Nasty spyware (nsis)

[Ben]

I'm using Firefox almost exclusively and always check if programs I downloaded are known to contain spyware... This has lulled me into the illusion I'd be invulnerable to spyware. Not so.

Today I ran Spybot Search and Destroy with the latest updates and it found a certain "NSIS" malware. It was all around the registry, got installed in Firefox, and in the folder Program Files\Common Files\

Spybot S&D removed a lot of this shit, but not everything, the pest kept reappearing on each reboot. I googled for this keyword, and found the following application specialized for removal of this particular spyware:

http://kichik.net/

Download the application and get rid of the pest.

The spyware is installed with a certain open source program installer. A lot of programs on download.com and sourceforge.com seem to have installers infected with this. It can slow down the computer, open pop up ads, and download even more of itself over time. I have no idea if it affected online shopping and our sales.

Does anyone else have it on his/her PC?

[DonMike]

Man, that sucks. I mean, what purpose does all that shit have? People sitting around all day trying to figure out how to fuck up other people's computers.

[desslock]

According to Wikipedia:
"Nullsoft Scriptable Install System (NSIS), is an open source, script-driven Windows installation system with minimal overhead backed by Nullsoft, the creators of Winamp. NSIS has risen to popularity as a widely used alternative to commercial products like InstallShield."

If you install WinAmp, it uses that instead of the InstallShield. Maybe WinAmp left it when it got installed.

In my opinion, one man's spyware is another man's legitimate business tool.

When I last looked, Norton labelled third party tracking cookies "spyware" -- which are the cookies we all use when referring ccBill sales, or practically any other sales lead to a shopping cart on a website -- so that we can get paid.

Because of this, I do not use Norton for anything. I wouldn't worry to much over "NSIS" ... there's much more sinister stuff out there, like GAIN / Gator / Screwy Toolbars.

Steve

[SPACE GLIDER]

Every month it's something new to worry about!

[Cash]

It sucks to get a nasty spyware on your PC, I'm glad I didn't get one so far ...

[Ben]

According to Wikipedia:
"Nullsoft Scriptable Install System (NSIS), is an open source, script-driven Windows installation system with minimal overhead backed by Nullsoft, the creators of Winamp. NSIS has risen to popularity as a widely used alternative to commercial products like InstallShield."

If you install WinAmp, it uses that instead of the InstallShield. Maybe WinAmp left it when it got installed.

In my opinion, one man's spyware is another man's legitimate business tool.

Yes, it is an open source Windows installation system, but it apparently has a security hole. It was not intented to be used as a tool for dissemination of spyware but the security hole enabled it. Those that abused the security hole and made the spyware are now also known as "NSIS malware".

Installing software that opens pop-ups and slows down your PC without warning you in advance isn't legitimate business by any stretch of imagination.


Take a look at the site I already mentioned: http://kichik.net/
and it's debated on pretty much all Spyware forums. Here are a few:

http://forum.sysinternals.com/forum_...287&PN=1&TPN=1
(especially the last post on this page)

http://forums.mozillazine.org/viewto...e862d704797ee9

[Lippi]

....
When I last looked, Norton labelled third party tracking cookies "spyware" -- which are the cookies we all use when referring ccBill sales, or practically any other sales lead to a shopping cart on a website -- so that we can get paid.

Because of this, I do not use Norton for anything. I wouldn't worry to much over "NSIS" ... there's much more sinister stuff out there, like GAIN / Gator / Screwy Toolbars.

Steve

We have banned Norton out of our office. This is the biggest sales killer I've ever seen. It's blocking many important things, you need to promote your product. The "normal" web user is not advanced enough to configure Norton.
$0.02 + $0.02

[Rimmates.com]

I got such nasty spyware from an adult web page once... called AntiVermins. It acts like a spyware remover, but just ends up being a home page hijacker.

It got so bad (and unremovable by any program) that I had to do a System Restore to the previous day.

How I got it: my windows media player could not play a certain type of file, and needed to be "updated." Problem is... it wasn't the real WMP that appeared on the web page, it was a fake that pretended to play a movie, couldn't play, and asked you to download the update.

Some sypware is just better off being ignored by a system restore rather than trying to be removed.

[Paco]

Here is what I use, daily:
Avast!4Home (by Alwil) - antivirus; web (activity) scanner; webmail scanner; mail client (Outlook) scanner as well an instant messanger & P2P (file share) client scanner.
This program will also allow you to forbid file writes (edits) & deletions, if you so do desire.

SpyBot Search & Destroy
Adaware (by Lavasoft)
^ I run both during my lunch break, or one first thing in the morning and one prior to my leaving for the day.

Weekly:
TrendMicros free online webscanner


Norton's suite of software, such as what they call Security, SUCKS ASS!
It is THE crappiest program that I've stumbled across, & I've stumbled plenty. I sold the junk for many years and once Peter left things went down hill.

Also, I stay away from InterNutExploded (IE).


As for what to rely on ... not-a-thing! They all work and they all let you down, sooner or later!

Them little pricks (double entendre) have nothing better to do with their time once they've painted their peckers orange. Bunch of good for nuttins'!

[Chilihost]

I use Avast too, its awesome, updates daily and is free. I also run the MS Defender product for anti-spyware, it seems to do a good job and is also free from the ms site. And finally, I do the occasional online scan from trend too....once again a nice free product that works very well.

cheers,
Luke