[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: Windoze spyware?

Marty wrote:
This is for readers who are unfortunate enough to have
more Windows administration knowledge than I.  The sole
Windoze XP box on my LAN is sending http requests to
a site named movies.go.com, although there is no web
client running on the XP box (at least none obvious).
I am analyzing the LAN traffic and appreciate any
ideas about where to go next.

The XP box regularly runs a major brand virus and spyware
checker, and it otherwise shows no signs of misbehaving.
I checked the Windows Explorer history and movies.go.com
has not been accessed in weeks, at least, although it
is on the favorites list and has been accessed several
times in the last year.

I've heard all the chilling spyware stories, but this is
an eye opener for the sheer volume of data being passed
24/7 to or from this box.  But what data and to whom?

Could be fairly innocent, but I expect any application
that wants to phone home to ask me first: common courtesy.

It's generally felt that no single anti-spyware program
can do a proper job. Microsoft itself now does what is
considered quite a good one, but you never know what
deals they might do (especially with Disney, which has
been mentioned) and a certain amount of money might move
a program from the 'spyware' to the 'adware' category.
McAfee calls them all 'potentially unwanted programs'.

I use AdAware and Spybot, but I've seen problems that
neither would fix. A session with the task manager,
regedit and Google may be called for. Then a few reboots
to make sure it doesn't sneak back. The nastier ones are
even harder, but even slightly legitimate programs don't
actually disable the task manager. Something that does
that belongs in the 'virus' class.

I might note in passing that since Win95 there has been
no version that has 'no web client running', as from W98
on they all have Internet Explorer built in. IE is only
too pleased to assist any passing application which would
like some HTML rendered. The days when IE would run
executable files if told that they were sound files are
long gone, but it's still pretty gullible.

Reply to: