IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Security Forum / Have you tried Spybot Search & Destroy?
Post #68,533
by Another Scott
12/12/02 11:07:12 PM
12/12/02 11:09:35 PM
Reply
New Have you tried Spybot Search & Destroy?
It seems to be pretty powerful and has found lots of stuff on a few of my Windows (9x and 2k) machines. It also checks the registry for lots of nasty stuff that can go on behind your back.

I investigated tools like this because I was having trouble with my dial-on-demand internet connection staying off when I hung up...

[link|http://security.kolla.de/|Spybot Search and Destroy]. Freeware with a $5 donation requested.

It may not help your blocking problem, but might help your mysterious access problems.

Good luck!

[Edit - lost replaced by lots]

Cheers,
Scott.
Expand Edited by Another Scott Dec. 12, 2002, 11:09:35 PM EST
Expand All History
Post #68,560
by dmarker
Picture of dmarker
12/13/02 12:43:48 AM
Reply
New Re: Downloaded & will try - looks good

What that site brought to mind is that these A & B programs may be merely spy bots rather than related to the blocking that is happening.

The Internet has become so complex that at times one can think one kind of intrusion is actually something that it isn't.

The computer in question has nothin confidential on it so I am not excessively worried about damage. My deep concern is to be able to figure out what is being done & how it got onboard (assuming athere are intrusive programs operating).

I used to rely on netstat -a -n | more to look for suspicious connections but these aren't showing up (as best as I can tell).

Cheers

Doug
Post #68,562
by dmarker
Picture of dmarker
12/13/02 12:58:43 AM
Reply
New Re: Interesting results

Have just run on my work notebook Win2K based & it as expected identified stacks of hit box cookies but it also highlighted

C:\\Program Files\\Adobe\\Acrobat 5.0\\AVGeneral\\cRecentFiles\\c1
and 4 more like it - interestingly this is near to the same dir path that the mysterious A & B programs are listed in my home PC by ZoneAlarmPro.
(D:\\Program Files\\Adobe\\Acrobat 5.0\\A)

Is it possible that Adobe monitors what PDF files we download ?

The A program listed by ZA Pro is listed as having 0 length & as mentioned, is not there when I look. An earlier post here showed how dummy entries can be made & done in a way they can't be seen & can't be deleted. I assume they can be executed though.

Doug Marker
Post #68,564
by Another Scott
12/13/02 1:14:50 AM
Reply
New Most of the found items are just information.
When I had problems with things sending out information over the internet, SBS&D found them and put them at the top of the list with checkmarks in the boxes.

The Adobe stuff and similar found items are just lists of files that were recently loaded into Acrobat and the like. They're history lists generally. If you're worried about people looking to see what you've been doing on your PC, they're good to remove. But I'm not so I haven't. :-) None of the information is sent back to Adobe (AFAIK).

More information about the files found can be examined by highlighting them (click) then click the "Description of this product" button at the bottom (or alternatively right clicking on it and selecting the same).

HTH.

Cheers,
Scott.
Post #68,639
by tseliot
Picture of tseliot
12/13/02 11:21:30 AM
Reply
New Re: Doug's strange new fascination with Re:
*cough* we already know it's the Subject. Can't say I've ever seen someone Re: and then invent a new subject.
Many fears are born of stupidity and ignorance -
Which you should be feeding with rumour and generalisation.
BOfH, 2002 "Episode" 10
Post #68,652
by hnick
12/13/02 12:03:07 PM
Reply
New Not new by any stretch of imagination...
Post #68,836
by dmarker
Picture of dmarker
12/14/02 12:05:55 AM
12/14/02 12:07:34 AM
Reply
New Re: Have you tried Spybot Search & Destroy?
Ran the pgm at home but it didn't seem to locate anything nefarious.

It did bring home though how Win + many new prods, all leave easy to access logs of all activity down to wiping your nose. Spybot points out that this is only a problem if someone else has access to it which can be over the net if they can establish a path.

I have decide & am in the midst of a complete rebuild

1) RH8 on SCSI disk using GRUB dual boot
2) Win2K Clean install
3) Virtual PC under Win2K with a base Win2K VPC which I will use to access email & do downloads in the expectation I will have an isolated system & can replace it with a base disk image anytime.

The main machine can then be used for all the other stuff I want to use it for

Cheers

Doug Marker

Just wanted to add that an earlier attempt to post this item was blocked. After my clean re-install this same post was no blocked.
Am hoping I have isolated the way they idenify me.
Expand Edited by dmarker Dec. 14, 2002, 12:07:34 AM EST
Expand All History
     Seeking serious opinions - advice - (dmarker) - (29) - Dec. 11, 2002, 03:54:24 AM EST
         Perhaps some separation of duties. - (static) - Dec. 11, 2002, 04:48:56 AM EST
         is the win2k installed locally produced recently? - (boxley) - (1) - Dec. 11, 2002, 07:47:15 AM EST
             Re: iGood point Bill - go head to head - (dmarker) - Dec. 11, 2002, 07:54:44 AM EST
         Re: Is it possible to hide programs on someone computer - (dmarker) - (13) - Dec. 12, 2002, 02:55:31 AM EST
             Hidden directories? - (Ashton) - (3) - Dec. 12, 2002, 06:05:53 AM EST
                 Re: Hidden directories? - (dmarker) - (2) - Dec. 12, 2002, 08:02:16 AM EST
                     OT: About your PIC... - (folkert) - (1) - Dec. 12, 2002, 08:39:49 AM EST
                         Re: That Pic (grin) Miss HK 2000 - I used it - (dmarker) - Dec. 12, 2002, 09:23:02 PM EST
             you have been smacked - (boxley) - (1) - Dec. 12, 2002, 08:39:26 AM EST
                 Re: Hmmm that does it - will reinstall from scratch - (dmarker) - Dec. 12, 2002, 09:31:07 PM EST
             Forensics - (kmself) - Dec. 12, 2002, 10:07:02 PM EST
             Re: Is it possible to hide programs on someone computer - (deSitter) - (4) - Dec. 15, 2002, 03:06:06 AM EST
                 Hidden files & really hidden files ... - (dmarker) - (3) - Dec. 22, 2002, 09:37:34 PM EST
                     could you forward a copy of the virus to me? - (boxley) - Dec. 22, 2002, 10:10:08 PM EST
                     "Opening" attachments - (rickmoen) - Dec. 23, 2002, 12:14:22 AM EST
                     Obvious flaw - (rickmoen) - Dec. 22, 2002, 10:18:09 PM EST
             Hey Doug, - (jb4) - Dec. 23, 2002, 02:42:27 PM EST
         Goal? - (kmself) - (2) - Dec. 12, 2002, 10:50:35 PM EST
             Re: Goal? - At the moment is to figure out what thyz up 2 - (dmarker) - Dec. 13, 2002, 12:31:48 AM EST
             Why I bought a laptop - (rickmoen) - Dec. 13, 2002, 02:13:59 PM EST
         Have you tried Spybot Search & Destroy? - (Another Scott) - (6) - Dec. 12, 2002, 11:09:35 PM EST
             Re: Downloaded & will try - looks good - (dmarker) - Dec. 13, 2002, 12:43:48 AM EST
             Re: Interesting results - (dmarker) - (3) - Dec. 13, 2002, 12:58:43 AM EST
                 Most of the found items are just information. - (Another Scott) - Dec. 13, 2002, 01:14:50 AM EST
                 Re: Doug's strange new fascination with Re: - (tseliot) - (1) - Dec. 13, 2002, 11:21:30 AM EST
                     Not new by any stretch of imagination... -NT - (hnick) - Dec. 13, 2002, 12:03:07 PM EST
             Re: Have you tried Spybot Search & Destroy? - (dmarker) - Dec. 14, 2002, 12:07:34 AM EST
         Re: Seeking serious opinions - advice - (rickmoen) - Dec. 13, 2002, 04:37:29 AM EST
         FYI: XP & Zonealarm - holey shit - (kmself) - Dec. 15, 2002, 12:03:38 AM EST

You lucky bastard!
92 ms