Best free anti-spyware software?

[bicchiere]

my list:

ad-aware
spybot search and destroy
spywareblaster / spywareguard

any suggestion?

Thanks
Paolo

[Giel]

Spysweeper

http://www.webroot.com/
--
__________________________________________________
Speed up your internet by blocking AD's and spies !
Use this simple ProxyAutoConfig script:
http://nina.xs4all.nl/pac/no-ads_no-proxy.pac
ps;this overrides other proxysettings, you will be surfing without
one(direct).

A dutch howto and help is here:
http://nina.xs4all.nl/pac

For nerds:
I like the above pac-script extended !
How 'bout uploading me a beter one here:
http://nina.xs4all.nl/upnav.htm

Like all cool services at giel's, this is free and continues as long as it
does not constipates my connections.
"bicchiere" <paolozavarise@libero.it> wrote in message
news:d6300438.0310300304.134c4b2f@posting.google.c om...
> my list:
>
> ad-aware
> spybot search and destroy
> spywareblaster / spywareguard
>
> any suggestion?
>
> Thanks
> Paolo

[Darkhorse]

"Giel" <NeverSP@Mthe.net> wrote in message
news:3fa117e1$0$58702$e4fe514c@news.xs4all.nl...
> Spysweeper
>

A) Not free

B) Very slow to scan, update and load.

C) It found 2 false positives, no reply from Webroot when Emailed.

[Jim Byrd]

Well, here's my standard post about hijacking. I think everything I
recommend there is free and useful.


It sounds like you've been hijacked. If you go to this page at Jim
Eshelman's site, here: http://aumha.org/a/noads.htm and wait a little bit
(be patient), an analysis of a number of possible parasites on your machine
will be made to help you identify and remove them. NOTE: You will need to
disable Ad Blocking in Zone Alarm 3/4.x, if present or any other Ad Blocking
software which interferes with Java Scripting for this scan to work. You
should get a message between the two lines of **** giving the results of the
scan.

For the general hijack case, the best way to start is to get Ad-Aware 6.0,
Build 181 or later, here: http://www.lavasoftusa.com/support/download/.
Update and run this regularly to get rid of most "spyware/hijackware" on
your machine. If it has to fix things, be sure to re-boot and rerun
AdAware again and repeat this cycle until you get a clean scan. The reason
is that it may have to remove things which are currently "in use" before it
can then clean up others.

Another excellent program for this purpose is SpyBot Search and Destroy
available here: http://security.kolla.de/ SpyBot Support Forum here:
http://www.net-integration.net/cgi-b.../ikonboard.cgi. I recommend
using both normally. After fixing things with SpyBot S&D, be sure to
re-boot and rerun SpyBot again and repeat this cycle until you get a clean
"no red" scan. The reason is that SpyBot sometimes has to remove things
which are currently "in use" before it can then clean up others.


Note that sometimes you need to make a judgement call about what these
programs report as spyware. See here, for example:
http://www.imilly.com/alexa.htm

Lastly, a very useful utility for examining your system and correcting
problems is Hijack This, which you can download here:
http://www.spywareinfo.com/~merijn/files/hijackthis.zip See also,
HijackThis Quick Start Help, http://www.tomcoyote.org/hjt/ (Recommended)
This site has a number of useful references and information also:
http://www.spywareinfo.com/articles/hijacked/ and here
http://www.spywareinfo.com/downloads.php

Another program giving a good inventory of all of the possible start vectors
is AutostartExplorer, here: http://www.misec.net/aexp.jsp While it doesn't
allow control of startups, it's extremely comprehensive in examining all of
the possible sources. Highly Recommended

Next, go here: http://www.mlin.net/StartupCPL.shtml and get Mike Lin's
Startup Control Panel applet. A somewhat more difficult to use but more
extensive program to do the same thing is StartupList from here:
http://www.lurkhere.com/~nicefiles/index.html, or even better, Autoruns from
here: http://www.sysinternals.com/ntw2k/so...shtml#autoruns. Be
very careful about doing any Registry modifications directly unless you're
comfortable with this, and be sure that you BACKUP your Registry before
making any changes, so that you can recover if something goes wrong.
Changes made with StartUpCPL are less likely to cause problems, and are
usually a matter of just re-enabling the particular program. Another
program of this type that I can recommend is StartMan, free, here:
http://www.spywareinfo.com/downloads/startman/. If you have problems with
suspected hijackers, you can look up and investigate suspect programs in
your StartUp lists here:
http://www.pacs-portal.co.uk/startup...artup_full.htm (Recommended)
http://www.3feetunder.com/krick/startup/list.html (Recommended)
http://www.answersthatwork.com/Taskl...s/tasklist.htm (Recommended)


Some hijackers install themselves as Browser Helper Objects. Get BHOCop
here: BHO Cop http://www.pcmag.com/article2/0,4149,270,00.asp
(Unfortunately, no longer free from that link but you can read about it
there, and here is a direct download link for it:
http://websec.arcady.fr/bhocop.zip) and take a look at what BHO's are
currently installed. Some things like AdShield and Acrobat are normal, but
if you see something that doesn't make any sense, try disabling it and see
if that helps. Another excellent program for this same purpose is BHODemon,
(still free) here: http://www.definitivesolutions.com/ or here:
http://www.spywareinfo.com/downloads/bhod/ I would recommend both. You can
also check/control BHO's using the Tools function of SpyBot S&D.

There's good information about hijacking and fixes available here:

Andrew Clover's parasite page: http://www.doxdesk.com/parasite/ (Highly
recommended)
Robert Allen's parasite page: http://allentech.net/parasite/index.phtml
(Highly recommended)
http://www.spywareinfo.com/hijacked.html
http://gmpservicesinc.com/Articles/hijack.asp (links here for .reg files to
lock and unlock your homepage, BTW. You can also use this program to toggle
locking/unlocking of your homepage:
http://www.dougknox.com/security/scr...ethomepage.vbs Recommended)
http://www.mvps.org/inetexplorer/answers.htm#home_page

Also, there's a new class of hijacker using Window's Messenger Service (not
Instant Messaging, BTW). If you get popups even when your browser is not
connected to the Internet with a title bar reading "Messenger Service", then
these are most likely due to open NetBios TCP ports 135, 139 and 445 and UDP
ports 135, 137-138. You really need to block these with a firewall as a
general protection measure. You can stop the popups by turning off
Messenger Service; however, this still leaves you vulnerable. If you have
an NT-based OS such as XP or Win2k, you should probably also specifically
block TCP 593, 4444 and UDP 69, 139, 445, and install the very important
823980 patch from MS03-026, here:
http://support.microsoft.com/?kbid=823980.


See: Messenger Service Window That Contains an Internet Advertisement
Appears http://support.microsoft.com/?id=330904 which identifies reasons to
keep this service and steps to take if you do.

You can test your system and follow the 'Prevention' link to get additional
information here:
http://www.mynetwatchman.com/winpopuptester.asp Unless you have very good
reasons to keep this active, it should be turned off in Win2k and XP. Go
here and do what it says:
http://www.itc.virginia.edu/desktop/docs/messagepopup/ or, even better, get
MessageSubtract, free, here, which will give you flexible control of the
service and viewing of these messages:
http://www.intermute.com/messagesubtract/help.html Recommended.

(FWIW, ZoneAlarm's default Internet Zone firewall configuration blocks the
necessary ports to prevent this use of Messenger Service. I don't know the
situation with regard to other firewalls.)

Messenger Service is not per se Spyware or something that MS did wrong - It
provides a messaging capability which is useful for local intranets and is
also sometimes (albeit nowdays infrequently) used by some applications to
provide popup messaages to users. However, it can also be (and now
frequently is) used to introduce spam via this open NetBios channel.
For a single user home computer, it normally isn't needed and can be
turned off which will eliminate the spam popups. This DOESN'T, however,
remove the vulnerability of having these ports open, when in fact they
aren't needed, since they can be perverted in other ways as well, some
of which can be much more damaging than just a spam popup.

Unless you have very good reasons to keep this active, it should be turned
off in Win2k and XP. Go here and do what it says:
http://www.itc.virginia.edu/desktop/docs/messagepopup/ or, even better, get
MessageSubtract, free, here, which will give you flexible control of the
service and viewing of these messages:
http://www.intermute.com/messagesubtract/help.html Recommended.


Once you get this cleaned up, you might want to consider installing the
SpywareBlaster and SpywareGuard here to help prevent this kind of thing from
happening in the future:
http://www.wilderssecurity.com/spywareblaster.html (Prevents malware Active
X installs) (BTW, SpyWare Blaster is not memory resident ... no CPU or
memory load - but keep it updated) The latest version as of this writing
will prevent installation or prevent the malware from running if it is
already installed, and it provides information and fixit-links for a variety
of parasites.
http://www.wilderssecurity.net/spywareguard.html (Monitors for attempts to
install malware) Both Very Highly Recommended.

See if any of this helps and post back with your results.


--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In news:d6300438.0310300304.134c4b2f@posting.google.c om,
bicchiere <paolozavarise@libero.it> typed:
> my list:
>
> ad-aware
> spybot search and destroy
> spywareblaster / spywareguard
>
> any suggestion?
>
> Thanks
> Paolo

[Alan]

On 30 Oct 2003 03:04:48 -0800, paolozavarise@libero.it (bicchiere) wrote:

>my list:
>
>ad-aware
>spybot search and destroy
>spywareblaster / spywareguard
>
>any suggestion?
>
>Thanks
>Paolo

SSD & HijackThis. HijackThis requires expert interpretation of its log, so I
get advice from SWI Forums:
http://forums.spywareinfo.com/index.php?showtopic=5187

[Robin T Cox]

Alan <ralsky@gordontower.com> wrote in
news:98f3qvst08gncnm60nu0rdm9sfjmflm3qg@4ax.com:

> HijackThis requires expert interpretation of its log, so I
> get advice from SWI Forums:
> http://forums.spywareinfo.com/index.php?showtopic=5187
>

There is also an excellent HJT tutorial at:
http://www.spywareinfo.com/~merijn/htlogtutorial.html

[sponge]

On 30 Oct 2003 03:04:48 -0800, paolozavarise@libero.it (bicchiere)
wrote:

>my list:
>
>ad-aware
>spybot search and destroy
>spywareblaster / spywareguard
>
>any suggestion?
>
>Thanks
>Paolo

I recommend using all three, and also HiJackThis! from time to time.
It's not like they cost you an arm and a leg...

Sponge
Sponge's Secure Solutions
www.geocities.com/yosponge
My new email: yosponge2 att yahoo dott com

[YK]

sponge wrote:
> On 30 Oct 2003 03:04:48 -0800, paolozavarise@libero.it (bicchiere)
> wrote:
>
>> my list:
>>
>> ad-aware
>> spybot search and destroy
>> spywareblaster / spywareguard
>>
>> any suggestion?
>>
>> Thanks
>> Paolo
>
> I recommend using all three, and also HiJackThis! from time to time.
> It's not like they cost you an arm and a leg...

Not even the hair on your chinny-chin-chin.
http://www.moviequotes.com/repository/titles/70005.html

[|3iff //ullins' flonk-a-roonie]

fizzle pop Fri, 31 Oct 2003 00:22:09 GMT, whir sput ssssput "Jim Byrd"
<jrbyrd@spamlesscomcast.net> weenie:

>Well, here's my standard post about hijacking. I think everything I
>recommend there is free and useful.
>
>
>It sounds like you've been hijacked. If you go to this page at Jim
>Eshelman's site, here: http://aumha.org/a/noads.htm and wait a little bit
>(be patient), an analysis of a number of possible parasites on your machine
>will be made to help you identify and remove them. NOTE: You will need to
>disable Ad Blocking in Zone Alarm 3/4.x, if present or any other Ad Blocking
>software which interferes with Java Scripting for this scan to work. You
>should get a message between the two lines of **** giving the results of the
>scan.
>
>For the general hijack case, the best way to start is to get Ad-Aware 6.0,
>Build 181 or later, here: http://www.lavasoftusa.com/support/download/.
>Update and run this regularly to get rid of most "spyware/hijackware" on
>your machine. If it has to fix things, be sure to re-boot and rerun
>AdAware again and repeat this cycle until you get a clean scan. The reason
>is that it may have to remove things which are currently "in use" before it
>can then clean up others.
>
>Another excellent program for this purpose is SpyBot Search and Destroy
>available here: http://security.kolla.de/ SpyBot Support Forum here:
>http://www.net-integration.net/cgi-b.../ikonboard.cgi. I recommend
>using both normally. After fixing things with SpyBot S&D, be sure to
>re-boot and rerun SpyBot again and repeat this cycle until you get a clean
>"no red" scan. The reason is that SpyBot sometimes has to remove things
>which are currently "in use" before it can then clean up others.
>
>
>Note that sometimes you need to make a judgement call about what these
>programs report as spyware. See here, for example:
>http://www.imilly.com/alexa.htm
>
>Lastly, a very useful utility for examining your system and correcting
>problems is Hijack This, which you can download here:
>http://www.spywareinfo.com/~merijn/files/hijackthis.zip See also,
>HijackThis Quick Start Help, http://www.tomcoyote.org/hjt/ (Recommended)
>This site has a number of useful references and information also:
>http://www.spywareinfo.com/articles/hijacked/ and here
>http://www.spywareinfo.com/downloads.php
>
>Another program giving a good inventory of all of the possible start vectors
>is AutostartExplorer, here: http://www.misec.net/aexp.jsp While it doesn't
>allow control of startups, it's extremely comprehensive in examining all of
>the possible sources. Highly Recommended
>
>Next, go here: http://www.mlin.net/StartupCPL.shtml and get Mike Lin's
>Startup Control Panel applet. A somewhat more difficult to use but more
>extensive program to do the same thing is StartupList from here:
>http://www.lurkhere.com/~nicefiles/index.html, or even better, Autoruns from
>here: http://www.sysinternals.com/ntw2k/so...shtml#autoruns. Be
>very careful about doing any Registry modifications directly unless you're
>comfortable with this, and be sure that you BACKUP your Registry before
>making any changes, so that you can recover if something goes wrong.
>Changes made with StartUpCPL are less likely to cause problems, and are
>usually a matter of just re-enabling the particular program. Another
>program of this type that I can recommend is StartMan, free, here:
>http://www.spywareinfo.com/downloads/startman/. If you have problems with
>suspected hijackers, you can look up and investigate suspect programs in
>your StartUp lists here:
>http://www.pacs-portal.co.uk/startup...artup_full.htm (Recommended)
>http://www.3feetunder.com/krick/startup/list.html (Recommended)
>http://www.answersthatwork.com/Taskl...s/tasklist.htm (Recommended)
>
>
>Some hijackers install themselves as Browser Helper Objects. Get BHOCop
>here: BHO Cop http://www.pcmag.com/article2/0,4149,270,00.asp
>(Unfortunately, no longer free from that link but you can read about it
>there, and here is a direct download link for it:
>http://websec.arcady.fr/bhocop.zip) and take a look at what BHO's are
>currently installed. Some things like AdShield and Acrobat are normal, but
>if you see something that doesn't make any sense, try disabling it and see
>if that helps. Another excellent program for this same purpose is BHODemon,
>(still free) here: http://www.definitivesolutions.com/ or here:
>http://www.spywareinfo.com/downloads/bhod/ I would recommend both. You can
>also check/control BHO's using the Tools function of SpyBot S&D.
>
>There's good information about hijacking and fixes available here:
>
>Andrew Clover's parasite page: http://www.doxdesk.com/parasite/ (Highly
>recommended)
>Robert Allen's parasite page: http://allentech.net/parasite/index.phtml
>(Highly recommended)
>http://www.spywareinfo.com/hijacked.html
>http://gmpservicesinc.com/Articles/hijack.asp (links here for .reg files to
>lock and unlock your homepage, BTW. You can also use this program to toggle
>locking/unlocking of your homepage:
>http://www.dougknox.com/security/scr...ethomepage.vbs Recommended)
>http://www.mvps.org/inetexplorer/answers.htm#home_page
>
>Also, there's a new class of hijacker using Window's Messenger Service (not
>Instant Messaging, BTW). If you get popups even when your browser is not
>connected to the Internet with a title bar reading "Messenger Service", then
>these are most likely due to open NetBios TCP ports 135, 139 and 445 and UDP
>ports 135, 137-138. You really need to block these with a firewall as a
>general protection measure. You can stop the popups by turning off
>Messenger Service; however, this still leaves you vulnerable. If you have
>an NT-based OS such as XP or Win2k, you should probably also specifically
>block TCP 593, 4444 and UDP 69, 139, 445, and install the very important
>823980 patch from MS03-026, here:
>http://support.microsoft.com/?kbid=823980.
>
>
>See: Messenger Service Window That Contains an Internet Advertisement
>Appears http://support.microsoft.com/?id=330904 which identifies reasons to
>keep this service and steps to take if you do.
>
>You can test your system and follow the 'Prevention' link to get additional
>information here:
>http://www.mynetwatchman.com/winpopuptester.asp Unless you have very good
>reasons to keep this active, it should be turned off in Win2k and XP. Go
>here and do what it says:
>http://www.itc.virginia.edu/desktop/docs/messagepopup/ or, even better, get
>MessageSubtract, free, here, which will give you flexible control of the
>service and viewing of these messages:
>http://www.intermute.com/messagesubtract/help.html Recommended.
>
>(FWIW, ZoneAlarm's default Internet Zone firewall configuration blocks the
>necessary ports to prevent this use of Messenger Service. I don't know the
>situation with regard to other firewalls.)
>
>Messenger Service is not per se Spyware or something that MS did wrong - It
>provides a messaging capability which is useful for local intranets and is
>also sometimes (albeit nowdays infrequently) used by some applications to
>provide popup messaages to users. However, it can also be (and now
>frequently is) used to introduce spam via this open NetBios channel.
>For a single user home computer, it normally isn't needed and can be
>turned off which will eliminate the spam popups. This DOESN'T, however,
>remove the vulnerability of having these ports open, when in fact they
>aren't needed, since they can be perverted in other ways as well, some
>of which can be much more damaging than just a spam popup.
>
>Unless you have very good reasons to keep this active, it should be turned
>off in Win2k and XP. Go here and do what it says:
>http://www.itc.virginia.edu/desktop/docs/messagepopup/ or, even better, get
>MessageSubtract, free, here, which will give you flexible control of the
>service and viewing of these messages:
>http://www.intermute.com/messagesubtract/help.html Recommended.
>
>
>Once you get this cleaned up, you might want to consider installing the
>SpywareBlaster and SpywareGuard here to help prevent this kind of thing from
>happening in the future:
>http://www.wilderssecurity.com/spywareblaster.html (Prevents malware Active
>X installs) (BTW, SpyWare Blaster is not memory resident ... no CPU or
>memory load - but keep it updated) The latest version as of this writing
>will prevent installation or prevent the malware from running if it is
>already installed, and it provides information and fixit-links for a variety
>of parasites.
>http://www.wilderssecurity.net/spywareguard.html (Monitors for attempts to
>install malware) Both Very Highly Recommended.
>
>See if any of this helps and post back with your results.
>
an excellent post.

**
|3iff "flonk" //ulins
CEO Indignitas - Formerly Alcatroll Labs Inc. (A Subsidiary of SNUH)
flOnk aT vERizOn DoT nEt

" "
-Marcel Marceau