March 10th, 2004, 09:04 PM
Magicaly apearing spys
I noticed my home page was being hijacked in my web browser. In my firewall rules I noticed backweb, my mom must have permited it. Adaware and Spybot would not find any traces of backweb, reportivly my system was clean but I knew this was far from true, backweb was installed.
google reports backweb on quite alot of sites refering to it as adware. I killed the process, deleted the firewall rule mom must have created, and went searching www.snapfiles.com for another anti-spy tool. Could not find any more free ones so I turned to shareware.
I downloaded Spysweeper a Comerical product. It detected backweb along with:
Hot as Hell
PcInvader (a trojan horse!!!)
ok I can confirm some of these since WildTangent was installed yesterday with my new keyboard since I was unaware it was any spyware. I had uninstalled it but obviously traces were left.
IstBar showed up a few days prior, I was evaluating my firewall rules and noticed it in there, Bad Mom! She needs a talking to.
So I seems I can acount for 3 of the found components, but defanitly not the trojan horse. Neither AVG antivirus nor Panda Antivirus reported any Trojans.
How could it be that these common spy components were found only using comercial software, they must have stealth capabilitys?
Well I removed them now with help from SpySweeper. Does anyone know how it copuld hapen that adaware and spybot missed these.
March 10th, 2004, 09:13 PM
I don't know, that's pretty darn scary. Try adding SpywareBlaster and SpywareGuard to your arsenal for real-time preventive protection. Maybe that will make a difference next time. At least worth trying, then let the rest of us know!
March 10th, 2004, 09:21 PM
I just installed SpywareBlaster and in the process of downloading SpywareGuard. Prevention is nice. Need to have another discussion with mom though, she needs to have beter judgement on what to permit and what to deny.
Thanks for these recomendations.
As SpySweeper removed the components I noted PcInvader was being listed as a text file. The exe seemed not to be in my system so seems a false positive for PcInvader
March 10th, 2004, 10:26 PM
I'd question how up-to-date your spybot and adaware are. I know for a fact that both of those apps will pick up WildTangent. I'd be curious as to which ref file you are using with Adaware and how many items SpyBot is searching for.
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
March 10th, 2004, 10:29 PM
That's a good point. Have you run the update utilities for both Spbyot and Adaware?
March 10th, 2004, 10:34 PM
for browser hijacks run hijackthis.. search the forum and google for it.. it's best to read about it and not just delete what hijackthis reports..
spywareinfo.com's forum is one of the best places to read and post logs of hijackthis.
March 14th, 2004, 02:06 AM
To get rid of anonying spyware like "hunt" and "gator" and **** like that.
Download adware professional 6 and update the definition file.
\"If knowledge is power. Why doesn\'t everybody read?\"
March 14th, 2004, 02:30 AM
gee.. WarTux.. i know you're pretty new here.. but can't you see that everyone including the thread starter already mentioned adaware ? there ARE things that adaware and spybot just don't find.. if it's a browser hijack you run hijackthis or cwshredder if it's a coolwebsearch variant..
March 14th, 2004, 03:19 AM
Good point. I always update both prior to scanning. I just went into spybot and it tells me last update was preformed 4th march 2004 and for adaware refernce file 01R266 05.03.2004
WildTangent was detected and removed a day prior to the discovery, and on the day of the event spybot and adaware were clean, where spysweeper was still findinf wildtangent refernces along with the others.
Since I installed SpyGuard and SpyBlaster there have been no more such insidents. I tested also by trying to download hotbar after haveing installed spyguard and spyblaster. The results were pleasent. It detected and asked my permision.
Thanks for all the help.
March 14th, 2004, 03:28 AM
you're gonna get wildtangent from a multitude of sources.. some codecs were written by them and some say that it's not really the spyware everyone makes it out to be..
the latest version of AIM will give you wildtangent.. along with some online games
There are a few threads about it at dslreports. here's one.
viewpoint media player also has this and here's something interesting.
appparently ICQ200b also has it and it "will insert free.aol.com into Internet Explorer's "Trusted" security zone" read this thread
and these two links mention GameChannel.exe and Wcmdmgr.exe that run as processes.
I've also seen mention of "talking buddies" and a program called "2000 FREE SMILEYS " that include it.