how to trace the source of spyware

[Jeromin]

how can I know the websites causing the spyware that gets detected by
spybot everyday ? I get about 14/16 different ones every day even
restricting myself to the websites that used to give me no trouble
only months ago (newspapers, my web mail, my bank and a few more).

J

[Default User]

On 29 May 2007 08:36:39 -0700, Jeromin <joanamo@yahoo.com> wrote:

>how can I know the websites causing the spyware that gets detected by
>spybot everyday ? I get about 14/16 different ones every day even
>restricting myself to the websites that used to give me no trouble
>only months ago (newspapers, my web mail, my bank and a few more).
>
>J

Determine how the spyware is infecting your system and disable the means of
infection, either through your web browser settings, use of a non-admin
account, better third-party detection software, etc... I prefer a
combination of all those and more.

[Gerald309]

On May 29, 11:36 am, Jeromin <joan...@yahoo.com> wrote:
> how can I know the websites causing the spyware that gets detected by
> spybot everyday ? I get about 14/16 different ones every day even
> restricting myself to the websites that used to give me no trouble
> only months ago (newspapers, my web mail, my bank and a few more).
>
> J

==============================/ Hello Jero...

Confusing post here because your subject line reads as. "how to trace
the source of spyware " .... but in the body apparently you mean how
and why are websites considered "malicious content websites".

To trace the source of malware from the web to your computer or from
the internet connection in general to your computer would take a
forensics expert in real world.

Some of the malicious content websites have some of the following
malware items that jump out at you (drive-by installations): web bugs,
web beacons, scumware. And then there are the worst threats including
trojans and virsuses and drive by spyware installs that can infect the
computer by visiting an infected website - whether that is intentional
or not by the webmaster.

Since it sounds like you are in a mature approach to infection - you
may want to get mature protection. Spybot Search and Destroy has
continually been rated as one of the worst defenses chronically for
years now - providing next to nothing in real time protection or
otherwise. You can find these results from Professionals and Experts
anywhere on the Internet - and try typing in the title and type
"review" after it. I would trust the posted results of these people
rather than clowns and forum trolls and newbies and novices and
uninformed forum owners and actual cybercriminals trying to keep
people in the dark and unprotected.

The ANSWER: The ONLY program I have seen that would help you is the
Trend Micro Antispyware software program that has the feature to trace
back to the source of infection. When there is an infection it gives
you the ability to click the trace back feature which will present you
with the results which may include a website visited, or program
opened and running, or email, or other. This is not direct and most
likely for legal reasons - but it gives you your exact results of what
you were exactly doing when the infection occurred and is the only
program I have seen that does that. It is then up to you as the User/
Operator to inspect things presented. Was it a suspicious dark side
website visited in the dark side of the internet ? Did you open a spam
or suspicious email ? Was there some program you just launched that
may be infected - was it some free program and not a standard software
- and when was the last time you did a full scan by both antivirus and
antispyware ? .... this is what you examine from the results presented
to you.

Like I said, if you wish to take a mature approach to malware - you
are going to have to start with a mature antispyware software program.
Please take a look at this snapshot of a real antispyware program that
protects in real time with Active Shields:

Webroot Spysweeper Active Shields - Screenshot:
http://bluecollarpc.net/coppermine-p...apshotCopy.jpg

Not all antispyware programs have Active Shields. The only ones worth
mentioning are the ones that works as expected and advertised that
include Webroot and Trend Micro and also the free Microsoft Windows
Defender has active shields and protects in real time.

Your Spybot S and D is not an antispyware software program. It is a
mish mash of crap that can damge your computer. Please uninstall it
now or do any of these free scans if you think it is protecting you in
any manner whatsoever:

Webroot Spy Audit (Top Recommended) http://www.webroot.com/services/spyaudit_03.htm
Trend Micro AntiSpyware Scan Free Scan
http://www.trendmicro.com/spyware-scan/
Pest Patrol Free Spyscan
http://www.pestpatrol.com/

Will you join us in finally putting to rest the myth and conspiracy
that Spybot Search and Destroy is even worth the time to download it
for a free look ?

RECOMMENDED: Free stuff does not protect your machine. Only paid
subscription software activates real time protection in antivirus and
antispyware. The only exception to this is the free Microsoft Windows
Defender. Please trade in the Spybot S & D piece of crap now by
uninstalling it and installing Windows Defender which also has free
defintions updates for life and does full scans of the computer for
infections. It sounds like you refuse to spend money - and don't be an
idiot. You will only get what you pay for - meaning what did you
expect for free in a multi billion dollar security software world, are
you kidding ?

But you can add the free Ad-Aware program:
Ad-Aware [working-freeware, personal use - and premium version]
http://www.lavasoftusa.com/software/adaware/

The point is that Webroot and Trend Micro have consistently been rated
in the top three with CounterSpy for years now in all tests across the
internet. The best of the free programs - and Lavasoft Ad-Aware is one
- are only rated at about 80 to 85 percent detection protection
whereas the top paid programs are rated at 95 to 99 percent detection
defense. I hate to even mention the name Spybot S&D - but it is only
rated at 55 percent in what it pretends to do. So in other words - for
free - Ad-Aware is going to detect up to at least three times as many
infections and it is insulting to place this actual real antispyware
program next to whatever Spybot S&D thinks or says it is - as the free
Ad-Aware program is a real antispyware program designed to detect
adware and spyware and associated malware threats which Spybot has no
ability to perform - as it is NOT anantispyware program.

These people HAVE to be stopped from promoting crap that doesn't work
as a security solution...

Webmaster of the www.BlueCollarPC.Net and .Org
Spyware Removal and Computing Safety
Groups and Lists Owner

[Gerald309]

On May 30, 9:56 am, Gerald309 <gerald...@gmail.com> wrote:
> On May 29, 11:36 am, Jeromin <joan...@yahoo.com> wrote:
>
> > how can I know the websites causing the spyware that gets detected by
> > spybot everyday ? I get about 14/16 different ones every day even
> > restricting myself to the websites that used to give me no trouble
> > only months ago (newspapers, my web mail, my bank and a few more).
>
> > J
>
> ==============================/ Hello Jero...
>
> Confusing post here because your subject line reads as. "how to trace
> the source of spyware " .... but in the body apparently you mean how
> and why are websites considered "malicious content websites".
>
> To trace the source of malware from the web to your computer or from
> the internet connection in general to your computer would take a
> forensics expert in real world.
>
> Some of the malicious content websites have some of the following
> malware items that jump out at you (drive-by installations): web bugs,
> web beacons, scumware. And then there are the worst threats including
> trojans and virsuses and drive by spyware installs that can infect the
> computer by visiting an infected website - whether that is intentional
> or not by the webmaster.
>
> Since it sounds like you are in a mature approach to infection - you
> may want to get mature protection. Spybot Search and Destroy has
> continually been rated as one of the worst defenses chronically for
> years now - providing next to nothing in real time protection or
> otherwise. You can find these results from Professionals and Experts
> anywhere on the Internet - and try typing in the title and type
> "review" after it. I would trust the posted results of these people
> rather than clowns and forum trolls and newbies and novices and
> uninformed forum owners and actual cybercriminals trying to keep
> people in the dark and unprotected.
>
> The ANSWER: The ONLY program I have seen that would help you is the
> Trend Micro Antispyware software program that has the feature to trace
> back to the source of infection. When there is an infection it gives
> you the ability to click the trace back feature which will present you
> with the results which may include a website visited, or program
> opened and running, or email, or other. This is not direct and most
> likely for legal reasons - but it gives you your exact results of what
> you were exactly doing when the infection occurred and is the only
> program I have seen that does that. It is then up to you as the User/
> Operator to inspect things presented. Was it a suspicious dark side
> website visited in the dark side of the internet ? Did you open a spam
> or suspicious email ? Was there some program you just launched that
> may be infected - was it some free program and not a standard software
> - and when was the last time you did a full scan by both antivirus and
> antispyware ? .... this is what you examine from the results presented
> to you.
>
> Like I said, if you wish to take a mature approach to malware - you
> are going to have to start with a mature antispyware software program.
> Please take a look at this snapshot of a real antispyware program that
> protects in real time with Active Shields:
>
> Webroot Spysweeper Active Shields - Screenshot:http://bluecollarpc.net/coppermine-p...cs/10001/Webro...
>
> Not all antispyware programs have Active Shields. The only ones worth
> mentioning are the ones that works as expected and advertised that
> include Webroot and Trend Micro and also the free Microsoft Windows
> Defender has active shields and protects in real time.
>
> Your Spybot S and D is not an antispyware software program. It is a
> mish mash of crap that can damge your computer. Please uninstall it
> now or do any of these free scans if you think it is protecting you in
> any manner whatsoever:
>
> Webroot Spy Audit (Top Recommended)http://www.webroot.com/services/spyaudit_03.htm
> Trend Micro AntiSpyware Scan Free Scanhttp://www.trendmicro.com/spyware-scan/
> Pest Patrol Free Spyscanhttp://www.pestpatrol.com/
>
> Will you join us in finally putting to rest the myth and conspiracy
> that Spybot Search and Destroy is even worth the time to download it
> for a free look ?
>
> RECOMMENDED: Free stuff does not protect your machine. Only paid
> subscription software activates real time protection in antivirus and
> antispyware. The only exception to this is the free Microsoft Windows
> Defender. Please trade in the Spybot S & D piece of crap now by
> uninstalling it and installing Windows Defender which also has free
> defintions updates for life and does full scans of the computer for
> infections. It sounds like you refuse to spend money - and don't be an
> idiot. You will only get what you pay for - meaning what did you
> expect for free in a multi billion dollar security software world, are
> you kidding ?
>
> But you can add the free Ad-Aware program:
> Ad-Aware [working-freeware, personal use - and premium version]http://www.lavasoftusa.com/software/adaware/
>
> The point is that Webroot and Trend Micro have consistently been rated
> in the top three with CounterSpy for years now in all tests across the
> internet. The best of the free programs - and Lavasoft Ad-Aware is one
> - are only rated at about 80 to 85 percent detection protection
> whereas the top paid programs are rated at 95 to 99 percent detection
> defense. I hate to even mention the name Spybot S&D - but it is only
> rated at 55 percent in what it pretends to do. So in other words - for
> free - Ad-Aware is going to detect up to at least three times as many
> infections and it is insulting to place this actual real antispyware
> program next to whatever Spybot S&D thinks or says it is - as the free
> Ad-Aware program is a real antispyware program designed to detect
> adware and spyware and associated malware threats which Spybot has no
> ability to perform - as it is NOT anantispyware program.
>
> These people HAVE to be stopped from promoting crap that doesn't work
> as a security solution...
>
> Webmaster of thewww.BlueCollarPC.Netand .Org
> Spyware Removal and Computing Safety
> Groups and Lists Owner

===========================/
Another solution is Site Advisor or similar well rated program that
has a color code of Green Yellow Red in search results and real time
warnings. Of a suspected website or whatever Spbot crap is telling you
- you search the domain at Google. How ?

Let's say you bank at Bank123.Com. Type that ONLY into the search box
at Google with Site Advisor installed - do not type in the http:// www
etc. - just type in the Domain Name. In the results you will se the
name of this webiste in the color code. If it is in Green - like I
said then just dump Spybot S&D which may be writing into your Windows
Registry which will prevent any financial interaction at your known
sites - as you said "my bank and a few more).". If your site came back
as highlighted in Red - then it meant that it is a malicious content
website that will install malware if you visit it or have links to
websites that do and you may get redirected to them in a hijacking.

Let me get up front with you because there is no other way to say this
except quite bluntly and quite directly to reach the person with the
information about security - - - and that is that from your statement
"my bank and a few more)." you are a complete fool's fool if you are
doing financial transactions without paid firewall, antivirus, and
antispyware installed and running 24/7 - period !!! It sounds like you
don't even have antivirus or a firewall. This is complete suicide on
the Internet and please wake up by simply reading through current news
stories and horror stories of the unprotected getting ripped off big
time. In fact I have a snippet right here right now you can read -
that if you don't get protected you are most likely going to be a part
of:

Why is the BlueCollarPC Online ? (Read This)
http://tech.groups.yahoo.com/group/b...s/message/1029
Why is the BlueCollarPC Online ? (Read This)
'How green is your valley?'... excerpt -

THE WASHINGTON TIMES
May 29, 2007
http://www.washingtontimes.com/business/20070528-100019-6894r.htm<http://www.was\
hingtontimes.com/business/20070528-100019-6894r.htm>
excerpt -
"The overall cost of identity theft has fallen 12 percent, from $55.7
billion in
2005 to $49.3 billion last year, but the percentage of fraud committed
over the
Internet has doubled in that time, according to data compiled by
Javelin
Strategy and Research. ....
Losses from phishing attacks have skyrocketed. In 2006, phishing-
related losses
were $2.8 billion -- compared with just $137 million in 2004,
according to a
2006 Gartner Research study...."

(This is why BlueCollarPC is here... without security, you are about
to ripped
off for about $50 Billion Dollars in year 2007. 'A fool and his money
are soon
parted')

GET PROTECTED OR GET RIPPED !!!

[Jeromin]

Thanks for the answer Gerald! I was looking for a blunt, honest
answer, actually.

I normally do have adaware, I just had done a clean instal and hadn't
got around installing it yet. I also have firewall and anti virus,
but they're free: Comodo and Avast. Any good? I scan my hard disk
several times a week, BTW. I also should mention I got less spyware
after disabling java from Firefox (after posting the initial message).

As for opening attachments, only pics and powerpoints my friends send
me. I'n not too interested on the dark side of the net either. My
neighbourhood's dark enough as it is.

So In summary:

Uninstall Sbybot

Spend money on

Trend Micro antispyware
Webroot

For free

Microsoft Windows Defender

You say they have active shield. Does this mean they cannot be run
simultaneously? Maybe one active and the other for scans only?

What antivirus and firewall would you recommend? I had a bad
experience with Norton slowing down my pc, don't know if they've
improved on that.

Also what registry software do you recommend? I have...a free one! )
Eusing. Any good? I have Windows XP SP2 on an PIII, BTW.

Thanks in advance for any help

Jeromin

[Gerald309]

On May 31, 8:33 am, Jeromin <joan...@yahoo.com> wrote:
> Thanks for the answer Gerald! I was looking for a blunt, honest
> answer, actually.
>
> I normally do have adaware, I just had done a clean instal and hadn't
> got around installing it yet. I also have firewall and anti virus,
> but they're free: Comodo and Avast. Any good? I scan my hard disk
> several times a week, BTW. I also should mention I got less spyware
> after disabling java from Firefox (after posting the initial message).
>
> As for opening attachments, only pics and powerpoints my friends send
> me. I'n not too interested on the dark side of the net either. My
> neighbourhood's dark enough as it is.
>
> So In summary:
>
> Uninstall Sbybot
>
> Spend money on
>
> Trend Micro antispyware
> Webroot
>
> For free
>
> Microsoft Windows Defender
>
> You say they have active shield. Does this mean they cannot be run
> simultaneously? Maybe one active and the other for scans only?
>
> What antivirus and firewall would you recommend? I had a bad
> experience with Norton slowing down my pc, don't know if they've
> improved on that.
>
> Also what registry software do you recommend? I have...a free one! )
> Eusing. Any good? I have Windows XP SP2 on an PIII, BTW.
>
> Thanks in advance for any help
>
> Jeromin

===========================================/.
hello again .... A side note is that you can get into 'packet
sniffing' which is kind of like viewing communications between your
computer and wherever you are on the internet. The bottom line is this
area is more or less called forensics as far as tracking down what and
where an infection came from to re-answer "how to trace the source of
spyware". You will have to learn how to read code and scripts and a
lot more. This is why I posted that about Trend Micro Antispyware - it
does have the feature, but everything is simplified for the average
user.

As far as the Shields in antispyware programs - they are sort of just
like a firewall guarding all the areas that they do. The top ones use,
and are known for, "heuristics" just like antivirus - which is
technology able to identify the behavior of malware in real time and
block it from installing. Webroot Spysweeper and Trend Micro
Antispyware and the Microsoft Windows Defender all have these.

This is what is protecting you in real time - and will block 90 to 99
percent of malware. Anything that slips by is picked up in the system
scan. You always keep defintions up to date before scanning so that
you have the latest scanning capability for the maximum amount of
known threats. These - the defintions - are more or less programmer
language instructions to delete an installation - the specific files
and registry entries known and made by known threats - all in an
instant.

So again to answer your question, everything runs together just fine.
The Active Shields are always on even when not connected to the
internet - and you can perform scans all the time - there is no
interference whatsoever.

Firewalls ? One of the best was the older Norton 2004-5 Personal
Firewall. I don't know if that is available anymore because of suite
packages they all put together now. I really like the McAfee Personal
Firewall I am using now. It is a complete "set and forget" no brainer.
Zone Alarm products are problems, I don't recommend them long story
short. CA (Computer Associates) Personal Firewall is based on Zone
Alarm or vice-versa and works pretty good. The bottom line is that a
free firewall is all that is necessary generally and protects just
fine - but not the Windows XP Firewall. There is a big mistake there
that people think this is a real firewall - it is not. It is a very,
very limited firewall designed to block the worst hacker attempts only
and was shipped out in Service Pack 2 I believe it was. It does not
protect the computer as a normal firewall. Hard to beat that into new
people's heads - they think you are just goading them to buy stuff.
Not true. The flip side to the free firewall is getting a paid
subscription firewall. This enables defintions that include Trusted
Appliacations List and sometimes some special blocking of trojans or
worms definitions and others. But the feature added in best paid
firewalls is the real time shredders of personal information if you
transact over the internet (buy stuff / pay stuff). They have a
special ID Protection section that allows you to add email addresses
and last 5 digits of any account numbers that will shred this in real
time - as you transact - so that any leaks of this information
whatsoever are cyberdust in the hands of any criminal. This is
strongly recommended if you do bill-pay for example. Most of the top
brands now have this shredding technology feature. Check first if
buying.

An old great and loved free firewall is the Sygate Personl Firewall -
free. This has now been acquired by Norton which angered many, many
people. Search for it and keep it forever if you can. For any reason
the normal firewall fails or you are uninstalling it to get another
one and son - you can just activate the Sygate and you are still
protected to download a new one. What is the point of all this ? With
all the cybercrime they constantly ping everyone's PC's practically
along with all sorts of softwares and businesses doing all sorts of
pings for product informations like what is used where by who and so
on. This is called internet noise or unsolicited noise. But it is the
criminals pinging that can tell what system you have like Windows 98
or Windows XP SP1 or SP2 and processor speed and so on. So the idea is
that once you are turned onto what firewalls blcok and you install one
and are now suddenly invisible - it is like a radar blip disappear. So
after this you never want to let them ping you again for this
information. In the short five minutes of uninstalling a firewall and
rebooting and installing a new one - in those five minutes you can get
up to hundreds and thousands of ping hits. You learn you just don't
let them ping you once. Because they can get your IP Number and then
they can find out your email address and then you are on their crap
list of spam for the next three years. This is why people are very,
very angry and preach security - along with actually getting ripped
off in an Identity Theft.

Anitvirus... I always was a Norton Die-hard which was okay but they
are the worst on resources. From everything I have seen now the best
is Kapersky in all tests and people I have spoke to. It actually has
defintion updates hourly and is what I am switching to for a year to
try it out. I left Norton for the pay Grisoft AVG antivirus which is
right up there with Kapersky. NOD32 is also a top rated one. Best to
type in their name in Google and then "review" right behind the name
and Search. You will get professional and expert reviews of the
products. Check out at least five reviews so you know someone isn't
plugging someone for an extra buck.

Do a Registry Cleaner review... here is the best I have seen at
Uniblue:
http://www.liutilities.com/products/.../comparisions/

I used to use the older Iomatic Registry Medic which never gave a
false positive and had its own inboard antivirus protecting it to
allow removal of threats past their attacks to block the Administor
access to the Windows Registry. On a scale of one star to five - I
gave it 6. They changed their interface and I did not get enough time
on the trial period to check it out. Most of them are not showing the
results. Iomatic always did. Also you could dopuble-click the item and
it would automatically open to it in the Windows Registry.

One thing is you NEVER delete ANYTHING in the Windows Registry unless
you know what it is and why. This is the problem nowadays - as I tried
a lot of free trialwares and they do not allow viewing the key and
they don't include automatically opening the item in the Registry.
Therefore they are unusable. I don't know of anyone who trusts any
registry cleaner to blindly delete everything it thinks is an orphan
or left over of an uninstalled program and so on.

Because of this I use the freeware RegSeeker which is the best in the
world as consistently finding ten percent more safe deletions than
anything for sale. It is just that true. You run any registry cleaner
and delete nothing. Then run RegSeeker - and it will find 10 to 25
percent more items that are orphans safe for deletion. Incredible. It
gives the most information of all items. It allows double-click of any
item that automatically opens to it in the Registry (allows double
checking item and location as safe for deletion). And it has complete
back up for any deletions that simply restore safely by a double click
of it in the back up folder. NEVER had a problem with RegSeeker and is
the best in the world - and as a mind boggler it is freeware, real
freeware license without any ads and is not bundled with adware. The
fellow that created it is from France and I guess he was so proud he
just made it a gift to the world of computer users/owners.

RegSeeker [working-freeware] (One of world's best registry cleaners)
http://www.snapfiles.com/get/regseeker.html

DEFINATELY get this and use it:

a-squared trojan remover (Free Working Version for life and Proactive
Premium Version)
http://www.emsisoft.com/en/software/free/
a-squared (a-squared) is a complementary product to antivirus software
and desktop firewalls on MS Windows computers. Antivirus software
specializes in detecting classic viruses. Many available products have
weaknesses in detecting other malicious software (Malware) like
Trojans, Dialers, Worms and Spyware (Adware). a-squared fills the gap
that malware writers exploit. Automatic updates: In a-squared Free the
updater must be run manually. The auto-update feature of a-squared
Personal checks hourly for new available updates and installs them
automatically. a-squared Free is freeware! You can download and use it
completely for free. You are also allowed to distribute it to third
parties. To be able to use it, you only must set up a free a-squared
Account, to get access to the update server. (Note you register by
simple sign up to activate definitions downloads free).

Stop into my site for a lot of information and since it is community -
I have added as much tried and true free utility softwares as
possible. Ones everyone uses and has not had a bad word for them in
years's time.

Webmaster: www.BlueCollarPC.Net