Geeks With Blogs
Dan K Blog Grocery Geek

I had a couple recent experiences with spyware and viruses this past week.  First a neighbour with more mal-ware than real apps on his pc, and second, I had problems with popups from xlime.offeroptimizer dot com on my dev laptop.  I got hit hard with spyware on my laptop about a month ago, and removed everything else by hand using a combination of Google, Windows Task Manager, and my friend the Command Prompt. 


I went out to download a trial of the new Norton 2005 for my neighbour’s machine and after running it, I noticed it was catching spyware and viruses.  They actually give you a list after running the “virus” scan that indicates apps that may represent adware, spyware and other security vulnerabilities.  I found that while it could not remove most of the apps for me, that list printed out along with a safe-mode command prompt and RegEdit helped me clean his machine out pretty well.  I would have preferred an F-disk and a repave, but he had no backups and I was unsure of how much I trusted his Dell Restore Disk.


I have, in the past used AdAware and SpyBotSD, but my personal opinion is that these companies actually host their own approved spyware apps and ignore them in the scan.  After installing ‘ScannerA’, scanning and removing the problems ‘ScannerA’ found, then installing ‘ScannerB’, scanning and removing the problems ‘ScannerB’ found (‘ScannerB’ found a lot that ‘ScannerA’ missed )  un-install ‘ScannerA’, re-install ‘ScannerA’ and re scan with ‘ScannerB’, and a lot of the wares the ‘ScannerB’ found and removed the first time came back.  Hmmm, these “free” scanners are being paid for by someone… 


I trust Norton’s scanner a lot more, because it is *not* free and Norton has a huge reputation on the line that would take a hit if it was discovered they were not on the up and up with their scanners.  I have yet to try the Microsoft anti spyware app, and welcome any observations / comments / whatever about it. 


When it comes to using Task Manager and Google to look up running processes that I don’t recognize, Liutilities results usually top the search.  I have found that Liutilities has one of the best listings of Windows and 3rd Party apps and processes, they very clearly list the application the process belongs to, what it does, and rate it as to being something you should never delete or stop, something that is ok but not necessary, or something that may be or is known to be spyware, adware, a virus, or security vulnerabilities. 


Once I get into their site looking up apps, I usually don’t go back to Google unless it is a process that Liutilities does not know.  They also have a list of real genuine Window’s processes, and a comprehensive listing of processed known to be evil.  If you are an IT professional, or if security is a critical point in your profession, I strongly recommend Uniblue’s (LIUtilities) WinTask Professional.    


I had a much harder time removing the xlime popups from my laptop.  Through a process of Google searches, I found some help.  I searched the registry and my file system for any reference to xlime and came up empty.  I noticed the popups the first time I launched an Internet Explorer session.  (I know Firefox is the ultimate fix to this, unfortunately DesignLizard is documenting and “FlashMXing” an ASP app that *will not* run in Firefox.  See my Firefox post about this.)  I always got one or two xlimes *every* time I connected to my dialup provider (traveling or surfing at work that I do not want going thru our work network (every day almost)).  I found that the reference to xlime was actually stuck in my Internet Explorer settings. 


STEP ONE: If you go to “Tools”, and “Manage Add Ons”, showing the “add ons currently loaded in Internet Explorer” under Publisher, I found several references to ‘eXact Advertising’, and several others with a blank Publisher that had the word “Class” in the Name.  Basically I Disabled every Add On that I do not use, and those I never wanted.  (Make sure you are running this instance of IE as an account that *does* have admin privileges, or your changes *will not* be saved,  since I know we are ALL now running with the least privileged account as our every day user, RIGHT?)


STEP TWO: Remove the file that added these entries to the Add On Manager.  There is a file (usually located in C:\Windows\) called ‘localNRD.dll’.  Delete it (you may have to reboot into SAFE MODE to do this) then just check your registry for any keys that refer to the ‘localnrd.dll’ and delete or rename them.


Keep an eye on the blogs of Patrick, Robert, and Duane for great security info.  If you have another blogger that is a good reference for security related content, feel free to point me to them, and also check out Joe Stagner’s  blog and his blackbelt sessions for some top of the line security content. 


Be Safe, run as non-admin, look before you click, and download Firefox already!!!



This post talks about deleting files from C:\Windows, using RegEdit and deleting files from a Command Prompt.  If you are in any way, shape or form uncomfortable or unfamiliar with any of these operations, please *DO NOT* attempt these fixes yourself.  Find someone who is able and willing to help you, preferably someone who does not live far away in case a house call may be needed.  I am not responsible for any damage you may cause following, or mis-following these directions.  Thank you, dank



Posted on Friday, February 18, 2005 1:54 PM | Back to top

Comments on this post: Xlime, spyware, security and You!

No comments posted yet.
Your comment:
 (will show your gravatar)

Copyright © Dan K | Powered by: