Why do we still get spyware?

[el_omega]

This is a question I hope many of you have asked.
When I run spybot it would still find the following spyware : avenue inc.; hitbox; downloadware; savenow; bfast; alexa
That won't happen usually but I just noticed in a scan I did a day ago that the famous savenow and bfast were found.
How could that be possible?
Where do these spyware come from?
How do you get rid of them for once and for all?

[el_omega]

The only app. I use for file sharing are:
Kazaa ++2.0.2; Winmx; DC++; and I have gotten rid of iMesh clean version.
I have my doubts about iMesh maybe my spyware came from it.
But I unistalled it a few days ago. And I should not be having these spyware installed in my pc. I keep spybot up to date and really like it but how can you kill a spyware and never have it reappear in your system?

[Wings_of_Azrael]

I reckon they're cookies you get from the web. You could use AnalogX's Cookie Wall to block them. Or you could use Mozilla which has a cookie filter built in.

Get Cookie Wall here: http://www.analogx.com/contents/down...ork/cookie.htm

Get Mozilla here: http://mozilla.org/

[phalkon30]

Avenue Inc is the cookie used by ZP, its what blocks the ads when you log in

Alexa is a broswer highjacker (or a toolbar, whatever you want to call it), maybe you clicked the "Allways trust content from ..." box for that company a while ago?

Savenow is a registry hack, not sure how you got that...

Never heard of Bfast

Downloadware is something you have to download and install, it gives you acess to "new downloads" (yet there is no real way to see these downloads), its not harmful in itself, but the bundled software that comes with is, it can download dialers (kill your ISP connection, and use their own, which tend to be pricey)

Have you had these before? its possible they were residing in your memory, and when you rebooted, they got reinstalled, its happened to me to, do it a couple times with reboots to see if thats the problem, like if they come back

[el_omega]

I have rebooted a couple of times and then ran spybot and no I did not get any spybots according to the results from the scan.
Savenow comes with Kazaa Sharman original version.
But I got rid of all this long time ago 6 or 7 months.
Then I cleared everything off from my pc regarding to Kazaa and obviously installed the Kazaa ++ random nut version, which I also have posted about it in the Kazaa lite forum.
I will see in a couple of days if I still get some spyware in my pc after running spybot.
And lastly thanks Phalkon for your descriptions on these names related to spyware.

[phalkon30]

Hmm, one other thought, are you the only user for this computer? maybe somebody else has been messing with it

[el_omega]

Well most of the time I am the main user on my pc. I let my son use it too. But he just opens up his e-mail acc. and sometime d/l music from Kazaa, right after he is done using the pc. I would go and trace his activities just to make sure he is not doing something wrong.
Kazaa lite is supposed to have no adware installed right?

[phalkon30]

Quote:

Originally posted by el_omega
Kazaa lite is supposed to have no adware installed right?

Correct

Clean Imesh also doesn't have any, I doubt you got it there

Email is a great place to get browser highjackers, thats where my sister keeps getting her spyware, by getting "enhanced" browser and email features, I actually sped up our internet by running spybot on her computer, I got 181 counts of spyware, our upload went up over 1k a sec, and our ping times greatly improved...

[el_omega]

I understand but I keep my app. the simpler possible I don't do fancy stuff like enhancing my browser, blah, blah,
I just think by doing that I am misusing my system memory which I want to add more to my sys, right now I am using like an average on 55% off it.
So as I said I am going to run spybot tomorrow and see what I get.
I will post whatever that comes out.

[el_omega]

Ok, I have scanned my pc for possible spybots, I used spybot search and destroy app. and found no spyware in my system with the exception of Avenue Inc. that according to Phalkon is a cookie Zeropaid uses.
Well, I just have no idea how the heck I get the spyware I mentioned in the beginning of my thread. But it look like everything is ok now.

[MarkB]

I wouldn't worry about it too much as they are easily to block/delete & are generally harmless to your system. If you're a really paranoid guy about it, there are tons of ways to block/delete them: Ad-aware, Spybot - S & D, CookieWall or editing your host file, are just to name a few. Most of these that I get are being filtered out by my IE as it blocks out third-party cookies.

[skunnk1]

Go to this website.http://someonewhocares.org/hosts/
Copy the URLs posted on the page and paste them into your hosts file.

For Windows 9x, ME and XP place this file at "C:\Windows\hosts"

For NT or Win2K use "C:\WINNT\system32\drivers\etc\hosts"


This should definetly take care of alot of your spyware problems.

[skunnk1]

What you can also do is go into your hosts file, open it with note pad and either erase it, or redirect it back to your computer so it won't be sent out.

example:

127.0.0.1 www.hitbox.com (or whatever it is)

[MarkB]

Quote:

Originally posted by el_omega
downloadware

It is actually MediaLoads which is an advertising software running DownloadWare as its executable. Installed as a bundle with Kazaa Media Desktop, it executes arbitrary code from advertisers and not considered to be adware but is a security risk. If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. Also installed along with: MovieNetworks, Medialoads and PAgent. Displays lots of popup ads as you surf; Mediacharger may also function as a dialer for 1-900 #s for billing of adult movie downloads.
So basically it's spyware.
Check for removal entries in Add/Remove Programs. To remove it go here: http://cexx.org/cache/mc_remove.html
More info here: http://www.cexx.org/adware.htm

[phalkon30]

Quote:

Originally posted by skunnk1
For Windows 9x, ME and XP place this file at "C:\Windows\hosts"

For NT or Win2K use "C:\WINNT\system32\drivers\etc\hosts"

Actually, I don't know about the rest of the OS's you have there, but XP is located in

X:\Windows\System32\Drivers\Etc\hosts (Where x is your windows drive)

I agree with mark, just run spybot before going to bed, or every week or something, and you'll be fine