bugshaw: (Default)
Bridget ([personal profile] bugshaw) wrote2004-01-09 08:26 am
  • Add Memory
  • Share This Entry

Removing crappy spy-ware

Ok, I've ascertained that I can remove the crap with Ad-Aware, but it gets re-installed on startup.

A bit of digging finds I have a program called Watch, which I don't recognise.

Its lgc file is like this
{
o c1646160 2b200 "C:\WINDOWS\TWAIN_32\A4S2_600\WATCH.EXE"
R c1646160 0 40
R c1646160 80 f8
R c1646160 80 1e8
R c1646160 d200 1000
R c1646160 c000 1000
o c163c560 e4000 "C:\WINDOWS\SYSTEM\MFC40.DLL"
R c163c560 0 100
R c163c560 40 100
R c163c560 5346 100
R c163c560 a8 100
R c163c560 5e0b 100
etc for lots more dlls

And its ini file is like this
[Scanning Desktop]
Path=C:\MSCAN\Msoffice

[Cover Driven]
Cover Driven=Yes
Method=Close2Open
Status=Close
Timer3=500

[Show Startup Screen]
Show Startup=No

[Model Information]
Model=A4S2600
Path=A4S2_600
Driver=A4S2_600.IOB
DS=A4S2_600.DS
Info=A4S2INFO_600
Style=1200 III EP

And there is a file watch.exe in C:\WINDOWS\TWAIN_32\A4S2_600

In the absence of a Clanger, I put it to you - does this look like the source of my problems?
Flat | Top-Level Comments Only
drplokta: (Default)

drplokta

[personal profile] drplokta 2004-01-09 01:38 am (UTC)(link)
This looks to me like a program that runs in the background and listens for you to push a button on the scanner so that the PC can take the appropriate action. It shouldn't be causing a problem. Unless, of course, you don't have a scanner...

Re: drplokta

[identity profile] bugshaw.livejournal.com 2004-01-09 02:43 am (UTC)(link)
Thanks Doc - I do have a scanner. I remain suspicious of Watch.exe though as I've had the scanner for years and not used it for a month or so yet the exe is dated October 2003...

The problem I'm getting is something hijacking my browser and bring up a search page which auto-opens a page I can't close. Ad-aware found and deleted a load of links containing searchxl.com, and having done a bit more googling I'm inclined to follow the advice given here by Computercops.biz

Then I shall see if I still have the problem - ad-aware gets rid of it during a session, but I need it to stop re-installing itself on restart (and my poor slow computer needs a restart fairly often (but that's another problem)).

[identity profile] scottscidmore.livejournal.com 2004-01-09 02:04 am (UTC)(link)
Seconding the above. TWAIN is for scanner drivers, and there are several hits for that exe, such as

www.scanner-drivers.com/drivers/87/87147.htm

[identity profile] bugshaw.livejournal.com 2004-01-09 03:10 am (UTC)(link)
Ah yes, I am feeling happier about that now thanks (though I had to google on watch.exe TWAIN -shania!)

[identity profile] red-cloud.livejournal.com 2004-01-09 02:48 am (UTC)(link)
Do you know what the actual adware is? Look for suspicious values in the following Registry keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\RunOnce

(I'm running NT here - your registry might be different)

Installed anything new recently? Spyware sometimes gets installed along with something else, such as AudioGalaxy.

[identity profile] bugshaw.livejournal.com 2004-01-09 03:13 am (UTC)(link)
Yes, that's just the sort of thing Ad-Aware finds - values like searchxl.com in those keys.

The major change to my set-up in the last week has been:
i) getting braodband through Eclipse
ii) installing RealPlayer
iii) setting up the firewall
iv) installing ZoneAlarm
...

[identity profile] bellinghman.livejournal.com 2004-01-09 03:26 am (UTC)(link)
ii) installing RealPlayer

Oh no, you didn't do that, did you? I truly loathe Real, they install stuff on a system I really don't want. Stuff that seemingly cannot be disabled, stuff that insists on popping up windows, stuff that just won't go away.

Even Microsoft is (so far) less evil than Real.

[identity profile] karmicnull.livejournal.com 2004-01-09 03:44 am (UTC)(link)
I truly loathe Real
Couldn't agree more. Real Player and Quicktime are two pieces of bloatware that cause pain and anguish, do much the same thing, and are both sadly necessary because of websites that support only one or the other (BBC, Teletubbies, Tractor Tom, etc).

[identity profile] bugshaw.livejournal.com 2004-01-09 03:47 am (UTC)(link)
No, [livejournal.com profile] major_clanger did. (See how much I love you, dear? I dob you in it without a second's hesitation :-))

[identity profile] major-clanger.livejournal.com 2004-01-09 09:43 am (UTC)(link)
...and that's why I deliberately installed an old version (still available on Real's web site if you look) rather than the latest bit of bloatware. It is, as people note, a bit of a Necessary Evil if you want to view much of the video content on the Web.

MC

[identity profile] bugshaw.livejournal.com 2004-01-09 10:53 am (UTC)(link)
*removes dobbing* :-)

[identity profile] hawkida.livejournal.com 2004-01-09 03:57 am (UTC)(link)
As well as Ad-aware, find a programme called Spybot Search & Destroy. Same sort of thing but each of the two find stuff the other didn't. It's free and simple to use.
Flat | Top-Level Comments Only