Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Yet more spyware issues..... 1

Status
Not open for further replies.
butchrecon

butchrecon

MIS
Jan 10, 2001
2,873
US
Hello. Like many in this forum the company I work for has a big issue with spyware. We use Ad-aware and Spybot to remove what we can. However there is still a lot we miss. Does anyone have any suggestions on how to minimize this issue more? I thought about using SMS to look for common DLL and EXE files associated with spyware. However I would need to compose a list. Where would I get the info for such a list?

James Collins
Systems Analyst
A+, MCP, MCSA, Network+
 
Sort by date Sort by votes
SpySweeper actively protects and seems to catch a lot of stuff.

SpywareGuard and SpywareBlaster are complimentary active protections available here: that we've been meaning to test but haven't gotten to yet.

IE-SPYAD ( ) is a big honkin' list of sites that get added to the restricted zone. Haven't ahd a chance to play with that yet either.


Jeff
The future is already here - it's just not widely distributed yet...
 
Upvote 0 Downvote
I think trying to maintain your own list would easily become an overwhelming job. Using some of these other tools is probably more manageable. Here's another layer (a hosts file) diogenes10 posted in another thread:

Jeff
The future is already here - it's just not widely distributed yet...
 
Upvote 0 Downvote
This spyware crap is pissing me off. I run spybot, comes up clean. I run Ad-aware 6 and it comes up clean. NO unauthorized programs in the Add/remove Programs. No unusual folders in \Program Files. But still after a user logs on the will get 3 or 4 popups without even going on the internet. I find no unusual running tasks. I simply cannot find anything. Any suggestions?

James Collins
Systems Analyst
A+, MCP, MCSA, Network+
 
Upvote 0 Downvote
Unfortunatly our Net Admin says the messanger service needs to be on to send alerts via sms.

James Collins
Systems Analyst
A+, MCP, MCSA, Network+
 
Upvote 0 Downvote
Good catch carrr,

An easier way to manage the Messenger service is the Gibson Research tool. Probably safe to disable DCOM at the same time. Tools are here:
I agree with you James. Viruses get all the press, but in my experience a good firewall and AV program keep them under control practically transparently. Spyware, BHO's etc. on the other hand are getting just as dangerous and destructive and are beginning to scare me.


Jeff
The future is already here - it's just not widely distributed yet...
 
Upvote 0 Downvote
It is a pain. I Have found a file on one of the PC's that no one else has that I cannot remove.
2odsrch.dll
I have tried deleting, using regsvr32, deleting in safe mode, and renaming. Nothing works. Keeps telling me it is in use EVEN IN safe mode!!

James Collins
Systems Analyst
A+, MCP, MCSA, Network+
 
Upvote 0 Downvote
Not on an NTFS partition.

James, you could use the "shoot the messenger" to see if that's the source of the popups. If it is and they're coming from outside your netowrk you may be able to block them at the firewall.


Jeff
The future is already here - it's just not widely distributed yet...
 
Upvote 0 Downvote

One thing I would like to try is creating dummy files that are read only that are the same name as some of these spyware files and replace them with my dummy files. Will this work? I mean will this keep the spyware form overwriting it?

James Collins
Systems Analyst
A+, MCP, MCSA, Network+
 
Upvote 0 Downvote
There're 10's of thousands of identified spyware objects. If you have common ones that are coming in, you could try it. I would imagine that the object would see "itself" and not go on (unless it was "upgrading" itself)


Jeff
The future is already here - it's just not widely distributed yet...
 
Upvote 0 Downvote
Try Download bazooka from there. I've used both at home and at work and it does a hell of a job.

The gentleman who created the software went through an exhausting amount of work to get the small details. Definitely worth checking out!
 
Upvote 0 Downvote
Sounds like a format and reinstall of Windows is warranted. Why spend all of this time trying to figure out how to delete a file, when you could have just formated and reloaded thier systems faster?

I have found ways to reload the systems from network using Distribution Shares and install all applications and most drivers in under 1.5 hours. If you have a spare system, you could swap thiers with the spare and the reload thier old system.

Also, Websense makes a package that prevents spyware from communicating with their servers. If you already use websense, you can add this product very eaisly, or maybe time to look into that type of solution. We found that it isn't as expensive as we thought it was. Only about $4,000 a year for 50 users with all things included.

Thanks,

Justin
 
Upvote 0 Downvote
The google tool bar has worked wonders on cutting down but not eliminating spyware and popups. It's free and it works.

 
Upvote 0 Downvote
I just killed the 2odsrch files!!!!! This virus was driving me crazy until I ran the moveonboot utility...It worked like a Champ!!!!!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2ffat
  • Locked
  • News
Audacity is Spyware?
Replies
2
Views
241
2ffat
2ffat
jlockley
  • Locked
  • Helpful tip
The Crawler/Spyware terminator issue
Replies
5
Views
131
jlockley
jlockley
2ffat
  • Locked
  • News
More Scamware - Fake Harddrive Failure
Replies
2
Views
73
kjv1611
kjv1611
mKeller10
  • Locked
  • Question
Very Nasty Virus/Spyware 3
Replies
6
Views
170
IPGuru
IPGuru
mot98
  • Locked
  • Question
Virus/Spyware
Replies
8
Views
145
TerryTurn
TerryTurn

Part and Inventory Search

Sponsor

Back
Top