and others to help you faster...
 
This must be a variant of the "lonely Maytag repairman" syndrome.
 
You mean not everybody pulls the hairdryer into the bathtub to test the GFI.

I admit I haven't kept up with the latest nasties, but I used to carry a disk full of virus infected files to throw on customer's machines to test out their protection.

Ed Fair
Give the wrong symptoms, get the wrong solutions.
 
This must be a variant of the "lonely Maytag repairman" syndrome.
Click to expand...

[rofl2]

"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Yeah, it isn't a real test unless you are in the water.

You understand, of course, that this can lead to death or severe mental impairment, which probably explains the original post.

Ed Fair
Give the wrong symptoms, get the wrong solutions.
 
My wife can't understand why we've got to buy a new hair dryer every few months or so....

"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
edfair
Oh-well that explains about remembering program names too. It all makes sense now.
 
Hey, the first 4 letters were right and 4 out of 6 is a winning percentage.

Ed Fair
Give the wrong symptoms, get the wrong solutions.
 
Carrr,

In the standard routine of CWShredder, Spybot, Ad-Aware and if the problem is still not fixed, then run HijackThis, where would you put running Bazooka?

John
 
Bet it depends on the skills of the user and how much time they have.
 
Errr....ummmm....that's a good question.
I'm a firm believer in the aforementioned utilities, so any hierarchical ranking I offer is with due reverence.
CWShredder is good to have around, but...it only works for CWS variants. While there are a ton of them out there, they're just one class.
SpyBot is still my favorite , so I'm going to leave it at the front.
I'd then go with Bazooka, personally.
Then to AdAware.
Hijack This! didn't pick up any of the problems I mentioned earlier in this thread...which puzzles me. I love it for the tool that it is, because I'm a big fan of getting into the mechanics of things versus letting a prog tell you what it thinks is bad and doing the removal for you. That's part of what I love about Bazooka. It only tells you what's there, then links you to removal info.

So...if I had to rewrite the list:
CWShredder
SpyBot
Bazooka (which detects CWS variants)
AdAware
Hijack This! -- which I think will always be the last, but definitely not least. When all else has failed, a log might show you the light. I DO think that using Bazooka in the mix will cut down on the number of times that someone gets to the end and throws up a log in a last ditch effort.

"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Hello Carr!

i have bene reading your various posts in regard to removing the Look2Me and related msg121.dll files from ones system and have tried them all except for the very last one you listed. You listed it via a weblink. I clicked the link and that page is no longer viewable. I cut and pasted it, re-typed, thinking it wa sa typo.....nothing. Do you have a different link that has that same solution? This Look2Me thingy is killing me!!! Thanks!!

Fuzzy
 
Re:kephyr

This might be a promising product but the default download location and some alternate sites identified by Google are full of very odd behaviours.

The download link trail for Bazooka Adware and Spyware Scanner ( leads to CNET . Clicking on the 'Download Now' button causes my 'SpyBlocker' app to detect spyware from on the CNET page and refuses to load. CNET is also full of Web Bugs.

The same problem exists at . 'Download now' leads to and also refuses to load.

There are some sad download places out there. Beware!

It properly downloaded from
 
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
DKIM for Exchange 2019
Replies
1
Views
287
DrB0b
DrB0b
2ffat
  • Locked
  • News
Lenovo isn't the only one with bad certificates 5
Replies
6
Views
426
2ffat
2ffat
LonnieJohnson
  • Locked
  • Question
Apps/Tools for seeing potential threats
Replies
1
Views
124
ChrisHirst
ChrisHirst
2ffat
  • Locked
  • News
CNET/Download.com have cleaned up their act! 4
Replies
5
Views
181
kjv1611
kjv1611
goombawaho
  • Locked
  • Question
Does any A-V stop the FBI/MoneyPak malwar?
Replies
13
Views
250
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top