Re: Beware! spyware on windows update

Shenan,

What is the best way to delete the Alcxmntr.exe file?

Thanks for the great information below, I have already been applying these
and I am seeing improvements.

CR

"Shenan Stanley" wrote:

steveinicks wrote:
I just downloaded a driver for my Realtec AC/97 audio control from
Microsoft Windows Update and it installed spyware on my computer.

Name AlcxMonitor
Command Alcxmntr.exe
Status X
Description Realtek AC97 Audio - Event Monitor. "Sypware" file used
surreptitiously monitor one's actions. It is not a sinister one, like
remote control programs, but it is being used by Realtek to gather
data about customers

Think about that next time you check the "Always trust content from
Microsoft" box.

You download your hardware drivers from Microsoft?
Bad idea initially.

Not that it would save you in this case, as probably (if it is Realtek doing
the monitoring) the driver (the proper driver) from the Realtek site would
contain the same software - however, you should get the hardware driver from
the original manufacturer, not Microsoft. Why wouldn't you go straight to
the source - they made the product, then they likely know what it needs
better than the Microsoft approved version.

*WARNING* This is a LONG spill, all in plain text and simplified so that
even non-techs should be able to understand it. Hopefully this will
assist some people in not only repairing their systems, but in making
them faster and more stable tools for them to use. It contains advice
on many things, many considered "common knowledge" to 'IT' people
everywhere. It is split into major sections, hopefully this will make
it easier to navigate. *WARNING*

Suggestions on what you can do to secure/clean your PC. Every attempt
has been made to be general and an assumption of a "Windows" operating
system is made here as well - although in some ways, this could be
adapted to any OS.


GENERAL UPKEEP AND CLEANUP
--------------------------

You should periodically defragment your hard drives as well as check them
for errors. Only defragment after you have cleaned up your machine of
outside parasites and never defragment as a solution to a quirkiness in
your system. It may help speed up your system, but it should be clean
before you do this one.

How to Defragment your hard drives
http://support.microsoft.com/?kbid=314848

How to scan your disks for errors
http://support.microsoft.com/?kbid=315265

How to use Disk Cleanup
http://support.microsoft.com/?kbid=310312

You should also empty your Internet Explorer Temporary Internet
Files and make sure the maximum size for this is small enough not to cause
trouble in the future. Empty your Temporary Internet Files and shrink the
size it stores to a size between 10MB and 360MB..

- Open ONE copy of Internet Explorer.
- Select TOOLS -> Internet Options.
- Under the General tab in the "Temporary Internet Files" section, do the
following:
- Click on "Delete Cookies" (click OK)
- Click on "Settings" and change the "Amount of disk space to use:" to
something between 10MB and 360MB. (Betting it is MUCH larger right
now.)
- Click OK.
- Click on "Delete Files" and select to "Delete all offline contents"
(the checkbox) and click OK. (If you had a LOT, this could take 2-10
minutes or more.)
- Once it is done, click OK, close Internet Explorer, re-open Internet
Explorer.

Uninstall any software you no longer use or cannot remember installing
(ask if it is a multi-user PC) - but only if you are sure you do not
need it and/or you have the installation media around to reinstall if
you need to. http://snipurl.com/8v6b may help you accomplish this.

If things are running a bit slow or you have an older system
(1.5GHz or less and 256MB RAM or less) then you may want to look into
tweaking the performance a bit by turning off some of the memory
using Windows XP "prettifications". The fastest method is:

Control Panel --> System --> Advanced tab --> Performance section,
Settings button. Then choose "adjust for best performance" and you
now have a Windows 2000/98 look which turned off many of the annoying
"prettifications" in one swift action. You can play with the last
three checkboxes to get more of an XP look without many of the
other annoyances. You could also grab and install/mess with one
(or more) of the Microsoft Powertoys - TweakUI in particular:

http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx

You should also verify that your System Restore feature is enabled and
working properly. Unfortunately, if seems to have issues on occasion,
ones that can easily be avoided by turning off/on the system restore and
make a manual restoration point as one of your periodic maintenance tasks.
This is particularly important right before installing something major
(or even minor if you are unsure what it might do to your system.)
(This, of course, will erase any previous restore point you have.)

Turn off System Restore.
http://support.microsoft.com/?kbid=310405

Reboot.

Turn on System Restore.
http://support.microsoft.com/?kbid=310405

Make a Manual Restoration Point.
http://snipurl.com/68nx

Also, you should look into backing up your valuable files and folders.
http://support.microsoft.com/?kbid=308422

And keep your original installation media (CDs, disks) safe with their
CD keys and such. Make backups of these installation media sets as
well and always use strong passwords. Good passwords are those that
meet these general rules (mileage may vary):

Passwords should contain at least six characters, and the character
string should contain at least three of these four character types:
- uppercase letters
- lowercase letters
- numerals
- nonalphanumeric characters (e.g., *, %, &, !)

Passwords should not contain your name/logon name.


UPDATES and PATCHES
-------------------

** Side Note: *IF* you are about to install Service Pack 2 (SP2) for
Windows XP, I suggest you clean up your system first. Uninstall any
applications you do not use. Update any that you do. Download the
latest drivers for your hardware devices. Defragment and run a full
CHKDSK on your hard drives. Scan your system and clean it of any
Spyware/Adware/Malware and for Viruses and Trojans. Below you will
find advice and links to applications that will help you do all of
this. If this advice helps you, please - pass it on. Print it,
email it, forward it to anyone you think it might help. A little
knowledge might help prevent lots of trouble.

This one is the most obvious. There is no perfect product and any company
worth their salt will try to meet/exceed the needs of their customers and
fix any problems they find along the way. I am not going to say Microsoft
is the best company in the world about this but they do have an option
available for you to use to keep your machine updated and patched from
the problems and vulnerabilities (as well as product improvements in some
cases) - and it's free to you.

Windows Update
http://windowsupdate.microsoft.com/

Go there and scan your machine for updates. Always get the critical ones as
you see them. Write down the KB###### or Q###### you see when
selecting the updates and if you have trouble over the next few days,
go into your control panel (Add/Remove Programs), match up the latest
numbers you downloaded recently (since you started noticing an issue) and
uninstall them. If there was more than one (usually is), install them back
one by one - with a few hours of use in between, to see if the problem
returns. Yes - the process is not perfect (updating) and can cause trouble
like I mentioned - but as you can see, the solution isn't that bad - and is
MUCH better than the alternatives.

Windows is not the only product you likely have on your PC. The
manufacturers of the other products usually have updates as well. New
versions of almost everything come out all the time - some are free, some
are pay - some you can only download if you are registered - but it is best
to check. Just go to their web pages and look under their support and
download sections. For example, for Microsoft Office update, you should
visit:

Microsoft Office Updates
http://office.microsoft.com/
(and select "downloads")

You also have hardware on your machine that requires drivers to interface
with the operating system. You have a video card that allows you to see on
your screen, a sound card that allows you to hear your PCs sound output and
so on. Visit those manufacturer web sites for the latest downloadable
drivers for your hardware/operating system. Always (IMO) get the
manufacturers hardware driver over any Microsoft offers. On the Windows
Update site I mentioned earlier, I suggest NOT getting their hardware
drivers - no matter how tempting. First - how do you know what hardware
you have in your computer? Invoice or if it is up and working now - take
inventory:

Belarc Advisor
http://belarc.com/free_download.html

Once you know what you have, what next? Go get the latest driver for your
hardware/OS from the manufacturer's web page. For example, let's say you
have an NVidia chipset video card or ATI video card, perhaps a Creative
Labs sound card or C-Media chipset sound card...

NVidia Video Card Drivers
http://www.nvidia.com/content/drivers/drivers.asp

ATI Video Card Drivers
http://www.atitech.com/support/driver.html

Creative Labs Sound Device
http://us.creative.com/support/downloads/

C-Media Sound Device
http://www.cmedia.com.tw/e_download_01.htm

As for Service Pack 2 (SP2) for Windows XP, Microsoft has made this
particular patch available in a number of ways. First, there is the
Windows Update web page above. Then there is a direct download site
and finally, you can order the FREE CD from Microsoft.

Direct Download of Service Pack 2 (SP2) for Windows XP
http://snipurl.com/8bqy

Order the Free Windows XP SP2 CD
http://snipurl.com/8umo

Microsoft also have a bunch of suggestions, some similar to these,
on how to better protect your Windows system:

Protect your PC
http://www.microsoft.com/security/protect/


FIREWALL
--------

Let's say you are up-to-date on the OS (operating system) and you have
Windows XP.. You should at least turn on the built in firewall. That will
do a lot to "hide" you from the random bad things flying around the
Internet. Things like Sasser/Blaster enjoy just sitting out there in
Cyberspace looking for an unprotected Windows Operating System and jumping
on it, doing great damage in the process and then using that Unprotected OS
to continue its dirty work of infecting others. If you have the Windows XP
FW turned on - default configuration - then they cannot see you! Think of
it as Internet Stealth Mode at this point. It has other advantages, like
actually locking the doors you didn't even (likely) know you had. Doing
this is simple, some helpful tips for the SP2 enabled firewall can be found
here:

http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx

If you read through that and look through the pages that are linked from it
throughout - I think you should have a firm grasp on the basics of the
Windows XP Firewall as it is today. One thing to note RIGHT NOW - if you
have AOL, you cannot use this nice firewall that came with your system.
Thank AOL, not Microsoft. You HAVE to configure another one.. So we
continue with our session on Firewalls...

But let's say you DON'T have Windows XP - you have some other OS like
Windows 95, 98, 98SE, ME, NT, 2000. Well, you don't have the nifty built in
firewall. My suggestion - upgrade. My next suggestion - look through your
options. There are lots of free and pay firewalls out there for home users.
Yes - you will have to decide on your own which to get. Yes, you will have
to learn (oh no!) to use these firewalls and configure them so they don't
interfere with what you want to do while continuing to provide the security
you desire. It's just like anything else you want to protect - you have to
do something to protect it. Here are some suggested applications. A lot of
people tout "ZoneAlarm" as being the best alternative to just using the
Windows XP FW, but truthfully - any of these alternatives are much better
than the Windows XP FW at what they do - because that is ALL they do.

ZoneAlarm (Free and up)
http://snipurl.com/6ohg

Kerio Personal Firewall (KPF) (Free and up)
http://www.kerio.com/kpf_download.html

Outpost Firewall from Agnitum (Free and up)
http://www.agnitum.com/download/

Sygate Personal Firewall (Free and up)
http://smb.sygate.com/buy/download_buy.htm

Symantec's Norton Personal Firewall (~$25 and up)
http://www.symantec.com/sabu/nis/npf/

BlackICE PC Protection ($39.95 and up)
http://blackice.iss.net/

Tiny Personal Firewall (~$49.00 and up)
http://www.tinysoftware.com/

That list is not complete, but they are good firewall options, every one of
them. Visit the web pages, read up, ask around if you like - make a
decision and go with some firewall, any firewall. Also, maintain it.
Sometimes new holes are discovered in even the best of these products and
patches are released from the company to remedy this problem. However, if
you don't get the patches (check the manufacturer web page on occasion),
then you may never know you have the problem and/or are being used through
this weakness. Also, don't stack these things. Running more than one
firewall will not make you safer - it would likely (in fact) negate some
protection you gleamed from one or the other firewalls you run.
.

Loading