OT: anti-malware progs ineffective

I was surprised to learn today that all anti-adware and anti-spyware
programs perform so badly. Here's an extract of the ranking, from
'Anti-adware misses most malware' By Brian Livingston, in
http://windowssecrets.com/050127/

Product Adware Fixed
---------------- ------------
Giant AntiSpyware 63%
Webroot Spy Sweeper 48%
Ad-Aware SE Personal 47%
Pest Patrol 41%
SpywareStormer 35%
Intermute SpySubtract Pro 34%
PC Tools Spyware Doctor 33%
Spybot Search & Destroy 33%
McAfee AntiSpyware 33%
Xblock X-Cleaner Deluxe 31%
XoftSpy 27%
NoAdware 24%
Aluria Spyware Eliminator 23%
OmniQuad AntiSpy 16%
Spyware COP 15%
SpyHunter 15%
SpyKiller 2005 15%

So, given that there must be great overlap, I reckon my
frequently-used combination of Ad-Aware SE Personal and Spybot Search
& Destroy is catching little more than half the malware reaching me.
Unsettling.

 

The reviewer missed the one that seems to work quite well for me,
"Scan Spyware", but it's *paid*.

And, actually, NAV seems to be working pretty well at *identifying*
problems, but poor at removal... most adware screws with the registry
and adds DLLs, requiring booting up in SafeMode to manually clear
everything out.

...Jim Thompson

 

It is an indication of how hard it is to remove the malware programs
without removing applications or Windows its self. There are several
things working against the writers of such software:

(1) You can't simply remove any software that appears to send data over
the network without removing portions of Windows.

(2) You can't simply remove any "strange" software since different users
have different applications installed and there is a wide variation in
what portions of Windows are installed.

(3) There is no direct way to tell the difference between a newer DLL
that has some bugs removed and one that has malware added.


I think what may be the best way to solve the problem is to place Windows
on a disk as the C drive, install all the applications from the shrink
wrapped boxes and then disconnect the write wire of the C drive. From
that point on, all the data goes on the D drive or it goes nowhere at all.

 

I've got some trash called "Cool web search" on my PC at the moment.
*Nothing* can remove the core component.
"Spybot" will crash the PC on finding it. Others just acknowledge that this
POS is present.
Even the purpose written "CW Shredder" crashes on attempting to remove it.
Where are all those oh-so-clever-hot-shot-windows-programmers, when they're
needed to do some real, socially useful work?.
By default I'm learning that windows is built on gibberish. It leaks like a
sieve. No amount of updating can ever improve it.
regard.
john

 

"fdisk" will remove it.

I think Windows users should do as follows:

Make sure you have a CD burner.
When you burn CDs label them with the date, and what is on them.

As soon as you have a working Windows machine, make a backup of everything
onto a CD.

If you are going to download and install something, download it and save
the download file onto a CD.

Every time you create something you don't want to lose, write it onto a
CD.

Plan on doing a re-install of Windows every 3 Months to a year.

 

John,

There is an extra program to remove the spyware that crashes CWShredder. You can
download it here:
http://www.spywareinfo.com/~merijn/downloads.html

Run this program, then run CWShredder and HijackThis.

Hope it helps,
Alex Parkinson

 

Good idea, though I think you're going to need a DVD these days.

I download/save everything to a directory under an "installed"
directory on my "D" drive/partition and install from there.
Periodically that directory tree gets written to CD.

....along with all the malware already installed.

Why plan on it. It's going to happen anyway. Actually, I'm on year
five on this laptop and refused a new one because a re-installation
would be a disaster. :-(

 

I read in sci.electronics.design that Ken Smith

You can't then install the weekly crop of updates and bug fixes for
Windows itself, not to mention all the apps.

 

Using windows as a user and not administrator does effectively the
same.

 

Thanks Alex.
I ran the prog and it reported No CoolWWW present. Anyway, then ran
Shredder. It found 2 CoolWWWs and removed them without crashing. Whoopee!
must be on a winner here.

Then ran Hijack-this, removed some host redirections and a couple of lost
links.
Then ran Spybot. It told me I still had 7 varieties of CoolWWW still
present. Tried to fix them but Spybot crashed out (though this time without
taking the PC with it). According to Spybot 5 CoolWWW varieties are still
active.
I'll know for sure in about 10 minutes, as the browser redirections and
other programmes and pack-mates of CoolWWW start knocking on the door.

To me it looks like CoolWWW had regenerated itself inbetween running the
progs. The guy who wrote Shredder pretty much admits it's impossible to
remove.

regards
john

 

Make sure all your spyware removal programs have the latest updates
applied then unplug your network cable. You have to run the scans and
removals while not connected, otherwise stuff is being downloaded and
installed faster than you can clean it up. You may want to boot into
safe mode as well before running the removal tools.

I also suggest you try using the Microsoft Spyware Removal Tool free for
download from MS's download area. It's just a relabeled version of
Giant's product. It finds things that neither Spybot S&D nor AdAware
find. As the guy said, it's pretty much an exercise in futility trying
to totally rid your machine of all traces of this crap. You may also
need to disable windows system restore stuff so that windos doesn't help
you out by restoring the spyware infected files.

I remove allot of this junk all the time for people and the problem is
only getting worse day by day. These things engrain themselves so
deeply into windos that it's virtually impossible to get them out. I
also see allot of WTools and WebRebates on machines, this is a real bad
thing. They generally run as 2 parallel processes so terminating them
is next to impossible as the sibling will simply respawn the one you
kill. Since windos tells the process that you are trying to end task on
it to give it a chance to terminate normally, most spyware naturally
takes advantage of this as well.

 

Ken Smith wrote:

[snip]

If windows was designed this way...


Rene

 

Maybe publicly identifying people who write this crap (with a picture, name
and address) would take care of this problem. I'm sure many pissed off users
would love to "personally congratulate" the authors.

And than perhaps an amnesty for any "crime" involved in congratulating.

Burn 'em on the stake!

S

 

ISTR a case where a spammer's place of business was torched.

...Jim Thompson

 

If you want to get rid of nearly all spy/adware, and even virus issues,
quit using Outlook and Internet Explorer.

Mozilla is a very well done browser, that can be configured to block
popup ads, and restricts access to the system. Internet Explorer almost
seems to "go out and get" spyware, as it is so vulnerable, and has such
little security. Besides, if you don't know what 'tabbed browsing' is,
consider checking out Mozilla. It is the best feature ever created for a
browser.

Outlook and its offspring Express are wide open front doors for all kinds
of havoc on you computer, both for allowing access, and for propogating
things.

Use Eudora, or any one of a half dozen other very good programs, and you
will find that (Make up random number here) 95% of your problems will go
away.

My son uses IE and Outlook, and the cheesy spyware stuff still finds
literally hundreds of problems on a weekly basis. I use Mozilla, and MR/2
ICE for windows, and running the same spyware stuff as he does, find maybe
one a month.

Complaining feels good, doing something about it is a better idea. Lose IE
and Outlook, and see most of the problem go away.

John

 

Any comments/information/user-reviews for "Secure IE"?

http://www.secureie.com/index.aspx

...Jim Thompson

 

If C can't be written, most of the bug fixes aren't needed since they are
fixes to ways that C can be corrupted.

 

Not even close to the same. Windows constantly writes stuff all over C
even when running as just "user mode". Bugs can allow important stuff to
be overwritten. ith my solution, most of the bugs don't matter.

 

That is sort of what I suggested, but I don't think you can trust the
downloaded version of a program for very long. The next time your
computer gets hit, the virus may modify the downloaded files too.

The "it" I mean is specifically what you created ei: the file you
produced. If it gets infected before you save it to CD you lose it but
assuming that you detect the virus, all the stuff before that point is
safe.

My wifes computer is less than 4 months from its last re-install and
already stuff doesn't work. Re-installing is a majop pain because it uis
an upgrade version so it wants to keep all the malware or refuses to
install. When it is installed, it is complete virus bait and has to be
patched, patched and patched again before the network is used.

 

Sometimes CWShredder needs to be run from both Windows and Windows in
safe mode. Certain processes get stopped and it can do it's job.