Spyware/malware question

[DeaconTheVillain]

I have spybot search and destroy and run it pretty frequently. Lately, I have been hitting "fix selected problem" and then when I run it later, the same crap shows up again.

The stuff that is repeatedly showing up is:

MediaPlex

DoubleClick

FastClick

Again, I hit fix selected problems, spybot tells me its fixed and then they come up as problems when I run search and destroy again later.

Anyone know whats going on?

[The Evil Genius]

You probably need to make sure your computer isn't online when you nuke the malware.

If possible, boot in safe mode or make sure the computer isn't connected to the internet, run the program, fix the problem. Then reboot in safe mode, if possible.

[twa]

yep, though it could be regenerating from system restore files

malwarebytes might work better(run in safe mode as suggested)

[Enter Apotheosis]

Spybot has fallen out of favor with me, it doesn't really seem to have kept up with the times very well. Malwarebytes paired with decent anti-virus protection is probably the better solution.

That's not really relevant to the "problem". It looks like it's just showing you tracking cookies which you're likely picking up from the same website over and over again. Clear your browser cache and take a look at whatever in-browser privacy settings you have, they probably could use a tweak. If you're using IE... just give up now.

[Bang]

SuperAntiSpyware or Malwarebytes are my favorites for this.

~Bang

[DeaconTheVillain]

You probably need to make sure your computer isn't online when you nuke the malware.

If possible, boot in safe mode or make sure the computer isn't connected to the internet, run the program, fix the problem. Then reboot in safe mode, if possible.

I am always connected, so this may be an issue.

Thanks

---------- Post added February-20th-2013 at 05:59 PM ----------

I run malware bytes about once a week. First time I ran it it came up with 6 things and nuked em apparently. lap top seems to running smoother/faster

---------- Post added February-20th-2013 at 06:01 PM ----------

yep, though it could be regenerating from system restore files

malwarebytes might work better(run in safe mode as suggested)

I'll run malwarebytes and spyboth from safe mode.

I know before, about a few months ago, I had something that I could only get rid of it spybot was ran in safe mode.

[Larry]

OK, DoubleClick I know about. And I assume that the other two are similar.

Background/Tutorial.

A cookie is a file. When you visit a web page, that web page can download a cookie. Your computer will store the cookie on your hard drive. Then, when you visit another web site, your computer will send that cookie to the second site.

They're used for all kinds of things, on all kinds of web sites. Lots of web sites that require you to log into the web site (including ES) use cookies. Here's how:

• You visit, say, your credit card company's web site.
  
• They ask you for a user name and password. You provide it.
  
• They show you a screen that says "Thank you for logging in", and they send you a cookie.
  
• When you visit the "show me how much money I have in the bank" page, that page asks for your cookie. The cookie says "this person cleared security. His account number is 123456". Since you've been cleared, it shows you the information.

Actually, it's more complicated than that. If they simply sent you a cookie that says "He's cleared security, and his account number is 123456", then somebody could forge a cookie, and fool the computer into thinking they're you. Instead, when you clear security, it sends you like a "key number": A completely random number. Say, 8005551212, And the bank's computer keeps a note on

it's

hard drive, that says "Key number 8005551212 has been issued to a valid user, whose account number is 123456". But it's close.

Now, DoubleClick is a company that sells advertising on web pages. They've been around a long time. At least in the olden days, all kinds of big-name web pages used DoubleClick advertising, to turn their web pages into revenue.

A web page, say, the NFL, puts code at the top of every web page, that says "insert DoubleClick ad, here".

• You visit NFL.com.
  
• The web page says "Insert image from DoubleClick here".
  
• Your web browser sends a request to DoubleClick "Hey, send me a picture".
  
• DoubleClick sends back a picture. (Say, an ad for a Chevy pickup.)
  
• Your computer displays the NFL web page, with an ad for Chevy at the top of the page.
  
• DoubleClick counts how many times they've handed out that ad, and bills Chevy. And they count how many requests they get from NFL.com, and send them a fee.
  
• NFL gets a tenth of a penny, for showing an ad. And they didn't have to mess with finding customers and coding and keeping track of them and all that.

Now, for the system to work, DoubleClick has to know which ad it showed you. (Cause they get paid by the advertisers.) And which web page the ad went on. (Cause they have to know how much to pay the NFL.)

Then, DoubleClick decided to start attaching cookies to their ads.

A tracking cookie simply gives your computer a serial number. If your computer already has a tracking cookie, then the server simply reads it. If it doesn;t have a cookie, it generates a serial number, and gives you one.

What it does is, it allows DoubleClick to track what you do, online. (At any web page that uses DoubleClick.)

• You visit NFL.com. DoubleClick knows you like football.
  
• You visit NFL.com/redskins. DoubleClick knows you're a Redskins fan.
  
• You visit the weather.com page for Gainesville, Florida. DoubleClick knows that computer 12345678 is a Redskins fan who lives in Gainesville Florida.

Every time you visit any web page that has a DoubleClick ad on it, DoubleClick learns a little more about you.

Now, you can block this tracking, by telling your web browser not to accept cookies. But, if you do that, then every web page that uses cookies (which includes pretty much any web page where you have to log in.) stops working.

What anti-spyware software does, is it deletes the cookie.

Now, when it does that, then the next time you visit any web page that has a DoubleClick ad on it, DoubleClick will observe that your computer doesn't have a serial number, and it will assign you a new one.

But, DoubleClick has no way of knowing that this new computer that they just assigned a new serial number to, is the same computer that had this other number, yesterday.

What you do is, you make the data they collect a whole lot less useful.

----------

Short result:

You're going to keep getting cookies from DoubleClick. I think the NFL still uses them, for example. Every time you visit an NFL web page, you're going to get a cookie. (If you don't already have one.)

But, if you delete them regularly, then DoubleClick doesn't get anything useful from their tracking.

And, it really isn't much of a threat.

[DeaconTheVillain]

Wow. Thanks for the info, Larry.

I mean, I knew nothing was terrible wrong with my laptop (although) there were a few times it would shut off all of the sudden and a few times it would have problems starting. SInce I ran malwarebytes, I haven't had any problems and I think the internet is running noticeably better.

Another thing I notice, say im reading the fourms some words will be underlined. Say someone says "I'm going on vacation" Well the word vaction (just an example) will be underlined and if I run the cursor over it there is an ad for a trip to Maccau or whatever. Not sure what that is. Again, none of this seems major, but I just want to keep my system away from damaging threats as much as possible.

[Larry]

Another thing I notice, say im reading the fourms some words will be underlined. Say someone says "I'm going on vacation" Well the word vaction (just an example) will be underlined and if I run the cursor over it there is an ad for a trip to Maccau or whatever. Not sure what that is. Again, none of this seems major, but I just want to keep my system away from damaging threats as much as possible.

Then you have some kind of, well, at least "adware" installed on your system. Because ES isn't inserting those ads.

And, frankly, my opinion is that any software that inserts ads into your web browser, which I certainly assume was installed without your consent, I'm not willing to assume that it isn't doing more hostile things to your system. After all, if they respected your wishes, they wouldn't have tricked you into installing it in the first place.)

[twa]

sounds like this virus

http://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning/how-to-get-rid-of-text-enhance-virus/a93a380c-fe32-49e6-89b3-01d32fefa049

Text-Enhance Virus

not actually a virus....but I'd get rid of it

[DeaconTheVillain]

sounds like this virus

http://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning/how-to-get-rid-of-text-enhance-virus/a93a380c-fe32-49e6-89b3-01d32fefa049

Text-Enhance Virus

not actually a virus....but I'd get rid of it

Thanks, TWA

I went to the link and click opt out. Guess, i'll just wait and see.

---------- Post added February-20th-2013 at 09:06 PM ----------

Another reoccurring thought I have had:

Whoever programs these virus' and other harmful stuff that infects peoples cpu's must really be smart and also have no life at all. I picture some fat guy with thick glasses writing code to destroy peoples computer out of anger. Just hates the world and society. This must be the case right? Or maybe he wants to see how much damage he can do?

Or he (she?) is very cleaver and creates the damage and then sells the solution.

[757SeanTaylor21]

Last question hits the nail on the heads granted some people make viruses to screw ppl over.

[Symbol]

Another thing I notice, say im reading the fourms some words will be underlined. Say someone says "I'm going on vacation" Well the word vaction (just an example) will be underlined and if I run the cursor over it there is an ad for a trip to Maccau or whatever. Not sure what that is. Again, none of this seems major, but I just want to keep my system away from damaging threats as much as possible.

This was happening to me several months back. If you're using firefox then one of your addons might be causing it. I went through and deleted any addon that I had added from around the time it started, restarted firefox and the problem has not returned. Just one of those things that could be that simple to try.

[DeaconTheVillain]

This was happening to me several months back. If you're using firefox then one of your addons might be causing it. I went through and deleted any addon that I had added from around the time it started, restarted firefox and the problem has not returned. Just one of those things that could be that simple to try.

I do use firefox....Really should start using chrome. Thanks

[Larry]

Another reoccurring thought I have had:

Whoever programs these virus' and other harmful stuff that infects peoples cpu's must really be smart and also have no life at all. I picture some fat guy with thick glasses writing code to destroy peoples computer out of anger. Just hates the world and society. This must be the case right? Or maybe he wants to see how much damage he can do?

Or he (she?) is very cleaver and creates the damage and then sells the solution.

Actually, what I "know" (I said "know" in quotes, becausze it's mostly conclusions based on clues and evidence, rather than absolute certainty) about these kinds of things comes from fixing people's problems, 5-15 years ago.

But the impression I got is that a lot of the malware out there is commercially prepared. And, frankly, a big chunk of it is commercially distributed, often by large, reputable, companies in the business.

I will observe that I made my living performing warranty service on HP and Compaq computers. And that, at least years ago, if you bought a retail (as opposed to commercial) HP-Compaq system, it came with spyware and adware pre-installed in the computer, by HP. (And these weren't cases of "somehow we got invected". They were cases of "Weatherbug, one of the oldest and most well known pieces of spyware in the industry, one of the pioneers in the field, paid us a fee to install their spyware on your computer".)

And most of it isn't designed to be harmful. It's designed to either spy on you, or to deliver advertising to you (which the person who wrote the malware then gets paid for delivering to you.)

Sometimes it's even quasi-helpful. A lot of malware was designed to hunt down competitors malware, and get rid of it. (And the malware was deliberately designed to be difficult or impossible to remove.)

My personal opinion was that frankly, most of the performance issues associated with a lot of malware happened when you had two pieces of malware, fighting for control of your computer, and trying to delete each other.

(Out of all the things you can do with your computer, the most dangerous is trying to remove software. It's real easy to accidentally break something else. Me, I don't attempt it, myself.)

The people who wrote your text-enhance software aren't trying to damage your computer. They're trying to sell advertising on your computer.

----------

Which is not to say that they're ethical or anything like that. They will lie and cheat and defraud and do anything they can to get their hijacker into your computer.

But, they do want your computer to still work, after they get in. (If it doesn't, then they don't get paid.)