New spywares have appeared

Spybot decated the following programs:

Errorguard
adshooter.drs
Coolwwwsearch
DyFuCA.InternetOptimizer
Exact Advertising.BargainsBuddy
FunwebProducts
GoldenPalace.casino
Hyperlinker
MyWebsearch
Wild Tangent

are all those spywares??? I just now updated by spybot
and all this new ones appeared. The older version I had
just showed the DSO thing.

My computer has continued to be slow despite all
the ones I deleted from Avast… Because of the way
it is going really slow and stuff I suspect alot of these
are the problem.

New adware and spyware signatures are being continually added to the Spybot S&D program, it is important to keep your system protection software up to date. The same applies to your OS and browser.

If you haven’t already got this software, download, install, update and run it.

  1. Ad-Aware
  2. Spywareblaster
  3. Download HijackThis.zip - HiJackThis Tutorial
    For an on-line scan of your Hijackthis log file try here http://hijackthis.de/index.php
    Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.

ErrorGuard is ‘betrayware.’

It claims to be able to fix errors on your computer but in fact installs spyware (and doesn’t even fix any problems.)

Enter the names in this searchable database to find out more:

http://www.spywareguide.com/link-to-spywareguide.html

When considering a supposed anti-spyware product, do some research (google search) and visit - http://www.spywarewarrior.com/rogue_anti-spyware.htm - know what you are going to install on your system, especially if it is for your system security.

From these names i can say, that it seems to be true. But for more info you can search the net.

Hi,

The CoolWebSearch thing is a terrible malware program that hijacks your IE by getting inside it. There are hundreds of variants, but most people have never heard of it until they get to where you’re at. It will redirect webpages and open you up to a whole lot of other stuff. I think you will find it’s the root of your problem, because it will invite hosts of other stuff onto your system once it gets in.

To get rid of CWS, go to this page (http://www.merijn.org/downloads.html) and download CWShredder. Run that program and it should get rid of many of the variants of this malware. If CWShredder has problems loading (or Hijack this) then download the “CoolWWWSearch.Killer Removal Tool” and run it first. This should help shut down any versions of the malware that are preventing CWShredder or Hijack This from running. Then go back and try running CWShredder again.

Three notes:
1.
If you use the net you need a good firewall (like Zone Alarm) to detect when spyware or malware tries to “phone home”. However even the best firewalls will not detect CWShredder as it connects to home, as it integrates itself in Internet Explorer. It uses Java mostly, but I think it may also use Active-X.

To help protect yourself, use the program that Spybot Search and Destroy recommends, SpywareBlaster, which is specifically for Java and Active-X problems in IE and other browsers. Get it from www.javacoolsoftware.com/spywareblaster.html

I immunise my IE, but I only use it when Firefox won’t display a page properly (mostly Active-X related), and then I set my Active-X security levels high.

2.
The CWShredder software is now a bit old and not being updated. I don’t know what is taking its place, but you could try downloading the new antispyware thing from Micro$oft - go to http://www.microsoft.com/athome/security/spyware/software/default.mspx

This program will run and then delete itself (I think) and I read one report that it’s reasonably good, but I have never had the need to run it as I don’t use IE (Firefox is much better in almost all areas, not least security).

3.
If you’re at all serious about having no spyware on your system, then you need to take preventative steps before it happens next time.

I scan and immunise my system regularly using Spybot Search and Destroy, SpywareBlaster and Avast Free Home Version 4. I also use a good firewall (Nvidia’s hardware firewall built into my Motherboard, but if I didn’t have the hardware I’d go back to Zone Alarm) with the security level set high. I don’t let any program phone home without my firewall first telling me about it, and I usually only grant temporary rights to do so. The only things I let permanently access the net are Firefox, Thunderbird (email) and anything related to Avast antivirus (presently ashdisp.exe, ashmaisv.exe, ashserv.exe and ashwebsv.exe). Everything else has to ask permission every time, but in reality it’s not that often.

Also, in your browser, you need to limit some stuff. In IE, this means setting your security levels reasonably high and turning the cookies policy up high (and immunising with Spybot SD and SpywareBlaster). In Firefox thankfully you don’t have to do much beyond the immusing because it’s just more secure. I also turn off cookies, and use an extension called “Permit Cookies”, which allows me to turn on cookies only for the sites I want it for.

I have also set my ISP to get rid of a lot of the SPAM from my inbox, which reduces the risks, but Avast picked up everything email-borne before that anyway. The only difference is that my system doesn’t get as bogged down now, because my ISP’s system does the work. Because I am confident in Avast, I didn’t set the Spam filter that high on the ISP end so I don’t miss any real mail.

I hope this helps.

Rygle.

Hi Again,

After my last post I looked a bit further on the merijn website, and found the announcment that CWShredder has been sold to a company called intermute. They are developing it further and integrating it into a commercial product, but are making it available separately as a free download.

Version 2 can be found here;

http://www.intermute.com/spysubtract/cwshredder_download.html

Rygle

One last note,

You should probably avoid using AdAware and PestPatrol, as it appears there may be some behind the scenes deals happening between these companies and spyware makers. Read the following article for information;

http://www.spywareinfo.com/articles/spyware/whenu_detection_dropped.php

Rygle

Spybot has already fix the DSO Exploit problem a long time ago, Microsoft has already fix the problem but Spybot still detects the spyware until a recent update fix the problem. Theres no way you can still detect DSO Exploit in every scan now.

Brian1981 may have not updated Spybot database for a long time without noticing it. I don’t know this is related but I have a problem with Spybot in which I can make Spybot search the net for the update files automatically but I can’t make Spybot download them automatically. As a result, I have to download them manually. I noticed this immediately after beginning to use the application but still occasionally forget to do the routine. However, in my case, Spybot have found only “DSO exploit” and Alexa, which was used to be installed through Windows Update, outside of system histories so far. So, not a big issue.

Ideal for spyware protection is not to let spyware enter our systems so, using Spywareblaster probably helps but, in my case, I turn java script/Active X on only when it is necessarily and the site is trusted. Using browsers like Avant Browser as a security enhanced version of IE and/or Firefox and Opera helps, too.

Seems as though I’ve got rid of most of it. Again thanks forr the help.