Codec/Spyware from Hell

Santilli

Hairy Aussie
Joined
Jan 27, 2002
Messages
5,278
Hi
I just went through a really fun experience. I was told I needed a new Code4 to view some windows media player files. I was suspicious, but tried it anyway. WRONG MOVE.

It installed files into my temp folder, in Internet Explorer, that appeared to be linked to a warning about I had spyware, this through a system tray icon, and this would trigger a little program in the temp files that made it look like I had a virus, or Trojan.

As close as I could tell, the systray icon was an invisible program, and, didn't show up in Task manager, but, it accessed the files in the temp folder, making it impossible to delete them.

They all pointed me to this website:

http://www.spywarequake.com/?aff=240

To finally get rid of these files, I did a system restore, back to Saturday.

Along the way to that, I tried deleting the files using regedit, no joy.

I was thinking of restarting in safe mode, and then running Trendmicro, but the system restore was the easiest.

What fun...

S
 

Sol

Storage is cool
Joined
Feb 10, 2002
Messages
960
Location
Cardiff (Wales)
GSpot codec information is a helpful little program for determining what codecs you need to play media files. It can be found in most good codec packs or at http://www.headbands.com/gspot/.

For getting rid of all the crap your fake codec installed I'd suggest the best bet would have been hijackthis along with killbox and probably the usual suspects like spybot, adaware and probably a couple of new ones (I actually havn't had to remove any spyware for over a year so I'm a bit out of touch).

I really don't like using system restore... I never know exactly what it's done so I always turn it off when I install windows and fix everything manually... It just seems safer to me. But I guess if your using a default install and actually make restore points from time to time it's probably helpful...
 

Santilli

Hairy Aussie
Joined
Jan 27, 2002
Messages
5,278
That's the really weird part:

I ran Adaware, and, I have Trendmicro Penicillin, paid version, including their anti-spyware program. I also ran their web based spyware program, and it found a bunch of stuff my paid version didn't.

You just reminded me to run trends free version of anti-spyware again, and check.

Thanks

GS
 

CougTek

Hairy Aussie
Joined
Jan 21, 2002
Messages
8,729
Location
Québec, Québec
The most effiective anti-spyware I've found so far is Spysweeper, by Webroot. Adaware isn't bad either, but Spysweeper often finds additional nuisances that Adaware looked over on the infested machine I threat at work. Spysweeper cost 30U$.

You paid for Trend Micro anti-spyware? :rotfl:
 

Santilli

Hairy Aussie
Joined
Jan 27, 2002
Messages
5,278
No I didn't pay for the anti-spyware, that was included in the Penicillin package, which, so far, has kept this machine virus free, though Penicillin is really annoying...

S
 

Santilli

Hairy Aussie
Joined
Jan 27, 2002
Messages
5,278
By the way, about every two weeks I was getting a virus in some spam email.
It's been two years now, and, thanks to the email features, and scanning in Penicillin, I have been virus free, knock on wood...

S
 

Tannin

Storage? I am Storage!
Joined
Jan 15, 2002
Messages
4,448
Location
Huon Valley, Tasmania
Website
www.redhill.net.au
Santilli said:
... though Penicillin is really annoying...

That will be the new-for-2006 version that has the intrusive, stupid, pop-up-all-the-time Symantec-style firewall setings. In the system security setting menu, switch the security level back to "medium" - i.e., sensible and sane. Just a couple of clicks and it's much nicer.
 

Sol

Storage is cool
Joined
Feb 10, 2002
Messages
960
Location
Cardiff (Wales)
I ditched PC-cillian as soon as the integrated the firewall and anti-spyware... If the can't sell me just what I want then they won't be selling me anything at all (Ditto if they will sell it to me but make me hunt for it).
 

CougTek

Hairy Aussie
Joined
Jan 21, 2002
Messages
8,729
Location
Québec, Québec
Tannin said:
That will be the new-for-2006 version that has the intrusive, stupid, pop-up-all-the-time Symantec-style firewall setings.
So you're telling me that there is another 70$ virus sold in retail boxes on the shelves now?
 

Tannin

Storage? I am Storage!
Joined
Jan 15, 2002
Messages
4,448
Location
Huon Valley, Tasmania
Website
www.redhill.net.au
Nope. The difference is you can turn the bastard off - not like Norton, which bugs you all the time with stupidities, and doesn't even catch viruses very often. No, there is no comparison between the two ..... but I view Trend Micro's ongoing slow march towards Norton-style stupidities with alarm. It's still an excellent product at present, but the trend (no pun intended) is not good.
 

P5-133XL

Xmas '97
Joined
Jan 15, 2002
Messages
3,173
Location
Salem, Or
I'm starting to think that the OS needs to monitor its own validity and be self-repairing, so that nothing that is not of the OS can claim to be part of the OS. Of course, to prevent external incorporation into the monitoring and self-repair process it would have to be encrypted.
 

Sol

Storage is cool
Joined
Feb 10, 2002
Messages
960
Location
Cardiff (Wales)
Actually even windows XP does something like this. It keeps a digitally signed copy of cirtain files and replaces the working copies if they ever get altered (Unless you turn the feature off). Of course that still doesn't stop other files pretending to be part of the OS but it wouldn't be too hard to check every file that trys to pass itself off as part of the OS to see if thier is a signed backup (or even just the signature if you want to save some space). The downside to my mind is that all the files are signed by MS so if they want to install something on your computer they can do so at will... O.K that's great for patches, bbut frankly I just don't like the idea of trusting MS that much even if it isn't worth thier while to do anything truely dodgy. I'd much rather a system that generated a key pair at install time and signed everything with that...
 
Top