StarDestroyer.Net BBS

This weekend I may have to help a friend clean out her box of spyware infestation (plus I might switch her over to FireFox). However, it has been awhile since I've had to do this.

Currently, my flash drive holds the latest versions of: AdAware, Spybot S&D, HijackThis! and VX2Finder. Does anyone have suggestions on other tools I might cram on it?

Suggestions about switching her to Linux or MacOS would be most unappreciated. She may also need to use IE for some reason, so advice on how to lock that thing down would also be appreciated so that she doesn't have to deal with this in the future.

If she runs XP, I might put XP SP2 on her box if it isn't already there but her connection is rather slow and I'd rather not end up having to reinstall half her drivers to get functionality back.

I'd also get microsoft's little ad-aware killer acutally, it picks up a few things here and there the others miss.

Here are some suggestions if you missed it. The links are easy to miss. Have fun, I don't envy you.

In addition to what you have listed; Microsoft Anti-spyware and SpywareBlaster.

My account is an administrator, but I use the utility DropMyRights to strip the Administrator token out of my account token when running Internet Explorer, Outlook & mIRC. It is not even posible to put that token back in from within those running programs.

To use this with IE, I create a shortcut pointing to "C:\Program Files\DropMyRights\DropMyRights.exe" "C:\Program Files\Internet Explorer\IEXPLORE.EXE", and change the shortcut icon to point to IEXPLORE.EXE, and set it to run minimized (DropMyRights is a console app, running it minimized prevents the console windows from flashing on the screen briefly)

This is critical for sucessfully hardening any internet face programs.

Installing XP Sp2 is a must, use the network install from here(burn it onto a CD!), and run Windows Updates(Only 18mb of patches to DL from a WinXP sp2 install) and set it to auto-DL & install!

You shouldnt have problems with drives from the transition from Windows Xp sp1 -> sp2, unless its some really dodgy crap. And windows updates can detect known good drives for hardware which has some drivers installed.

phongn wrote:This weekend I may have to help a friend clean out her box of spyware infestation (plus I might switch her over to FireFox). However, it has been awhile since I've had to do this.

Currently, my flash drive holds the latest versions of: AdAware, Spybot S&D, HijackThis! and VX2Finder. Does anyone have suggestions on other tools I might cram on it?

Suggestions about switching her to Linux or MacOS would be most unappreciated. She may also need to use IE for some reason, so advice on how to lock that thing down would also be appreciated so that she doesn't have to deal with this in the future.

If she runs XP, I might put XP SP2 on her box if it isn't already there but her connection is rather slow and I'd rather not end up having to reinstall half her drivers to get functionality back.

Switch to-
oh. Dang

Personally, I use AVG for viruses and Adaware for spyware and adware.

I carry around the Trinity Rescue Kit and of course Knoppix on CD for situations where a Wintel box is unbootable. TRK in particular has an NT password resetting program that allows you to reset the password of any account on a NT/2k/XP/2k3 system, regardless of what file system it runs. It also includes a number of other useful utilities.

As for my flash drive, I also keep the latest version of AVG AntiVirus Free (with an install code) and Firefox for doing any websearching / downloading once I'm working on the machine. You can either have the actual Firefox folder on the flash drive, or you can have the installer. Either one works (in the former, you can actually run Firefox off the drive).

CWShredder is, of course, a must as well. Pity that it's been purchased and is now in the hands of a commercial interest company, but at least they still leave it available for free (for now anyway).

phongn wrote:She may also need to use IE for some reason, so advice on how to lock that thing down would also be appreciated so that she doesn't have to deal with this in the future.

Unfortunately, I think all of us need to use IE at some point in time. . . If spyware blaster does what it is supposed to she shouldn't have to worry too much. No matter how computer deficient she may be, I'm sure that she can just run spyware after using IE. This has worked for me. . .and considering the problems I have had with my computers and me not being overly computer adept. . . it should work for her. Though I don't see why you are worried bc switching to Firefox is easier than Netscape (not as in better program wise, but closer user interface wise)

Okay gona list my tools

First of those all shold have and know of and have

Spybot Search & Destroy

MS Anti Spyware

Spyware Blaster

HJT

Now for those somwhat more uncommon.

TDS-3 A shareware anti Trojan application

IESPYAD Blacklists a loads of sites and puts them into the restricted sites on MSIE

MVPS Modifies the HOSTS file for shitware and ads to 127.0.0.1

A new tool I just started testing

RootkitRevealer use with care all it detects is NOT a danger.

Sounds good, though I'm not sure how well Drop My Rights will work for her.

As for XP SP2, well, when I updated another friend's box it bluescreened thanks to NAV, meaning I had to roll back, uninstall NAV, install SP2 and then install the universty-sanctioned McAfee AV. The USB drivers also went lost in the transition.

I'll be sure to grab SpywareBlaster and RootkitRevealer (Sysinternals, how I love thee ... )

phongn wrote:Sounds good, though I'm not sure how well Drop My Rights will work for her.

Setting up DropMyRights takes a little fiddling, but using it is damn simple. Just double click on the icon. The only downsides is the personalized favorites doesnt work properly for IE (not that I care much about this), you can copy& paste between applications with the full user token and the restricted one and everything works as expected. Only downside is the brief flicker on the taskbar of the Console application appearing and dropping out.

That could be solved by recompiling the application (the source is public domain IIRC) to remove the consoleness of it, but you would need a copy of the Windows XP SDK.

Not having the browser/mail running as a full administrator will prevent any of the really nasty stuff from compromising the entire computer. Cleaning up a single profile is much easier than trying to remove rootkits & such.

As for XP SP2, well, when I updated another friend's box it bluescreened thanks to NAV, meaning I had to roll back, uninstall NAV, install SP2 and then install the universty-sanctioned McAfee AV. The USB drivers also went lost in the transition.

NAV sucks something horrible, it taints any computer it touches. Bluescreening during the installing Sp2 is probably what nuked the USB drivers, Not Sp2 itself.

I'll be sure to grab SpywareBlaster and RootkitRevealer (Sysinternals, how I love thee ... )

Nice! I missed that one.

when I can find my drive again...

I take Spybot S&D, Ad-aware, Hijack This, that proggie that has CWS shredder.

I carry a windows disk with drivers, SP2 for both hebrew and english.
I also take Knoppix, and for a last resort, Windows XP SP2 privetly burned.

Grab the free trial of Spysweeper, too. I've had good luck adding that to the mix. Course automated tools only go but so far, then the real fun begins.

None. I backed up and nuked everything or just let it rot until it became intolerable when I was still using Windows.

The only box currently running Windows (NT4 SP3- too lazy to upgrade to SP6) has never been infected, but getting Firefox and stuff to work is a PITA due to obsolete DLLs.