[NCSA-discuss] windows cleanup following gratuitous download

Joseph Mack NA3T jmack at wm7d.net
Tue Oct 10 09:06:35 EDT 2006 

On Tue, 10 Oct 2006, Glenn Hennessee wrote:

> Unfortunately software downloads/installs without 
> permission do happen. Reputable sites don't do this and 
> this may or may not be a reputable site.

a site that installs files to my machine without informed 
consent is not a reputable site.

> Start by downloading and installing Spybot Search and 
> Destroy and AdAware.

just got'em thanks.

> If you are using the windows xp firewall,

everything is sitting behind my linux firewall, which 
basically just stops all incoming connection requests. 
However the firewall lets machines inside make any request 
they like. I didn't really know what the windows xp firewall 
would get me beyond my linux firewall (except it keeps 
honking that it's turned off, when I have it turned on).

> good at blocking incoming traffic but at blocking outgoing 
> traffic, get ZoneAlarm. There is a free version for home 
> use. It knows common internet accessing programs but will 
> ask if you want to let programs it doesn't know access the 
> internet. This will let you know if anything is "phoning 
> home" like key loggers, and targeted pop ups.

I didn't realise this was what ZoneAlarm did. I assumed it 
was much like my Linux firewall. Finding which process is 
opening a network connection isn't easy in Linux (I can't 
think of how to do it right now).

Couldn't find a free version for home use. Seems you have to 
buy or get a 15 day trial.

> If something is trying to get out and you don't recognize 
> it, use google to find the program name. Firefox is much 
> less likely to let a piece of spyware in since a lot of 
> them come in as activex controls.

the one last night came in through firefox.

> Of course, some websites require activex or have specific 
> code for IE. HijackThis can be very useful at times for 
> finding registry entries, etc.

just got it too thanks

Joe

Some pieces of spyware can be very difficult to remove; again, 
> google is your friend.
>
> glenn
>
> Joseph Mack NA3T wrote:
>> running wxp pro with this weekend's updates
>> 
>> All I know about windows comes from helping the family who uses it for word 
>> processing. My son also plays games on it.
>> 
>> Tonite my son went to a new game site (flashportalgames.com) looking for 
>> new games, where he found that unbidden a bunch of downloads occured and he 
>> had a new twirling animated cursor, presumably the logo of the game site. 
>> While he did click on something, he didn't give any informed consent on 
>> what was about to happen.
>> 
>> I gave him a reminder talk about not accepting gifts from strangers.
>> 
>> I restored the default cursor, and found the new downloaded cursor along 
>> with about 100 other small files all with tonight's date in 
>> Documents_and_Settings/Username/LocalSettings/TemporaryInternetFiles all of 
>> which I deleted.
>> 
>> Norton AntiVirus with tonight's patches doesn't show any viruses. Neither 
>> ControlPanel/RemoveSoftware nor the Start/Programs show any new programs.
>> 
>> Questions I have
>> 
>> o how did a download and install of this cursor occur without him asking 
>> for/permitting it?
>> 
>> o is the executable that did the install still somewhere?
>> 
>> o is there some executable that was downloaded along with the cursor 
>> lurking around?
>> 
>> o what else don't I know about what happened tonight?
>> 
>> Thanks Joe
>> 
>> 
>
>
>

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

More information about the ncsa-discussion mailing list