Neil Turner's Blog

Blogging about technology and randomness since 2002

Infestation

My housemate brought home a laptop from someone he works with, asking if I could remove the Sasser worm from it. Well, it turns out Sasser worm wasn’t on there – MS’s tool turned up blank, but IE was crashing regularly and strange toolbars had appeared.
Since this wasn’t my laptop, rather than setting it up for our network I burned a CD with Spybot, Ad-Aware, SpywareBlaster, CWShredder and HijackThis, along with the latest Ad-Aware reference file. I ran Ad-Aware first because it had the most recent definitions and it found… wait for it… 785 suspect items. Now while a number of those were cookies, it’s still the worst spyware infestation I’ve seen. No wonder IE was crashing so much.
Spybot S&D found a further 70 items, again mostly cookies but also a BHO that Ad-Aware missed. I’ll also run CWShredder and HijackThis to be fully sure.
I’m still unsure about one thing though. The machine had Kazaa, and I’ll have removed the spyware that kept it running. So, do I:

  1. Uninstall it, and say that it’s evil and that he should try something else
  2. Uninstall it and replace it with Kazaa lite
  3. Reinstall it

Your thoughts please.

10 Comments

  1. My advice, use shareaza instead of either Kazaa or Kazaa-lite.
    Cheers,
    Ward

  2. Sorry, I’m daft, I didn’t read you post well enough. I would delete and tell him that it’s evil and then recommend Shareaza.
    Cheers,
    Ward

  3. Uninstall and kazaa lite. Except you might find it hard to find a k-lite executable to install it from.

  4. Definitely uninstall and explain that it is evil.
    If he insists on infringing others’ copyrights, recommend something else (and maybe offer to install Kazaa Lite or similar for him).

  5. Uninstall KaZaa. Install Azureus (Java based Bittorrent client) and introduce the user to Bittorrent and http://www.suprnova.org!

  6. The absolute worst spyware infested machine I have come across had 1000 objects according to Ad-aware. That by far was the worst I have seen (although I have seen a couple 700+ ones).
    I would highly suggest uninstalling Kazaa. Kazaa comes bundled with spyware/adware and I wouldn’t be the least surprised if it tried to send more of that crap without consent to a machine in the middle of the night.
    Kazaa Lite is a good alternative (its specific purpose is to be an adware/spware free version of Kazaa).
    Then again, I gave up on Kazaa and other P2P programs thanks to the high chance of coming across viruses, wrong/corrupt music, and spyware/adware. Instead, I use iTunes for my music needs and its legal and virus free. Of course, what do I know.

  7. I would also recommend Shareaza as it connects to so many networks that are alive. THe KaZaA network is dying due to the RIAA etc.
    If he must use KaZaA then use Kazaa Lite though its harder to find on the Internet these days !

  8. Hmm, I would recommend that you install Kazaa Lite Resurrection. That’s what I’m….Err, a friend is using to share legitimate p2p music and such.

  9. Yep, kill kazaa – the thing is a nasty fat mess. It is a dying animal anyway. Shareaza and winMX are both decent alternatives, although the former needs to be configured correctly otherwise it won’t be all that rapid.

  10. Most P2P software needs to have routers configured to allow faster transfers. This is because the P2P software allows “hosting” as well as “slaving”. In order to be a host behind a firewall, you either need to put the machine in the DMZ (not really a good idea), or forward the ports the software uses to the machine running the software.