[NCSA-discuss] windows cleanup following gratuitous download
Glenn Hennessee
Glenn_Hennessee at ncsu.edu
Tue Oct 10 08:26:24 EDT 2006
Unfortunately software downloads/installs without permission do happen.
Reputable sites don't do this and this may or may not be a reputable
site. Antivirus software won't find or even look for spyware, the most
likely thing that got installed. Start by downloading and installing
Spybot Search and Destroy and AdAware. Both are free for home use and
run both. They will both flag some cookies but you are more interested
in installed software. Will these programs find all the spyware? No, I
don't know of any program that will find every bit of spyware but these
will find a lot of it. It's unlikely you picked up a trojan but it could
happen. If you are using the windows xp firewall, good at blocking
incoming traffic but at blocking outgoing traffic, get ZoneAlarm. There
is a free version for home use. It knows common internet accessing
programs but will ask if you want to let programs it doesn't know access
the internet. This will let you know if anything is "phoning home" like
key loggers, and targeted pop ups. If something is trying to get out and
you don't recognize it, use google to find the program name. Firefox is
much less likely to let a piece of spyware in since a lot of them come
in as activex controls. Of course, some websites require activex or have
specific code for IE. HijackThis can be very useful at times for finding
registry entries, etc. Some pieces of spyware can be very difficult to
remove; again, google is your friend.
glenn
Joseph Mack NA3T wrote:
> running wxp pro with this weekend's updates
>
> All I know about windows comes from helping the family who uses it for
> word processing. My son also plays games on it.
>
> Tonite my son went to a new game site (flashportalgames.com) looking for
> new games, where he found that unbidden a bunch of downloads occured and
> he had a new twirling animated cursor, presumably the logo of the game
> site. While he did click on something, he didn't give any informed
> consent on what was about to happen.
>
> I gave him a reminder talk about not accepting gifts from strangers.
>
> I restored the default cursor, and found the new downloaded cursor along
> with about 100 other small files all with tonight's date in
> Documents_and_Settings/Username/LocalSettings/TemporaryInternetFiles all
> of which I deleted.
>
> Norton AntiVirus with tonight's patches doesn't show any viruses.
> Neither ControlPanel/RemoveSoftware nor the Start/Programs show any new
> programs.
>
> Questions I have
>
> o how did a download and install of this cursor occur without him asking
> for/permitting it?
>
> o is the executable that did the install still somewhere?
>
> o is there some executable that was downloaded along with the cursor
> lurking around?
>
> o what else don't I know about what happened tonight?
>
> Thanks Joe
>
>
--
Glenn Hennessee
Department of Chemistry
NC State University
Raleigh, NC 27606
Voice: (919) 515-2947 FAX: (919) 515-8909
Email: Glenn_Hennessee at ncsu.edu
More information about the ncsa-discussion
mailing list