Jump to content


Photo

helpful information and links


  • Please log in to reply
No replies to this topic

#1 internetXman

internetXman

    InternetXman

  • Full Member
  • Pip
  • 27 posts

Posted 18 May 2004 - 04:39 AM

This topic is extremely old and a lot of it is probably obsolete by now. cnm

***Top 10 security measures***

1.) Password your Computer !
Complex passwords make it difficult to crack password files on
compromised computers.

2.) Install a Firewall (Passworded also).
So no one can disable it but you.
Here are a few examples . ZoneAlarm ,
Sygate Personal Firewall Kerio firewall

3.) Antivirus Software Protection (Passworded also).
So no one can disable it or change settings on you.
:rolleyes:
AntiVir Personal Edition, AVG FREE Edition

4.) A trojan scanner. For detecting & removing Hack tools.
aČ Trojan Scanner

aČ Support View Forum - aČ Free and aČ Personal

5.) You must have a Spyware scanner/remover on todays internet.
Spybot S&D or Ad-Aware
are the best & free for use.
And I also recommend useing - Spyware Blaster

Tutorial - The home of Spybot-S&D!
Using Ad-Aware SE to remove Spyware & Hijackers from Your Computer
Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware

6.) Get and use Hta stop. Hta Info , Download Hta STOP

7.) Disable unplugnplay (Port 5000)
You have a few choices here. You could manually shut down the service, or service's you want stopped, or download 1 of the two Items below.
WWDC.exe
This shuts down 4 to 5 worm holes for you, in 1 .exe file.
Note:
If you use XP home, and you disable net bios service,
you will most likley lose internet connectivity I have found.
But on XP Pro you can disable them all without connection loss.
(Reboot Required)

UnPnP utility
Only closes Port 5000 only.


8.) Disable Fileshareing!
Removing Local Disk file sharing on Windows 2000/XP
Click on the Start button>>> control panel>>>Internet connections>>> network connections,
& Right click on that and choose Properties.
Then on the general tab you'll see file and printer sharing .
Then uncheck the check'd box for that, and thats it.
you've done it.


9.) Get Javacools wmp scriptfix to block scripting in windows media player.
It Prevents windows media player from running dangerous scripts !

10.) Everything configured right for security
(Ie, Fw, Av, etc..)

All up to date !

(Mainly Windows Critical Updates)
Anything else is personal choice and secondary.

DSOstop 2 Documentation

If you need to extract the contents of a zipped compressed folder
Download Winzip


Trojan Horse Attacks

Bleeping Computer - Tutorial Home

****Great Hijackthis tutorials.****

HijackThis Tutorial - How to Analyse a HijackThis log

What is a HijackThis log and how to research it

How to Download, Extract ,and Run Hijackthis.step by step ,easy to understand instructions <--- For Noobs

How to Show System Files Xtra Help

Or Heres a free script which allows you to toggle back and forth XP's ability to hide/show hidden files and folders.Toggle EplorerStuff.zip

Enhanced Security Configuration for Internet Explorer
Internet Explorer How and Why to Clear Your Cache
Security Zones

Scrap Files Can Tear You Up

You need this when Spybot or any anti spyware applications will not open or work correctly.
CoolWebSearch.Smartkiller (v1/v2) Miniremoval Tool


*~ Warning ~* HijackThis should only be used if your browser or computer is still having problems after running Spybot or another Spyware/Hijacker remover. HijackThis is an advanced tool, and therefore requires advanced knowledge about Windows and operating systems in general. If you delete items that it shows, without knowing what they are, it can lead to other problems such as your Internet no longer working or problems with running Windows itself. You should also attempt to clean the Spyware/Hijacker/Trojan with all other methods before using HijackThis. If you allow HijackThis to remove entries before another removal tool scans your computer, the files from the Hijacker/Spyware will still be left on your computer and future removal tools will not be able to find them. If you do not have advanced knowledge about computers, you should NOT fix entries using HijackThis without consulting an expert on using this program. If you have already run Spybot - S&D and Ad-Aware and are still having problems, then please continue and post a HijackThis log in our forums including details about your problem and we will advise you on what to fix.

HijackThis is a very powerful tool for finding out the specifics of your browser. Unfortunately, diagnosing the scan results of HijackThis can be complicated. Hopefully my recommendations and explanations will ease the way somewhat. This program , though, is to be used with caution, as incorrectly removing some objects can cause problems with legitimate programs. If you have any questions please feel free to post them in the spyware forums.

Names similar to but not exactly the same as the names of legitimate files,particularly Windows files. For instance, svchost is legit but scvhost is bad.Always think of "SerViCe host", since scv doesn't spell service. And it is never a plural (svcshost or svchosts, eg)

Something odd about a familiar file name. Explorer.exe is fine ,but explorer .exe with a space before the dot is bad.

Something odd about a pathname. Windows\System32\whatever is normal
but Windows\System32: <--dbl dot whatever is not.

Iexplore.exe should always be running from the Internet Explorer folder. Any other location is suspect.

Same goes for Explorer.exe; if it's seen running somewhere else than in the Windows or Winnt folder, like in Windows\System32, it's always a baddie.

Same again for Svchost.exe: Default path is Windows\System32 (or Winnt\System32,
depending on the Operating System). Svchost.exe in the Windows folder is ALWAYS bad news.

On a Win 95/98/ME machine Svchost.exe is ALWAYS a baddie,
whatever the location: it only lives in NT based systems.

No O18s should _ever_ show up in HJT. or It's a baddie.
Kill the number-file. boot to Safe Mode to run CWShredder.

A slippery one to the untrained eye could be Rundll.exe as opposed to Rundll32.exe
There are many others that add/remove 32 to/from a legitimate filename.

Another one is an executable running from the \application data folder ,

Or even the temp or temporary internet files folder. May be lgit, but less likely.

***And WHEN DOWNLOADING FILES***
And a download dialogue appears
***(choose save)*******(Dont open it!)****


You can't keep a VIRUS or MALWARE containd!
By opening a file that may contain a virus or trojan!
Always scan downloads with an AntiVirus software ,and a trojan scanner.


VIRUS WARNING:
Do not open e-mail file attachments ending in .exe or .pif
unless you are absolutely sure you know what the file contains. Extensions
.bat, .scr, .pif, .shs, .vbs, .hta, .exe, .com, .js, .reg, .vbe, .cmd. Enforce a password policy.


Complex passwords make it difficult to crack password files on
compromised computers.
This helps to prevent or limit damage when a computer is compromised.
Configure your email server to block or remove email that contains
file attachments that are commonly used to spread viruses, such as
.vbs, .bat, .exe, .pif and .scr files.
The first line of defense against viruses and Trojans is
Do Not Open Any Attachments to Your Emails!
Of course this doesn't always work,
because friends send attachments too.
The problem is that many of these viruses are self replicating.
That is, once someone is infected, the virus will not only run it's
exploit on the infected machine, it will also
email itself to everyone in the machines address book.
So what you get from a friend's
computer might not be from them, but from the virus itself.
There are also newer exploits that can auto open
taking advantage of certain vulnerabilities in your email client.
For example, if you are using MS Outlook, or Outlook Express, there are a
couple of things you should do (besides keeping them updated).[/b][/color]
1..Disable the download to the preview pane option.
2..Set your mail to open in your Restricted Zone instead of your Internet Zone.

Adware, Spyware and other unwanted "malware" -

http://www.doxdesk.c...k.com/parasite/


Startup Programs list of .exes and Process information Pages.

http://www.popupsent...plications.html

http://castlecops.com/LSPs.html

http://www.malwhere....sses/index.html

http://www.processlibrary.com/

http://www.colba.net...o49/runproc.php

http://www.colba.net...49/swiprojt.htm

http://www.lafn.org/...up/PENINDEX.HTM

http://guidaworld.co...tartups_all.htm

http://www.sysinfo.org/startuplist.php

http://www.answersth...es/tasklist.htm

http://www.liutiliti...processlibrary/

Startups list (most here are viral or malware) http://www.lafn.org/...up/PENINDEX.HTM

(Find out what connections your computer makes to the internet !)
Download TCPView

A very basic and easy to use Port monitor for download.

Other misc.....info

Help! Can't download or run any anti-virus software.
goto C:\WINDOWS\system32\drivers\etc
then open the file named"hosts" with notepad.
delete all lines except a line like: 127.0.0.0 localhost
Then close and save changes.
THE DELETED ENTRIES WERE NOT ALLOWING YOU TO
ACCESSS ANTIVIRUS WEBSITES.


How to find the WIN.INI and SYSTEM.INI files
Step 1.Click START | RUN ,Type SYSEDIT and press ENTER

(Help AIM starts with Outlook Express) and how to fix.
Go into aim options/settings and uncheck the box that says
make aim my default instant message program..in
prefrences and settings,and it will stop popping
up every time u open your E-mail programs
like outlook express to name one.


Wednesday, October 15th, Microsoft releases Critical Security Bulletin
MS03-043 warning users that the
Windows Messenger Service running and exposed by default
in all versions of Windows NT, 2000 and XP,
contains a "Remote Code Execution" vulnerability
that allows any not otherwise secured and protected
Windows machine to be taken over
and remotely compromised over the Internet.

How do I disable Windows Messenger in Windows XP?
(Below you can download MessengerDisable)..
you can even uninstall it if you never use it.
Disable Windows Messenger

((dssagent.exe)) Brodcast by Broderbund
(tags along with some Mattel/Broderbund software) (is spyware)
To download and Removal tool for broderbund background agent,
download and save this to your computer first.

Broderbund Background Agent Remover

Panda Active Scan
Free virus repair Tools from Panda

Virus Removal Tools from symantec

Bitdefender Scan

TrojanScan

Trend micro Housecall

Common Threats to your Security !

How to get rid of sub7 trojans

http://www.sophos.com/support/disinfection/trojan.html

Great Trojans Ports List! ...
All Known port numbers used by trojans.


How to find listening ports

WinMX respects your privacy and doesn't contain spyware
If your going to fileshare. Try, Spyware free ,file sharing.


[b]Welcome all to The SWI Forums

Edited by cnm, 10 June 2009 - 03:37 PM.
Note topic is from 2004

InternetXman




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button