Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Spyware removal is a joke!

Status
Not open for further replies.

Kutter

IS-IT--Management
Dec 24, 2003
42
GB

Hi all,

I have been investigating spyware removal tools. These are the ones I have tested recently.

Mcafee AntiSpyware
Scan Spyware V3.7
SpywareBlaster
AdAware (latest version)

Now firstly, we all know that spyware can, and does infect nearly every machine thats connected to the net. So we rely on these kinds of programs to find and delete these nasties right?

Well heres what I found out about the above...(to test these I purposely infected a newly installed machine with every type of spyware/malware etc. I could. I went to every 'dodgy' site I could think of, installed diallers, clicked 'yes' to everything, and set security to low. - And here's an interesting point... within 20 minutes the machine started to slow down and act strangely. What I found on this machine (after unplugging it from the net of course) was astronomical!! 30 minutes 'dodgy' browsing... Heres the results...Oh, a short 'by the way'... I ran all these programs before running ANY removal to see the difference in what they reported as being on my machine.

MCAFFEE ANTISPYWARE - You'd think wouldn't you, that this would be one of the better spyware removal tools? Well, its absolutely THE WORST. It missed HUNDREDS of entries that others picked up (and YES, ALL these programs were updated before running them)
TOTAL FILES FOUND 38

SCAN SPYWARE - This is possibly the best (although please read my conclusion) It found more than any of the others, and listed things that the others did not.
TOTAL FILES FOUND 378

SPYWARE BLASTER - A fully comprehensive list of spyware found.
TOTAL FILES FOUND 178

ADAWARE - LMAO.. dont even bother!!
TOTAL FILES FOUND 63

Conclusion

If you use the net you are going to be infested with this evil crap! It doesn't mater WHO you are or WHAT you do on the net its going to happen.. But how on earth do you get rid of it? I mean look at the difference with the above.. 38 files to 378!!! I understand that this could be because SCAN SPYWARE just records ALL entries for any one piece of spyware, where Mcafee may only list it once. But thats not the point... The software above claims to remove spyware, and they do indeed remove it. BUT, and this is the big question what DONT they remove?

I sure as hell am not going to pay for 4 different programs to remove all the spyware on my machine.. But the test I did here (for work incidentally, I'm actually NOT that sad :p) shows that they all find different intrusions.. So how on earth can you be sure you got it all?

Its over to you folks, I have always respected peoples opinions here and would love to hear some on this. The question I want answered is:

How do you get rid of ALL of it? (format re-install will not be accepted as an answer :p)

Thx in advance...

Kutter.
 
You might not like it, neither do I, but think it is impossible to remove all spyware.
You can always at best remove all you can find / identify as spyware.
But then again the main problem is:
How do you determine which is spyware and which isn't?

M$-Office from XP upwards is one hell of a spy, isn't it?
Or think of Winamp, MediaPlayer...
Even Spyware removal tools like Spybot Search & Destroy or PestPatrol can be considered Spyware to a degree, although they are benign...
You need to drwa a line somewhere and that always leaves a residual risk

I am quite spyware-free at the moment. But this does not come for free: My computer at work is part of a global network and I must allow global IT to "Spy" my computer - thus I always have some open channels which I can't close - and thus I am always prone to spyware and my protection is only as good as global IT protection. I must therefore rely on spyware removal rather than spyware avertion...

My private notebook on the other hand is rather safe. However only due to a combination of anti spyware, SW firewall at paranoid setting (no Norton or other M$ sponsored crap, I recommend Kerio or ATGuard instead...), regular patches, Antivirus with latest updates and above all:
NO IE - Mozilla Firefox

I guess the last entry is probably the best spyware avertion available: get rid of IE!
[peace]
Peace man,
Andy

[blue]The last voice we will hear before the world explodes will be that of an expert saying:
"This is technically impossible!" - Sir Peter Ustinov[/blue]
HP:
 
Further Conclusions & Observations:

No one tool does it all. Run several that work for you. I reached a point where AdAware & Spybot did not appear to be as effective. Started running PestPatrol & Spysweeper from time to time. Each tool has it strenghts and biases. Some overweight cookies and some just take issue with certain questionable things. Each tool would like earn a Swiss Army knife reputation. Some will do anything to create that impression.

Some tools only track and remove the active (troublesome) critical components but make no effort to clean up all the other accumulated garbage. I have seen the triggering registry entry removed but not the exe or vice versa. THey may get around to the rest at some later point.

Many dodgy antispyware tools attempt to catch your interest with highly (possibly false) inflated numbers. Many of the candidates can turn out to be highly doubtful troublemakers or inconsequential. Make sure of a given tool's credentials and reputation before using.

I recall one tool that counts every item in the program folder. Other tools were reporting under 10 items for a given spyware when they were reporting over 500 items. Statistics may not always be indicative of effectiveness.

Keep in mind that a list of reputable tools should not normally be that far apart. Never hard of 'Scan Spyware V3.7' nor has it made any reputable review that I am aware of. Things to keep in mind.

MOst of us that use a combined (often recommended) AdAware & SpyBot generally fair OK. PestPatrol and Webroot's SpySweeper should also be on everyone's short list. The antivirus vendors appear to have along road to follow.


Vince
_____________________________________________________________
[*** If everyone is thinking alike, then somebody isn't thinking. ***]

 

Thx guys, your opinions are much appreciated and very helpfull.

MAKEITSO - Get rid of IE altogether.. This is an interesting point, and something I may well test the same way as I did before. I use Firefox at home, for exactly this reason my self but would be interested to see the difference it makes to contracting the spyware in the first place. I'll try and do this and report it here also.

Your right about all the other programs of course.. And yes, you can tag a lot of 'non' spyware with that label. I think we know only half of whats going on under our own noses....

VOP - Excellent advice my friend. I too considered these possibilities of 'inflated numbers' although Scan Spyware was finding spyware that the others were not. (remember these weren't just left over from a previous clearup, as there had been no previous clearup) I checked most of the entries found, and nearly all of it was under a google search as Mal/Spyware. Please don't misunderstand, I'm not defending the software, but I am talking from an educated standpoint. I do understand what the program is picking up to 'inflate' these numbers. But also understand that I know what I'm looking at, and there were definately things in the list that neither Mcaffee nor Adaware found. This just makes me doubt the credibility of any of them to be honest :p.

I found your statement about the removers deleting the registry entry and not the .exe file interesting, and something that would explain behaviour I have seen before. Thank you for that, its an eventuality I hadn't thought of but one I'm sure to look into in the future.

Keep the opinions coming folks.. I find this an interesting subject and like to hear peoples ideas and views..

Thx,

Kutter,
 
According to the Rogue's list ScanSpyware actually IS spyware!
ScanSpyware scanspyware.net aggressive advertising (1); false positives work as goad to purchase; Ad-aware knockoff [A: 6-26-04 / U: 6-26-04]

While you were trying to scan for spyware, you were actually loading adware and receiving false positive reports. You need to make sure that what you are loading is legitimate software before you try testing like this.

"The Crystal Wind is the storm, and the storm is data, and the data is life. You have been slaves, denied the storm, denied the freedom of your data. That is now ended; the whirlwind is upon you . . . . . . Whether you like it or not."

"Trent the Uncatchable" in The Long Run by Daniel Keys Moran
 
As a side note, AFAIK Spyware Blaster isn't a detector/cleaner. It's a shield, which keeps spyware from being loaded on a pc.

Tired of waiting for an answer? Try asking better questions. See: faq222-2244
 
In what order did you run the tally scans?

That could make a significant difference in the results observed. If ScanSpyware (the only potential dodgy app of the four) was run last that could confirm that the tool itself could have been in a position to 'inflate' its item count of verifiable spyware files.

Vince
_____________________________________________________________
[*** If everyone is thinking alike, then somebody isn't thinking. ***]

 
SpywareBlaster currently lists 3,145 items in it database as of Sept 15/2004. All such items are known ActiveX components for which a "KILL' bit has been set to DISABLE a known vulnerability issue. Thus, the tool is preventative by nature.

Vince
_____________________________________________________________
[*** If everyone is thinking alike, then somebody isn't thinking. ***]

 
Spyware Guard is another great addition to Spyware Blaster. Both are made by JavaCool Software. Another thing did you run a full system scan with adaware or the smart system scan(the first option). The full system scan will also scan compressed files. This will usually find alot more problems than a smart system scan. Like stated in previous responses, not one tool removes them all, but using some of the top removers in conjunction with each other will be more effective. I remove spyware from computers every day at my job and not only do I run multiple tools, I also go through folders and the registry where I know alot of spyware files are left behind. I even designed my own programs to do some of this for me. Also deleting your temp files and temp inet files on all accounts help out alot as well. There are many new types of spyware that use different techniques which most of the spyware removal tools do not detect. Alternate Data Streams are very popular with Hijackers these days. They can be a pain to get rid of. Good luck in the war agains spyware.
 
The best combination is Spyware Blaster, Spybot Search and Destroy 1.3, and Adaware SE.

Though I have used all 3 of those on my network I recently purchase Pest Patrol Corp Edition that has real time protection. The others don't, plus it found a few that the others didn't plus got rid of some stuff the others couldn't, like Hotbar on two machines. I know Spybot has some "Immunize" option but it doesn't stop users from loading "Gator" all the time or other types of Spyware. I use to go around once a month to every machine and update all 3 and scan and of course would find on some "Gator" or other software. The other issue with those is that they are tied in with each profile. So if I logon with the Network Admin account and install them and update them, I also have to logon as the user and run the "Immunize", and "Protect All" in Spyware Blaster.

With Pest Patrol I have found a nice package that can be centrally administered, and updates pushed to all machines at one time, and real time protection, no matter the profile. Actually, McAfee just bought them out.

Just my two cents.


Drew
 
devastator,

I think it was Computer Associates that bought them out.

"The Crystal Wind is the storm, and the storm is data, and the data is life. You have been slaves, denied the storm, denied the freedom of your data. That is now ended; the whirlwind is upon you . . . . . . Whether you like it or not."

"Trent the Uncatchable" in The Long Run by Daniel Keys Moran
 
A few thoughts as I read through this thread:

The sole determiner Kutter used to compare the competancy of each product was how many files it found. In my experience, some of these apps pick out cookies as malicious files, because they have a rudimentary way of "tracking" your browsing. IMO, these aren't really so bad. I'd favor a product that better discerned the truly malicious files and reg entires over one that came up with a big fat number (swollen with false positives) at the end of a time consuming search.

I've typically employed a combo of Adaware and Spybot S&D, but I agree with Vop/ Lately, these aren't really all the effective for me. A lot of new stuff is getting missed.

Seriously, I'd like to flog those idjits who actually BUY something because they are bombarded with unwanted, obtrusive pop-ups for it on their damn screen all the time.

The truth is, the distributors of these appalling ads don't give a rip if anyone buys from their clients. They get paid based on hits, mouse-clicks (accidental or not) anything that puts ads in front of the biggest audience they can, unwilling and disgusted as that audience might be.

Hopefully the market will mature, the numbers will come back and prove that # of hits doesn't equate to # of sales, and companies will realize a backlash from frustrated consumers, sick of being merchandised against their will...

 
If I may, I have a few comments to add:

1) In the last comment by crisc, companies will realize a backlash from frustrated consumers. I think this is already happening else all these companies wouldn't be trying to develop pop-up blockers and spyware detectors to meet the wild market that's springing up.

2) In the corporate enviroment, it's a serious and expensive matter to be constantly cleaning adware/spyware from computers. They get so clogged up with adware/spyware and resource loaded they can't run company applications.

3) My company has a corporate maintenance contract with McAfee for their active virus defense. That means we're licensed for support, updates on a large number of products. I've been working with their VirusScan Enterprise version 8.0i for several weeks now. It's been doing a good job of first cleaning spyware off of computers then keeping them clean. I've tested a few with adaware se and found a few cookies but it's keeping software OFF the computers. Additionally it's kept up-to-date through the virus definition files that are automatically updated across our enterprise.


 
I was going to post something as well but bfralia pretty much summed it up. For business use on networks the auto protect for viruses and spyware and auto updates / central administration has proven to be a most welcomed service.

Drew
 
My own combination (besides sitting behind a router) is Ad-Aware and HiJackThis. I'm surprised no one else has mentioned HJT. I've used Ad-Aware, Spybot S&D and SpySweeper in various combinations and still found some nasty HiJacks that only HJT could remove.

Spyware these days, for the most part, is more sophisticated than viruses. Viruses are mostly written by kiddies while there's a lot of speculation that spyware is being developed by professinoal programmers contracted by advertising companies and spammers.

Cool Web Search is an example of a particularly nasty family of crapware that NO tool can completely remove.


Jeff
The future is already here - it's just not widely distributed yet...
 
HJT is just as valuable as all the other tools, don't leave home without it. If you're good enough at analyzing processes and know what you can live without. You may find stuff with HJT weeks earlier than you would waiting for adaware or McAfee to find it and update their files.

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top