CastleCops® Network Scanner

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Forum FAQ

Usergroups

Profile

Select FavForums

Network Scanner

All -> FavForums -> AntiSpyware

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

SpudR

Guest
IP: 82.1.*.*

Posted: Thu Mar 17, 2005 2:01 pm Post subject: Network Scanner

Hi Guys, Does anybody know of a good network spyware tool ? I have a network of over 100 PCs and running the usual tools on them takes forever !! Something like Ad-aware / Spybot would be ideal... Thanks i advance SpudR

IP: 82.1.*.*

Guest

Posted: Fri Mar 18, 2005 11:16 pm Post subject:

Nobody ???

TonyKlein

Site Moderator
Microsoft MVP

Joined: Oct 15, 2002
Posts: 13120
Location: Netherlands

Posted: Sat Mar 19, 2005 8:03 am Post subject:

Moved to the appropriate section _________________ Tony CLSID List

Prince_Serendip

Site Moderator

Joined: Sep 07, 2002
Posts: 17542

Posted: Sat Mar 19, 2005 1:41 pm Post subject:

Hi SpudR,

Welcome to CastleCops. Very Happy

You asked about Ad-Aware SE and Spybot Search & Destroy. Spybot S&D is completely freeware but you may need to purchase licenses for Ad-Aware SE for use on a network.

(I wrote the following for another user.)

If you want to keep adwares and spywares off your computers/network, get Lavasoft Adaware SE and Spybot Search and Destroy. <---Links provided to home sites for more info. Instructions below:

Quote:

ADAWARE SE - Removes spywares and adwares from your computer

1. Download and install Adaware SE. Direct Download provided by CastleCops. Ad-Aware Personal edition is free for non-commercial use.

If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.

2. After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.

Manually run "Ad-Aware SE Personal" and from the main screen. Click on "Check for Updates Now".

3. Look at the icons on the top right of the page and click on the ‘world’ and let AdAware update the spyware reference list (Note: Always update Adaware before you scan.)

4. Once the update is finished click on the ‘Gear’ icon (second from the left) to access the preferences/settings window

1. In the ‘General’ window make sure the following are selected with a checkmark and are green:
� Automatically save log-file
� Automatically quarantine objects prior to removal
� Safe Mode (always request confirmation)

2. Click on the ‘Scanning’ button on the left and select :
� Scan Within Archives
� Scan Active Processes
� Scan Registry
� Deep Scan Registry
� Scan my IE favorites for banned URL’s
� Scan my Hosts file
� Under ‘Click here to select drives + folders’, choose:
� All of your hard drives

3. Click on the ‘Advanced’ button on the left and select:
� Include additional file information
� Include additional object details
� Include environment information

4. Click the ‘Tweak’ button and select:
Under the ‘Scanning Engine’ be sure a checkmark is beside:

� Unload recognized processes & modules during scanning
� Scan registry for all users instead of current user only
� Obtain command line of scanned processes

Under the ‘Cleaning Engine’ be sure a checkmark is beside:

� Automatically try to unregister objects prior to deletion

� Let Windows remove files in use at next reboot

� Always try to unload modules before deletion

� During removal, unload explorer and IE if necessary

� Delete quarantined objects after restoring

5. Click on Safety Settings and select "Write-protect system files after repair (Hosts file, etc)"

6. Click on ‘Proceed’ to save the settings.

7. Click ‘Start’ and on the next screen choose ‘Activate in-depth Scan’ at the bottom of the page and then choose:

� Perform full system scan

8. Close all programs except ad-aware.

Click on "Next" in the bottom right corner to start the scan.

Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted.

After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.

Note: Virus warnings while performing a scan with Ad-Aware

While performing a scan with Ad-Aware, a background antivirus monitor may issue an alert, stating that a virus has been found in the temporary directory (%temp%) for the current user. This does not necessarily mean your computer has been infected with an active virus. Most antivirus resident scanners will not scan compressed files and only monitor your memory for the sign of an active viral process.

During a scan, Ad-Aware will temporarily decompress files to scan their contents without activating the content, but in doing so, the file is noticed by the antivirus' resident scanner. I always turn off my AV scanners whenever I do a scan with Ad-Aware SE.

Also, some antivirus applications include an option to quarantine infected files, and when Ad-Aware decompresses these quarantined files, the antivirus background scanner detects the virus moving outside the quarantine area. To avoid this you can either remove the quarantined files via your antivirus application, or have Ad-Aware ignore the antivirus program's quarantine folders/files during a scan.
----------------------------------------------------------
SPYBOT SEARCH & DESTROY - Removes spywares, spybots, and adwares

1. Next, download and install Direct Download: Spybot Search and Destroy, from CastleCops downloads section.

2. Go to Start > Programs >Spybot - Search & Destroy and open the program.

3. Close ALL windows except Spybot S&D

4. Click the button to ‘Search for Updates’ and download and install the Updates.

5. Next click the button ‘Check for Problems’

6. Items will appear with boxes with checkmarks inside them.

8. Choose ‘Fix Selected Problems’ and allow Spybot to fix the entries.

9. REBOOT

We also have Forums for both of these products if you need help.

Spybot S&D Forum

Lavasoft Ad-Aware Forum

Best regards

_________________

Microsoft MVP Consumer Security 2006, 2007 & 2008

roark510

Cadet
Cadet

Joined: Apr 05, 2005
Posts: 3
Location: USA

Posted: Thu Apr 07, 2005 5:58 pm Post subject:

I'm acutally in the process of working on a network based scanner / immunizer for my network. I've got 50+ Win2k boxes running here and am developing an 'appliance' for handling all of the tasks that I hate doing. Originally it started out as a simple script file that was supposed to scan the network for viruses that may have slipped in under the radar, but it evolved along the way. So far, it's 'working' but it's far from ready to let fly on it's own. So far it... - Scans every file on every system/drive specified for malware and deletes or quarantines bad stuff. - Checks for and auto-updates anti-virus definitions. - Remotely checks the registry for naughty BHO's, TB's etc. - Stores all of the stats in a database and is administered via a web interface. Right now I'm working on... - Remote removal of crapware and associated files from both the registry and the system. - Immunization/shielding of the system through the registry and other configuration files. One day I hope to... - Let it run unattended and only have to worry about crapware definition updates. - Share this setup with other sysadmins. One thing to bear in mind about any sort of network-based scanning system is that you must TRUST the machine and software running on it. This is why I'm rolling my own.

obiwanbenkenobi

Cadet
Cadet

Premium Member

Joined: Dec 01, 2004
Posts: 8
Location: USA

Posted: Tue Oct 11, 2005 10:26 pm Post subject: WinProxy Gateway Anti-Spyware

If you would like network level Anti-Spyware, you may want to take a look at WinProxy. You can download a fully featured 30 day trial at www.winproxy.com Click here for more information on the anti-spyware solution: http://www.winproxy.com/mktg/whitepapers/winproxy-Spyware-wp-v3.pdf

PeterGibons

Lieutenant

Premium Member

Joined: Nov 18, 2003
Posts: 211
Location: USA

Posted: Wed Nov 30, 2005 6:31 pm Post subject:

I just downloaded a thirty day trial of Pest Patrol by CA. This will allow the server to scan workstations for spyware after hours. I'll post back to let you know how it works. Peter _________________ And remember, Friday is Hawaiian Shirt Day.

Oldfrog

Special Response Team

Joined: Jun 27, 2004
Posts: 8576
Location: Deep in the Heart of Texas

Posted: Wed Nov 30, 2005 6:59 pm Post subject:

Thanks, Peter. _________________ MS MVP Security 2006-2008

	All -> FavForums -> AntiSpyware	All times are GMT
Page 1 of 1

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 172ppm 0.432s (0.062s) Making cybercriminals unhappy since 2002*