best spyware proggie

Discussion in 'other anti-malware software' started by headquarter, Dec 9, 2002.

Thread Status:
Not open for further replies.
  1. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,017
    How? By setting a "kill bit" for the CLSIDs of spyware ActiveX controls, it prevents the installation of any of them from a webpage. You can run Internet Explorer with Active-X enabled, but you will never even get a "Yes/No" box popped up, asking you to install a spyware Active-X control (Internet Explorer will never download or run it!). All other Active-X controls or plug-ins will work fine.

    The SpywareBlaster database contains information on these known spyware Active-X controls. Make sure you run the Check For Updates feature frequently to get the latest database! (And make sure you check the new items to protect your system against them!)

    As a side benefit, setting this "kill bit" will also prevent the spyware Active-X from running, in many cases, if it is already installed on your system
     
  2. sk

    sk Registered Member

    Joined:
    Nov 19, 2002
    Posts:
    241
    Thanks, MtM. As usual, u da man! :D As for me...I'm off to d/l Spyware Blaster. To the BAT CAVE boy wonder...
     
  3. TheApostate

    TheApostate Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    22
    Hi there all

    I use adaware, outdated though it may be, though these days it's more of a backup proggy. Spybot is awesome and also spywareblaster. Going to have a look at the javacool site andd se what is to be seen.

    TheApostate
     
  4. sk

    sk Registered Member

    Joined:
    Nov 19, 2002
    Posts:
    241
    Welcome to Wilders, T.A. :D I also still use AdAware, now probably more for the nostalgic memories though. lol. Although I do believe they will resurface and be relevant once again in the near future. And as far as the javacool forum/site goes, you couldn't ask for a more helpful, relevant developer. You will not be disappointed, I promise you that.
     
  5. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    For nostalgic value? Why not use Gibson's optout ? :D
     
  6. sk

    sk Registered Member

    Joined:
    Nov 19, 2002
    Posts:
    241
    :DBecause until recently, Spybot didn't pick up Alexa, for some reason, and AdAware did. :cool:
     
  7. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    That's a joke right? About the lone harmless Alexa key in IE?
     
  8. sk

    sk Registered Member

    Joined:
    Nov 19, 2002
    Posts:
    241
    No joke, unless the joke was on me. All I know was, each time I'd run AdAware after a reinstall it would show Alexa. If you're saying that was a false positive, I had no idea, nor do I have any idea how I could have known it was a false positive. I updated every available AdAware update that I could, so if it kept showing Alexa, I had to assume it was something to take in the same light as any other warning it showed. The only time I ever over-rode an AdAware alert was for a screen shot of a UCmore toolbar. The fact that it had UCmore in the name triggered a flag from AdAware, and I knew that it was a mistake, so I put that .jpg in the exclude option. But as far as Alexa, I would have had no way of knowing it was harmless.

    sk
     
  9. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
     
  10. sk

    sk Registered Member

    Joined:
    Nov 19, 2002
    Posts:
    241
    You can say that again. I'm still unclear about Alexa.
     
  11. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    i dont know what I'm talking about
     
  12. sk

    sk Registered Member

    Joined:
    Nov 19, 2002
    Posts:
    241
    Well, that makes one of us.
    o_O :eek: :D :D :D :D
    Just kidding, JayK. You know a lot of stuff and present it here very clearly. I'm just not clear about the whole Alexa thing, though. Is it really a false positive? I thought at one point I checked it out at Spychecker and it registered as spyware there too.
    Update: Well, I guess not. I just checked and Alexa is not registering at Spychecker.com.
    sk
     
  13. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,475
    Location:
    Netherlands
    I stole this quote from a web-page that is off-line so I am not able to link to it:

    Quote:

    This particular key is included as part of an enhancement to IE 5 and above in which Alexa searches for related web pages to the ones you area currently on, by default the Related button does not show in IE except on some versions provided by some ISP's. Additionally Alexa is included in the options for the search button in IE.

    Hope that helps,

    Pieter
     
  14. I asked pestpatrol what they thought of it and why it was not picked up by a scan with pest patrol when Ad aware would go crazy when it picked up on it and this is their reply
    There are two forms of Alexa that might be found in a machine: an Alexa toolbar service and a registry entry. While the toolbar service compromises your privacy, a lone registry entry is not a problem.

    Ad-Aware false alarms on a registry entry. The Alexa registry entry that is created by an IE 6 install is not a pest, not a problem, and nothing to worry about. The issue is the 'related links' feature of IE which appears as the 'Tools'/'Show Related Links' menu item, and a corresponding toolbar button if you added it (from the 'Customize...' link on the toolbar). Ad-Aware is simply detecting a registry key that creates a menu item that points to a local web page that points to an MSN search page that uses the Alexa engine. Our position is that this is 0% spyware, and 100% a false alarm by Ad-Aware.

    You may convince yourself of that by noting that there were no Alexa files found when you scanned with Ad-Aware.

    If you have already removed this registry entry, it will be restored the next time you add a service pack for IE. And its absence does not appear to cause any harm to IE's operation.

    Some info on the Alexa toolbar service may be found here: http://pestpatrol.com/pestinfo/a/alexa_adware.asp

    If you have any reason to think otherwise, please write.

    +++

    Here is some more info on Alexa, in case you are interested.

    If you use 'related links', IE will contact the Alexa servers to obtain information about other web pages which might be related. But you will not be spied on UNLESS you intentionally install other Alexa software, in which case PestPatrol will find and report a possible problem.

    If you have an Alexa toolbar, and wish to uninstall it, all versions of the Alexa Toolbar have an uninstall feature. It will be located in different places, depending on which version you have installed.

    To uninstall Alexa Toolbar 6, click on the small down arrow by the Alexa logo on the toolbar and select Uninstall Alexa from the drop down menu.

    To uninstall Alexa Toolbar 5, click on the round '?' button on the Alexa toolbar and select Uninstall Alexa from the drop down menu.

    To uninstall Alexa Toolbar 4, open the Alexa sidebar, click on Help, and select Uninstall Alexa.

    Alexa Toolbars 4, 5, and 6 may also be uninstalled using your computer's Add/Remove Programs feature. Open your Windows Start menu, go to Settings, click on Control Panel, and then double click on Add/Remove Programs. Click on Alexa and then click the remove button. The next time you open a new browser window, the toolbar should be gone.

    If you have trouble uninstalling Alexa Toolbars 4, 5, or 6 using these methods, please take a moment to try our alternate method at http://www.alexa.com/exec/faqsidos/help/index.html?index=38 to uninstall the toolbar.

    To uninstall Alexa Toolbar 1.4.1 (the version for Netscape Navigator), click on Start > Programs > Alexa > Uninstall. Then follow the on-screen steps.

    To remove the Alexa Snapshot link from your links bar, simply delete it.

    If the above methods don't work, and you wish to uninstall the Alexa Toobars 3, 4, 5, or 6 from Internet Explorer:

    1. Go to: http://download.alexa.com/alexa_uninstall.inf

    2. Save the file to your desktop (Save to Disk and save in Desktop). Do not open the file.

    3. Find the 'alexa_uninstall' icon on your desktop, right-click on it and select 'install.' It will seem like nothing has happened.

    4. Please close all your open Internet Explorer windows. When you re-open an Internet Explorer window, the Alexa toolbar should be uninstalled.


    If you have questions or need help while uninstalling, you can e-mail customerservice@alexa.com.







    - David Stang
    PestPatrol Research, Development, and Support
    http://PestPatrol.com/Support/

    about aggregate web usage and shopping habitsa from internet explorer or windows a spyware or pest ,
    Thank you for your assistance
     
  15. Joe

    Joe Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    12
    Location:
    Launceston, Tasmania. Australia
    I am very new here, having just registered.

    I have Spybot and Spyblaster both installed.

    I update Spyblaster and then run it and select it to kill all of them off.

    I then run Spybot and it find that Advertising Junction is still there and active.

    It is possible to get the names of the spies that Spybot finds into the list for Spyblaster and how do I do it??

    Joe
    :rolleyes:
     
  16. sk

    sk Registered Member

    Joined:
    Nov 19, 2002
    Posts:
    241
    Thanks, S.P.C. It's clearer now.

    sk
     
  17. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    I've been trying to get them to stop detecting that $%@#%^ registry key for months. There is NO reason for it to be flagged .... at all ... and yet if a spyware cleaner DOESN'T flag it, people automatically assume it's missing something just because Lavasoft has decided to erroneously label a lone registry key as spyware.

    And what Spybot "fixes" now is completely different from what Ad-aware "fixes". What Spybot does is replace the local file that the Related Sites tool points to with one that sends you to google's related sites area. Be aware that Spybot's backup tool doesn't restore that file for some reason.
     
  18. sk

    sk Registered Member

    Joined:
    Nov 19, 2002
    Posts:
    241
    Thanks to you Mike as well.
    sk
     
  19. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    As I understand it, Spyblaster prevents you from installing activex crap from your browser. Once it's installed, there is not much it can do.

    Think of spyblaster has a immunizing shot. But once you are infected it does no good to take that shot..

    (Or Maybe it does, I don't know what I'm talking about, since I'm not a doctor)

    I'll leave a real expert to answer this. But I'm guessing everything in spyblaster is in spybot, but not viceversa. But there's a forum for spyblaster on wilders right, so maybe ask there.

    PS I have no idea what "Advertising junction" is. [/quote]
     
  20. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    4,043
    In fact, it can disable some spyware, and some components of spyware, after that spyware is installed. :)

    I'm fairly sure everything SpywareBlaster protects you against can be cleaned by Spybot (although sometimes one program gets a new version before the other), and I'm always updating the database to add new items. Currently, you can't add items yourself as you'd have to know the CLSIDs - plus the database is encrypted.

    Then again, if you do find any ActiveX spyware programs that are not in the SpywareBlaster definitions yet, I'll be more than happy to investigate and add them (if I can prove their malicious purpose - which usually doesn't take long if they are spyware). :)

    I believe Advertising Junction is a cookie (a small text file placed on your computer by a website) - thus SpywareBlaster can't protect against it but there are dedicated "cookie blocking" programs available.

    Hope this helps,

    -Javacool
     
  21. Joe

    Joe Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    12
    Location:
    Launceston, Tasmania. Australia
    thank you both, that has explained it a little better for me.

    Sorry to be a SOB, but I don't like intruders.

    I was looking for a Spyblaster forum but I couldn't seeit. oH well.

    Cya :)
     
  22. Joe

    Joe Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    12
    Location:
    Launceston, Tasmania. Australia
    Further to my last posting, this time when I ran Spybot I again got;

    MediaPlex,
    AvenueA.inc.
    Commission Junction
    Double Click

    Are these spyware that hopefully Spyeware Blaster should be stopping or are they false alarms?

    Joe
     
  23. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,475
    Location:
    Netherlands
    Hi Joe,

    Spywareblaster can not protect you from receiving cookies. Only from spyware that uses ActiveX controls.
    To help you with your cookie control we'd have to know what browser you are using.

    Regards,

    Pieter
     
  24. Joe

    Joe Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    12
    Location:
    Launceston, Tasmania. Australia
    Pieter, when I see things like that I don't really know if the are spyware or cookies. The fact that Spybot found them I just assumed that they were spyware.

    I am using Internet Explorer SP1 and OE.

    Thanks
    Joe
     
  25. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,475
    Location:
    Netherlands
    Of course I can't be completely sure from here, but looking at the names I suspect these are cookies. This stuff is spyware, but of the kind Spywareblaster can't protect you against.
    For Cookie control in IE6 have look at this thread: http://www.wilderssecurity.com/showthread.php?t=6071
    and this one for a vast choice of programs that control cookies:
    http://www.wilderssecurity.com/showthread.php?t=3196;start=0

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.