Defending your computer against worms and viruses

Fahim

Mad coder, lazy writer
Super Member
Registered
Joined
Jan 3, 2006
Messages
1,701
Reaction score
95
Location
Sri Lanka
Website
www.farook.org
Anya Smith said:
LOL, I don't know how to download anything. I'll stay with AntiVir, but thanks Fahim. You're so helpful.:)

You're welcome :) And if you really want to give AVG a try, I can walk you through the steps since they're rather straightforward. But AntiVir will do the job too - I liked it and used it for some time. Can't remember why I switched to AVG ... but I tend to be picky and want a certain mix of features :p
 

BardSkye

Barbershoppin' Harmony Whore
Kind Benefactor
Super Member
Registered
Joined
May 2, 2006
Messages
2,522
Reaction score
1,009
Age
68
Location
Calgary, Canada
I worked from home yesterday and exchanged e-mails with a co-worker about it. Basically, I sent an attachment of some sketches, he replied saying, "We like number three." No attachments, nothing, just my original message included in the reply.

Since then that same message has arrived in my inbox 36 times and my Easy Photo Launch Pad that comes up on my screen when loading has changed in size and shape and doesn't show the buttons it normally does.

I've run a spyware scan and two virus scans without finding anything. My e-mail whitelist lets it through because it's coming from someone on my list. I know the computers at work all have AVG; I'm running AVG's SOHO edition but I'm running it on one with Windows 98 still installed. (The Easy Photo I use won't work on my other computer, which has XP.)

Has anyone come across something like this? Would it be a problem on my end or from the other end?

Thanks
 

BardSkye

Barbershoppin' Harmony Whore
Kind Benefactor
Super Member
Registered
Joined
May 2, 2006
Messages
2,522
Reaction score
1,009
Age
68
Location
Calgary, Canada
An amendment to my post up above: the problem is on the co-worker's end. Apparently his outbox sometimes gets a message stuck and unless he manually removes it, just keeps sending it out at half-hour intervals.
 

Lance_in_Shanghai

Super Member
Registered
Joined
Sep 30, 2006
Messages
216
Reaction score
8
May I regress back to the original mention of the issue for James D. MacDonald above? I notice that victoriastrauss suggested he not give up and (I paraphrase) "run this, download that". Sometimes, as I suspect was the case for J.D.Mac, the malware damageded data even at the format level and the computer may not be able to run anything or even startup correctly. Often a technician will try to format but, no-go. Then he says "buy a new hard drive". But one may often debug a hard drive and the drive will be virtually like new again except for the one annoying trait that it is a blank slate. This is no fix for a BIOS level invasion but it will often get one past the suggestion of spending 200 bills for a hard drive instead of debugging, partitioning and formatting the existing drive. The process is seldom mentioned in any quickie course on computer maintenance but that doesn't mean it is without merit. I have used this process many times in the dark old days of Windows 95 and 98 and I even tried this on a recently built Windows XP box and it worked fine but that doesn't mean it will work on all hardware. It is worth a try before buying a new drive. LET ME MENTION AGAIN THAT THIS PROCESS WILL ERASE ALL DATA, EVEN TO THE LEVEL THAT THE CIA PROBABLY COULD NOT RECOVER IT. Therefore, it is only a solution that keeps you from throwing the drive out the third floor window. The debug command should be on the Windows XP CD but you will need to get your local geek to help you find it. Try looking in "Documents and Settings\Administrator\debug" or thereabouts. It runs in the geeky command prompt mode so don't expect anything with cozy pictures. If your computer has a floppy drive, go to this page to make a diagnostics disk and use the debug command:

http://english.ecv.vg/WinTech/Debug.html

NOTE: Use these instructions at your own risk. The provider of these instructions assumes no responsibility for your computer hardware or data.
 

Deleted member 42

Lance_in_Shanghai said:
May I regress back to the original mention of the issue for James D. MacDonald above? I notice that victoriastrauss suggested he not give up and (I paraphrase) "run this, download that". Sometimes, as I suspect was the case for J.D.Mac, the malware damageded data even at the format level and the computer may not be able to run anything or even startup correctly.

Go back and reread the initial post.

It was posted by Victoria as a repost, as a stickie, because Macdonald initially posted the list of free software elesewhere.

It's a resource post; it's not an actual user with a problem.
 
Last edited by a moderator:

Art

McAfee Antivirus Software

Surprised McAfee antivirus software has not been mentioned here. I used it on my laptop last year at the University of Cape Town where it was a free download on the UCT intranet.

Now this year on my desktop computer I am using McAfee VirusScan Plus 2007 without any problems. It is the 'three in one protection' package which is easy to load and use even for the novice. Just remeber to delete any previous antivirus software before you load it onto your machine. It is not a memory hog either, my same laptop is using it as well. Everyday it updates itself once in the background whilst I am working.

Art
 

Lycius

Super Member
Registered
Joined
Mar 27, 2007
Messages
221
Reaction score
9
Location
Seattle, WA
Website
brynsaar.com
Undisputed Fact: The only computer that is completely safe from remote attack is one that is NOT on the internet.

The best defense against worms/malware/spyware is free.

Common Sense


If you don't know who it's from. Delete it!

If you get an email from someone you do know and it's got a subject that is complete gibberish or horribly mangled spelling. Delete it!

Absolutely do NOT open attachments unless you trust the sender completely. Just because it's your friend doesn't mean they didn't open an email called "Foto!" and infect themselves.

When you surf the net do not install ActiveX controls unless you know what they are and trust the site. If that means you can't see that awesome flash hentai then so be it.

Don't blanket allow cookies. Customize your cookie settings to prompt before writing them to your system.

Have an Anti-virus program installed but you do not have to have it running 24/7. Update it weekly but leave it off unless you have common sense issues. Anti-virus programs on the whole are incredible resource hogs and will greatly impact the performance of your system.

The ONLY "Spyware removal" tools I personally use or would suggest installing on a computer are Ad-Aware SE and SpybotSD 1.4. In my experience, 10 years or so of supporting end users, these are the only trustworthy applications for removing spyware.

Treat anyone other than you who touches your computer as a hostile user. You can not be sure that anyone else didn't go to suspect websites and install activeX controls etc. If it's your work computer then I personally would not allow anyone other than myself to touch it. Buy a "Family" computer for the kids and or spouse to use. Your work system is just that.

As far as firewalls go. Get a router and contact the manufacturer's support and have them walk you through securing your home network. Software firewalls are great and all but in my experience they are far more annoying than is required. Anyone that can get through your NAT will not be slowed by ZoneAlarm.

Take a computer course and learn to use your computer. It's NOT a Playstation and you actually need to expend some brainpower to learn the ins and outs of computer use. You don't just go buy a car and jump in when you're 16. You learn to drive first. A computer is the same thing, it just doesn't weigh 2500 pounds.
 

Lycius

Super Member
Registered
Joined
Mar 27, 2007
Messages
221
Reaction score
9
Location
Seattle, WA
Website
brynsaar.com
I am currently fighting what seems to be spyware that sends my browser or a pop up to adult friend finder or sysprotect. I am running spybot, adaware and MS windowx spyware detector and still not getting it. Any ideas? Is it not spyware after all but something else?

This still giving you fits?
 

RichHelms

@BookTrailer101
Super Member
Registered
Joined
Feb 10, 2007
Messages
124
Reaction score
2
Location
Sunderland, Ontario
Website
booktrailer101.info
If you are running Windows XP, it nicely backs up the installation information on applications so that after you delete your problem program with Spybot or such, it will nicely reinstall it for you on reboot.

The only way to defeat this is to get spybot to current version, turn off the restore system and boot in safe mode. Then run Spybot (or Ad-aware) and let it delete the application.

To turn off system restore, goto Start/Control Panel/System
System Restore tab and remove check box to turn off system restore.

See how Windows helps us?
 

Lycius

Super Member
Registered
Joined
Mar 27, 2007
Messages
221
Reaction score
9
Location
Seattle, WA
Website
brynsaar.com
That's not how System restore works.

It will not restore anything unless you actively restore your computer to a state it was in previously.

Unless you know what you are doing, absolutely DO NOT disable system restore. That could very well be the difference between you being able to fix a major issue in 5 minutes and having to pay someone to recover your work that you probably haven't backed up recently.
 

ChunkyC

It's hard being green
Kind Benefactor
Super Member
Registered
Joined
Feb 11, 2005
Messages
12,297
Reaction score
2,135
Location
trapped between my ears
Actually, Rich is right. Under certain circumstances, XP's system restore will 'silently' replace system files that it thinks have been altered. Virus writers have been known to take advantage of this. The trick they use is to convince XP that the malware version of a file is the right one, so if your AV program subsequently finds it and quarantines it, XP then puts the 'dirty' file right back upon reboot -- unless you disable system restore, then run your AV program and eliminate the malware completely. Once your system is clean, then you can re-enable system restore.

See this article from TrendMicro.

And this from Symantec:
Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.
Quoted page is here.
 

Lycius

Super Member
Registered
Joined
Mar 27, 2007
Messages
221
Reaction score
9
Location
Seattle, WA
Website
brynsaar.com
True but we're talking to people who don't have much knowledge on how this stuff works. Rich made it seem like Windows will just automatically fix installation files on reboot and in most circumstances that is not the case.

"Start in last known configuration that worked" has saved my ass a few times though ;)
 

RichHelms

@BookTrailer101
Super Member
Registered
Joined
Feb 10, 2007
Messages
124
Reaction score
2
Location
Sunderland, Ontario
Website
booktrailer101.info
Lycius

True. I should rephrase my reply. If you delete a virus/worm with an anti-virus or spyware removal program and as soon as you reboot it is back, the system restore can be the problem. I found this especially true in spyware and malware.
 

Lycius

Super Member
Registered
Joined
Mar 27, 2007
Messages
221
Reaction score
9
Location
Seattle, WA
Website
brynsaar.com
That, I agree with, but it's normally for the really nasty crap that you really need to format for anyway. There are some virii out there that can survive a format from what I've heard.
 

stormie

storm central
Super Member
Registered
Joined
Feb 12, 2005
Messages
12,500
Reaction score
7,162
Location
Still three blocks from the Atlantic Ocean
Website
www.anneskal.wordpress.com
Just at thought:
I haven't seen this mentioned, but here's something to try if there seems to be a virus imbedded in the computer and anti-virus software isn't taking care of it.

Go to "Start," then "Run." Type in "msconfig" (w/out the quotes). Click on the "Start Up" tab. At the same time, on another computer nearby, or if possible, the same computer, go here. In the search box at that site, type in the command or data you see in the (infected computer's) Start Up list that looks suspicious. There's a key that tells you if it's a virus or not. After you uncheck any boxes that show a virus, click "apply," and leave it in "Selective Start-up." I did this with my ancient Windows ME and it's still (fingers crossed ) running. I've also done this on two other computers, too, and it's fine.

I did this with my son's computer when nothing--not up-to-date anti-virus software, Spybot, Ad-aware, etc,--worked. What I did above, finally did the trick.
 

vanessabrooks

Registered
Joined
Apr 11, 2007
Messages
28
Reaction score
2
Coming in a bit late, but adding my $.02:

One thing that wasn't mentioned was Hijack This. It's a great program that lists everything running at startup, in the background and the registry keys, etc. It's not a tool for stopping and preventing infection, but it's a great resource if you get to the point where you are infected. (Or just want to get rid of some annoying little buggers that run at startup and hog resources.)

A Word of Caution: You do not want to delete and fix things with HijackThis if you do not know what you are doing. Some programs are required and can damage your PC if removed. Startup List (pointed to above) is a good place that will give you a general idea of what can be deleted.

There are several good, reputable tech support sites that have volunteers who can assist you with HijackThis: Tech Support Forum and Tech Support Guy are two that immediately come to mind. (No, I'm not a volunteer over there, but they've both been extremely helpful in cleaning up an end-user's PC after it's been infected; it's a big time saver as opposed to reimaging the PC and reinstalling and configuring department specific application software.)
 

NickDangr

Super Member
Registered
Joined
May 11, 2005
Messages
665
Reaction score
153
Location
West Coast of FL
Late Addition

Just a note - there's actually a handy, free tool, available from Microsoft called Process Explorer, where you can pretty easily right-click questionable programs and google them to find out what they're about.

If you do a google search for "microsoft process explorer" you'll find it.

Anyway - I've found it helpful for finding items that are running, where I question what they are.

If you're not techy savvy - its a run once, look at it and say neat, and delete it. If you are, it can be a really handy tool.

Regards

Ben
 

Stijn Hommes

Know what you write...
Super Member
Registered
Joined
Aug 3, 2006
Messages
2,309
Reaction score
128
Location
Netherlands
Website
www.peccarymagazine.5u.com
I use AVG Anti-Virus (the free edition) and I update it whenever I switch on my computer automatically. There's always a way to fix an infection, so I usually recommend people not to trash or reformat their harddrive unless it's a last resort. Always try the easy stuff first. Of course, most people who say trashing is the solution don't have backups...
 

goldhawk

Registered
Joined
Nov 13, 2007
Messages
15
Reaction score
0
Location
The Great White North
Absolutely do NOT open attachments unless you trust the sender completely. Just because it's your friend doesn't mean they didn't open an email called "Foto!" and infect themselves.

Do not open any attachments unless you asked for it; that is, you sent an email specifically for it. If in doubt, sent an email asking if the sender truly sent it.

When you surf the net do not install ActiveX controls unless you know what they are and trust the site. If that means you can't see that awesome flash hentai then so be it.

Disable ActiveX and Java. Better yet, use Firefox or Opera as your browser; they don't understand ActiveX. But do disable Java in them. And they're free.

Take a computer course and learn to use your computer. It's NOT a Playstation and you actually need to expend some brainpower to learn the ins and outs of computer use. You don't just go buy a car and jump in when you're 16. You learn to drive first. A computer is the same thing, it just doesn't weigh 2500 pounds.

A computer is a tool; and like all tools, it needs its care and maintenance. If you're using a computer to write, then give it the care it needs to perform as you expect it to do.

Also, make nice to your geeky friends. A lot of your computers problems can be solved with a few beer and an afternoon of putting up with their ramblings :)
 

eodmatt

Super Member
Registered
Joined
Nov 8, 2007
Messages
108
Reaction score
26
Location
Hampshire, UK
I use AVG Anti-Virus (the free edition) and I update it whenever I switch on my computer automatically. There's always a way to fix an infection, so I usually recommend people not to trash or reformat their harddrive unless it's a last resort. Always try the easy stuff first. Of course, most people who say trashing is the solution don't have backups...

I concur with your advice about not formatting drives. And there a number of free recovery programs around that will help you recover lost data post - attack.

http://free-backup.info/data-recovery-software.htm
http://www.thefreecountry.com/utilities/datarecovery.shtml

Of course the best defence against lost data is to back your files up regularly - although no one ever mentions that it is possible to back up viruses etc with data!

And so for the latest virus / malware weapon, try this free program, It's from Comodo: http://www.comodo.com/boclean/boclean.html
 

Puma

Retired and loving it!
Super Member
Registered
Joined
Apr 21, 2006
Messages
7,340
Reaction score
1,535
Location
Central Ohio
Original Recs Still Applicable?

Hi - I'm going to need to update my AV protection soon and I want to make sure I get what is best for me and my computer. I've had problems in the past and some major virus issues (took over a month to get things cleaned up last winter) so I'm particular. I've been through Norton, McAffee, Trend Micro and had issues with all of them. So, my question, for a regular PC (not Mac), Windows XP, Windows Firewall, firewall on our router - is the original list that was posted in this thread still considered what's best? Thank you very much for any input. I certainly don't want to go through the problems I had last year again. Puma

Turn off System Restore.

Then:

Run TrendMicro Housecall
http://housecall.trendmicro.com/

Download and install:

ZoneAlarm Firewall
http://www.download.com/3000-2092-10039884.html

Download and run:

AVG AntiVirus
http://free.grisoft.com/freeweb.php/doc/2/

Download and run:

AdAware SE:
http://www.lavasoftusa.com/software/adaware/

Download and run:

Spybot S&D:
http://www.safer-networking.org/

Download and run:

Spyware Blaster:
http://www.javacoolsoftware.com/spywareblaster.html

Download and run:

Windows Defender Beta 2:
http://www.microsoft.com/athome/sec...re/default.mspx

Download and install:

All Windows Updates.

All of the above programs are FREE. Yes, this can be time-consuming. Cheaper and faster than trashing your computer and everything on your hard drive, though.

Add to this:

Tuneup Utilities 2006:
http://www.tune-up.com/

This is 30-day trialware. Use it to clean up your disk and your registry after you've cleaned out the viruses/trojans/spyware.
 

Matera the Mad

Bartender, gimme a Linux Mint
Super Member
Registered
Joined
Jan 6, 2008
Messages
13,979
Reaction score
1,533
Location
Wisconsin's (sore) thumb
Website
www.firefromthesky.org
Avast is good. I put it on one computer at work. Use its screensaver to scan whenever you take a break. The other work computer has Avira, slightly naggy but easy to get along with and quite on the ball. As for firewalls, I've had some issues with Zone Alarm from time to time. Recently had to clean it out of a computer in which it had gotten futzed up and left a complaining mess that could be neither uninstalled nor re-installed. Ugh. No recommendation from me on that one. I install the old free Kerio Perfect Firewall a lot. At home I am stuck with Comodo because my new system is 64-bit. I don't use any of the MS stuff, just personal taste I s'pose. It would probably nuke some of my other good freeware anyway lol

I used to recommend AVG, but it has gotten so almighty bloated *rolls eyes*.
 

stormie

storm central
Super Member
Registered
Joined
Feb 12, 2005
Messages
12,500
Reaction score
7,162
Location
Still three blocks from the Atlantic Ocean
Website
www.anneskal.wordpress.com
I still like AVAST (avast.com) free home version. Have it running on several computers for two+ years now.

And I like Spybot Search and Destroy the best for seeking out spyware. And it too is free.

I found Norton to be horrible in leaving stuff all over the place. In fact, once you give Symantec (Norton) your charge card, then try to stop the renewals, they say they can't. I've had to dispute it and I've had to cancel a charge card over it.
 
Last edited:

redcedar

Registered
Joined
Oct 17, 2009
Messages
16
Reaction score
2
Website
juniper.dreamwidth.org
I found Norton to be horrible in leaving stuff all over the place. In fact, once you give Symantec (Norton) your charge card, then try to stop the renewals, they say they can't. I've had to dispute it and I've had to cancel a charge card over it.

Caveat Emptor: I had a similar problem with TrendMicro, though in my case, they said they'd canceled the renewal, and then charged me anyway. I disputed the charges, got them reversed, and then they billed me *again*. Eventually, I had to fax a copy of the email confirmation they'd sent me when I originally cancelled to my credit card company, which wasted a number of hours of my time.

(The fact that they were charging me for renewal on a computer with a dead hard drive - nothing more secure against new viruses than that! - was particularly irritating.)