Custom Search
Join the PC homebuilding revolution! Read the all-new, FREE 200-page online guide: How to Build Your Own PC!
NOTE: Using robot software to mass-download the site degrades the server and is prohibited. See here for more.
Find The PC Guide helpful? Please consider a donation to The PC Guide Tip Jar. Visa/MC/Paypal accepted.
Results 1 to 3 of 3

Thread: Explain this

  1. #1
    Join Date
    Jul 2001
    Location
    Wyncote, PA, USA
    Posts
    10,241

    Explain this

    I just got back from a client. Now this is a great story. Client went away for vacation. Had a teenager house sit. When client came home it was clear the teenager had visited various porn sites. The computer had several spy ware programs installed, dialer software, the favorites had various porn sites added to it.

    Uninstalled the software. fixed the favorites and ran spy-bot to get rid of the software. Teenager swears he did not add anything to favorites or allow any installation of software. Ran a virus can and found the backdoor.jeem worm.

    Went to the history and visisted some the sites listed an lo and behold the process repeates itself.

    Went back to my place and the same thing happened on my computer.

    Are there security settings in IE that would have prevented these web sites from installing software without user consent. Make changes to the registry. Are these active x controls that can be blocked?

    I know the best medicine is not to visit these sites, but teenage boys and a broad band connection is an open invitation.

    I'd like some thoughts from the IE experts

  2. #2
    Join Date
    Mar 2003
    Location
    Missouri, USA
    Posts
    76
    Best way is to make sure all ActiveX in Internet Options are set to prompt at least. Unsafe unsigned set to disable. At least you'll know what tries to install...

    Then, you can get Spyware Blaster. It'll act as a kill bit for these crappy drive-bys. It doesn't need to be running, it adds these "kill-bits" to the registry and effectively kills them before they even get on your pc.

    http://www.javacoolsoftware.com/spywareblaster.html
    I amar prestar aen. Han mathon ne nen. Han mathon ne chae. A han noston ne 'wilith. - Galadriel

    'The world is changed; I can feel it in the water, I can
    feel it in the earth, I can smell it in the air.'

  3. #3
    Join Date
    Nov 2000
    Location
    The Mountain State
    Posts
    23,389
    Well, firstly I believe the kid...this crap can and does do all sorts of things, including but not limited to...

    1. Changing your homepage/search engine
    2. Add themselves to Favorites/bookmarks, "Trusted Zone" in IE Security
    3. Add listings to the HOSTS file to redirect sites
    4. Add/change DNS settings, default URL handling
    5. Write themselves to obscure auto-runlocations in the registry and reinstall themselves if not completely removed.


    In other words, trojan like behavior.

    Basically, yes there are security settings in IE to help....disable ACtiveX (set it to a least prompt, not only for unsigned controls but singed as well....yes a lot of that crap is signed!!!!!!!)

    But running Spywareblaster provides a much better method....it prevents several hundred of these bad boys from installing.

    Please post a HijackThis log from the infected machine.

    Also some more info.... http://www.spywareinfo.com/rd/faq
    AV, Anti-Trojan List;Browser and Email client List;Popup Killer List;Portable Apps
    “When men yield up the privilege of thinking, the last shadow of liberty quits the horizon.” - Thomas Paine
    Remember: Amateurs built the ark; professionals built the Titantic."

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •