Dismiss Notice
Guest, I have a big favor to ask you. We've been working very hard to establish ourselves on social media. If you like/follow our pages it would be a HUGE help to us. SoSH on Facebook and Inside the Pylon Thanks! Nip

Spyware 201

Discussion in 'BYTE ME: Technology discussion' started by Blacken, Jul 12, 2008.

  1. teddywingman

    teddywingman Looks like Zach Galifianakis SoSH Member

    Messages:
    7,645
    My desktop with windows 7 contracted a virus the other day when I was trying to download celtx--the screenwriting format software. The main virus seems to be some browser safeguard thing. Problem is I can't get on the internet to download anything to remove it.
    I went to the control panel and clicked uninstall but that obviosly isn't going to cut it. (as you can tell, I'm a tech moron).
    Any help would be great.
     
  2. Harry Hooper

    Harry Hooper Well-Known Member Lifetime Member SoSH Member

    Messages:
    24,646
     
    How are you making out with this? Can you download on another machine a software package (e.g., http://usa.kaspersky.com/downloads/free-home-trials/internet-security/download ) and then bring that download (via USB drive or CD-ROM disc) over to the infected machine and install?
     
  3. BoSoxFink

    BoSoxFink Stripes SoSH Member

    Messages:
    7,140
    Are there any free adware or spyware apps out there? My laptop has been incredibly annoying lately with popups and has become almost unusable because of it. I'm not that tech savvy so any help would be much appreciated.
     
  4. Harry Hooper

    Harry Hooper Well-Known Member Lifetime Member SoSH Member

    Messages:
    24,646
  5. EddieCollins

    EddieCollins Active Member Gold Supporter SoSH Member

    Messages:
    27
    SUPERAntiSpyware has a free version. http://www.superantispyware.com/  We use it at work. Since we're a non-profit organization we rely on free apps and this one is pretty good.
     
  6. BoSoxFink

    BoSoxFink Stripes SoSH Member

    Messages:
    7,140
    thanks for this, I used it and it seems to have helped
     
  7. AnkleStigmata

    AnkleStigmata Well-Known Member Lifetime Member SoSH Member

    Messages:
    1,148
     
    I have sorta the same question. I've been using the freebie version of Avast for a while now - as a result of a long-ago recommendation in this thread, IIRC - but lately it's been causing my Win 7 machine to blue-screen (an extensively discussed yet still unfixed problem with aswsv.sys per google). I uninstalled it, reinstalled, same thing. Last night I uninstalled it a second time, custom-installed with just bare-bones AV, and already one BSOD. So now it's time to say vaffanculo to Avast and try something else. For a while I was paying for McAfee but then despite automatic and frequent virus definition file updates, that failed to prevent something from hosing my machine and my wife's laptop on separate occasions, so eff that ess too.
     
    What's currently good, whether free or pay?
     
  8. Couperin47

    Couperin47 Well-Known Member Silver Supporter SoSH Member

    Messages:
    12,815
     
    I don't believe in any single provider, layered protection works best, but, of course, they have to play nicely together. I use the following combo. have for years. Together they use very little space and resources and are inexpensive:
     
    1. MS Security Essentials is free and almost worth what you pay for it... but it can't hurt to have it running.
    2. ESET NOD32 AV (NOT their full security suite product), on occasion Newegg sells a 1 year license for as little at $10.99, once you have it I have used the single license on as many as 7 boxes with no objection from them...
    3. Webroot Secure Anywhere is available in several flavors, the basic I use covers my Windows boxes and also provides coverage and theft protection for Android phones. Unlike most, it's now cloud based, continually updates. It also appears insensitive to how many boxes you install it on with a legit key... I think on the last sale I bought a 2 year subscription for $30.... Also Webroot includes all sorst of extra goodies: a sandbox tool, a password manager, a utility to directly control any active process, the ability to backup data and settings from your phones locally, identity protection...lots of useful stuff.
     
    Eset and Webroot compete for which catches stuff first for me.
     
    Please note NONE of these products provide complete protection 'out of the box', you have to configure each intelligently: locked down fully they will block sites and actions that you may well wish to allow, they may also allow things you don't want to allow. Intelligently configured they have protected me perfectly for the last 7 years, even when I knowingly go to sites notorious for warez and other net horrors.
     
  9. AnkleStigmata

    AnkleStigmata Well-Known Member Lifetime Member SoSH Member

    Messages:
    1,148
    Thanks for those ideas. Also just read this thread where MS Security Essentials/Windows Defender was regarded well enough. Avast blue-screened me again today so I have uninstalled it for good and made sure Defender is set up for real-time protection and to automatically d/l updated definition files. I'll do some more research and determine what else if anything I feel I need to do. I generally practice safe/aware/conservative computing, don't go to warez sites etc., so mainly am just looking for a backstop in case I screw up somehow.
     
  10. fletcherpost

    fletcherpost sosh's feckin' poet laureate Lifetime Member SoSH Member

    Messages:
    8,673
    Hey Guys,
     
    My sister's lap top has some kind of crypto virus. I've tried to fix it, going on forums and stuff...no joy. So i said I'd ask the brain squad at SOSH. The virus hass encrypted all her files as far as I can see. My sister uses the lap top to work from home, so there's spreadsheets; budgets; reports, all sorts of stuff, some backed up but a lot isn't. As well as this hundreds of photos from her time in the USA a couple of years ago.
     
    Her fiance emailed me the text file that you get with this virus and i've pasted it below omitting the links (cos i is scared)  -  basically they - whoever they may be - want some money, and credit card details to provide the encryption key, to unencrypt these files.
     
    What i have done so far: Ran scans with Avast and Malware bytes; looked in application data for the offending file, but no joy. So I'm kinda stumped. If any one can help, I'd be most grateful. Here's the text file, cut and pasted below. (in order to tr and fix the problem i cut and pasted the secnd line below into google, looking for forums/solutions etc...but no joy as of yet. Been at this much of the day and had to give up as the problem exceeds my knowledge. The operating system on her laptop is Windows 7
     
     
    All files including videos, photos and documents on your computer are encrypted by CryptoDefense Software.
    Encryption was produced using a unique public key RSA-2048 generated for this computer. To decrypt files you need to obtain the private key.
    The single copy of the private key, which will allow you to decrypt the files, located on a secret server on the Internet;
    the server will destroy the key after a month. After that, nobody and never will be able to restore files.

     
    In order to decrypt the files, open your personal page on the site .............................. and follow the instructions.
     
    1. You must download and install this browser ...........................................................
    2. After installation, run the browser and enter the address: rj2bocejarqnpuhm.onion/bYj
    3. Follow the instructions on the web-site. We remind you that the sooner you do, the more chances are left to recover the files.
     
  11. AlNipper49

    AlNipper49 Huge Member Dope

    Messages:
    40,174
    Fletch - I'd love to give you good news but there is a very good chance that she has lost everything. Google "bleeping computer cryptlocker". I can give you more info later when I do t have two kids hanging off of me.
     
  12. fletcherpost

    fletcherpost sosh's feckin' poet laureate Lifetime Member SoSH Member

    Messages:
    8,673
    yea i did a lot of reading...it looks bad.
     
  13. Reverend

    Reverend for king and country Lifetime Member SoSH Member

    Messages:
    36,885
    Hoping you solved this by now, but do you remember how you sorted it the last time you had a rogue? ;)
     
  14. absintheofmalaise

    absintheofmalaise too many flowers Dope SoSH Member

    Messages:
    12,572
    Do you?
     
  15. kneemoe

    kneemoe Member SoSH Member

    Messages:
    2,093
    Sorry this is so late, but these instructions would probably be worth a shot.
    http://www.expertreviews.co.uk/general/1307248/how-to-recover-files-from-cryptolocker-for-free
     
    I thought I read recently that this had affected a security researcher's wife's(?) PC recently and he found a way to extract the key that was used for encrypting all the files but I can't seem to locate that article/info right now.
     
  16. god loves the sox

    god loves the sox Well-Known Member Lifetime Member SoSH Member

    Messages:
    788
    Best free program to thoroughly clean a PC?
     
  17. Harry Hooper

    Harry Hooper Well-Known Member Lifetime Member SoSH Member

    Messages:
    24,646
     
    Best way to clean (as opposed to reinstall of OS or restoration of backup) is to mount the dirty drive as a second drive in a protected, clean PC and clean it from there. If that isn't feasible, download the free 30-day trial of a full program like Kaspersky, Bitdefender or Eset. Install one of them including latest updates, run through cleaning 2-3 times, rebooting after each clean, uninstall. Then install the other one, Do cleaning again 2-3 times, reboot after each cleaning, and then uninstall. Make a backup of the cleaned hard drive. Install some free anti-virus/anti-malware programs. Eset also offers a free online scanner at http://www.eset.com/us/online-scanner/
     
     
    Bitdefender is offering a free 6-month license for its Internet Security 2015 at http://www.bitdefender.com/media/html/60-second/index.html
     
  18. MakMan44

    MakMan44 stole corsi's dream SoSH Member

    Messages:
    19,310
    Is there a better anti virus software than Sophos for Macs? Every time I try to start a scan, it takes forever to actually start. 
     
  19. Zomp

    Zomp Turkey Virgin Dope

    Messages:
    10,985
    Any advice on how to remove adware called pricechop on my laptop?  I've deleted the extension in chrome and uninstalled the program but every time I restart my computer it comes back.
     
  20. Couperin47

    Couperin47 Well-Known Member Silver Supporter SoSH Member

    Messages:
    12,815
     
    http://malwaretips.com/blogs/remove-price-chop-virus/
     
    Google is your friend you know.... and you wouldn't have the issue if you spent a few bucks on some real protection... next time it might not be adware...
     
  21. nothumb

    nothumb Member SoSH Member

    Messages:
    7,033
     
    It seems like all the top google links for getting rid of pricechop, ads by notification, etc are just sites parroting ineffective strategies + advising you to download spyware / malware programs that don't fix the problem. The link above included. Your response was not helpful.
     
    I've been running security software, firewall, malware detection etc for years and I somehow got the ads by notification thing and can't get rid of it. So skip the scolding. Would appreciate any constructive input from people who actually know how to fix this.
     
  22. threecy

    threecy Cosbologist SoSH Member

    Messages:
    1,518
    Anyone deal with CryptoWall 2.0 recently?  According to various articles, the latest outbreak spread through AOL/Match.com/Yahoo advertisements (just by having the ad load, not even clicking it).
     
    It eludes anti-virus and anti-Malware programs and gradually encrypts the users files (except things like .exes, so that it can encrypt as much as possible without getting noticed), then demands a $500 ransom.  The encryption key is stored remotely.  If the user does not pay the ransom in a week, it doubles.  If the ransom is not paid after a certain number of days, the encryption key is deleted.  It apparently goes after all attached drives, including external media and mapped network drives.
     
  23. Koufax

    Koufax Well-Known Member Lifetime Member SoSH Member

    Messages:
    4,173
    Anyone know how to get rid of GoPCPro? Uninstall does not work and Kaspersky doesn't detect it as a problem.  Various websites identify it as criminal, but their instructions for getting rid of it are hopeless complex and end with an offer to sell me something that may well be worse than the disease.
     
  24. Harry Hooper

    Harry Hooper Well-Known Member Lifetime Member SoSH Member

    Messages:
    24,646
     
    Worth a try to download and install the free 30-day trial of HitManPro
     
  25. norm from cheers

    norm from cheers Member SoSH Member

    Messages:
    1,408
    HI.. last night my laptop was infected with some malware that is causing pop ups and various shopping deals on all sites.  I run the firefox 33.1 on windows 8.1 on  a Leveno laptop I bought last year.  my fiance had a thumbdrive that our laptops couldnt read, so of course she used my laptop to download recovery software and thus my laptop now is funky.
     
    I use the free avast and downloaded and used Malwarebytes.. initially it found 34 issues that it cleaned up.. reboot and issue is still there.. repeat process with Malwarebytes a few times and it keeps finding one issue and cleans it.  I even tried the software suggested above Hitmanpro and it doesnt see the virus.
     
    I then went to major geeks and ran the gamit of malware software there..still nothing except some issues found and cleaned.  A friend suggested Stopzilla, and it found items but it wants me to purchase the product to kill it.  that's the rub.. my fiance has my wallet as we switched cars yesterday and I always put wallet in the overhead visor while driving.  my bad.. she is not home until dinner time and I need this laptop back asap.
     
    I am attempting to delete manually each of the listed infections and have found one persistant one in the task manager processes listings.  It's called "applagitatint" and "applagitatinthelper" and i have have denied permissions in the properties section for both.. it wont shut down so I can delete them.
     
    there are 14 files flagged and the above are the first two listed.. any ideas?
     
  26. riboflav

    riboflav Member SoSH Member

    Messages:
    7,355
    I have the securepaths malware and every time I seem to get rid of it, it comes back. Anyway, my novice question is if I uninstall Safari and install Chrome in its place, will that work? My understanding is that securepaths only effects your browser and not the rest of your computer.
     
  27. Couperin47

    Couperin47 Well-Known Member Silver Supporter SoSH Member

    Messages:
    12,815
     
    This malware affects Chrome, Mozilla browsers (Firefox & Palemoon for example) and IE too, so that strategy won't work. I'm seeing lots of potential fixes and claims, but it's clear that just removing files won't ever completely kill it, there are registry settings that also need removal. It's an infection that also keeps morphing...this 'easy guide' to removal is anything but simple and admits the infection may have already have added new wrinkles:
     
    http://webcache.googleusercontent.com/search?q=cache:Koa2Dbwf4kkJ:removevirusmalware.com/get-rid-of-securepaths-com-virus/
     
     
    alternatively, you're going to need a serious malware removal product (hint: don't expect any of the free alternatives to bail you out).
     
    ESET has a free online scan and a 30 day free trial offer which might bail you out:
     
    http://www.eset.com/us/online-scanner/
     
  28. riboflav

    riboflav Member SoSH Member

    Messages:
    7,355
     
    Thanks, Coup.
     
    I had already tried that first link and have done some other stuff but so far no luck. Per your suggestion, I got ESET and ran it and it found a couple threats but I don't think either were securepaths related. 
     
    I'm thinking about taking my macbook air to Geek Squad but I don't want to spend $200 and find out they couldn't fix it either. Any opinion on Geek Squad? My macbook is only 16 months old so I hate to give up on it already.
     
  29. Couperin47

    Couperin47 Well-Known Member Silver Supporter SoSH Member

    Messages:
    12,815
     
    ahhh, you didn't say this was a Mac issue. I plead complete ignorance of anything Mac related. Geek Squad is, of course, highly variable depending on staff, but in general they are a joke. IMHO, you'd be better off saving all your files elsewhere, reformatting the drive and reloading a fresh install of your OS, and saving the $200.
     
  30. riboflav

    riboflav Member SoSH Member

    Messages:
    7,355
     
    Whoa. Whoa. Do you have a link that would lead me through this?
     
    Thanks!
     
  31. Couperin47

    Couperin47 Well-Known Member Silver Supporter SoSH Member

    Messages:
    12,815
     
    like I said I know nothing about the Apple ecosystem, but such an option is available on any Windows based laptop.
     
  32. riboflav

    riboflav Member SoSH Member

    Messages:
    7,355
     
    That's cool. I erased the HD and reinstalled the OS so hopefully that takes care of it.
     
  33. Couperin47

    Couperin47 Well-Known Member Silver Supporter SoSH Member

    Messages:
    12,815
     
    That should work, but be aware some infections can lurk in the MBR (master boot record) on the hard drive, eliminating them often requires that you not just erase the drive, but remove the partitioning and completely reformat the drive to obtain a clean MBR.  Nothing I've read implies you need to do that to eliminate securepaths.
     
  34. 75cent bleacher seat

    75cent bleacher seat Well-Known Member Gold Supporter SoSH Member

    Messages:
    1,601
  35. Harry Hooper

    Harry Hooper Well-Known Member Lifetime Member SoSH Member

    Messages:
    24,646
    The paid Panda program has topped the testing charts from time to time.
     
  36. LoweTek

    LoweTek Well-Known Member Lifetime Member SoSH Member

    Messages:
    1,303
    I have a Win7 computer which is getting the 'System Support IT' pop-ups. (You may be infected, call this toll free number, etc.) All my go to actions to eradicate this thing have had no success. Reading a removal instruction at a site called malwaretips.com, they suggest using ADWCleaner, then Malwarebytes (I did already do Malwarebytes and it found quite a lot but did not eliminate the issue), then HitmanPro and finally to reset IE settings.

    I see HitManPro recommended by Hooper above but can anyone vouch for ADWCleaner and/offer another suggestion for a reliable instruction site or approach to getting this cleaned out?

    Wiping and re-installing is not necessarily out of the question on this PC but I'd rather clean it up than take the time to re-install.

    Thx
     
  37. Bleedred

    Bleedred Member SoSH Member

    Messages:
    6,808
    Norm - did you ever solve this?  your problem seems almost exactly like mine
     
  38. cmac24

    cmac24 Member SoSH Member

    Messages:
    1,986
    I've been getting this message from avast:

    avast web shield has blocked access to this page becuase the following certificate is invalid: ssl334328.cloudflaressl.com

    I did some googling and it looks like some kind of spyware but I can't figure out how to make it stop. Anyone see this before and have ideas on how to get rid of it? I'm running windows xp.
     
  39. Couperin47

    Couperin47 Well-Known Member Silver Supporter SoSH Member

    Messages:
    12,815

    Unlikely that it's spyware, what Avast is telling you is that the registration certificate for that site is invalid, almost certainly expired. There are only a gazillion expired certificates to websites on the Net, many/most modern browsers can now be set to alert you to this, as well as protection software that does the same thing. 99% of the time this means nothing more than that whoever is responsible for that site as been lazy about updating/renewing their certificate. It generally does not mean you're infected.
     
  40. riboflav

    riboflav Member SoSH Member

    Messages:
    7,355
    I was on baseball reference this morning. And, after about a minute, it was suddenly redirected to an Adobe (possible fake Abode site?) site that wanted to me to update my Adobe flash player. I wasn't watching any video, just browsing the site. Also, I was on a page, not clicking to another page when it occurred. I immediately closed Safari and ran a malware scan. It turned up nothing. I reset Safari and nothing has happened since. Unfortunately, I did not get the URL of the site I was possibly redirected to.

    Anything to worry about on my end? Could baseball reference be corrupted?
     
  41. Hank Scorpio

    Hank Scorpio Member SoSH Member

    Messages:
    4,814
    I've gotten that a couple of times too, riboflav. It's not just baseball reference.

    I'll post back if I find anything on it.
     
  42. Nick Kaufman

    Nick Kaufman protector of human kind from spoilers Lifetime Member SoSH Member

    Messages:
    9,949
    As long as you didn't download and install anything, chances are you should be ok.
     
  43. riboflav

    riboflav Member SoSH Member

    Messages:
    7,355
    So, 19 days and no more problems until just now. I'm on wunderground and am redirected to a site that again wants me to "update" my video player. The url is softtic.com. After some research, this seems to be mostly a PC problem, but I'm on a MacBook using Safari. The only thing I can find online suggests that I delete all my extensions. Well, I don't have any extensions. I ran a malware scan and once again it turned up nothing. Still, nothing to worry about?
     
  44. riboflav

    riboflav Member SoSH Member

    Messages:
    7,355
    Btw, it's captured in my browser history as, "video player setup." I don't know if that helps but I thought I'd pass it along.
     
  45. natpastime162

    natpastime162 Member SoSH Member

    Messages:
    1,653
    Every time I call my mother she tells me that somebody is trying to hijack her computer. She must call Comcast on the daily. I believe she still has Windows 10 on this PC, but it might be 7 (I remember reverting one of their computers back to Windows 7, do not recall which). I know that she downloaded Norton after these problems started because it is included with Comcast's service, and that she runs malwarebytes and ccleaner on the regular.

    Coup (or somebody else),

    Does this remain a good course of action 2 1/2 years later, or are better options out there?
     
  46. Couperin47

    Couperin47 Well-Known Member Silver Supporter SoSH Member

    Messages:
    12,815
    1. The Microsoft AV included with 10 is seriously better than the Essentials which is all that's available with 7, it's still not great but it's not a joke, definitely better than nothing.
    2. Layered still works better than any one program, the issue remains you need a combo that doesn't interact by interfering with each other, use too many resources or actually block/refuse to install together. This is true of ESET + Webroot+ Essentials. Webroot being cloud based is very small, close to the lightest on resources and rates even more highly than it did 2 years ago (there are now 3 or 4 variations, the AV engine is identical in all, you want the plain SecureAnywhere product). The base ESET product is NOD32, also still rates very highly (as to results, some downgrade it because of the interface, not it's performance). They still work together perfectly. Webroot remains insensitive to how many devices you actually install it upon, ESET changed their serial validation and I suspect it now will notice being used on multiple devices if you get a single user version (I have not upgraded the underlying interface since I'm not sure).
    3. Norton remains middle of the pack in performance, and is a resource hog. Worse it is very difficult to uninstall/remove so that many consider it more of an infection than a solution and, of course, it does NOT play well with any other product I know of.
     
  47. edoug

    edoug Member SoSH Member

    Messages:
    1,661
    Does your mother go to Facebook? Does she take those quizzes on there? Some add programs to browsers. So if you or anybody else has an opportunity to check out her PC physically. That may be a place to look.
     
    #347 edoug, Jun 15, 2017
    Last edited: Jun 15, 2017
  48. natpastime162

    natpastime162 Member SoSH Member

    Messages:
    1,653
    Ok, I'm going to go ahead and purchase Webroot and NOD32. Now I just need to figure out how to eradicate Norton from her computer.

    That's the thing. She doesn't have a facebook account. Pretty sure her web diet consists of: web interface for the local paper, her employer's website, romance novel/book websites, and well-known web retailers (amazon, ebay, etc.). Maybe one of those sticks out.
     
  49. Couperin47

    Couperin47 Well-Known Member Silver Supporter SoSH Member

    Messages:
    12,815
    Just Google Uninstall Norton Win 7 or Win 10
     
  50. charlieoscar

    charlieoscar Member

    Messages:
    1,122

Share This Page