Is spyware and malware getting this sinister?

I started this thread:

Thanks for all your help. The computer works but is still in rough shape.
I tried to download a new browser since IE is seriously infested with popups. I tried Netscape but got an error message (Page not available). Then about a second later some crapware popped up - “PC Optimizer”. So I tried to download “Mozilla Firefox” and the same exact thing happened - same error message that looked exactly like Netscape’s error page and the same “PC Optimizer” popped up. I tried Netscape 2 more times and Mozilla once more with the exact events occurring each time.

Maybe I’m being paranoid but could this be a new low in malware aka crapware? Are there now malware instructions on this computer’s IE browser that sense you are trying to download a new (and uninfected browser) and so you get an “error” message that is actually generated by the malware and not the actual website?

IMO yes. I have seen spyware/malware so invasive trying to remove it essentially cripples your system and requires a re-format to clean it out. At that point it transcends being an annoyance and becomes in essence a virus. I think malware creators should be shot in the head, hanged and then shot again for good measure. It’s that annoying, time wasting and destructive. Did I mention they should be shot?

I’m very far from a computer expert, but could you burn a CD with a clean copy of a browser from another computer, then install it on yours?

Gila

  • Small Nitpick - It’s my neighbor’s computer (not mine).
    I might try burning a CD from my computer and bring it to my neighbor and see what happens. Of course, by now, the computer might be so filled with crapware that a re-format might be the only answer.

Astro - just taking a survey here but do you think malware creators should be shot?

:smiley:

I’d try to fake it out: Download lynx and get used to it enough to download Firefox or Opera or something like that.

If the crapware detects that site, I’ll munch a chapeau and tell you to download wget, which is even more primitive and obscure outside the *nix world.

If you get crap trying to download that (yet you can still download other things), I’ll join an anti-crapware militia and write a small report on how to do an HTTP request manually with telnet.

(Next week: Performing surgery with a hunting knife, scotch, and duct tape.)

A possibly less painful alternative is to try a proxy of some kind. It doesn’t need to be anonymous: You aren’t hiding from the outside world, just from the crap on your own machine.

(As an aside, Linux is remarkably free from crapware of any kind. Which is to say, I empathize, but I do not feel your pain.)

Derleth
Another fine suggestion.

By the way, please don’t empathize too much - as I said it is my neighbor’s compuetr and not mine.

I assume you’ve already tried a spyware killer? AdAware will detect and kill most known noxious/parasitic processes on your machine and, IIRC, uninstall them in a lot of cases.

It hangs out here:

http://www.lavasoftusa.com/software/adaware/

and it’s free.

I don’t use it regularly because it casts a pretty wide net; it identifies things as crapware that I do actually use-- mostly stuff related to audio and video. (An example is a little client-side app that espn.com uses to show you video highlights of the big game.) But if you (or your neighbor) are desperate, I’d at least try cleaning the system with AdAware before giving up and reformatting the entire HD-- which, let’s face it, is a huge PITA-- and it’s always there as a last resort anyway.

When your run it, it’ll give you a huge list of processes that it considers suspect. many of these are harmless-- but it doesn’t hurt to kill 'em all anyway. Al least, it didn’t hurt me; YMMV.

In answer to the OP: Yes. Yup. Absolutely.

I am never surprised about how nasty malware might get.

As a wild guess, I’m betting the spyware has screwed with your neighbor’s hosts file. Any time you try to go to Netscape to download, it switches you to another site.

As an easy fix, search for the file named “hosts” (it has no extension). Rename it. Then, quickly go to the site and download the software.

It’s possible, though, that the spyware will recreate the hosts file before you can download. Nasty bastards.

There comes a point when spyware/malware is too pervasive.

This sounds like one of those times.

Burn your data to CDs and reformat from the ground up.

Unfortunately there are some examples of this shitware that are totally resistant to either Spybot or Adaware. About a week ago at home I foolishly submitted to running an .exe from the web in order to get some dodgy software mod; it totally screwed IE.

I can now no longer run the Google toolbar, can’t get my homepage to remain in one place, and some stupid program called ‘Powerblaster’ or something starts up whenever I run the computer. It’s not visible as a running process nor an application, and I can’t uninstall it from the Control Panel. The startup seems to be embedded in the register, and I can’t find the application on my hard drive.

I ain’t never doing that again. Think I’d better format C: and start all over again. Why I oughta… Grrr…

You can tailor Adaware (and Spybot) to ignore files that are usefull to you.

JJimm Have you looked at ‘Hijack This’ - it is difficult/fiddly but I think you have the knowledge and experience to be able to rid yourself of your current problem without a wipe/reload.

Thanks, Myglaren, I’ll have a look when I get home.

If this thing isn’t even letting him visit the Netscape web page, what makes you think it’s going to let him visit AdAware? Even worse, what’s to stop the scumware from sending him to a page that looks just like AdAware, but in actuality is just yet another scumware download in disguise?

I would recommend first physically disconnecting the infected machine from the Net (pull out the cable), then download AdAware or similar software from a known clean computer (preferably one with a different operating system than the infected machine), burn it onto a CD, and then install it on the infected machine and clean up.

If that doesn’t work, I would physically disconnect the infected machine from the Internet, burn all non-recoverable data to CD (let all applications get wiped out: You should still have the install disks for all of them), reformat the infected machine, and re-install the OS and all applications. Then, take your data CD to a known clean machine, preferably using a different OS, and virus scan it. If any viri at all are found, burn the cleaned files to a new CD, and use that to restore the data to the infected machine.

In either case, after the machine is cleaned, I would immediately install anti-scumware software, and instruct the user on how to both use the anti-scumware software, and on how to prevent scumware from installing in the first place. If you suspect that the user will not follow these directions for whatever reason, I would set browser controls to disallow as much as possible, and not give the user the password to change them back.

At first I thought I was being paranoid, but from the responses I’ve seen, the Internet sleazeware folks are getting slimier all the time.

I’m sure you folks have heard of the new low in spam E-Mail - “phish”. I read about this just last week and (for those of you that may not know) it disguises itself as a very authentic-looking bank E-Mail (logos and all) or anti-virus company (Norton or Symantec logos) telling you to go to your bank account OR go to the latest anti-virus download. In reality, the link goes to where THEY want you to go. You end up giving them your bank numbers OR you download some malicious program.

I realize this is GQ but I feel these scumbags are a darned good incentive for revising death penalty statutes. :smiley:

Good point; I’d missed that part in the OP.

I say nuke the site from orbit. It’s the only way to be sure.

Here’s an article from last week’s “Boston Globe” about phish spam:
http://www.boston.com/business/globe/articles/2004/05/24/best_news_in_the_war_on_spam_phishing/