# Blocking spyware



## Davey7549 (Feb 28, 2001)

Kudos to Kento
Expanding on Kentos' tip blocking doubleclick:
"In IE go to tools, select internet options. Select the security tab. Click the restricted sites icon and then the sites button. Add this website to zone.

[type in]

*.doubleclick.com then hit the add button.

[type in]

*.doubleclick.net then hit add and ok on out.

I used the same technique to block 
*.valueclick.com
*.valueclick.net
*.phase2media.com
*.admonitor.com
*.admonitor.net
*.190.com
*.flycast.com
My wife and I have been using the net as usual for days now and have had no problems with these blocks. I also might note that Ad Aware has not found anything in days!
Thanks for the idea Kento works great so far!
Dave


----------



## CopperWhat? (May 21, 2001)

Another site you can add to that block is *.gator.com


----------



## Kento (Aug 2, 2000)

No problem Dave. Another to add would be *.gohip.com.


----------



## ~Candy~ (Jan 27, 2001)

And if anyone is unlucky enough to have been hit with gohip's not so cool feature of changing your default home page, I found this:

http://gohip.com/remove_browser_enhancement.html


----------



## jenni73 (Nov 24, 2000)

I know this is a 'roll your eyes' question...but, when you do that so you type in the star also?
By the way..thats a great idea!


----------



## Davey7549 (Feb 28, 2001)

Jenni
Yes the * asterick is called a wild card. It accepts all charatures in its place. So the site might be http:www. and so on the * replaces the http:www
Have a good day Dave


----------



## TimD (Mar 21, 2001)

this is great, thanks for posting this


----------



## Shottel (Jun 6, 2001)

What is wrong with gator.com? I am not exactly what spyware is but I know that my PC has been exposed to this site. Is it like a virus?


----------



## RandyG (Jun 26, 2000)

No, it's not a virus. It only tracks what you do on the Internet. It sees where you go, what you click on, what Banner ads you see, virtually everything that you see on the internet is seen by these "spyware" programs, and reported back.

People have a problem with many of these, as they see it as a Privacy issue, and fear "big brother".

You have probably been using Gator to store your Passwords for different sites, and now wonder of that is a problem. I also used to use Gator, until I decided not to. I didn't care that I was being traced at the time, as I felt that Gator was helping me with passwords. Then I started letting explorer remember the username and password instead, and started using products like ZoneAlarm a free firewall and Optout and Ad-Aware to remove the nasty little buggers from my system. You might even be surprised at how better your system performs, both off and on-line after they have been removed. You can get more info on Spyware by taking a look at the link in my signature, as well as visiting the other links I have provided.


----------



## Davey7549 (Feb 28, 2001)

Update
Over two weeks now and not a hitch on any sites we have surfed. Also Ad Aware has found nothing. Great, great, Great find Kento!!!!!!!!!!!!!!!


----------



## WannaKnow (Jul 7, 2001)

That's very helpful. I just got AdAware and I'm learning how to use it. Next, I need to learn how to use RegHance.
Thanks.
EDIT: I take that back. AdAware caused me lots of problems I think having to do with new.net. It knocked me off of the internet. I got rid of it for good.

[Edited by WannaKnow on 07-07-2001 at 10:19 PM]


----------



## Dark Star (Jun 8, 2001)

Hi all,

I'm not sure I'm getting the whole picture here.

"Kudos to Kento" I just did a search using Kento and looked under tips and tricks and it brought me here to the top of this page and the first post being davey7549 on 05/22/01.

Who is Kento?, and where is his/her original post?

DS


----------



## RandyG (Jun 26, 2000)

Kento is a member who helps out a lot.

I "think" the post that davey7549 was referring to is this one, but I'm not sure.

It all just breaks down to this, if you are irritated that some software you have downloaded is sending back little reports to its parent compnay, telling them what sites you visit, what software you download, etc, then by following the advice given on this thread, and running adaware, you can effectively circumvent the Spyware's attempts at using you as a statistic.

DoubleClick is a compnay that is notorious for loading spyware programs and cookies onto your system. It is not harmful, but does, in many people's opiniopns, skirt the privacy issue. If you want to know a little more about doubleclick, then read this thread.


----------



## Dark Star (Jun 8, 2001)

RandyG,

Many thanks, that is the original post that you found and gave me and it was just what I was looking for, now I have the whole picture.
BTW, I do use ad-aware and will continue to do so, from now on I'll enter whatever it finds into the restricted zones and at some point I should come up with ad-aware finds 0 spyware files.

Regards,
DS


----------



## RandyG (Jun 26, 2000)

Go here for a listing of "bad" sites that give you spyware cookies, and a nifty utility called Nasties.reg that you download and run to include all of the aforementioned sites in your "restricted" list.

I have run it, and now I have no problems with Spyware, unless I download something new, and forget to use my Spychecker resource.

Enjoy!


----------



## Dark Star (Jun 8, 2001)

RandyG,

Before I go back to the site you suggested, and I am familiar with Shields-UP I just want to go back and read the whole page from the top, I know I will be caught up in the Steve Gibson vortex for a while. BTW, have you ever gone into any of the forums there just to read? I lost three hours of my life the last time in there if you know what I mean, that's why I call it the SG Vortex. 

I do have one more question for you about Spychecker, I was in their site and into their forum and after a bit of reading I determined that it sounds like it might be a bit of a pain to configure in ie: proxy setups etc. Can you enlighten me further on this?

DS


----------



## Davey7549 (Feb 28, 2001)

Randy & Dark Star
Actually here is the thread that I was referring to.
http://forums.techguy.org/showthread.php?threadid=43722&pagenumber=1
and as far as Kento. He is a valued contributer to this site and has been quite knowledable on many subjects including viruses/trojans/worms/ect and the like.
Also I might add that it has been months since I inserted those restricted sites and none of the four computers have had any hits on Ad-Aware and no effect on browsing that I am aware of.
Dave


----------



## Dark Star (Jun 8, 2001)

davey7549,

Thanks for turning the light up a notch on this topic.

Just a quick question out of curiosity are you using Guicescope or any other ad blocking software?

DS


----------



## Davey7549 (Feb 28, 2001)

Dark Star
No have only used Ad-Aware. Ad-aware has performed quite well so no need to change.
Dave


----------



## Dark Star (Jun 8, 2001)

davey7549,

Yes, I understand about ad-aware of course, I was asking about if you are using any ad blocking type of software like Guidescope. The two perform entirely different functions ad blocking software will allow you to surf thru web sites considerably quicker because it blocks out banner ads and most other type ads completely so the web page loads much faster and you are not troubled with having to look at distracting advertisement when viewing a web site. It does not prevent spyware from entering your system, nor does it remove or identify spyware.

I have used Guidescope for about the past year or so and I have become so use to it that I have a real hard time viewing web pages with ads and all the ads lights, bells and whistles that appear on most web sites.....

If you like to know more:
http://www.guidescope.com

BTW, this is a free service for home use (like Z/A) and it is free of any spyware.

Regards,
DS


----------



## Davey7549 (Feb 28, 2001)

Dark Star
Sounds interesting I'll take a look.
Thanks Dave


----------



## jthelpless (Apr 4, 2001)

This is a cut and copy from another forum and thought some people would be interested.

"The following is some information I received from the langaList from a reader named John Alvey;

Foistware is a new term for software that surreptitiously adds hidden 
components to your system--- foisting them on you, on the sly. The term 
is used to differentiate the kind of sneak-installation done by 
commercial apps from classic Trojan horse apps, which are usually 
hacker/cracker products.

In the light of your recent discussions of both spyware 
and Ad-Aware, I want to tell you about my horrific 
experiences. There are two new nasties around (which some are 
calling foistware) called Webhancer and NewDotNet. Not only do 
they put nasty spyware on your PC if you try to remove it by 
simply deleting it, your winsock will get trashed and you 
won't be able to get to the Internet at all. Ad-Aware claims 
it safely removes these programs but I can assure you that the 
latest version might safely remove Webhancer but it does not 
safely remove NewDotNet.

Indeed, when I used As-Aware to remove NewDotNet, I was unable 
to reconnect to the Internet and even reinstalling Windows did 
not get me back (I ended up having to uninstall and reinstall 
Windows). If you do find either on your system, you should 
uninstall Webhancer using the standard Add/Remove Software 
feature in Control Panel.. NewDotNet claims the same method 
will work but others have had problems and alternative methods 
are offered in the resources below.

NewDotNet seems to come with Earthlink,, @Home, Juno, Webshots 
and NetZero; Webhancer comes with AudioGalaxy and Bearshare 
(both post-Napster P2P programs)."

originally posted here


----------



## Curly (Apr 1, 2002)

Thank you all for your help! My praise goes out to this group!

I checked the nasties.reg file from here . Will it work on IE 6.0?


----------



## RandyG (Jun 26, 2000)

Yes, it will, as I am using it right now.

Something else you might be interested in trying is Hosts file question


----------



## Petzl (Sep 7, 2002)

Can you apply nasties.reg to Windows XP safely??


----------



## TonyKlein (Aug 26, 2001)

> _Originally posted by WannaKnow:_
> *AdAware caused me lots of problems I think having to do with new.net. It knocked me off of the internet. I got rid of it for good.
> 
> *


Ad-Aware has taken NewDotNet out of the target list a long time ago, so I suggest you try the latest version with the latest reffile.

It does target WebHancer, and it removes that one safely, as long as you reboot after running Ad-Aware.

They've also been offering a Winsockfix that corrects the loss of your Internet Connectivity should WebHancer or NewNet be removed incorrectly.

It happens a lot when people just nuke the NewNet dll thinking to get rid of it that way.

Here are two download locations for this fix:

http://www.spywareinfo.net/downloads/whndnfix.zip
http://digital-solutions.co.uk/lavasoft/whndnfix.zip

IMHO, Ad-Aware is an indispensable tool nowadays, and you should run it on a regular basis.


----------



## RandyG (Jun 26, 2000)

I'm with Tony on this one!!

My 2 indispensable utilities are ZoneAlarm firewall, and Ad-Aware.

I use other utilites for other reasons, but every system I work on, ie my families etc, I make sure those go on, and my family trained in how to use them!!


----------



## RandyG (Jun 26, 2000)

> _Originally posted by Petzl:_
> *Can you apply nasties.reg to Windows XP safely?? *


You should be able to. This really has no bearing on what OS you use, as far as I am aware. But I honestly don't know.

I would actually recommend using the method in the other bit of software, as the list it has is more extensive. Also, the hosts file method means that if anything attempts to access those sites, it ends up showing a 404 screen instead. Steve Gibson last put that Nasties.reg list together about 2 years ago. Also, it doesn't mention whether it works for XP, as XP wasn't out when this was created.

BTW, Nasties.reg is just a tool that automates the process of adding all those sites into your Restricted Sites zone in IE. Using the hosts file method just redirects any attempts to communicate to one of those sites to connect to your local machine instead of the actual site. The benefit of putting it in your Restricted sites, is that it uses the asterisk wildcard, so it will block all sites that have the common ending. Using the hosts method, you have to input the exact address.

I just did a comparison, and there are 65 listings in the nasties.reg file, and 1800 in the hosts file.


----------



## perris (Apr 21, 2002)

just a quicky shortcut when you'adding these sites to the restricketed zone...jsut double click the little planet icon at the botton of the screen...that brings up security in one step


----------

