Is there a way to scan software for spyware

Discussion in 'Spyware' started by jmathias, Feb 25, 2005.

  1. jmathias

    jmathias Guest

    Is there a way to scan software for spyware before installing it?
    I downloaded a screen saver around Christmas, a Christmas saver.
    I never installed it and forgot about it. I was just cleaning out my
    harddrive and found it. I clicked on it and my whole computer went
    nuts. The thing is pure spyware and installed several directories
    under "program files". Even running the uninstaller wanted to take me
    to a website, but I ended that by going offline. There were popups
    all over my screen using IE, and I dont usually even use IE, I use
    Firefox. Everytime I tried to end a process, another thing popped up
    on my screen. It got to be such a mess, I finally shut off the
    computer and booted to dos. I found 3 new directories under program
    files, "cashbuddy", and I forgot the name of the others. Fortunately,
    it was pretty easy to remove, I just deleted those 3 dirs from Dos,
    started Windows and Hijackthis cleaned the crap in the registry. I
    also had to reset my homepage in IE.

    Anyhow, a .exe file can be scanned for viruses, but is there a way to
    scan for spyware BEFORE installing?

    One other thing, Is there a way to decompile a spyware .exe file like
    this to see just what it all did? I am saving it on a floppy just to
    see what can be done with it, and I'd like ot find the asshole that
    put that thing online and report them (somewhere).

    I do not recall the download site, but I am sure I can google it.

    Thanks

    Jerry
     
    jmathias, Feb 25, 2005
    #1
    1. Advertisements

  2. jmathias

    jopa66 Guest

    PestPatrol, Ad-Aware, a-squared - to name a few - all give you rightclick
    option to scan files or folders. I regularly do this with anything
    downloaded as well as scan with Norton.
     
    jopa66, Feb 26, 2005
    #2
    1. Advertisements

  3. jmathias

    jmathias Guest



    I have Ad-Aware 5.62 and I just ran it on that file and it did not
    find anything. I know the file is most definately spyware too. In
    fact I think thats all it is. I'll have to look for the other files
    you mentioned, but AdAware does not detect it.

    Thanks

    Jerry
     
    jmathias, Feb 26, 2005
    #3
  4. jmathias

    data64 Guest

    wrote in 4ax.com:
    Nope. I do not think there is a reliable way to scan an executable for
    spyware/adware properties like you might for virus.
    No (well maybe, not for the faint of heart). The standard process is to get a
    test system ( or a Vmware session of something) and turn on monitoring tools
    before running it. This would tell you what kind of registry keys are
    modified, what files are accessed and what processes were started.

    data64
     
    data64, Feb 26, 2005
    #4
  5. jmathias

    jopa66 Guest

    I have Ad-Aware 5.62.....

    This version is too old to be any benefit at all. Please update to the
    latest version. FREE for personal use. I am including a guide which contains
    links to various popular security tools available, as well as information
    which should help you to keep your system more secure. As for decompiling
    the spyware - there are also tools available to do this but, I have not
    covered these in the guide. At this time I prefer to defer on this issue.
    --
    ~john aka: jopa

    WARNING: If your PC is already infested with spyware/adware, resist the
    temptation to impulse buying of anti-spyware products that you see on the
    Net or receive as e-mail Spam. Vendors of "rogue/suspect" anti-spyware
    products advertise heavily via Google's "AdWords". And many are known to
    create problems or your machine just to try and sell you the way to "fix"
    it. There are a variety of anti-spyware products and web sites -- some
    reliable and trustworthy, some not.

    Instead, you can get help online from a corps of savvy volunteers who
    specialize in busting spyware.

    CAUTION!!! Some malware may kill your internet connection when you remove
    it. This program, LSPFIX, should enable you to regain your connection by
    correcting the errors in your registry. Before you try to remove spyware
    using any of the programs below, download a copy of LSPFIX and WINSOCKXPFIX
    from the following sites, just-in-case:
    http://www.cexx.org/lspfix.htm
    http://www.spychecker.com/program/winsockxpfix.html

    First:
    I suggest you read this informative tutorial:
    Dealing with Unwanted Spyware and Parasites
    http://mvps.org/winhelp2002/unwanted.htm

    And for expert online help, the following links are recommended:
    http://forums.spywareinfo.com/index.php OR
    http://www.spywarewarrior.com/ OR
    http://forum.aumha.org/

    The folks at these forums have a lot of experience in dealing with
    Hijackers/Spyware/Malware. There is no charge for the help and information
    available although donations are accepted. Be sure to read the guidelines,
    and following their instructions you will download a little program called
    HijackThis. Its purpose is simply to scan your computer and generate a LOG
    of everything that is running at that moment. It does not decide what is
    Good or Bad. That's what the experts at the forums will do. So *DO NOT* just
    arbitrarily start deleting what it finds.

    Next:
    To use these forums, set up an account and post your LOG there, not here.
    Someone will analyze it and let you know if anything is amuck and what you
    can do to fix it. In the event your chosen site is down -- go here for a
    list of other Security Analysis sites and/or forums: http://a-sap.org/


    <<<BACKUP>>> <<<BACKUP>>> <<<BACKUP>>>

    The FIRST and most important defense in any security program is protection
    of your DATA!! When any data gets lost through infection, human error or
    perhaps hard drive failure you are then able to restore the files by simply
    copying them back to your repaired system. Windows Restore will *not* save
    Emails, Address book, documents, photos, music, Favorites and/or Bookmarks,
    or anything else created by you using a program installed on the PC. Only
    you can determine what is too important to lose. Find a method that works
    for you, do a backup and test it to ensure you could recover. Try to
    automate the process as much as possible so the system does the work.



    ***Always follow safe Internet practices:***


    1. Keep your virus definitions up to date, and scan your system regularly.

    2. Keep your anti-spyware up to date, and scan your system regularly.

    NOTE: WindowsME/XP users should disable system restore prior to scanning.
    Run scans in SAFE Mode to ensure complete removal, then turn System Restore
    on again and create a new Restore Point.

    3. Don't open email, or download attachments from unrecognized email
    addresses.

    4. Be careful when downloading email attachments, EVEN FROM PEOPLE YOU KNOW!
    Many viruses, worms, and trojans infect a person's system then immediately
    spread themselves to the people in the infected person's address book via
    email attachments.

    5. Be careful downloading files from the Internet. Scan all downloaded files
    with a reliable UP-TO-DATE antivirus program. Scan "zip" files BEFORE
    unzipping, and scan all unzipped files BEFORE USING THEM.

    6. Keep your Windows and IE current with all the latest patches and updates.

    7. USE A FIREWALL.


    Scumware/Cr@pware - Removal & Protection Tools:

    BEWARE of Rogue/Suspect Anti-Spyware Products & Web Sites
    Many unscrupulous companies/individuals are trying to "cash-in" on people's
    need for anti-spyware products. Evidence to this effect is the sheer number
    of applications that are mere rip-offs of Spybot Search & Destroy or
    Ad-Aware (two of the most recognized and trusted anti-spyware apps on the
    Net). Proof of this can be found here:
    http://www.spywarewarrior.com/rogue_anti-spyware.htm
    http://www.spywarewarrior.com/family_resemblances.htm
    but,... the following list contains a number of (mostly) FREE programs that
    can be used to eliminate immediate threats as well as secure your system.


    CWShredder™ Version 2.1 (FREE) - stand-alone version
    Removes all variations of the spyware/hijacker "CoolWebSearch".
    This is the first line of defense whenever you suspect possible parasite
    infestation. Some current variations of CoolWebSearch block Ad-Aware and
    Spybot from catching everything.
    http://majorgeeks.com/download3019.html
    http://www.intermute.com/spysubtract/cwshredder_download.html


    Some variants of CoolWebSearch will close every browser window visiting many
    anti-spyware sites, anti-virus sites or even Windows Update. It will even
    close Spybot S&D and some other anti-spyware applications when you try to
    use them. To eliminate this threat, use CWS.SmartKiller Removal Utility:
    http://www.safer-networking.org/minifiles.html
    http://majorgeeks.com/download4113.html

    Spybot S&D (FREE)
    Removes hijackers, spyware, adware, usage tracks and more. Resident
    ""TeaTimer"" feature monitors crucial processes on your machine. It
    immediately detects known malicious processes wanting to start and
    terminates them. In addition, TeaTimer detects when something wants to
    change some critical registry keys. It can protect you against such changes
    giving you an option to "Allow" or "Deny" the change.
    http://www.safer-networking.org/en/index.html
    http://majorgeeks.com/download2471.html

    Ad-Aware (FREE) & Pro
    Protects against Data-mining, Ad-Ware, Parasites, Scumware, selected
    Trojans, Dialers, Malware, Browser hijackers, and tracking components.
    http://www.lavasoftusa.com/software/adaware/
    http://majorgeeks.com/download506.html

    a-squared (a²) (FREE) & Pro
    A complementary product to antivirus software and desktop firewalls. This
    scanner specifically targets and removes over 20,000 Trojans, Dialers, Worms
    and other dangerous programs used by attackers to spy on or damage your
    private data.
    http://www.emsisoft.com/en/software/free/

    HijackThis (FREE)
    As mentioned above -- USE WITH CAUTION -- Just scan your machine, then save
    & post the log to: Spywareinfo or other forum.
    http://majorgeeks.com/download3155.html
    http://www.tomcoyote.org/hjt/
    TUTORIAL: HJT http://www.pchell.com/support/hijackthistutorial.shtml

    SpywareBlaster 3.2 (FREE)
    Prevent spyware from installing in the first place! Prevent the installation
    of ActiveX-based spyware, adware, browser hijackers, dialers, and other
    potentially unwanted pests. Block spyware/tracking cookies in Internet
    Explorer and Mozilla/Firefox
    http://www.javacoolsoftware.com/spywareblaster.html
    http://majorgeeks.com/download2859.html

    McAfee Stinger (FREE)
    Stinger is a stand-alone utility used to detect and remove specific viruses.
    It is not a substitute for full anti-virus protection. Download a *fresh*
    copy each time you need it.
    http://vil.nai.com/vil/stinger/


    Check your browser settings here:
    http://www.jasons-toolbox.com/BrowserSecurity/
    A series of "tests" (and suggested fixes) to help tweak IE's settings to
    help prevent infections when surfing the web.


    Check security settings here:
    https://www.grc.com/x/ne.dll?bh0bkyd2
    http://www.pcflank.com/test.htm


    General computer check and tune-up
    PC Pitstop
    http://www.pcpitstop.com/


    If you need a good (FREE) antivirus:
    AVG
    http://free.grisoft.com/freeweb.php
    AVAST
    http://www.avast.com/eng/avast_4_home.html


    Online Virus Scanner:
    -you are wise to use one or more of these in conjunction with your own
    antivirus. Never install more than one AntiVirus or Firewall app on a single
    machine.

    Trendmicro
    http://housecall.trendmicro.com/

    BitDefender
    http://www.bitdefender.com/scan/licence.php

    RAV AntiVirus
    http://www.ravantivirus.com/scan/

    eTrust Antivirus
    http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

    Panda ActiveScan
    http://www.pandasoftware.com/activescan/com/activescan_principal.htm


    If you need a good (FREE) Firewall:
    ZoneAlarm (FREE) & Pro
    http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp
    Sygate Personal Firewall(FREE) & Pro
    http://smb.sygate.com/free/spf_download.php



    This may sound like a lot of work and it is. But, if you follow this
    outline, you'll learn a whole lot in the process and have a much more secure
    computer.
     
    jopa66, Feb 26, 2005
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.