Some program “greatantispy” installed itself, and whenever I do a search for how to removed spyware or something I get redirected to “searchocity.com” or “scanerrors.com”. What do I have and how do I get rid of it- Windows Security Essentials detected a virus and asked if I wanted to remove it, but obviously it didn’t work because that’s when bad stuff started happening.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
http://www.filehippo.com/download_malwarebytes_anti_malware/
give those a stab, in that order.
I appreciate it, I think I got the problem fixed, but I’m still curious about a few things:
-
How is it you can still get malware without doing anything with the Internet Explorer protected mode, and Windows requiring user permission to make systemwide changed?
-
How is it malware can redirect certain and only certain search queries to sites of it’s own choosing?
Its not making systemwide changes, its just changing a search engine selection, something a user has permission to do.
its a computer program, once its in, it does what its programmed to do.
All software has bugs. Some malware exploit bugs rather than just duping the user to install stuff.
Secondary programs, like Java and Adobe Reader also have bugs that can be exploited so it’s not just the browser that is the problem.
- What version of Internet Explorer? And Windows, for that matter? Vista/Windows 7 have far more security features than XP, and while Microsoft still supports older versions of IE, you simply don’t get the defense-in-depth using IE on XP that you do on Vista/Windows 7.
For example, on Windows 7, a piece of malware has to crack IE8, then DEP (which is pretty hard), then address randomization (ditto), then UAC, before it can actually install something. The same malware on XP only has to defeat IE8, and then it’s done.
And that’s not even mentioning the buggy security nightmares people normally have installed in their browsers. Mainly, Adobe Flash and Oracle Java. I would guestimate that those are responsible 10 times more malware than IE itself.
Per always, the by far most important thing you can do for security is update. Update, update, update. And minimize your footprint: if you don’t need Java, remove it. (You probably need Flash.)
- It can install itself as what’s called a “proxy”, which is basically a way of software saying: before you send any data to the Internet, send it to me first and I’ll pass it along. So basically it snoops on all your Internet traffic, and can alter it when it wants.
Internet Explorer 9 on Windows 7 Professional.
I do have and need Java. The interface to my lighting server needs it.