13 replies to this topic

[orangeworks]

Hi!

I am Daniel Middelhede, coming from Denmark. I have developed software for a few years (In various languages. Also x86 assembler. A few commercial app's developed for a company is also in my arsenal.).

Spy- and adware is, like you already know, a common issue, and people keeps calling me to
fix their computers. I have to say, that im not really a pro++ on this subject (I know my way with hijackthis and other lower-level tools, and practially knows what the computer shouldnt have running at startup, so if i should personally judge myself on this specific topic i would call me a poweruser)

Anyway, sometimes it's actually enough to run a few programs that are available on the internet for FREE to fix their problems(as you already know).

I decided to write a guide on 4 programs, 2 free and 2 commercial (i point to the free trial's of course. And no, im not an affliate in any way). The reason i wrote this was, so people who always got msn messages etc etc "What do i do now?". Now i ask them to follow this guide properly, and THEN ask.

So i though that some of you might have the same problem with people asking for help without knowing what to do. If you want, you can refer them to this guide at first (Well, at least you can gain some time )

Orangeworks.dk spy- and adware beginners guide

If you don't mind please comment the article if i've made some mistakes (Even gramatical errors.. Im not a native english speaker..).

In the future, I will likely be writing a few other articles, about personal firewalls (Skipping the low down models on how they intefer your network activity programming wise, and keeping the niveau to the bottom like in this article, just telling people what it is and how to respond to it.), as well as other beginner guides (don't know why im writing them for beginners.. I guess i just feel that there are a lack of those currently. You can easly find a decent guide on writing selfmodifying programs (wich actually is quite easy compared to some of the spyware that nags people out there )). Well, just a little side project


My best regards, Daniel Middelhede.

[hornet777]

"Check Download.com"... yeah right

Okay, Mr Middelhede, if you are an x86 assembler programmer why don't you make a *really* super ASW app that actually works well, instead of providing lame "tutorials" that are several notches below what are already available here?

Novices: approach with caution, especially the "juicy links."

Edited by hornet777, 23 May 2006 - 03:03 PM.

[orangeworks]

"Check Download.com"... yeah right

Okay, Mr Middelhede, if you are an x86 assembler programmer why don't you make a *really* super ASW app that actually works well, instead of providing lame "tutorials" that are several notches below what are already available here?

Novices: approach with caution, especially the "juicy links."

Hi mr.

Why i don't make something wich works? First of all, being an assembler programmer doesn't mean that i can program something that really works in this topic.

The reason for the "tutorial" was not to teach you, it was rather a simple approach you could use to get the general spyware off the computer. It was meant to be referenced to others. Like; i got a friend who had some of this on his computer. Pop-up's appeared suddently, several tray icons from adware and so on.

The solution; Run a few simple adware/spyware removal programs! I couldnt tell him all he does is write and play games on his computer. So instead of spending time fixing his computer OR answering stupid questions, i send the link of this to him.


And what i wrong with the "Juicy links"? I find nothing bad there. Nothing wich holds spyware. Nothing wich can harm you in any way actually..

Thanks for your reply


edit: About download.com, i will remove that notice. The reason was that the stuff there generally is ad/spyware free. And afterall, the approach for each program is pretty much the same!

Edited by orangeworks, 23 May 2006 - 04:00 PM.

[Budfred]

orangeworks,

Are you aware that we have a number of tutorials on this site and link to a number of other tutorials in places all over the web??

A quick look at your tutorial suggests that it is not malicious and it covers some basics.... Those same things can be said about a number of other similar tutorials that already exist, but many of them are far more thorough than the one you have created... CastleCops, in particular, has an entire area devoted to helping people go step by step through the process of cleaning their computers before they post a HJT log and we have similar less ambitious tutorials here...

If you really want to help with these issues, there are probably more effective ways to do so than posting another tutorial... If you want to learn more about fighting malware there are a number of schools that offer training including the Boot Camp here...

[orangeworks]

orangeworks,

Are you aware that we have a number of tutorials on this site and link to a number of other tutorials in aplaces all over the web??

A quick look at your tutorial suggests that it is not malicious and it covers some basics.... Those same things can be said about a number of other similar tutorials that already exist, but many of them are far more thorough than the one you have created... CastleCops, in particular, has an entire area devoted to helping people go step by step through the process of cleaning their computers before they post a HJT log and we have similar less ambitious tutorials here...

If you really want to help with these issues, there are probably more effective ways to do so than posting another tutorial... If you want to learn more about fighting malware there are a number of schools that offer training including the Boot Camp here...

Hi!

Great to get a reasonable reply from someone..

I know you got tutorials, but even when using 5 minutes i didn't find a simplistic guide to remove spyware. I didn't know about CastleCops though. I have asked at other forums where i got nummerous reply's about that they weren't able to find a simple guide either. Perhaps you got one or even many, but they are too hard to find!

Ok now, while writing this post i found something, but still only covers one program (wich often isnt enough.)

But i guess you are right. The way to help wouldn't be writing tutorials

About the Boot Camp, it does look interesting. Im not a total newbie on this, and i do know my way (Haven't yet seen a computer i coulnd't get it off..).. The last time, either they spyware OR the antispywre had de-registered both jscript.dll and vbscript.dll; it was a real pain to figure out that happened. But the reason i got to it was that the search dialog was practially empty (windows xp), only the search assistant animation showing up but no controls or text.
Registering them worked great, though. Also coded a small tool that would list running processes, kill the selected process and delete the exe to help me cleaning up a bit faster..

Perhaps i should start programming tools to help the cleanup (but again, don't they already exist :/)

But i still wonder what hornet777 found so dangerous in my link section

Thanks for your constructive post, mr.

[Budfred]

About half of the pinned topics at the top of Malware Removal are about people cleaning up their own systems, including one about how to interpret HJT logs... Those don't seem to be that hard to find....

http://forums.spywar...hp?showforum=18

The home site for SpyWareInfo also contains numerous articles and tools for cleaning systems... Have you visited that site??

[orangeworks]

May i add; Its not everybody who even knows how to register on a forum (or post..)..

Anyway; do you have suggestions on wich tools you need badly? Just wondering; im better at programming than writing

[Budfred]

May i add; Its not everybody who even knows how to register on a forum (or post..)..

It is not necessary to register or post to use the tutorials here or in the main SWI site...

Anyway; do you have suggestions on wich tools you need badly? Just wondering; im better at programming than writing

Did you read this??

http://forums.spywar...showtopic=60955

[orangeworks]

May i add; Its not everybody who even knows how to register on a forum (or post..)..

It is not necessary to register or post to use the tutorials here or in the main SWI site...

Anyway; do you have suggestions on wich tools you need badly? Just wondering; im better at programming than writing

Did you read this??

http://forums.spywar...showtopic=60955

hi!

Nope i didn't read that. I will; So what you need is kinda something that can automatically do that, and also monitor the running processes for wrong exe's? (its not a problem to interrupt an exe before its run!)

[Budfred]

hi!

Nope i didn't read that. I will; So what you need is kinda something that can automatically do that, and also monitor the running processes for wrong exe's? (its not a problem to interrupt an exe before its run!)

I am sorry, but I don't know what you are asking... what are you saying that you need to automatically do??

[hornet777]

not "dangerous" orangeworks, just distracting I suppose; its just that over the past 7-8 months people have been posting stuff here that really is dangerous and objectionable... mostly fronts for botnets and sex sites, et cetra. Sometimes its hard to discern someone's intentions...

If you are serious about helping others, there's plenty of room here and will receive a warm welcome; the bootcamp has a great reputation and while you are helping others, you probably will learn stuff yourself.

The comment about having a background in assembler, while perhaps prematurely judgmental (I apologise), is definitely needed in the ASW world; having a great app that is stable, takes few resources and works exceedingly well is definitely needed, and if you could pull that one off, I'd almost volunteer to have your babies.

(Yes I'm being goofy.) Best wishes.

[orangeworks]

I am sorry, but I don't know what you are asking... what are you saying that you need to automatically do??

nevermind

not "dangerous" orangeworks, just distracting I suppose; its just that over the past 7-8 months people have been posting stuff here that really is dangerous and objectionable... mostly fronts for botnets and sex sites, et cetra. Sometimes its hard to discern someone's intentions...

If you are serious about helping others, there's plenty of room here and will receive a warm welcome; the bootcamp has a great reputation and while you are helping others, you probably will learn stuff yourself.

The comment about having a background in assembler, while perhaps prematurely judgmental (I apologise), is definitely needed in the ASW world; having a great app that is stable, takes few resources and works exceedingly well is definitely needed, and if you could pull that one off, I'd almost volunteer to have your babies.

(Yes I'm being goofy.) Best wishes.

Hi!
I know people sometimes post fronts for things and so on. My links have been selected from what I use myself (some of it.. the list is a bit old; but i will update it.), and I can guarantee you, that neither of those tools are fronts for botnets, sexsites, spyware and so on. Its all (rather.) well known commercial, freeware or opensource. Of course its nothing for the average user who needs to remove spyware..

The name Juicy was just something i came up with because of the orange theme

****

About helping others while gaining in knowlegde, I think thats a good idea. Knowlegde is always good
****

You assembler comment was a bit pre-judgemental (and of course i accept the apology);

I don't have a real background in assembler (I mean, i haven't been sitting up at 4am throwing hex-opcodes out of my head ), but i have been studying it some time, and I try to hand-code parts of my programs in assembler (And it definently does give speed and size advantage if done correctly)


Actually i just thought about a tool; now you gotta say if it already exists or not
But anyway, it was more like a "custom remover". Just an engine where you can use a sort of script file wich would contain running processes to kill, files to search and remove (with CRC check of course), registry locations to change or delete etc; and then it should be able to create a simple, fast exe with a good easy design..

That would allow you to, if the users you help needs to do an manual remove, to simply fill in the stuff from the manual remove topic and then send to the user..

If coded correctly, you will be able to intergrate more spyware to remove in a single exe.. (And since i do, from time to time, code correctly it will be possible.)

With a bit more coding, there could be added a pattern engine, but if thats needed for spyware im not sure.
Think about the speed of a pattern engine written in good assembler code. Or even just parts of it! All the search-in-file thats obviously takes time wouldnt be that hard to code.

So all in all you could use it to create a single specific remover, or build on and on whenever you find something and in the end you got a small and fast spyware (heck even a virus) cleaner. Things like heuristics are probably not needed for spyware though.

It depends in the end. If there is need of a custom-remover-builder it has to be coded for that, if not, it has to be coded the other way.

of course a posibility would be both. Afterall, the main "engine" is the same, its just the file structure and the gui that has to be changed.


but such software probably already exists


Best regards, Daniel.

[Budfred]

I am not sure if the exact program you describe already exists, but some similar programs do... The danger in creating that type of program is that it could be used by the malware writers to cause even more problems, so you would need to build some strong protections into the program... Also, something that powerful would have trouble being accepted from someone who is not already known in the malware fighting community...

[orangeworks]

Yeah you are right.. They can't know if im up to destroying their system..
The only thing that could give the security is that i have my full name and e-mail address on the page (and that i respond to the mails..)

About the security; it would be hard to stop people from misusing it. Using encryption and various other things (self modifying etc etc) it wouldnt be hard to protect the "runtimes" which the script are attached to, but i guess that stopping people from putting bad information in the script and then "binding" them, is practically impossible.