Magicaly apearing spys

[journy101]

I noticed my home page was being hijacked in my web browser. In my firewall rules I noticed backweb, my mom must have permited it. Adaware and Spybot would not find any traces of backweb, reportivly my system was clean but I knew this was far from true, backweb was installed.

google reports backweb on quite alot of sites refering to it as adware. I killed the process, deleted the firewall rule mom must have created, and went searching www.snapfiles.com for another anti-spy tool. Could not find any more free ones so I turned to shareware.

I downloaded Spysweeper a Comerical product. It detected backweb along with:

Hot as Hell
IstBar
PowerScan
TeenXXX
WildTangent
PcInvader (a trojan horse!!!)

ok I can confirm some of these since WildTangent was installed yesterday with my new keyboard since I was unaware it was any spyware. I had uninstalled it but obviously traces were left.

IstBar showed up a few days prior, I was evaluating my firewall rules and noticed it in there, Bad Mom! She needs a talking to.

So I seems I can acount for 3 of the found components, but defanitly not the trojan horse. Neither AVG antivirus nor Panda Antivirus reported any Trojans.

How could it be that these common spy components were found only using comercial software, they must have stealth capabilitys?

Well I removed them now with help from SpySweeper. Does anyone know how it copuld hapen that adaware and spybot missed these.

[AngelicKnight]

I don't know, that's pretty darn scary. Try adding SpywareBlaster and SpywareGuard to your arsenal for real-time preventive protection. Maybe that will make a difference next time. At least worth trying, then let the rest of us know!

[journy101]

I just installed SpywareBlaster and in the process of downloading SpywareGuard. Prevention is nice. Need to have another discussion with mom though, she needs to have beter judgement on what to permit and what to deny.

Thanks for these recomendations.

As SpySweeper removed the components I noted PcInvader was being listed as a text file. The exe seemed not to be in my system so seems a false positive for PcInvader

[HTRegz]

Hey Hey,

I'd question how up-to-date your spybot and adaware are. I know for a fact that both of those apps will pick up WildTangent. I'd be curious as to which ref file you are using with Adaware and how many items SpyBot is searching for.

Peace,
HT

[AngelicKnight]

That's a good point. Have you run the update utilities for both Spbyot and Adaware?

[sumdumguy]

for browser hijacks run hijackthis.. search the forum and google for it.. it's best to read about it and not just delete what hijackthis reports..

spywareinfo.com's forum is one of the best places to read and post logs of hijackthis.

[WarTux]

To get rid of anonying spyware like "hunt" and "gator" and **** like that.
Download adware professional 6 and update the definition file.

[sumdumguy]

gee.. WarTux.. i know you're pretty new here.. but can't you see that everyone including the thread starter already mentioned adaware ? there ARE things that adaware and spybot just don't find.. if it's a browser hijack you run hijackthis or cwshredder if it's a coolwebsearch variant..

enuf said..

[journy101]

Good point. I always update both prior to scanning. I just went into spybot and it tells me last update was preformed 4th march 2004 and for adaware refernce file 01R266 05.03.2004

WildTangent was detected and removed a day prior to the discovery, and on the day of the event spybot and adaware were clean, where spysweeper was still findinf wildtangent refernces along with the others.

Since I installed SpyGuard and SpyBlaster there have been no more such insidents. I tested also by trying to download hotbar after haveing installed spyguard and spyblaster. The results were pleasent. It detected and asked my permision.

Thanks for all the help.

[sumdumguy]

you're gonna get wildtangent from a multitude of sources.. some codecs were written by them and some say that it's not really the spyware everyone makes it out to be..

the latest version of AIM will give you wildtangent.. along with some online games

There are a few threads about it at dslreports. here's one.

http://www.dslreports.com/forum/rema...2977~mode=flat

viewpoint media player also has this and here's something interesting.
appparently ICQ200b also has it and it "will insert free.aol.com into Internet Explorer's "Trusted" security zone" read this thread

and these two links mention GameChannel.exe and Wcmdmgr.exe that run as processes.
http://www.answersthatwork.com/Taskl...tasklist_w.htm
http://www.answersthatwork.com/Taskl...tasklist_g.htm

I've also seen mention of "talking buddies" and a program called "2000 FREE SMILEYS " that include it.