Recommendations from a colleague for programs to use if you’re dealing with malware/spyware issues on:
Earlier this afternoon I had to help a student with a typical spyware/ virus issue. At least that’s what I initially thought the service call would entail. Boy was I wrong. The problems started with the error message “The application has failed to start because wininet.dll was not found” and led to the Task Manager not loading and various Windows XP services not loading.
To work around this problem I had to find a copy of WinInet.dll (The file contains components for Internet related operations) and then re-register the file to ensure that Windows XP would recognize the new file.
Below is a summary of the steps I took to resolve the problem:
1) Download WinInet.dll from an online source or computer. Thanks to the wonderful service of Dll-files, I was able to find a compressed version of WinInet.dll However, part of the problem is that the shell extensions for Compressed Folders was also disabled.
2) From another computer I extracted the WinInet.dll file and then saved the file to an external disk. The extracted WinInet.dll file was then copied to \Windows\System32\
3) Press Ctrl+Alt+Del and select Task Manager.
4) Click on File and then on New Task and then type regsvr32 C:\Windows\System32\WinInet.dll
After running the above steps I was able to restart the computer. Obviously, the above error was caused by some variant of spyware. After further research the problem appears to be fairly common and various removal tools such as SmitRem can help with the removal of the spyware and also replace the WinInet.dll file.
– Windows Defender
– Windows Live Safety Center
– Malicious Software Removal Tool
– Windows OneCare Live
– Microsoft Client Protection
Windows Defender improves on the currently known and widely used Microsoft Antispyware by including an improved detection and removal engine, a simplified user interface, non-administrator priviledges to scan your computer using the program and most of all Windows Defender definition updates delivered via Automatic Updates. The product also now works natively on Windows XP 64 bit versions and also offers greater accessibility support.
You know spyware has become a bane to society when someone founds an organization to watch the spread of it. From StopBadware, the organization is:
A Neighborhood Watch campaign aimed at fighting badware. We will seek to provide reliable, objective information about downloadable applications in order to help consumers to make better choices about what they download on to their computers. We aim to become a central clearinghouse for research on badware and the bad actors who spread it, and to become a focal point for developing collaborative, community-minded approaches to stopping badware. Harvard Law School’s Berkman Center for Internet & Society and Oxford University’s Oxford Internet Institute are leading this initiative with the support of several prominent tech companies, including Google, Lenovo, and Sun Micro systems. Consumer Reports WebWatch is serving as an unpaid special advisor.
As usual there’s a standard set of recommended tools and applications (e.g Ad-aware, Microsoft AntiSpyware, Pest Patrol, Spy Sweeper, Spyware Doctor) for removing spyware and other malware. Looking over this list, it seems the recommended tools are slightly outdated or won’t do the best job for most of the malware that I encounter at work. Similar to Don’s Top 10 Free Computer Cleaners, I think members of StopBadware need to compile a list of free tools that people can use without worrying about subscription costs or fear that they’re running a tool with outdated definitions.
This post is a simple reminder to Don to start blogging. Earlier this week a student had asked for advice on how to prevent Windows Update from turning off. I asked the student to run Microsoft Antispyware and call back, hoping that this would give me enough time to research the issue ( a.k.a Google the solution ). Spyware detection programs like Spybot are now able to detect if services in the Windows Security Center are turned off and can effectly re-enable the service. It turns out that the student decided to stop by in person and was able to obtain the LSP-Fix tool from Don. After running the LSP-Fix the problem appears to be resolved.
What’s weird to me is that the LSP-Fix typically resolves problems with the Layered Service Provider. Enabling Windows Update is a simple registry switch controlled by the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU key. Infact, LSP integrates with the TCP/ IP stack to manipulate data sent across it, so how can running the LSP-Fix tool resolve this problem?