[NCSA-discuss] windows cleanup following gratuitous download

Glenn Hennessee Glenn_Hennessee at ncsu.edu
Tue Oct 10 08:26:24 EDT 2006 

Unfortunately software downloads/installs without permission do happen. 
Reputable sites don't do this and this may or may not be a reputable 
site. Antivirus software won't find or even look for spyware, the most 
likely thing that got installed. Start by downloading and installing 
Spybot Search and Destroy and AdAware. Both are free for home use and 
run both. They will both flag some cookies but you are more interested 
in installed software. Will these programs find all the spyware? No, I 
don't know of any program that will find every bit of spyware but these 
will find a lot of it. It's unlikely you picked up a trojan but it could 
happen. If you are using the windows xp firewall, good at blocking 
incoming traffic but at blocking outgoing traffic, get ZoneAlarm. There 
is a free version for home use. It knows common internet accessing 
programs but will ask if you want to let programs it doesn't know access 
the internet. This will let you know if anything is "phoning home" like 
key loggers, and targeted pop ups. If something is trying to get out and 
you don't recognize it, use google to find the program name. Firefox is 
much less likely to let a piece of spyware in since a lot of them come 
in as activex controls. Of course, some websites require activex or have 
specific code for IE. HijackThis can be very useful at times for finding 
  registry entries, etc. Some pieces of spyware can be very difficult to 
remove; again, google is your friend.

glenn

Joseph Mack NA3T wrote:
> running wxp pro with this weekend's updates
> 
> All I know about windows comes from helping the family who uses it for 
> word processing. My son also plays games on it.
> 
> Tonite my son went to a new game site (flashportalgames.com) looking for 
> new games, where he found that unbidden a bunch of downloads occured and 
> he had a new twirling animated cursor, presumably the logo of the game 
> site. While he did click on something, he didn't give any informed 
> consent on what was about to happen.
> 
> I gave him a reminder talk about not accepting gifts from strangers.
> 
> I restored the default cursor, and found the new downloaded cursor along 
> with about 100 other small files all with tonight's date in 
> Documents_and_Settings/Username/LocalSettings/TemporaryInternetFiles all 
> of which I deleted.
> 
> Norton AntiVirus with tonight's patches doesn't show any viruses. 
> Neither ControlPanel/RemoveSoftware nor the Start/Programs show any new 
> programs.
> 
> Questions I have
> 
> o how did a download and install of this cursor occur without him asking 
> for/permitting it?
> 
> o is the executable that did the install still somewhere?
> 
> o is there some executable that was downloaded along with the cursor 
> lurking around?
> 
> o what else don't I know about what happened tonight?
> 
> Thanks Joe
> 
> 


-- 
Glenn Hennessee
Department of Chemistry
NC State University
Raleigh, NC 27606
Voice: (919) 515-2947 FAX: (919) 515-8909
Email: Glenn_Hennessee at ncsu.edu

More information about the ncsa-discussion mailing list