I need to install a bunch of Spyware...

[Mercutio]

Sounds like an odd request, yes? And it's funny, too, because I know about three dozen people who seem to be able to get hundreds of spyware doo-dads installed on their computers no matter what I do to prevent it.

But I'd like to create a Windows XP install with a ton of spyware already installed, so I can better demonstrate removal techniques. To date I have been installing a program called "ABC Scrabble", which installs DyFuCa and a couple other things, but despite my best efforts, machines with that particular parasite remain fairly usable.

So does anyone know of a program or web site I can hit to royally hose a computer?

 

[LiamC]

I thought Gator, Kazaa, Comet cursor and just about any dialler from porn sites should do the trick.

Don't know where to get that stuff from though. Especially the porn.

Really.

:bleh:

 

[Mercutio]

Well I don't, either. Even the porn, which as we all know, is something I'm more than passingly familar with.

There's a funny thing: Some of my "unsual suspects" of spyware vectors have cleaned up their act. iMesh used to be scumware armageddon. Version five installs nothing but imesh, far as I can tell.

I ended up hitting oldversion.com for a copy of imesh 4.0, which is the criminally bad one I remember. Also went ahead and grabbed Grokster, which I happen to know will actually add its parasite load to Adaware's ignore list when it installs.

... and the Radlight Media player, which actively removes Adaware as part of its install.

And I've downloaded good old Hotbar, just because.

But I'm looking for something truly crushing, a Xupiter or CoolWWWsearch, and I'm not seeing those. I know they're still out there someplace, because people still get them. I just can't figure out HOW.

 

[Buck]

I just can't figure out HOW.

I've noticed that spyware count increases dramatically once a machine is infected by a virus.

 

[LiamC]

And I've downloaded good old Hotbar, just because.

But I'm looking for something truly crushing, a Xupiter or CoolWWWsearch, and I'm not seeing those. I know they're still out there someplace, because people still get them. I just can't figure out HOW.

I must be losing my mind. How could I forget Hotbar, or Xupiter? That freakin' piece of garbage caused me no end of trouble getting it off of the in-laws 'puter.

 

[Mercutio]

Most of those viruses are Trojan Horses that are made expressly to install Spyware - that's how the ABC Scrabble payload works, for example.
But again, I don't know where people pick those things up.

Maybe non-filtered results from P2P software? IM spam?

 

[Buck]

Don't you have anti-virus software that quarantines these pests? Couldn't you un-quarantine them? You know, if they're exe files, run them.

 

[fb]

Have you visited http://www.doxdesk.com/parasite/? It has a list with some spywares and sometimes information on where to get them.

 

[Mercutio]

That is an idea that I had, but the first few things I looked at didn't have links off site. I see now that in some cases doxdesk does link to offending sites.

Thanks!

 

[ddrueding]

Don't forget my personal "favorites" webshots, accutime, and scheduler from our friends at Gator <ahem> Clarion. That'll get you some spiffy IE toolbars as well!

 

[jtr1962]

Let my niece use the computer for a few hours. My sister had her computer cleaned about four times already (three by me and once by someone else for $100) and the junk keeps coming back. They all swear that they don't go to any sites that have spyware (yeah, right). I don't know what my niece does, but my brother-in-law goes to wresting, body-building, and car sites. You might try some of those, especially the wrestling sites, to see what you might pick up.

If all else fails, let a few kids surf with the computer for a couple of hours. That'll screw up any machine. Just ghost the hard drive and then you can recreate a messed up PC at will.

 

[Tea]

Let my niece use the computer for a few hours.

Beautiful!

 

[Santilli]

Download the trial of Penicillin, and go bouncing around porn sites, with all no security, any music site, and download Kaaza and all that, and see how you do.

S

 

[Mercutio]

Since I'd like to keep my job, I'm trying for the more socially accepted non-porn forms of malware.

 

[LiamC]

Maybe there is info on the SpyBot or Ad-Aware sites?

 

[i]

I actually saved copies of some of the spyware executables from the last system I cleaned up. I'll see if I can find them.

 

[Santilli]

Darn, M, ....

Go for music downloads. In an hour, one high school kid put over 57 spyware programs on my computer....


s

 

[Mercutio]

Grokster turned out to be absolutely devastating in terms of what it installed. Easily the worst thing I could find.

SurfSidekick version 3 was in either Hotbar or Grokster's installer. SurfSidekick 3 integrates into explorer; runs in safe mode and can't be removed by Housecall, Hijack This, Adaware or Spybot, although all of the above detect it, nor by direct registry editing. Process Explorer showed that the .exe and couple DLLs were opened by literally every program that had any files open. That's a pretty deep infection.

Which made it a great test case to show my students.

We found removal instructions for version 1 and 2 that didn't even touch 3. Finally found some instructions on a web forum to get rid of it, but by that point I didn't have enough time to run through them.

The possibility that something like that might've come from Hotbar is chilling. I uninstall that POS all the time. There's always someone who wants 1000 free smilies, I guess.

 

[Fushigi]

I'd be curious if the MS product was effective. More curious about CounterSpy, though, since that's what I run at home.

 

[Buck]

I would also be interested in the capabilities of Spy Assassin.

 

[Santilli]

Grokster turned out to be absolutely devastating in terms of what it installed. Easily the worst thing I could find.

SurfSidekick version 3 was in either Hotbar or Grokster's installer. SurfSidekick 3 integrates into explorer; runs in safe mode and can't be removed by Housecall, Hijack This, Adaware or Spybot, although all of the above detect it, nor by direct registry editing. Process Explorer showed that the .exe and couple DLLs were opened by literally every program that had any files open. That's a pretty deep infection.

Which made it a great test case to show my students.

We found removal instructions for version 1 and 2 that didn't even touch 3. Finally found some instructions on a web forum to get rid of it, but by that point I didn't have enough time to run through them.

The possibility that something like that might've come from Hotbar is chilling. I uninstall that POS all the time. There's always someone who wants 1000 free smilies, I guess.

No BS.

The spyware problem

Grokster is a Peer-To-Peer File Sharing program. It offers free, peer-to-peer fast and detailed searches, no incomplete/failed downloads, auto resume, fast downloads, file preview, and ability to handle all file types. In an organization, Grokster can severely degrade network performance and consume vast amounts of storage. Installs numerous other products, including Active Delivery, CasinoOnNet, ClipGenie, CommonName, Cydoor, DelFin Media Viewer, DownloadWare, eUniverse, FavoriteMan, FlashTrack, Gator, IGetNet, IGetNet/ClearSearch, IncrediFind, IPInsight, Look2Me, Lycos.SideSearch, NetworkEssentials, NetworkEssentials/SCBar, PeopleOnPage, RVP, SAHAgent, Search-EXE, SearchEnhancement, TOPicks, VX2/e, VX2/f, and Webhancer.

Recent versions of Grokster the download includes additional applications that are bundled within the software's installer file, some of which may be provided by parties other than the developer of this download. These applications may deliver advertisements, collect information, overlay content or graphics on the Web site you are viewing, or modify your system settings. Pay close attention to the options presented to you during the installation process. As of 9/3/02, the version of Grokster available for download requires that you also install Cydoor and GAIN components. During installation, you will also be presented with more than 10 optional installation items and/or services from Symantec, File Freedom, New.net, eBates, GreenCarrot, and others.

Additional information from Spyware Information Center Spyware Information Center and Microsoft are the sources for this information. Source citations Computer Associates Spyware Information Center http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453060425

Microsoft Corporation http://support.microsoft.com/default.aspx?scid=kb;en-us;317013 and http://search.microsoft.com/search/results.aspx?view=en-us&st=b&na=82&qu=grokster

Can we say scary?


GS

 

[Bozo]

Try Yahoo IM. My sons computer was completely hosed after loading this garbage.
Also, download some software from a warrez sight.

If you are using IE, don't add any of the patches or updates and leave it connected to te net overnight.

Bozo :mrgrn:

 

[Handruin]

Yahoo IM is fine. We have to use it at work (not my choice) and it hasn't put anything detectable on our systems.

 

[Mercutio]

Yahoo IM by itself doesn't install any Spyware at all. It's part of our classroom install. Your son is probably accepting file transfers or something.

 

[Buck]

Yahoo IM, or other popular IM clients are just like Incruddiemail and Outlook Express -- as has been mentioned, they don't install spyware. They have relatively little security to help protect against virus and spyware attacks. Compound this weakness with poor or no malware protection, and you are dead.