How do you get rid of "Cain&Abel" spyware?

Question

It's been a month now since I have been getting this "Cain&Abel" every after I do my spyware scan. When I delete it and scan it again, it does not come back. But after a few minutes of using the internet, when I scan it again, it comes back. I don't know if my computer has indeed been infected or not. What damage can this spyware do to my computer? I understand it's a password hacking tool. How can I get rid of it? I have noticed that my system has been acting pretty slow lately and has been responding real slow. Do you think it would help if I would reformat my computer by reinstalling my operating system? I know that would mean starting from scratch, but I would do that if that would help the problem. I have been using the Norton Antivirus and it claimed that it protects me from spyware, but my other spyware software was the one that detected it, not the Norton. I need help. What should I do? I want to get rid of it. How will I know if my computer has indeed been infected? Thanks!

Answer 1

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users.

Cain & Abel has been developed in the hope that it will be useful for network administrators, teachers, security consultants/professionals, forensic staff, security software vendors, professional penetration tester and everyone else that plans to use it for ethical reasons. The author will not help or support any illegal activity done with this program. Be warned that there is the possibility that you will cause damages and/or loss of data using this software and that in no events shall the author be liable for such damages or loss of data. Please carefully read the License Agreement included in the program before using it.

SOMEONE HAS HACKED YOUR COMPUTER.

Go here and learn from Kim Komando how to make a very strong password.

Now do the following steps. You can use your AS programs instead of the ones listed. I recommend you use yours plus these listed.

This procedure works for all Malware. Use any AntiVirus or AntiSpy program you choose.

Download and Update Ewido (now called the AVG Antispyware). Do not run:

http://www.ewido.net/en/download/...

Download AdAware SE and update. Do the setup. Do not run:

http://www.filehippo.com/download_ad-aware/

AdAware SE Setup:

1. Select "use custom scanning options" then select "customize". Make sure the following options are enabled: "scan within archives," "scan active processes," "scan registry," "deep scan registry," "scan my IE favorites for banned URLs," "scan my Hosts file."

2. Select the "tweak" option. Under "scanning engine," make sure "unload recognized processes and modules during scan" is enabled. Enable "scan registry for all users instead of current users."

3. Under "cleaning engine" turn on "always try to unload modules…," "during removal unload explorer and IE if necessary," "let windows remove files in use at next restart," and "delete quarantined items after restoring."

4. Use the "select drives and folders to scan" option to ensure that your entire hard drive is scanned (if you have more than one hard drive, scan all of them (of course, do not include floppy and CD/DVD).


TEMPORARILY SHOW HIDDEN FILES AND FOLDERS.

1. Click Start, and then click Control Panel.

2. Click Appearance and Themes, and then click Folder Options.

3. On the View tab, under Hidden files and folders, click "Show hidden files and folders", and clear(uncheck) the "Hide protected operating system files" check box.

IMPORTANT: Files are hidden by Windows for a very good reason. It is not wise to experiment with these files. Unfortunately, to successfully remove modern spyware we must turn this protection off temporarily. Please turn the protection back on when you have finished cleaning your system.


EMPTY INTERNET EXPLORER BROWSER CACHE:

1. On the Internet Explorer Tools menu, click Internet Options.

2. On the General tab, in the Temporary Internet Files section, click the Delete Files button. Select the Delete all offline content check box in the confirmation dialogue box that appears, click OK. Click OK again.

RESTART IN SAFE MODE:

To do this you need to hold down or repeatedly tap the F8 key while the computer is booting (when the computer is displaying a black screen with white text). When the boot menu appears, use your keyboard arrows to select "Safe Mode."

Safe Mode can look quite ugly. The color may look bad, and all of your desktop icons will be very large. This is normal.



START THE SCAN WITH YOUR ANTI-VIRUS OR ANTI-SPYWARE PROGRAM.


When the scan and removal are completed REBOOT COMPUTER. This will restart you in normal mode. DON'T FORGET TO RESET HIDDEN FILES AND FOLDERS.


NEW RESTORE POINT.

The RESTORE POINTS may be infected with the Malware and cannot be used.

HERE'S HOW:

1. Click Start, and then click Control Panel.

2. Click Performance and Maintenance, click System, and then click on the System Restore tab.

3. Select the Turn Off System Restore check box, click Apply, then restart your computer.

4. Return to the System Restore Tab and turn System Restore back on.


TO SET A NEW RESTORE POINT:

1. Click the Start button.

2. Point to Programs, then navigate to Accessories, then System Tools, then click System Restore.

3. Choose Create a restore point, and then click Next.

4. In the Restore point description box, type a name for your restore point, and then click Next.

5. Click OK.

NOTE: If you are using Windows XP Service Pack 2 (SP2) and are unable to access the Internet after removing Malware, there is a command that may fix the problem. It works by resetting the winsock catalogue. Click on Start, then Run and type CMD in the box. Click OK. Type "netsh winsock reset" (no quotes)into the DOS window that appears.


ADDITION INFORMATION ABOUT TROJANS:

There are Trojans that fall into the Smitfraud family. These require the use of a specialized program for removal. Here are two sites that specialize in removing these:

http://www.internetinspiration.co.uk/roguefix.htm

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

While you are still in Safe Mode you need to go into the User Account in the Control Panel and change the Administrators password. Then change the passwords on everythingelse you use a password. Never use the same password for everything.

Answer 2

2

Answer 3

Cain & Able is not spyware, it is a brute force password cracking tool, also commonly used for sniffing packets off the wire, can be used to crack WEP/ WPA wireless keys as well, Dump any stored passwords for later cracking, etc.

You have two possibilities here (provided you did not mistakenly install the software yourself);
1 Someone has physical access to your machine and has tried to recover a stored password on your machine (Windows, MSN, AIM...whatever) for the purpose of accessing your computer/ email accounts, etc

2 Someone has tried to break into your computer over the net, and has managed to gain sufficient rights to allow software installation (Check for hidden user accounts,firewall logs, open ports, recent use of the administrator account, MRU lists , Window logs, open regedit and look for expanded tree structures, etc) **even more disturbing would be the lack of logs, indicating they have recently been wiped**

However, the person who did this is apparently not skilled enough to hide their tracks completely, or you would never even be aware that anything was wrong. This leads me to believe that Scenario 1, is the most likely (any semi-technical siblings/ friends/ parents?)
If further investigation (esp. missing log files) turns up any more clues, your machine may have been hacked. If the person has managed to obtain administrative rights on the machine, and you have limited security experience, I would recommend a clean reinstallation of Windoze.

If investigation turns up nothing else amiss, and you are satisfied the box has not been rooted, I would run the following tools and keep a close eye on it. As well as changing all my passwords, and checking my bank account.
The tools to run would be;
http://www.filehippo.com/download_rootkit_revealer/
http://www.f-secure.com/blacklight/
These will scan for root compromise, although you may need assistance interpreting the results.
I would also run an ONLINE virus scan here (its entirely possible your local AV has been compromised as well);
http://www.trendmicro.com/hc_intro/default.asp

Or you can read thru Oddballs overly lengthy & generic "Cut n Paste Extravaganza" below : ),
↓↓↓

Answer 4

I have norton and avg and I nonetheless acquired this virus, truthfully that is hell my laptop are not able to open any techniques, all I can do is get on the net or even that's interrupted always by means of the pop-ups. Oh and to not point out all of the porn and Viagra advertisements. I suppose like simply downloading increasingly program is not going to do any well because it is already gotten beyond 2 techniques.

Answer 5

I would run a full Ad/Aware scan with the latest updated reference file. If you notice strange programs, you can proceed to gut them manually.

Most likely a homepage hijack would cause this. Also the spyware installed browser helper objects, that override the default Internet explorer settings.

A combination of ad/aware and spyboot seek and destroy, should clear the majority of the infection. But they have to be updated.

Answer 6

It could be that you allowed a program to always access you computer. So whenever you go online it gets reinstalled. Try reseting your firewall settings. This should block out anything that you might have accidentally permitted to access your computer.

Answer 7

Download yahoo toolbar with anti spy program. It worked for me. I keep the toolbar hidden till my next scan.

Answer 8

ok i think formting will be good choice cozz being in this business my prescription will be system mechanic pro and spy sweeper ...
take care nd good luck