PDA

View Full Version : Defending your computer against worms and viruses



victoriastrauss
03-28-2006, 08:06 PM
James D. Macdonald (http://absolutewrite.com/forums/member.php?u=10)
Your Genial Uncle
Absolute Sage

Join Date: Feb 2005
Location: New Hampshire
Posts: 4,809
http://absolutewrite.com/forums/images/reputation/reputation_pos.gifhttp://absolutewrite.com/forums/images/reputation/reputation_pos.gifhttp://absolutewrite.com/forums/images/reputation/reputation_pos.gifhttp://absolutewrite.com/forums/images/reputation/reputation_pos.gifhttp://absolutewrite.com/forums/images/reputation/reputation_pos.gifhttp://absolutewrite.com/forums/images/reputation/reputation_highpos.gifhttp://absolutewrite.com/forums/images/reputation/reputation_highpos.gifhttp://absolutewrite.com/forums/images/reputation/reputation_highpos.gifhttp://absolutewrite.com/forums/images/reputation/reputation_highpos.gifhttp://absolutewrite.com/forums/images/reputation/reputation_highpos.gifhttp://absolutewrite.com/forums/images/reputation/reputation_highpos.gif


Over on the PA boards, there's this thread:

BE CAREFUL WHAT YOU OPEN!!!!! (http://bb.publishamerica.com/viewtopic.php?t=12384)


(http://bb.publishamerica.com/viewtopic.php?t=12384)

UNFORTUNATELY MY WIFE OPENED E-MAILS FROM THE SCAM ARTISTS CLAIMING YOU HAVE WON A MAJOR LOTTERY. WE WON SOMETHING FOR SURE. A WORM THAT IS EMBEDDED ON MY COMPUTERS HARD DRIVE THAT DEVOURS FILES. THE ONLY FIX IS TO REPLACE THE HARD DRIVE OR TRASH THE COMPUTER. I'M THANKFUL I HAD BACK UP DISCS IN PLACE FOR MY SECOND BOOK WHICH IS A LITTLE OVER HALF COMPLETE. BE CAREFUL GUYS AND GALS ONLY OPEN MAIL FROM SENDERS YOU KNOW YOU CAN TRUST.


Please tell this person NOT TO TRASH HIS HARD DRIVE JUST YET!


If you are this person's friend, please tell him to do the following:

Turn off System Restore.

Then:

Run TrendMicro Housecall http://housecall.trendmicro.com/

Download and install:

ZoneAlarm Firewall http://www.download.com/3000-2092-10039884.html

Download and run:

AVG AntiVirus http://free.grisoft.com/freeweb.php/doc/2/

Download and run:

AdAware SE: http://www.lavasoftusa.com/software/adaware/

Download and run:

Spybot S&D: http://www.safer-networking.org/

Download and run:

Spyware Blaster: http://www.javacoolsoftware.com/spywareblaster.html

Download and run:

Windows Defender Beta 2: http://www.microsoft.com/athome/sec...re/default.mspx (http://www.microsoft.com/athome/security/spyware/software/default.mspx)

Download and install:

All Windows Updates.

All of the above programs are FREE. Yes, this can be time-consuming. Cheaper and faster than trashing your computer and everything on your hard drive, though.

Add to this:

Tuneup Utilities 2006: http://www.tune-up.com/

This is 30-day trialware. Use it to clean up your disk and your registry after you've cleaned out the viruses/trojans/spyware.

I do not have any personal stake in any of those programs.

There's one more that I recommend. My personal interest in this is that I know the guy who wrote it. This is shareware (I don't make a dime on it, though):

Greyware Registry Rearguard (GRR): http://www.greyware.com/software/grr/

Shareware, like I said, but it doesn't expire even if you don't pay for it.


IF YOU'RE RUNNING A WINDOWS MACHINE, DO ALL OF THIS STUFF NOW, BEFORE YOUR COMPUTER DIES. DO NOT RUN A MACHINE ON THE INTERNET THAT DOESN'T HAVE SERIOUS ANTI-VIRUS/ANTI-SPYWARE/FIREWALL PROTECTION.
__________________



Books for Writers (http://www.sff.net/featuredesk/onwriting/books.asp)







http://absolutewrite.com/forums/images/statusicon/user_offline.gif http://absolutewrite.com/forums/images/buttons/reputation.gif (http://absolutewrite.com/forums/showpost.php?p=543543&postcount=2044#) http://absolutewrite.com/forums/images/buttons/report.gif (http://absolutewrite.com/forums/report.php?p=543543) http://absolutewrite.com/forums/images/buttons/ip.gif (http://absolutewrite.com/forums/postings.php?do=getip&p=543543) http://absolutewrite.com/forums/images/buttons/edit.gif (http://absolutewrite.com/forums/editpost.php?do=editpost&p=543543) http://absolutewrite.com/forums/images/buttons/quote.gif (http://absolutewrite.com/forums/newreply.php?do=newreply&p=543543) James D. Macdonald
View Public Profile (http://absolutewrite.com/forums/member.php?userid=10)
Send a private message to James D. Macdonald (http://absolutewrite.com/forums/private.php?do=newpm&userid=10)
Send email to James D. Macdonald (http://absolutewrite.com/forums/sendmessage.php?do=mailmember&u=10)
Visit James D. Macdonald's homepage! (http://www.sff.net/people/doylemacdonald)
Find More Posts by James D. Macdonald (http://absolutewrite.com/forums/search.php?do=finduser&userid=10)
Add James D. Macdonald to Your Buddy List (http://absolutewrite.com/forums/profile.php?do=addlist&userlist=buddy&u=10)

L M Ashton
03-30-2006, 09:32 AM
One comment to add...

If your anti-spyware, anti-virus, anti-whatever software doesn't have updated anti-virus or anti-whatever definitions, then it'll only catch those viruses that are older than when your most recent definitions are created.

Consider that 1200 new viruses were detected in January 2001 (according to one source I found) and the number of viruses detected each month is larger than the month before. According to Internet Security Systems (http://www.iss.net/) , there were 71,402 virus attacks reported in the fourth quarter of 2000 alone.

At any rate, a whole lot of new viruses are created every day/week/month. If you don't update your anti-virus definitions regularly - and by that, I mean at least weekly - then you are not protected against the newest ones.

As well, you can tweak the settings within your anti-virus program so that the software will detect virus-like programming. Consider that most anti-virus programs have new definitions once or twice a week, there are new viruses created within that time that you won't be protected from. Paranoid settings within the anti-virus software can help prevent infection from new virii.

poetinahat
03-30-2006, 09:43 AM
Amen. Firewall, anti-virus, and anti-spyware software really isn't optional. Not if you want your computer to live.

I just use the Windows firewall along with AVG and Spybot. I've heard ZoneAlarm has a reputation as a resource hog (same as Norton). My laptop does run a lot better without Norton, I find.

Anybody have other experiences on this?

Fahim
03-30-2006, 10:07 AM
I've had issues with ZoneAlarm - for instance, it wouldn't let me access cPanel on a couple of my websites, even after I opened the cPanel port on the firewall :p Never found out why but never had any luck with several ZoneAlarm versions either ...

Norton AV is pure and simply a pig :p It sucks up resources at a rate and slows down your machine. AVG (either the free version or the paid version) gets my vote for ease of use, regular updates, low resource usage and for low false-positives :) You can get the free version here (http://free.grisoft.com) - and no, I don't work for them or get a commission :p Their Anti-Virus + Firewall is pretty good too if all you want is a basic firewall without too many frills :)

poetinahat
03-30-2006, 10:17 AM
My father-in-law -- who's semi-retired and looks into these things for the fun of it -- mentioned to me that one of the Australian PC magazines did a head-to-head comparison of virus programs. They loaded several hundred viruses, Trojans, worms, etc. onto a box. Varying complexities, some more insidious and hidden than others.

Apparently, the big-money contenders -- Norton, Trend Micro, for two -- found, say, half or three-quarters.

AVG -- the FREE software -- got every single one.

Fahim
03-30-2006, 10:36 AM
I've had at least two instances where I had Norton AV installed with updated definitions and regular scans which claimed the computer was absolutely clean and then I'd install AVG and it finds a virus :p Of course, I have always treated this with a bit of scepticism since anti-virus companies have been known to put a few viruses into the wild to stir things up. Of course, I'm not accusing AVG of doing this but I'm paranoid enough to always wonder, "What if?" :)

Jamesaritchie
03-30-2006, 10:37 AM
My father-in-law -- who's semi-retired and looks into these things for the fun of it -- mentioned to me that one of the Australian PC magazines did a head-to-head comparison of virus programs. They loaded several hundred viruses, Trojans, worms, etc. onto a box. Varying complexities, some more insidious and hidden than others.

Apparently, the big-money contenders -- Norton, Trend Micro, for two -- found, say, half or three-quarters.

AVG -- the FREE software -- got every single one.

It works the other way, as well. We have a Windows machine here that is connected to the internet via DSL, and had updated AVG on it. I tried Norton recently, and it picked up seven viruses that AVG missed. McAfee picked up only two that AVG missed.

I've run Norton on other Windows machines that had AVG, and there, too, Norton picked up several things that AVG had missed.

From my experience, AVG, Norton, and McAfee all pick up the more serious threats, but each of them misses something. But after running Norton on several machines previously protected by AVG, I won't use AVG again on my main computer.

Fahim
03-30-2006, 10:44 AM
From my experience, AVG, Norton, and McAfee all pick up the more serious threats, but each of them misses something. But after running Norton on several machines previously protected by AVG, I won't use AVG again on my main computer.

I guess it's a case of each to their own James :) I will not use Norton AV on my computer at all because it actually slows things down - even on a fairly hefty machine.

alleycat
03-30-2006, 10:51 AM
I regularly run a variety of anti-virus/anti-spyware programs, including Spy-bot, ad-aware, Registry Mechanic, Norton, Spyware Doctor, and a couple of others. Plus I run Clean-up! every time I log off. I find that most people have a firewall and anti-virus protection, but don't use a registry check program. The worse of the viruses will affect your registry, which is why they're so hard to get rid of.

ac

poetinahat
03-30-2006, 10:53 AM
Unless, of course, you run an OS that doesn't use a registry.

alleycat
03-30-2006, 10:57 AM
Unless, of course, you run an OS that doesn't use a registry.
Oh, Mr. Smarty-Pants! I'm putting a virus hex on you.

Fahim
03-30-2006, 11:11 AM
I regularly run a variety of anti-virus/anti-spyware programs, including Spy-bot, ad-aware, Registry Mechanic, Norton, Spyware Doctor, and a couple of others. Plus I run Clean-up! every time I log off. I find that most people have a firewall and anti-virus protection, but don't use a registry check program. The worse of the viruses will affect your registry, which is why they're so hard to get rid of.


Not trying to gainsay the efficacy of a registry cleaner alleycat but all a registry cleaner usually does is to find registry entries which don't refer to an existing application/file or is not necessary any longer and to remove those entries so as to keep the Windows registry neat and trim. Of course, we might be talking about two different types of cleaners since some of the newer ones might target specific entries added by known viruses as well. Still, it probably is better to prevent the virus getting into your system at all in the first place :)

alleycat
03-30-2006, 11:18 AM
Not trying to gainsay the efficacy of a registry cleaner alleycat but all a registry cleaner usually does is to find registry entries which don't refer to an existing application/file or is not necessary any longer and to remove those entries so as to keep the Windows registry neat and trim. Of course, we might be talking about two different types of cleaners since some of the newer ones might target specific entries added by known viruses as well. Still, it probably is better to prevent the virus getting into your system at all in the first place :)
I got the Trojan.Vundo.B virus last year (which got through the Norton firewall). It affected the registry. I first tried one of the Vundo removal programs but that didn't do it. I then tried the manual approach to cleaning up the registry but without complete success. I then used a procedure of running several anti-virus programs in a row, including the registry program and that finally worked. Still, I'm not an expert on systems (I got tired of being one back when I was still using Unix).

By the way, I found the Atribune website to be a big help when you do get a virus you can't get rid of. They list step-by-step procedures on some of the nasty bugs.

ChunkyC
04-05-2006, 10:33 PM
Great thread with great advice.

I used to champion Norton Antivirus for years. It's still one of the top products at sniffing out viruses, but like others have noted, it has become a bloated resource pig that makes working on anything other than a screaming fast system a tedious experience.

AVG is a great product that makes hardly a dent in a system's performance even on an old win98se/Pentium 166/64MBram.

Bitdefender is another superb program. I have the corporate version I use on my email server at work set to check for updates hourly. It's just past noon here, and between last evening at about 7 p.m. and now, Bitdefender has downloaded and installed NINE updates. The antivirus software running on our workstations goes for months without detecting anything, which means nothing is getting past Bitdefender.

I haven't used the personal version, so I don't know how fast they push updates out to home users, but that is some serious protection they offer.

veinglory
04-05-2006, 10:40 PM
I am currently fighting what seems to be spyware that sends my browser or a pop up to adult friend finder or sysprotect. I am running spybot, adaware and MS windowx spyware detector and still not getting it. Any ideas? Is it not spyware after all but something else?

Fahim
04-06-2006, 05:56 AM
I am currently fighting what seems to be spyware that sends my browser or a pop up to adult friend finder or sysprotect. I am running spybot, adaware and MS windowx spyware detector and still not getting it. Any ideas? Is it not spyware after all but something else?

Could it be a specific site that you visit? For instance, I have a mail account at email.com and while I do have popups turned off on FireFox for email.com, it still somehow manages to launch a popup sometimes when I visit the site. I haven't bothered to figure out why though :p Could this be something similar? Or do the popups appear for all sites and at all sorts of odd times? Is there any discernible pattern?

veinglory
04-06-2006, 05:57 AM
No it seems to be everywhere. i see other people complaining about the specific sites...

Anya Smith
04-06-2006, 06:13 AM
I've had issues with ZoneAlarm - for instance, it wouldn't let me access cPanel on a couple of my websites, even after I opened the cPanel port on the firewall :p Never found out why but never had any luck with several ZoneAlarm versions either ...

Norton AV is pure and simply a pig :p It sucks up resources at a rate and slows down your machine. AVG (either the free version or the paid version) gets my vote for ease of use, regular updates, low resource usage and for low false-positives :) You can get the free version here (http://free.grisoft.com/) - and no, I don't work for them or get a commission :p Their Anti-Virus + Firewall is pretty good too if all you want is a basic firewall without too many frills :)


Is the AVG you refer to AntiVir? That's what I use.

Fahim
04-07-2006, 05:05 AM
Is the AVG you refer to AntiVir? That's what I use.

It's two different products Anya :) I've used AntiVir as well and if you want to give AVG a try (it's free), you can get it from here (http://free.grisosft.com) :)

Fahim
04-07-2006, 05:12 AM
No it seems to be everywhere. i see other people complaining about the specific sites...

The following thread (http://forums.techguy.org/security/453789-annoying-sysprotect-popup-problem.html) might (or might not) help. Give it a try :)

Anya Smith
04-09-2006, 06:47 AM
It's two different products Anya :) I've used AntiVir as well and if you want to give AVG a try (it's free), you can get it from here (http://free.grisosft.com/) :)

Fahim, can you use two or three antivirus programs? For more security? I heard you're not supposed to.

Fahim
04-09-2006, 06:59 AM
Fahim, can you use two or three antivirus programs? For more security? I heard you're not supposed to.

You shouldn't, Anya :) It just messes things up. For one thing, it slows down file access and stuff if you have on-access scanning because each file that is accessed has to be scanned by multiple virus scanners. Besides that, some virus scanners identify the virus databases of other scanners as viruses because they detect virus signatures in there and so they just tend to get in each others way :p I usually install one, try it out, uninstall it and then install another and try it out. When I find one that I like then I go back to that one after the round of testing :)

Humourwriter
04-09-2006, 07:12 AM
I used Norton's AntiVirus for a while, until it decided to delete an infected file that just happened to be my inbox. I used AVG for quite a while, but then switched to NOD32 (www.eset.com), and haven't looked back. Great program, and very unobtrusive.

One more thing you can do to stop the bad stuff is to stop using Internet Explorer. I only use it for one site: Windows Update. For everything else, I use Firefix (www.mozilla.com).

Bill.

NickDangr
04-10-2006, 09:03 PM
Hey folks,

Maybe there're enough answers but I figure I can add mine too just the same.

I do a few things to protect the LAN we have at home (network of 5 PCs). We have a Cable connection @ home, so we're online all the time - protection is important.

1) We run a router/firewall. It bounces pings etc... so that outside sources don't necessarily see our presence on the web.


2) Each PC has Symantec Antivirus, Enterprise Edition... expensive, but my company covered it. Just the same no matter what you do always have an antivirus package. NOD32 was mentioned earlier - I've used that in the past also with good relative success.

3) Each PC has a copy of Windows Defender / Microsoft Antispyware on it... except for the Linux machine. The kids chat (using Trillian) and surf web pages at MySpace etc... quite a lot, so their computer has several AntiSpyware packages on it. I've only left the Windows Defender enabled full time - the others exist just in case we want to scan and check. There are other decent packages available - I happened to use the free one this time.

4) E-mail... there are some decent programs available that screen your e-mail before it comes in for malformed HTML, worms, phishing, etc... I've had a lot of success with Firetrust's Mailwasher and B9 (Benign).

That's about it... really the only other thing you can do is be paranoid beyond reason.

Use common sense... and if you doubt an e-mail or a webpage someone wants to send you to, research it. I use Google a lot and search for specific groups of words within e-mails, for example, when I'm checking hoaxes... for example "common sense... and if you doubt an e-mail" searched within quotes exactly as shown will look for that phrase.

<shrug> Just my 2 pennies... won't even buy ya a gumball. Good luck!

In truth, I back everything up and assume I'm going to reload every computer at least once every year or two.

Incidentally - I don't believe any package that today picks up every worm and trojan will get tomorrow's worms and trojans. Its the nature of script kiddies and malicious software creators to find ways around security and protection. Make sure your software has options for automatic updates etc...

Anya Smith
04-11-2006, 06:57 AM
It's two different products Anya :) I've used AntiVir as well and if you want to give AVG a try (it's free), you can get it from here (http://free.grisosft.com/) :)

LOL, I don't know how to download anything. I'll stay with AntiVir, but thanks Fahim. You're so helpful.:)

Fahim
04-11-2006, 07:06 AM
LOL, I don't know how to download anything. I'll stay with AntiVir, but thanks Fahim. You're so helpful.:)

You're welcome :) And if you really want to give AVG a try, I can walk you through the steps since they're rather straightforward. But AntiVir will do the job too - I liked it and used it for some time. Can't remember why I switched to AVG ... but I tend to be picky and want a certain mix of features :p

BardSkye
07-13-2006, 05:48 PM
I worked from home yesterday and exchanged e-mails with a co-worker about it. Basically, I sent an attachment of some sketches, he replied saying, "We like number three." No attachments, nothing, just my original message included in the reply.

Since then that same message has arrived in my inbox 36 times and my Easy Photo Launch Pad that comes up on my screen when loading has changed in size and shape and doesn't show the buttons it normally does.

I've run a spyware scan and two virus scans without finding anything. My e-mail whitelist lets it through because it's coming from someone on my list. I know the computers at work all have AVG; I'm running AVG's SOHO edition but I'm running it on one with Windows 98 still installed. (The Easy Photo I use won't work on my other computer, which has XP.)

Has anyone come across something like this? Would it be a problem on my end or from the other end?

Thanks

BardSkye
07-13-2006, 08:50 PM
An amendment to my post up above: the problem is on the co-worker's end. Apparently his outbox sometimes gets a message stuck and unless he manually removes it, just keeps sending it out at half-hour intervals.

DamaNegra
09-07-2006, 02:11 AM
Y'all should check out this page (http://www.virus.gr/english/fullxml/default.asp?id=82) before deciding about what antivirus to use!!

Lance_in_Shanghai
10-03-2006, 10:08 AM
May I regress back to the original mention of the issue for James D. MacDonald above? I notice that victoriastrauss suggested he not give up and (I paraphrase) "run this, download that". Sometimes, as I suspect was the case for J.D.Mac, the malware damageded data even at the format level and the computer may not be able to run anything or even startup correctly. Often a technician will try to format but, no-go. Then he says "buy a new hard drive". But one may often debug a hard drive and the drive will be virtually like new again except for the one annoying trait that it is a blank slate. This is no fix for a BIOS level invasion but it will often get one past the suggestion of spending 200 bills for a hard drive instead of debugging, partitioning and formatting the existing drive. The process is seldom mentioned in any quickie course on computer maintenance but that doesn't mean it is without merit. I have used this process many times in the dark old days of Windows 95 and 98 and I even tried this on a recently built Windows XP box and it worked fine but that doesn't mean it will work on all hardware. It is worth a try before buying a new drive. LET ME MENTION AGAIN THAT THIS PROCESS WILL ERASE ALL DATA, EVEN TO THE LEVEL THAT THE CIA PROBABLY COULD NOT RECOVER IT. Therefore, it is only a solution that keeps you from throwing the drive out the third floor window. The debug command should be on the Windows XP CD but you will need to get your local geek to help you find it. Try looking in "Documents and Settings\Administrator\debug" or thereabouts. It runs in the geeky command prompt mode so don't expect anything with cozy pictures. If your computer has a floppy drive, go to this page to make a diagnostics disk and use the debug command:

http://english.ecv.vg/WinTech/Debug.html

NOTE: Use these instructions at your own risk. The provider of these instructions assumes no responsibility for your computer hardware or data.

Medievalist
10-03-2006, 10:27 AM
May I regress back to the original mention of the issue for James D. MacDonald above? I notice that victoriastrauss suggested he not give up and (I paraphrase) "run this, download that". Sometimes, as I suspect was the case for J.D.Mac, the malware damageded data even at the format level and the computer may not be able to run anything or even startup correctly.

Go back and reread the initial post.

It was posted by Victoria as a repost, as a stickie, because Macdonald initially posted the list of free software elesewhere.

It's a resource post; it's not an actual user with a problem.

Art
10-31-2006, 08:56 PM
Surprised McAfee antivirus software has not been mentioned here. I used it on my laptop last year at the University of Cape Town where it was a free download on the UCT intranet.

Now this year on my desktop computer I am using McAfee VirusScan Plus 2007 without any problems. It is the 'three in one protection' package which is easy to load and use even for the novice. Just remeber to delete any previous antivirus software before you load it onto your machine. It is not a memory hog either, my same laptop is using it as well. Everyday it updates itself once in the background whilst I am working.

Art

Lycius
03-28-2007, 06:00 PM
Undisputed Fact: The only computer that is completely safe from remote attack is one that is NOT on the internet.

The best defense against worms/malware/spyware is free.

Common Sense


If you don't know who it's from. Delete it!

If you get an email from someone you do know and it's got a subject that is complete gibberish or horribly mangled spelling. Delete it!

Absolutely do NOT open attachments unless you trust the sender completely. Just because it's your friend doesn't mean they didn't open an email called "Foto!" and infect themselves.

When you surf the net do not install ActiveX controls unless you know what they are and trust the site. If that means you can't see that awesome flash hentai then so be it.

Don't blanket allow cookies. Customize your cookie settings to prompt before writing them to your system.

Have an Anti-virus program installed but you do not have to have it running 24/7. Update it weekly but leave it off unless you have common sense issues. Anti-virus programs on the whole are incredible resource hogs and will greatly impact the performance of your system.

The ONLY "Spyware removal" tools I personally use or would suggest installing on a computer are Ad-Aware SE and SpybotSD 1.4. In my experience, 10 years or so of supporting end users, these are the only trustworthy applications for removing spyware.

Treat anyone other than you who touches your computer as a hostile user. You can not be sure that anyone else didn't go to suspect websites and install activeX controls etc. If it's your work computer then I personally would not allow anyone other than myself to touch it. Buy a "Family" computer for the kids and or spouse to use. Your work system is just that.

As far as firewalls go. Get a router and contact the manufacturer's support and have them walk you through securing your home network. Software firewalls are great and all but in my experience they are far more annoying than is required. Anyone that can get through your NAT will not be slowed by ZoneAlarm.

Take a computer course and learn to use your computer. It's NOT a Playstation and you actually need to expend some brainpower to learn the ins and outs of computer use. You don't just go buy a car and jump in when you're 16. You learn to drive first. A computer is the same thing, it just doesn't weigh 2500 pounds.

Lycius
03-28-2007, 06:23 PM
I am currently fighting what seems to be spyware that sends my browser or a pop up to adult friend finder or sysprotect. I am running spybot, adaware and MS windowx spyware detector and still not getting it. Any ideas? Is it not spyware after all but something else?

This still giving you fits?

RichHelms
03-29-2007, 03:48 AM
If you are running Windows XP, it nicely backs up the installation information on applications so that after you delete your problem program with Spybot or such, it will nicely reinstall it for you on reboot.

The only way to defeat this is to get spybot to current version, turn off the restore system and boot in safe mode. Then run Spybot (or Ad-aware) and let it delete the application.

To turn off system restore, goto Start/Control Panel/System
System Restore tab and remove check box to turn off system restore.

See how Windows helps us?

Lycius
03-29-2007, 04:41 PM
That's not how System restore works.

It will not restore anything unless you actively restore your computer to a state it was in previously.

Unless you know what you are doing, absolutely DO NOT disable system restore. That could very well be the difference between you being able to fix a major issue in 5 minutes and having to pay someone to recover your work that you probably haven't backed up recently.

ChunkyC
04-02-2007, 09:02 PM
Actually, Rich is right. Under certain circumstances, XP's system restore will 'silently' replace system files that it thinks have been altered. Virus writers have been known to take advantage of this. The trick they use is to convince XP that the malware version of a file is the right one, so if your AV program subsequently finds it and quarantines it, XP then puts the 'dirty' file right back upon reboot -- unless you disable system restore, then run your AV program and eliminate the malware completely. Once your system is clean, then you can re-enable system restore.

See this article (http://www.trendmicro.com/en/security/advisories/win_me_clean.htm) from TrendMicro.

And this from Symantec:

Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.
Quoted page is here (http://www.symantec.com/security_response/writeup.jsp?docid=2006-102116-2602-99&tabid=3).

Lycius
04-02-2007, 09:33 PM
True but we're talking to people who don't have much knowledge on how this stuff works. Rich made it seem like Windows will just automatically fix installation files on reboot and in most circumstances that is not the case.

"Start in last known configuration that worked" has saved my ass a few times though ;)

RichHelms
04-03-2007, 12:43 AM
True. I should rephrase my reply. If you delete a virus/worm with an anti-virus or spyware removal program and as soon as you reboot it is back, the system restore can be the problem. I found this especially true in spyware and malware.

Lycius
04-03-2007, 04:19 PM
That, I agree with, but it's normally for the really nasty crap that you really need to format for anyway. There are some virii out there that can survive a format from what I've heard.

stormie
04-03-2007, 07:13 PM
Just at thought:
I haven't seen this mentioned, but here's something to try if there seems to be a virus imbedded in the computer and anti-virus software isn't taking care of it.

Go to "Start," then "Run." Type in "msconfig" (w/out the quotes). Click on the "Start Up" tab. At the same time, on another computer nearby, or if possible, the same computer, go here (http://www.sysinfo.org/startuplist.php). In the search box at that site, type in the command or data you see in the (infected computer's) Start Up list that looks suspicious. There's a key that tells you if it's a virus or not. After you uncheck any boxes that show a virus, click "apply," and leave it in "Selective Start-up." I did this with my ancient Windows ME and it's still (fingers crossed ) running. I've also done this on two other computers, too, and it's fine.

I did this with my son's computer when nothing--not up-to-date anti-virus software, Spybot, Ad-aware, etc,--worked. What I did above, finally did the trick.

vanessabrooks
04-19-2007, 07:24 PM
Coming in a bit late, but adding my $.02:

One thing that wasn't mentioned was Hijack This (http://www.spywareinfo.com/~merijn/programs.php). It's a great program that lists everything running at startup, in the background and the registry keys, etc. It's not a tool for stopping and preventing infection, but it's a great resource if you get to the point where you are infected. (Or just want to get rid of some annoying little buggers that run at startup and hog resources.)

A Word of Caution: You do not want to delete and fix things with HijackThis if you do not know what you are doing. Some programs are required and can damage your PC if removed. Startup List (http://www.sysinfo.org/startuplist.php)(pointed to above) is a good place that will give you a general idea of what can be deleted.

There are several good, reputable tech support sites that have volunteers who can assist you with HijackThis: Tech Support Forum (http://www.techsupportforum.com/) and Tech Support Guy (http://www.techguy.org/) are two that immediately come to mind. (No, I'm not a volunteer over there, but they've both been extremely helpful in cleaning up an end-user's PC after it's been infected; it's a big time saver as opposed to reimaging the PC and reinstalling and configuring department specific application software.)

NickDangr
04-20-2007, 07:52 PM
Just a note - there's actually a handy, free tool, available from Microsoft called Process Explorer, where you can pretty easily right-click questionable programs and google them to find out what they're about.

If you do a google search for "microsoft process explorer" you'll find it.

Anyway - I've found it helpful for finding items that are running, where I question what they are.

If you're not techy savvy - its a run once, look at it and say neat, and delete it. If you are, it can be a really handy tool.

Regards

Ben

Stijn Hommes
07-30-2007, 02:34 AM
I use AVG Anti-Virus (the free edition) and I update it whenever I switch on my computer automatically. There's always a way to fix an infection, so I usually recommend people not to trash or reformat their harddrive unless it's a last resort. Always try the easy stuff first. Of course, most people who say trashing is the solution don't have backups...

goldhawk
11-14-2007, 04:28 AM
Absolutely do NOT open attachments unless you trust the sender completely. Just because it's your friend doesn't mean they didn't open an email called "Foto!" and infect themselves.

Do not open any attachments unless you asked for it; that is, you sent an email specifically for it. If in doubt, sent an email asking if the sender truly sent it.


When you surf the net do not install ActiveX controls unless you know what they are and trust the site. If that means you can't see that awesome flash hentai then so be it.

Disable ActiveX and Java. Better yet, use Firefox or Opera as your browser; they don't understand ActiveX. But do disable Java in them. And they're free.


Take a computer course and learn to use your computer. It's NOT a Playstation and you actually need to expend some brainpower to learn the ins and outs of computer use. You don't just go buy a car and jump in when you're 16. You learn to drive first. A computer is the same thing, it just doesn't weigh 2500 pounds.

A computer is a tool; and like all tools, it needs its care and maintenance. If you're using a computer to write, then give it the care it needs to perform as you expect it to do.

Also, make nice to your geeky friends. A lot of your computers problems can be solved with a few beer and an afternoon of putting up with their ramblings :)

eodmatt
12-01-2007, 03:06 AM
I use AVG Anti-Virus (the free edition) and I update it whenever I switch on my computer automatically. There's always a way to fix an infection, so I usually recommend people not to trash or reformat their harddrive unless it's a last resort. Always try the easy stuff first. Of course, most people who say trashing is the solution don't have backups...

I concur with your advice about not formatting drives. And there a number of free recovery programs around that will help you recover lost data post - attack.

http://free-backup.info/data-recovery-software.htm
http://www.thefreecountry.com/utilities/datarecovery.shtml

Of course the best defence against lost data is to back your files up regularly - although no one ever mentions that it is possible to back up viruses etc with data!

And so for the latest virus / malware weapon, try this free program, It's from Comodo: http://www.comodo.com/boclean/boclean.html

Puma
10-14-2009, 05:58 PM
Hi - I'm going to need to update my AV protection soon and I want to make sure I get what is best for me and my computer. I've had problems in the past and some major virus issues (took over a month to get things cleaned up last winter) so I'm particular. I've been through Norton, McAffee, Trend Micro and had issues with all of them. So, my question, for a regular PC (not Mac), Windows XP, Windows Firewall, firewall on our router - is the original list that was posted in this thread still considered what's best? Thank you very much for any input. I certainly don't want to go through the problems I had last year again. Puma

Turn off System Restore.

Then:

Run TrendMicro Housecall http://housecall.trendmicro.com/ (http://housecall.trendmicro.com/)

Download and install:

ZoneAlarm Firewall http://www.download.com/3000-2092-10039884.html (http://www.download.com/3000-2092-10039884.html)

Download and run:

AVG AntiVirus http://free.grisoft.com/freeweb.php/doc/2/ (http://free.grisoft.com/freeweb.php/doc/2/)

Download and run:

AdAware SE: http://www.lavasoftusa.com/software/adaware/ (http://www.lavasoftusa.com/software/adaware/)

Download and run:

Spybot S&D: http://www.safer-networking.org/ (http://www.safer-networking.org/)

Download and run:

Spyware Blaster: http://www.javacoolsoftware.com/spywareblaster.html (http://www.javacoolsoftware.com/spywareblaster.html)

Download and run:

Windows Defender Beta 2: http://www.microsoft.com/athome/sec...re/default.mspx (http://www.microsoft.com/athome/security/spyware/software/default.mspx)

Download and install:

All Windows Updates.

All of the above programs are FREE. Yes, this can be time-consuming. Cheaper and faster than trashing your computer and everything on your hard drive, though.

Add to this:

Tuneup Utilities 2006: http://www.tune-up.com/ (http://www.tune-up.com/)

This is 30-day trialware. Use it to clean up your disk and your registry after you've cleaned out the viruses/trojans/spyware.

Matera the Mad
10-15-2009, 07:29 AM
Avast is good. I put it on one computer at work. Use its screensaver to scan whenever you take a break. The other work computer has Avira, slightly naggy but easy to get along with and quite on the ball. As for firewalls, I've had some issues with Zone Alarm from time to time. Recently had to clean it out of a computer in which it had gotten futzed up and left a complaining mess that could be neither uninstalled nor re-installed. Ugh. No recommendation from me on that one. I install the old free Kerio Perfect Firewall a lot. At home I am stuck with Comodo because my new system is 64-bit. I don't use any of the MS stuff, just personal taste I s'pose. It would probably nuke some of my other good freeware anyway lol

I used to recommend AVG, but it has gotten so almighty bloated *rolls eyes*.

stormie
10-15-2009, 04:54 PM
I still like AVAST (avast.com) free home version. Have it running on several computers for two+ years now.

And I like Spybot Search and Destroy the best for seeking out spyware. And it too is free.

I found Norton to be horrible in leaving stuff all over the place. In fact, once you give Symantec (Norton) your charge card, then try to stop the renewals, they say they can't. I've had to dispute it and I've had to cancel a charge card over it.

redcedar
10-22-2009, 05:50 AM
I found Norton to be horrible in leaving stuff all over the place. In fact, once you give Symantec (Norton) your charge card, then try to stop the renewals, they say they can't. I've had to dispute it and I've had to cancel a charge card over it.

Caveat Emptor: I had a similar problem with TrendMicro, though in my case, they said they'd canceled the renewal, and then charged me anyway. I disputed the charges, got them reversed, and then they billed me *again*. Eventually, I had to fax a copy of the email confirmation they'd sent me when I originally cancelled to my credit card company, which wasted a number of hours of my time.

(The fact that they were charging me for renewal on a computer with a dead hard drive - nothing more secure against new viruses than that! - was particularly irritating.)

Medievalist
10-22-2009, 05:54 AM
Although it's not crucial right now, I gotta say the Mac OS X anti-virus products are still just bloody awful.

They're not Mac like in terms of UI. And I really can't see the average user having a clue about installing them, never mind using them.

Matera the Mad
11-08-2009, 09:46 AM
LOL It's a good thing that Macs don't have much virus trouble...so far.

I just ran into something mean. I was Googling for something and one eh-so-so-maybe link rediredted me to guidetosecurity3(dot)com. Warnings that my poor lil computer was not protected began to pop up. Very insistent. The webpage shows a fake scan in progress. After I killed off half a dozen pops, a Save dialog opened for an exe (executable, program) file. None of my scans on the downloaded Inst_283s1.ex_ (name changed to protect silly experimenter from accidental clicks lol) showed anything bad, but I expect it is a downloader for the main malware. There isn't much on the Web about this one, it is a new same-old.

Just a reminder, then -- if something says you need it, you don't. If it says it more than once, run away screaming.

Corollary: Anything that has to advertise is not as good as it should be.

Anecdote: I cured a McAfee infection today ;)

Seams
11-17-2009, 09:42 PM
that 3dot.com problem is a bad one. you think you get rid of it and up it comes again. I had to clean someone's with a 'reset to factory settings' once as it was so well buried and just easier to clean.

when you come across one of those redirections' take your fingers off the mouse first and read which thing to click, if you are in doubt, use the 'ctrl alt del' function or Mac equivalent and just kill that window, sometimes its the safest way.

good luck Matera. hope it is clean

Seams

stormie
11-18-2009, 01:26 AM
when you come across one of those redirections' take your fingers off the mouse first and read which thing to click, if you are in doubt, use the 'ctrl alt del' function or Mac equivalent and just kill that window, sometimes its the safest way.
Exactly. Don't even try to click on the little "x" button. Just either use "ctrl alt del" or shut down immediately then restart in safe mode, then do a virus scan. (I get just a little scared by those things. I've seen what damage they can do.)

Seams
11-18-2009, 01:38 AM
lol yes, I have that 'Ctrl/alt/del' on speed dial :)

Matera the Mad
11-23-2009, 04:06 AM
I have a virtual sawedoff shotgun. But I don't recommend that anyone play with either firearms or evil redirections unless they know what they are doing. Heh, I've been playing with fire and not getting burned for years. I just like to warn the chilluns. ;)

BradCarsten
10-18-2010, 12:23 PM
simplest solution for viruses- switch to ubuntu (http://www.ubuntu.com)....
with roughly 1% of the desktop market people dont bother to create viruses for it, plus its built with security in mind, so even if someone does create a virus, its extremely difficult to do any real damage unless you physically install it and give it permission to access your system files. In all the time iv been using linux, iv only heard of 1 virus that was embedded in a screensaver, and that was found and blasted in no time.

Matera the Mad
10-23-2010, 09:41 PM
Yes, Linux is relatively much safer, but then we get all the help-help-help Open Office questions :ROFL:

BTW, my personal reccommendation would be Kubuntu (http://www.kubuntu.org/), which is Ubuntu with the KDE desktop environment instead of Gnome. And KOffice is another great alternative to M$.

There would still be all the n00b formatting / format questions, of course, but most MSWord users have a lot to learn anyway.

BradCarsten
10-25-2010, 11:43 AM
Yes, Linux is relatively much safer, but then we get all the help-help-help Open Office questions :ROFL:

I second your.... :ROFL:


BTW, my personal reccommendation would be Kubuntu (http://www.kubuntu.org/), which is Ubuntu with the KDE desktop environment instead of Gnome. And KOffice is another great alternative to M$.

There would still be all the n00b formatting / format questions, of course, but most MSWord users have a lot to learn anyway.

so true, it all depends on what you started out with, iv always used open office, so for me, M$ words seems a little strange.

I used kubuntu 10.04- imho it didn't feel quite as polished as ubuntu, (software center, file browser) but once again, that may just be because I am used to Ubuntu. But yes, Kubuntu looks a little more familiar for those coming out of a windows environment.
another good one is mint, which is ubuntu with all the restricted extras such as mp3 support already installed.

Iv never tried Koffice, I will check it out

just for anyone who would like to try linux, it is possible to download the software, and then run it straight off the CD without having to install it first. This is a great way to gauge the software before committing to it.

Synovia
10-25-2010, 08:16 PM
Yes, Linux is relatively much safer, but then we get all the help-help-help Open Office questions :ROFL:
.
Linux is MUCH safer if its configured properly.


The problem is, the vast majority of people can't configure and update a linux box properly.

5 year old versions of Apache aren't pretty.

RandomJerk
10-25-2010, 10:29 PM
For my two cents, KDE is far, far, far too buggy and unstable. It's also too bloated. And they like the bloat.

I tried Koffice, and I found it to be a horrible mess. Their Kwrite or whatever it's called even failed to accurately open an extremely basic text file. One that I had just written - IN KWRITE!

Also, I've never had an issue with Openoffice.org, and I'm heartily looking forward to the developments with LibreOffice.

RandomJerk
10-25-2010, 10:33 PM
Linux is MUCH safer if its configured properly.


The problem is, the vast majority of people can't configure and update a linux box properly.

5 year old versions of Apache aren't pretty.

I respectfully disagree. Perhaps this was true a few years ago, but the current releases of *buntu or Mint are as simple as can be (and the other distros are not far behind). The only issue would come if there's some issue with a wireless driver, and online help for that issue is very easy to use.

BradCarsten
10-26-2010, 03:49 PM
I respectfully disagree. Perhaps this was true a few years ago, but the current releases of *buntu or Mint are as simple as can be (and the other distros are not far behind). The only issue would come if there's some issue with a wireless driver, and online help for that issue is very easy to use.

I agree, from ubuntu 9.10 I was happy to recommend it to the most casual of users.

Out the box it is secure, but then with a few tricks you can push that to ridiculous levels- like installing your system files on its own partition and doing most of your daily work logged in as a user rather than an administrator.

Anaximander
12-09-2011, 05:57 PM
For free stuff, I'm moving off Avast these days onto Comodo - the antivirus is about the same quality (ie pretty damn good) but there's a firewall too, which Avast lacks.

Charles Farley
12-31-2011, 03:39 PM
The free version does not include the firewall . .

Medievalist
12-31-2011, 10:28 PM
Remember not to run multiple anti-virus / anti-malware apps at once, especially the ones that run as background processes. They can step on each other's toes, and actually cause problems.

Remember not to us an Admin account as your everyday account.

And do check out Microsoft's free Security Essentials:

http://windows.microsoft.com/en-US/windows/products/security-essentials

Charles Farley
12-31-2011, 10:39 PM
And do check out Microsoft's free Security Essentials:

http://windows.microsoft.com/en-US/windows/products/security-essentials


I have heard that this offer from Microsoft is well worth it. The only bad press I have come across is in the scanning time . but this is true for a lot of AV products

I use http://majorgeeks.com/Panda_Cloud_Antivirus_d6144.html

You basically install it and forget it is even running. No heavy load on the CPU, updates are done on the Panda server so it doesn't become bloated, the quick scan option does everything you need. The deep scan does take awhile but meh . its worth it.

.

Medievalist
12-31-2011, 11:01 PM
I have heard that this offer from Microsoft is well worth it. The only bad press I have come across is in the scanning time . but this is true for a lot of AV products

My former colleagues at Symantec recommend it ;)

Maryn
12-31-2011, 11:28 PM
This is probably the thread to ask my question. I run Windows XP Pro on my desktop, and my antivirus, Trend PC-cillin InternetSecurity 14, is going to expire in January. I intend to let it, since it's allowed trojans to install, then could not quarantine or remove them, resulting in my need to reformat the hard drive, which was a PIA.

I am willing to pay for a good antivirus package, but I don't have a feel for what's good these days. I'd like to be able to install it on my laptop, which runs Windows 7, as well. (I have the free version of AVG on it now.) I do visit high-risk sites occasionally. (What a revelation: the erotica writer is interested in sex. Go figure.)

Just to complicate matters, I am okay but far from adept when it comes to technology, so it's got to be pretty user-friendly.

People recommend so many products I'm at a loss. What's better or worse about Kapersky McAfee Norton Symantic othersand why? Does it really make that much difference which I use?

Maryn, already wringing her hands

Medievalist
12-31-2011, 11:32 PM
Maryn if I had to use Windows, I'd remove my current malware protection 'ware. I'd install and religiously check and keep updated Microsoft Security Essentials, and I'd keep a usb thumb drive pre-loaded with current versions of Malware Bytes etc. And I'd routinely scan using them.

And I would NOT RUN AS ADMIN.

Charles Farley
01-01-2012, 12:03 AM
Maryn . . if you are willing to pay for it

http://www.google.com/url?q=http://www.eset.com/&sa=U&ei=VGr_TqvVL8ONgweGxPCQAg&ved=0CAgQFjAC&client=internal-uds-cse&usg=AFQjCNF_0cNmNJatMugHg2aaGaA-j1SZ2Q

we use this on our network

lwallace
01-24-2012, 05:44 AM
I've had issues with ZoneAlarm - for instance, it wouldn't let me access cPanel on a couple of my websites, even after I opened the cPanel port on the firewall :p Never found out why but never had any luck with several ZoneAlarm versions either ...

Norton AV is pure and simply a pig :p It sucks up resources at a rate and slows down your machine. AVG (either the free version or the paid version) gets my vote for ease of use, regular updates, low resource usage and for low false-positives :) You can get the free version here (http://free.grisoft.com) - and no, I don't work for them or get a commission :p Their Anti-Virus + Firewall is pretty good too if all you want is a basic firewall without too many frills :)

I agree with you about NortonAV. Thanks for your quick eval of these programs. I'll take your advice on the AVG. Was wondering, though, what you thought of Malwarebytes.

Kateness
01-24-2012, 06:04 AM
I've used Eset for the past few years and it's done me pretty good.

http://www.eset.com/us/

robjvargas
01-24-2012, 07:12 AM
I agree with you about NortonAV. Thanks for your quick eval of these programs. I'll take your advice on the AVG. Was wondering, though, what you thought of Malwarebytes.

Norton's AV is not the hog it used to be. in 2009, they re-did,and it's quite the little program now.

But there's this little bit about wanting to hide it inside Norton 360 and all that "comprehensive" security crap that they moved all the bloat to.

I use it because it comes free with my ISP (Comcast). And it's not bad, as long as I keep telling it I only want the AV.

Anaximander
01-24-2012, 08:05 PM
The free version does not include the firewall . .

Comodo Internet Security (http://www.comodo.com/home/internet-security/free-internet-security.php) is free and includes a firewall. I've been using it for years.

Dannica
01-30-2012, 08:42 AM
Beyond trying to protect your computer from worms, viruses, etc -- BACK UP what you write on an EXTERNAL hard-drive. Consider emailing a copy to yourself, assuming you use an email program that allows you to retrieve old emails from any computer. Or you may want to put your most important files on a CD or DVD and place them in a safe-deposit box.

Aside from bad computer programs, which frankly I don't know what joy the person who writes those evil things takes -- there are so many other ways you can lose data on a laptop, that you should never have something you've spent days and days writing, just in one location. You could have a fire, a hard-drive failure, a flood, a spouse who steals your laptop..... the list is long. Make extra copies that aren't all in one place!

Okay, I'm getting back off my soap box now.

Silver-Midnight
03-12-2012, 10:34 AM
Does anyone have any suggestions for any free programs that prevent malware? I've been avast! as a suggestion, but I haven't tried it yet.

Medievalist
03-12-2012, 11:08 AM
Does anyone have any suggestions for any free programs that prevent malware? I've been avast! as a suggestion, but I haven't tried it yet.

Read the thread. There's an excellent list in the OP.

mugwort
08-14-2012, 07:15 AM
I use Avast free antiviral. As far as I know its effective in blocking viruses, worms and other puter threats.

kuwisdelu
08-14-2012, 12:55 PM
I use a sword.