| Author |
Spyware/Adaware on Esato? |
EastCoastStar
Joined: Dec 07, 2003
Posts: > 500
From: orlando fl US
PM |
its not bothering me really, but it really suprised me when i saw it, ya know?
the main one i saw was for Vonage |
|
|
Cycovision
Joined: Nov 30, 2003
Posts: > 500
From: England
PM, WWW
|
Well, at work (I'm a computer repair man) we use a program called 'Hijack this' to find out exactly what applications, BHO's and dll's (through rundll32.exe) get loaded up and executed at Windows startup.
I can safely say that my PC has shown no signs of spyware activity despite visiting Esato on a daily basis.
For anyone who's into hijack this, here's the log taken as I write this message:
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAOLACSAOLAcsd.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:PROGRA~1McAfee.comPERSON~1MPFSERVICE.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32GSICON.EXE
C:WINDOWSsystem32dslagent.exe
C:Program FilesCommon FilesAOLACSAOLDial.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:PROGRA~1McAfee.comPERSON~1MpfTray.exe
C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
C:Program FilesVIAudioiSBADeckADeck.exe
C:PROGRA~1COMMON~1XCPCSyncTRANSL~1ErPhn2ErTray.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesMagicKeyMagicKey.exe
C:PROGRA~1McAfee.comPERSON~1MpfAgent.exe
C:Program FilesSony EricssonMobileaudevicemgr.exe
c:PROGRA~1INTUWA~1SharedMROUTE~1MROUTE~2.EXE
C:Program FilesMagicKeyOSD.EXE
C:Program FilesMagicKeyMulMouse.exe
C:WINDOWSSystem32svchost.exe
C:PROGRA~1SONYER~1MobileCONNEC~1CONNMN~1.EXE
C:Program FilesAOL 9.0waol.exe
C:Program FilesAOL 9.0shellmon.exe
C:Program FilesCommon FilesAOLaoltpspd.exe
C:PROGRA~1SONYER~1MobileCONNEC~1CapMan.exe
C:PROGRA~1SONYER~1MobileCONNEC~1ElogErr.exe
C:PROGRA~1SONYER~1MobileCONNEC~1BROADC~1.EXE
C:PROGRA~1SONYER~1MobileCONNEC~1SCRFS.exe
C:PROGRA~1SONYER~1MobileAUFILE~1.EXE
C:PROGRA~1SONYER~1MobileCONNEC~1Ecfmserv.exe
C:PROGRA~1COMMON~1NullsoftActiveXAOLMed~1.exe
E:Jay's DocumentsHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [GSICONEXE] GSICON.EXE
O4 - HKLM..Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM..Run: [AOLDialer] C:Program FilesCommon FilesAOLACSAOLDial.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [MPFExe] C:PROGRA~1McAfee.comPERSON~1MpfTray.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 - HKLM..Run: [AudioDeck] C:Program FilesVIAudioiSBADeckADeck.exe 1
O4 - HKLM..Run: [XTNDConnect PC - ErPhn2] C:PROGRA~1COMMON~1XCPCSyncTRANSL~1ErPhn2ErTray.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:Program FilesAOL 9.0aoltray.exe
O4 - Global Startup: MagicKey.lnk = C:Program FilesMagicKeyMagicKey.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
|
laffen
Joined: Aug 07, 2001
Posts: > 500
From: Oslo, Norway
PM |
@EastCoastStar
You might have seen an ad for Vonage if you are located in the US. Members located in Europe, Asia or Africa will not see this advert. |
Lembo
Joined: Mar 13, 2004
Posts: > 500
From: East London
PM |
A quick way to check if internet explorer has spyware attached to it is to check the size.
Internet Explorer ver. 6 should be 91KB
|
OluYom
Joined: Oct 27, 2004
Posts: > 500
From: Nigeria
PM, WWW
|
I am yet to run into any of these while browsing Esato.
This message was posted from a WAP device |
marlonski
Joined: Oct 16, 2004
Posts: > 500
From: UK
PM |
@Cycovision
So Hijack this will basically log all running applications so that someone like yourself can then remove the the cr*p or at least advise someone what to do ? it's the renaming files in regedit and all the other thangs you guys do that seem a little daunting 
Do you know of any programs that'll actually sort this out by checking running applications, identifying and then removing them ? or is spybot and adaware sufficient ?
I run spybot, adaware, keep a copy of stinger (mcafee), cw shredder and run nortons.
i don't suffer from popups on here.
@vanquish not trying to tell ya ho to suck eggs mate, but have you run spybot in safe mode ? I don't think you can run adaware in safe mode (at least i haven't managed to yet).
If your running xp have you tried turning off the system restore which will delete garbage backed up and then running spybot etc ?
|
Cycovision
Joined: Nov 30, 2003
Posts: > 500
From: England
PM, WWW
|
@marlonski
Yes, the top part of the log shows all currently running applications and services whilst the bottom part (which is more usefull) shows pretty much everything that gets loaded at startup via the registry. Not just apps, but .dll files, browser plugins etc. Hijack this lets you delete these items directly without having to hack the registry.
Basically, we use it to help us get rid of the stuff that Spybot, Adaware etc. miss. There's quite a lot of very nasty browser hijackers out there that bury themselves deep within windows, and recreate themsleves whenever you remove them using spyware removal apps. That's when we go renaming files and hacking the registry directly!
Most people will find that running a good antivirus app along with Adaware and Spybot search and destroy will do a good enough job, they certainly get rid of the most dangerous spyware components like dialers and keyloggers. Apps like Hijack this and Process Explorer come in usefull when all else fails 
|
marlonski
Joined: Oct 16, 2004
Posts: > 500
From: UK
PM |
@Cycovision.... thanks very much for clarifying that
|
Payalnik
Joined: Jan 01, 2004
Posts: 380
From: Moscow
PM, WWW
|
Oh god, mates, why not use Firefox? I save a lot of time with all its tabs, ad blocker and no spyware
An Apple a day keeps Microsoft away |
masseur
Joined: Jan 03, 2003
Posts: > 500
From: Sydney, London
PM |
people experience other problems on esato with firefox such as the "new posts" feature not working and other cookie related issues
I'll stick with IE and NIS!
|
Payalnik
Joined: Jan 01, 2004
Posts: 380
From: Moscow
PM, WWW
|
So bad... It must not be ff's bug, do Opera behave the same?
Anyway, I'll never go to IE or Opera. One is slow and not tabbed, the other is... well, shareware.
An Apple a day keeps Microsoft away |
HyperiaBlue
Joined: Jan 09, 2005
Posts: 424
From: Outerspace!
PM |
I use 5 tools to keep my machine clean of spyware/adware/pop ups and virus', they are:
1) Norton Antivirus
2) Adaware SE Personal - spyware detection/removal
3) Spybot search and destroy - spyware detection/removal
4) Winpatrol to monitor registry changes.
5) Microsoft Antispyware
All these work together without taking up a huge chunk of resources.
So far i have had no trouble...maybe you guys should try this approach if you havent taken precautions.
Cheers!
 Sony Ericsson - the marriage of the consumer electronics Beauty to the telecomms Beast If you have any se-nse, then you will visit http://www.se-nse.com  |
masseur
Joined: Jan 03, 2003
Posts: > 500
From: Sydney, London
PM |
I've been running that MS anti spyware since the day it was released and it has NEVER (not once) found anythig on my pc. I then run adaware and spybot and they both find a whole stack of stuff, so I'm not convinced about the MS product yet
|
Jools
Joined: May 21, 2003
Posts: > 500
PM |
The best way to avoid all this spyware, adware, viruses and trojans is to switch to an Apple Mac.
In 15 years of Mac use I personally have never had a single outbreak of any.
Last virus I suffered from was when I had an Amiga 500 back in the early 90's... I think it made the cursor go all funny if I remember rightly!
This isn't a "my computer is better than yours" post, just an option.
|
batesie
Joined: Feb 13, 2004
Posts: > 500
From: London, UK
PM |
Quote:
|
On 2005-02-09 20:24:58, laffen wrote:
@EastCoastStar
You might have seen an ad for Vonage if you are located in the US. Members located in Europe, Asia or Africa will not see this advert.
|
|
Ive had the Vonage advert cover the esato logo a few times, and i'm in London UK!
Are you sure laffen?
[addsig] |
|
|
Posted: 2005-02-08 22:02
Sony Ericsson - the marriage of the consumer electronics Beauty to the telecomms Beast
