• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      UPDATE on Upgrade   02/07/2017

      We were somewhat delayed on getting the upgrade done, but it looks like it will now be done in the next few days or possibly even later today.   There is one change coming with the new upgrade that may affect people when they log in. There will no longer be separate Usernames and Display Names. Your Display Name will now be the only name you have for the forum and, if you used your Username to log in, you will now need to use your Display Name. It is likely that everyone who visits after the upgrade will need to log in again, so please keep this in mind.   Update again - Feb 7 - We have completed the main part of the upgrade and we are working to tweak settings for the site.  It will probably take us a while, but we will eventually settle down to the way we want it.  In the meanwhile, your posts should be secure, but the look of the forum and some functions may change over time.
    • cnm

      We backup daily at 9:00 PM Pacific Time   02/13/2017

      You may notice the forum being unresponsive for a few minutes around 9:00 PM PST (11:00 PM CST, 5:00 AM GMT) while we back up the database.
    • cnm

      Notifications blocked by Outlook.com, Hotmail, Live, etc   02/14/2017

      Our notifications are blocked by those mail servers. If you have email address at Hotmail, Hotmail.uk, etc etc then you will not get notifications and need to manually check for new replies. We recommend Gmail.   The notifications won't even be in your Spam folder - they just go down a black hole.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0

So how did I get infected in the first place?

1 post in this topic

This is an update of the original Tony Klein article.


So how did I get infected in the first place?


You usually get infected due to one of these issues:


1. Your security settings are too low.

2. Your security programs are not regularly updated.

3. You don't have a full set of security programs installed and running in resident mode.

4. You visit dangerous sites or open attachments from without checking them first.



Safe Computing Practices



1.) Keep your Windows updated!

  • You can either update Windows automatically (recommended) or manually. Each version of Windows has small differences in how to turn on Automatic Updates:
  • Windows XP: Use the Security Center in Control Panel.
    Vista: Use Windows Update which can be reached through Start, All Programs.
    Windows 7: Use the Action Center which can be reached through the Control Panel, System and Security.
  • If you wish to do manual updates, there are a number of ways to do it depending on how much time you wish to put into it and which version of Windows you are using. Please refer to the Microsoft Support for details. Be careful to download all critical updates and the latest Service Pack for your version of Windows.
  • If you believe your computer is already infected, it is good idea to wait to install any updates until it is cleaned since they can be corrupted by the infection. Keeping Windows updated is one of the best ways to reduce your chances of getting infected.

2.) Watch what you download!

  • Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself.

  • Note also that even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected. Do not open any files without being certain of what they are!

3.) Avoid questionable web sites!

  • Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders.

  • Most of these drive-by attempts will be thwarted if you keep your Windows updated and your internet browser secured (see below). Nevertheless, it is very important only to visit web sites that are trustworthy and reputable.

  • In addition, never give out personal information of any sort online. And never click "OK" to a pop-up unless it is signed by a reputable company and you know what it is!

  • For more general information see the first section, "Educate yourself and be smart about where you visit and what you click on", in this tutorial by Grinler of BleepingComputer.

Must-Have Software



*NOTE*: Please only run one anti-virus and one anti-spyware program (in resident mode) and one firewall on your system. Running more than one of these at a time can cause system crashes and/or conflicts with each other. Of the following programs, passive protection like SpywareBlaster, IE-SPYAD and MVPS Hosts file can be used with active resident protection programs effectively. The free version of Malwarebytes' Anti-Malware is an on-demand scan and clean program that will also not conflict with resident protection, Spybot is also on-demand but has resident protection if the Teatimer function is used. Only one scan at a time should be run.


*NOTE*: Check to see if the antivirus is already running an anti-spyware component before installing a separate anti-spyware program.



4.) Antivirus

  • An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. Some very good and easy-to-use free antivirus programs are Avast, AntiVir and Microsoft Security Essentials Please run only one antivirus resident at a time!

  • It's a good idea to set your antivirus to receive automatic updates so you are always as fully protected as possible from the newest threats.

5.) Internet Browser

  • Many malware infections install themselves by exploiting security holes in Microsoft Internet Explorer. It is strongly suggested that you consider using an alternate browser.

  • Mozilla Firefox, Chrome and Opera are next-generation browsers that are more secure and faster than Internet Explorer, immune to most known browser hijackers, and outfitted with built-in pop-up blockers and other useful accessories.
    *NOTE*: Whatever browser you use it should be kept updated, since some of the updates are security related.

6.) Firewall

  • It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built into Windows XP. It doesn't block everything that may try to get in, it doesn't block anything at all outbound, and the entire firewall is written to the registry. (The built-in Vista firewall blocks both incoming and outbound, but is still written to the registry). Since most malware accesses the registry and can disable the Windows firewall, it's preferable to install one of these excellent third party solutions.

  • Three good free ones are PCTools Online Armor and Outpost. The trial version of Sunbelt Kerio Personal Firewall will also work in "free mode" after the trial period expires. Private Firewall is compatible with 64bit systems.
    Please only use one firewall at a time!
    *NOTE*: The Windows built-in firewall in Windows 7 also blocks both incoming and outbound and is all you need.

7.) Install Javacool's SpywareBlaster

  • This excellent program blocks installation of many known malicious ActiveX objects. Run the program, download the latest updates, "Enable All Protection" and you're done. Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
  • Don't forget to check for updates every week or so. Also see this tutorial by Grinler. (Note: This tutorial is for an earlier version, so there may be some minor differences)

8.) HOSTS file

  • Another good program is MVPS HOSTS. This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
  • For information on how to download and install, please read this tutorial by WinHelp2002.
    *NOTE*: Windows 7 does not use a HOSTS file at all, so there is no need for this type of program for it.

Other Cleaning / Protection Software



9.) Spybot

  • Spybot Search & Destroy is a good free scanner. See this topic for instructions on how to run a scan with Spybot.
  • Spybot has an "Immunize" feature which works roughly the same way as SpywareBlaster above.
  • Another feature within Spybot is the TeaTimer option. TeaTimer detects when known malicious processes try to start and terminates them. It also detects when something wants to change critical registry keys and prompts you to allow this or not. See this tutorial by Grinler for more information. (Note: Tutorial is for an earlier version, so there may be some minor differences)
    *NOTE*: Spybot is not as effective as some other programs now available and may even be redundant if you have other anti-spyware protection programs.

10.) Malwarebytes' Anti-Malware

  • An outstanding all-purpose anti-malware scanner and cleaner is Malwarebytes' Anti-Malware. Although there is also a paid version with added features, the free version is fully functional.
    See This Article for details on how to download and scan with Malwarebytes' Anti-Malware.

11.) Windows Defender

  • Microsoft now offers their own free malicious software blocking and removal tool, "Windows Defender" (Not compatible with Windows 98 and ME.) It also features real-time protection.

12.) Lock down ActiveX in Internet Explorer

  • Even if you plan to use an alternate browser, you will have to use Internet Explorer for tasks like updating Windows or visiting any other site that requires ActiveX. Also, since Internet Explorer is integrated into the Windows core, keeping it locked down is very important.

  • IE9 is only available for Vista and Windows 7.
  • For IE9 go here
  • For IE7 and IE 8, open IE and go to Tools > Internet Options > Security > Internet, then press "Default Level", then OK.

    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".


    [*]Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed. Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option > Security.


    [*]So why is ActiveX so dangerous that you have to increase the security for it? When your browser runs an ActiveX control, it is running an executable program, no different from double-clicking an exe file on your hard drive. Would you run just any file downloaded off a web site without knowing what it is and what it does?

13.) Finally, after following up on all these recommendations, we suggest you run the Qualys BrowserCheck to perform a security analysis of your browser and its plugins to identify any security issues. Full documentation and usage guide can be found here.

Also, we suggest you check your Applications and Programs to see which ones need to be updated with either Secunia vunerability scanner or FileHippo Update Checker


Happy safe computing!

Share this post

Link to post
Share on other sites
This topic is now closed to further replies.
Sign in to follow this  
Followers 0