I searched the computer questions sticky and didn’t catch any reference to a current issue.
One of my geophysicist’s workstation began to slow to a crawl last week, and I, amongst other things, installed Ad Aware and SpyBot and ran them. I found hundreds of things that they both flagged, mostly data miners and cookie trackers, which I understand to be mostly benign, but several items tagged as mal-ware as well.
I zapped what I could with those programs, and used Control Panel’s Add/Remove Programs to get at what I could from there. Then the ones that kept reinstalling themselves on reboot were attacked with command line deletes from Safe Mode. Finally, it appeared clean.
This morning I came in and found an email from my main IT guy telling me that this workstation failed its weekend backups, so I go look at it and find many browser windows open, and all of the same crap resident on the system. Again.
So I repeat the drill from last week and finally clean it up again.
OS is Win2K Professional, IE 6.0.
Questions:
PRIMARY
My IT guy (and I’m not such) tells me that SpyBot is actually a source for many of these problems. That contradicts everything I’ve read about it on these boards. Anything to that?
Secondary
We use a virus scanner called Inoculan that is administered at the corporate server level. Could there be something that either I or it have missed that’s allowing some rogue app to fire up IE on its own and start letting these beasties from the dark side in as we slumber?
Whoops! I’ll add that the operator of this system is well aware that he needs to have all programs closed when he leaves for the nightly backups to proceed without error, so I doubt he left IE running. Just to be sure, tonight we left the system running, but logged him off.
In my experience, SpyBot is not putting any baddies on your computer, but other anti-spyware programs have been known to do so. I remember reading a lengthy article from some folks who tested many programs, but I can not find it again.
If this had any element of truth to it, the techies (not to mention the general public) would have been finding Spybot as the problem source a long time ago (relatively speaking). I suspect your IT guy is giving you a line rather than admit he doesn’t have an answer.
I have never encountered a shred of evidence that Spybot is malware itself. However, IIRC there have been some fake versions of Spybot floating around that are really Trojans - could you have one of those? I’m not sure if they still exist, but the Spybot author posted on the main site about a Trojan’ed version once.
Otherwise…my IT staff generally pronounce everything they don’t understand, don’t have, or simply just don’t like as “evil” and never, ever bother to reverse a “judgment”. Among the more notable things they’ve pronounced as “evil hackerware” used only by “script kiddies” are Apache, PHP, MySQL, Firefox, Adaware, Spybot, PGP, Java, and Winzip. Thus anyone with these installed on their PCs is subject to “dire consequences”. I of course have all of these things installed on my computer…
I think Spybot has an option to restore recently “cleaned” files, but I don’t know how this could have been triggered on your machine. I’ve been running Spybot on two computers for several years with no problems. What version are you running?
Some IT people can be very interesting. The IT guy at my dad’s company has, on numerous occasions, blamed pieces of network hardware for causing problems that were actually due to changes he had made to the system; in the most memorable instance (back in the dial-up days), he misspelled a server name and thus cut off internet access for most of the people in the office. A non-IT employee found the problem after a few days.
Spybot has an option to ‘immunize’ your system against malware, as far as I know, this works by creating dummy (i.e. non-functional), write-protected entries that the malware can’t replace - it works, but I suppose (pure conjecture) there’s a possibility that some piece of malware could be hammering your file system, repeatedly trying and failing to install itself.
SpyBot S&D isn’t malware, but a trojanized version of it certainly would be.
However, Ad-Aware and Spybot S&D don’t always catch everything. I had recurring problems with my home system until I installed Norton AntiVirus, which stopped that particular problem for good.
Also available is Microsoft Antispyware Beta (from the microsoft site, of course) which is pretty thorough, and includes an agent that continually monitors for spyware installation and requests explicit permission to allow them or not.
Of course, using the product involves some amount of trust of Microsoft.
