Episode: 130
Title: HPR0130: Unhosing a spyware infected system
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0130/hpr0130.mp3
Transcribed: 2025-10-07 12:10:31

---

Music
Welcome to Surfside Hacker Public Radio. This is Oak and I'm going to do a really quick
nap sort of episode of the moment. I've been having some issues with my Ubuntu install
as you may be aware I started a little on breezy and have upgraded it through all the Ubuntu
synths. That isn't the problem. The problem is I believe that because I use stuff like
the MV and the automatic scripts I'm going to host some of the other things. I've kind
of half got Pulse Audio working. Actually that might not be that at all because I hear
that only half works on most people's but I've been having some major issues. It's like
part is here, part isn't there, part something and I started off from Ubuntu and then I installed
the KD stuff around that for a while and went back to the GNOME stuff and then went to
XFC, if I flexbox and I SWM and pretty much just went into a synaptic and said search
for window managers and install all of them. So I think I've just hacked around with
that way too much and I need to actually just reinstall from scratch and fix it. And yeah
I know there's kind of the windows way of getting out of it. But to be fair, breezy,
stapper, 2.0G, 2.0G, 2.0G, it's hard, it's like upgrading Windows 3.1 to Windows Vista.
It's not surprising, it's having some issues. I mean to upgrading any of them for any
of them, it has issues. So you're pretty much reinstalled anyway. So I'm not angry at Ubuntu
for having issues with me because I think it's fair enough for the amount of upgrades
and the amount of hacking around I've been doing, you know, I would hack this, hack that
and won't have any issues with my Nvidia drivers as well. Let's use the automatic script
and stuff like that on the NV wants to do that and then that didn't work. So we upgraded
this one and then we'll hey let's just download the NV video, drive us and install those
anyway. So I'm not surprised I'm having issues. You know, don't take this as me slacking
off Ubuntu. I'm not, it's really great. I'm still going to reinstall it. I'm just saying
I'm having some issues, but it means I'm in Windows. Yeah. It's like a bunch of things I
try and do and suddenly realize, you know, I only have one desktop. I used to having
four desktops. It's just weird stuff. It's just you go in immediately. I've got updates
because I haven't looked into it for a while. So instantly they're there. I mean, I
have set it up so it doesn't automatically install them because otherwise the bass would
be like, you must reboot, you must reboot and anyway. So I'm in Windows. I'm recording
this through audacity, though. So it's kind of, you know, a little bit better. So onto
the topic of the day, I'm going to talk a bit a little bit about how to fix a host
machine. It is going to be very Windows-centric. I mean, basically, if you're anything like
me, your family is going to ask you for text port. Now, I haven't managed to convert
any of my family over to Linux. Yeah, I know. I'm sorry. I am working on this. I really
am. But wife always says, well, your machine doesn't work ever. Yeah, because I hack
around with it. You know, I used to be a developer. When I get working again, we'll be still
doing something in development or something similar like that. So I hack around with
stuff. It's like the guy that's created the kit car. He's always screwing around with
it. And half the time is not working because he's playing around with it. That's what
he enjoys playing around with it. Break it. You fix it. You fix it. That's how it works.
So yeah, I've been having some issues on my Ubuntu machine because I've made it a
lamp serve where I'm doing a bunch of stuff like this. You know, I'm doing a bunch of
stuff that 99% of the world won't bother doing. Then again, pretty much everyone here,
I'm sure it's in the same boat. You play around with stuff. So I'm still trying to convert
her. I figure when we're going to new machine for her, I might install a Linux on a build
up in scratch. You see, and then we put a Linux on it. And, well, hey, honey, if you want
XP, you know, you can have to pay the $400 for it. Or, you know, you can try this Ubuntu
thing. I'll try Linux PC Linux, or whatever I want to put on for her. And I might work
with her for a bit. I must try to convert the son over her. He's got a login on my machine.
So he's how he's loving it. You know, he's just running a bunch of stuff on there. And
apart from a couple of games that won't run, those things work for him. So he's enjoying
that. And then I'm hoping, yeah, I'm bringing introducing him to the Gimp. And he's been
playing around with stuff like that. And he's loving it. And he's seeing his call. And
you know, anyway, so assuming you have family and they're running Windows and they've got
their machines host. They've got some spyware, hardware, badware of some description or
other of some other of them. And they come to you and say, it's screwed. Fix it. You say,
you want to reinstall it. It's hanged. We can't trust it anymore. When we install Linux,
might we reinstall something? And they say, no, don't want to install Linux, but why not?
Because it doesn't do what I want it to do. Well, yeah, you can get around that. I don't
know what to do. Well, they'll come up some flimsy excuses. They don't want to use Linux
because they don't know how to do it. Well, did they know how to use Windows the first
time they did it? I mean, let's face it. I want to turn my machine off. I don't think
I'm going to click on a button mark. Start. I want to log off. Start. Shut down. Log off.
I mean, that makes no sense. You want to log off. So you want to stop using the computer
and see, click on start. All right, fine. That's how they do it. Then you click on shut
down. Although you don't actually want to shut down the damn computer. I mean, does this
make any sense? It makes no sense to start shut down. Log off. Go figure. Anyway, so whatever
reason they don't want to use it, they won't let you install Linux over the top. Then you
say, OK, well, let's reinstall in this. And they say, well, the disk didn't come with
the machine or I didn't run backups or whatever the reason. So you're stuck with trying
to unhose this system. You're not going to do it basically because we can't trust it.
There's been nasty stuff on it. We can't ever trust it ever again unless you reinstall.
And literally, you know, I would like to deband the disk and start again, kind of let's
make damnser. Nothing else is remaining. But so, you know, you're going to have to try
and fix it. So you download some programs. And I'm just going to go quickly through some
of these programs and quickly sort of what you need to do and what I would run to fix
it all up and kind of try and get it back into a semi-working way. So you download and
run AdWare, spybot search, destroy. They're pretty cool for removing stuff. They're not
going to remove everything. They're going to remove most of it, but hopefully enough to
get it working again. In your Nantivirus, I would suggest either AVG or Clam AV, one of
the two of those is going to work. AVG's proprietary, but it does have free version. Clam AV,
you probably have heard of because it's the open source of antivirus. I'd also recommend
hijack this because it shows the list of connections, what's coming out, what's listening
on, where. That can be pretty cool. If you've got something nasty, you can say, oh, look,
something on it's listening on port 5050 or whatever it is. You know, if you've got
IRC connections opening somewhere, you know, I'm not on IRC, oh, that might be going off
to the botnetton. So that can be cool. Rookit, Revealer and Auto Runs, while I've mentioned
these before in the citizen tunnel, EPS, but hopefully they show what's running and what
Rookit's there. You can remove stuff off there. That's pretty cool. So I'll go ahead and
and download those off a different machine because we can't trust the one that's got the spyware
on it, but you know, so we download it on another machine, bonons with CD or whatever,
take it over and you run the Adawayer and spybot and you update them, make sure they
got the latest versions, run them and pretty much run, yes, everything. Now, when you're done
with spybot, what you can also do, he says trying to click on it up and find where spybot is,
there's Adawayer, where spybot is, spybot so to destroy. What you can do with spybot,
is when you run it, you've got a couple of options under the sort of advanced tab or tools
I forget where it is. It wants me to do stuff, immunize, assist, I think they call it,
in click on immunize and it comes up with unprotected, protected and total and it can
not quite sure what it, I think it blocks nasty pages and sort of cookies and stuff. I mean,
generally you just say immunize and it goes and does this weird brick wall animation stuff and says,
it's blocking cookies and stuff and it does stuff. If you go into the advanced mode, the
advanced mode of spybot is to destroy if it's more options to default mode or the,
but may also include those that will do harm to your system, whatever you see, hit yes,
and you've got other things and you can go through tools, I think it is, and then
residents and then you can turn SD helper and t-timer on and I recommend using both those.
They take a little bit of memory but the t-timer for example, the t-timer is pretty cool because
what it does is when a program tries to make itself start on boot up by putting yourself
in the registry or the startup folder or any of these things, t-timer actually pops
in and says, hang on, someone wants to do this, do you want to allow it? Get it involved teaching
the people not to just randomly, yes, on everything but it can help out a lot. It blocks browser
help objects and a bunch of things and it's pretty cool. The SD helper does blocks internet explorer
stuff which can be pretty cool. Under the i.e. tweaks we can do something that isn't actually
an i.e. only thing but we can lock the host file as readown is protection against hi-checkers.
I recommend you check that but then you can do that that can help out things as well.
You also have a bunch of other things like you can look at the system startup and look at all the
weird problems and that. Yeah, you can do stuff like that. I recommend you do it through other
things though personally but that's just me. You also have a secure shredder that you can do things
but there we go, you know, we can do that and set those tools up. So I do recommend you do that
but then you run, otherwise by what? Do everything they say. You install Clam, AV, you run that and
basically just do what it says. I mean depending on how much you know you may want to actually look
and think about it but generally just do what it tells you. Hi-check this, I said you run that,
you look at the connections and see if there's anything, all if there's anything, all you can go
and look at it. If you're that worried, rename the executable. One of these weird things, you
won't be able to delete it because it's using it but you can rename it and then when you reboot
you shouldn't be able to find itself and when you run. If you actually rename an executable
something else like .back because it's not next to you, it shouldn't be running and kind of
it stops it running. So you can do that, it does require a reboot of course.
Rooker Revealing auto runs, avoid going through so yeah run those, do stuff. Once you've done that
and hopefully we have a pretty well cleared up system, there's a bunch of other things
we can then do just generally tidy up the computer and make sure it's running okay.
You can run the download phone called C Cleaner which is crap cleaner and it tights up the crap
left on the computer, it removes temporary files and stuff like that. Download that, run it, do
what it says. Now that hopefully we've removed everything nasty and we've got a much better running
system, then you can do something like Disclean which is part of the Windows stuff. Run it anyway,
it probably won't do anything because we just run C Cleaner but hey why not, then run
scandus to make sure that this looks okay, then once you've done that de-frag, also part of
all those part of Windows, you might as well run all those and then that should hopefully be it.
I mean I'm skipping a bunch of things here, there are other things you want to run, if you know
you want to make sure they've got, make sure they've got a firewall and a bunch of things like that,
but this is generally stuff that fixes most of the stuff for them. I run a bunch of more stuff
for my Windows machine because I'm just like that, I've got a lot of things, he says randomly
clicking through, but that hopefully should be enough. I mean I said remind them you cannot
guarantee it if things have been removed because the only way to do that is to reinstall it from
scratch. Anyway, that's about it, I'm going to stop writing now. I hope you enjoyed this
rather impromptu episode of Hacker Public Radio. Hopefully over the next week I'm going to try
and reinstall a bunch of onto my machine after I've backed up, which doesn't help that my DVD
drives packed up and I'm too broke to actually buy a new one and yeah it's a long story of
whiny, whiny, don't want to bore you with my details. But hopefully we'll get this all sorted out
soon and I'll be back to using our door and actually having things run properly and fantastically
and sound better and everything and so on and so forth. But until then, this has been Soak
and you've been listening to Hacker Public Radio. Thank you for listening to Hacker Public Radio.
HPR is sponsored by Carol.net so head on over to C-A-R-O dot-E-T for all of those games.