Magicaly apearing spys
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Magicaly apearing spys

  1. #1
    Senior Member
    Join Date
    Feb 2003
    Posts
    282

    Magicaly apearing spys

    I noticed my home page was being hijacked in my web browser. In my firewall rules I noticed backweb, my mom must have permited it. Adaware and Spybot would not find any traces of backweb, reportivly my system was clean but I knew this was far from true, backweb was installed.

    google reports backweb on quite alot of sites refering to it as adware. I killed the process, deleted the firewall rule mom must have created, and went searching www.snapfiles.com for another anti-spy tool. Could not find any more free ones so I turned to shareware.

    I downloaded Spysweeper a Comerical product. It detected backweb along with:

    Hot as Hell
    IstBar
    PowerScan
    TeenXXX
    WildTangent
    PcInvader (a trojan horse!!!)

    ok I can confirm some of these since WildTangent was installed yesterday with my new keyboard since I was unaware it was any spyware. I had uninstalled it but obviously traces were left.

    IstBar showed up a few days prior, I was evaluating my firewall rules and noticed it in there, Bad Mom! She needs a talking to.

    So I seems I can acount for 3 of the found components, but defanitly not the trojan horse. Neither AVG antivirus nor Panda Antivirus reported any Trojans.

    How could it be that these common spy components were found only using comercial software, they must have stealth capabilitys?

    Well I removed them now with help from SpySweeper. Does anyone know how it copuld hapen that adaware and spybot missed these.

  2. #2
    I don't know, that's pretty darn scary. Try adding SpywareBlaster and SpywareGuard to your arsenal for real-time preventive protection. Maybe that will make a difference next time. At least worth trying, then let the rest of us know!

  3. #3
    Senior Member
    Join Date
    Feb 2003
    Posts
    282
    I just installed SpywareBlaster and in the process of downloading SpywareGuard. Prevention is nice. Need to have another discussion with mom though, she needs to have beter judgement on what to permit and what to deny.

    Thanks for these recomendations.

    As SpySweeper removed the components I noted PcInvader was being listed as a text file. The exe seemed not to be in my system so seems a false positive for PcInvader

  4. #4
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    I'd question how up-to-date your spybot and adaware are. I know for a fact that both of those apps will pick up WildTangent. I'd be curious as to which ref file you are using with Adaware and how many items SpyBot is searching for.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  5. #5
    That's a good point. Have you run the update utilities for both Spbyot and Adaware?

  6. #6
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    for browser hijacks run hijackthis.. search the forum and google for it.. it's best to read about it and not just delete what hijackthis reports..

    spywareinfo.com's forum is one of the best places to read and post logs of hijackthis.

  7. #7
    Member
    Join Date
    Mar 2004
    Posts
    41
    To get rid of anonying spyware like "hunt" and "gator" and **** like that.
    Download adware professional 6 and update the definition file.
    \"If knowledge is power. Why doesn\'t everybody read?\"

  8. #8
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    gee.. WarTux.. i know you're pretty new here.. but can't you see that everyone including the thread starter already mentioned adaware ? there ARE things that adaware and spybot just don't find.. if it's a browser hijack you run hijackthis or cwshredder if it's a coolwebsearch variant..

    enuf said..

  9. #9
    Senior Member
    Join Date
    Feb 2003
    Posts
    282
    Good point. I always update both prior to scanning. I just went into spybot and it tells me last update was preformed 4th march 2004 and for adaware refernce file 01R266 05.03.2004

    WildTangent was detected and removed a day prior to the discovery, and on the day of the event spybot and adaware were clean, where spysweeper was still findinf wildtangent refernces along with the others.

    Since I installed SpyGuard and SpyBlaster there have been no more such insidents. I tested also by trying to download hotbar after haveing installed spyguard and spyblaster. The results were pleasent. It detected and asked my permision.

    Thanks for all the help.

  10. #10
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    you're gonna get wildtangent from a multitude of sources.. some codecs were written by them and some say that it's not really the spyware everyone makes it out to be..

    the latest version of AIM will give you wildtangent.. along with some online games

    There are a few threads about it at dslreports. here's one.

    http://www.dslreports.com/forum/rema...2977~mode=flat

    viewpoint media player also has this and here's something interesting.
    appparently ICQ200b also has it and it "will insert free.aol.com into Internet Explorer's "Trusted" security zone" read this thread

    and these two links mention GameChannel.exe and Wcmdmgr.exe that run as processes.
    http://www.answersthatwork.com/Taskl...tasklist_w.htm
    http://www.answersthatwork.com/Taskl...tasklist_g.htm

    I've also seen mention of "talking buddies" and a program called "2000 FREE SMILEYS " that include it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •