Jump to content


So how did I get infected in the first place?

  • This topic is locked This topic is locked
No replies to this topic

#1 TonyKlein


    Forum Deity

  • Expert
  • PipPipPipPipPip
  • 1,841 posts

Posted 07 November 2005 - 01:16 PM

This is an update of the original Tony Klein article.

So how did I get infected in the first place?

You usually get infected due to one of these issues:

1. Your security settings are too low.
2. Your security programs are not regularly updated.
3. You don't have a full set of security programs installed and running in resident mode.
4. You visit dangerous sites or open attachments from without checking them first.

Safe Computing Practices

1.) Keep your Windows updated!
  • You can either update Windows automatically (recommended) or manually. Each version of Windows has small differences in how to turn on Automatic Updates:
  • Windows XP: Use the Security Center in Control Panel.
    Vista: Use Windows Update which can be reached through Start, All Programs.
    Windows 7: Use the Action Center which can be reached through the Control Panel, System and Security.
  • If you wish to do manual updates, there are a number of ways to do it depending on how much time you wish to put into it and which version of Windows you are using. Please refer to the Microsoft Support for details. Be careful to download all critical updates and the latest Service Pack for your version of Windows.
  • If you believe your computer is already infected, it is good idea to wait to install any updates until it is cleaned since they can be corrupted by the infection. Keeping Windows updated is one of the best ways to reduce your chances of getting infected.
2.) Watch what you download!
  • Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself.
  • Note also that even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected. Do not open any files without being certain of what they are!
3.) Avoid questionable web sites!
  • Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders.
  • Most of these drive-by attempts will be thwarted if you keep your Windows updated and your internet browser secured (see below). Nevertheless, it is very important only to visit web sites that are trustworthy and reputable.
  • In addition, never give out personal information of any sort online. And never click "OK" to a pop-up unless it is signed by a reputable company and you know what it is!
  • For more general information see the first section, "Educate yourself and be smart about where you visit and what you click on", in this tutorial by Grinler of BleepingComputer.
Must-Have Software

*NOTE*: Please only run one anti-virus and one anti-spyware program (in resident mode) and one firewall on your system. Running more than one of these at a time can cause system crashes and/or conflicts with each other. Of the following programs, passive protection like SpywareBlaster, IE-SPYAD and MVPS Hosts file can be used with active resident protection programs effectively. The free version of Malwarebytes' Anti-Malware is an on-demand scan and clean program that will also not conflict with resident protection, Spybot is also on-demand but has resident protection if the Teatimer function is used. Only one scan at a time should be run.

*NOTE*: Check to see if the antivirus is already running an anti-spyware component before installing a separate anti-spyware program.

4.) Antivirus
  • An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. Some very good and easy-to-use free antivirus programs are Avast, AntiVir and Microsoft Security Essentials Please run only one antivirus resident at a time!
  • It's a good idea to set your antivirus to receive automatic updates so you are always as fully protected as possible from the newest threats.
5.) Internet Browser
  • Many malware infections install themselves by exploiting security holes in Microsoft Internet Explorer. It is strongly suggested that you consider using an alternate browser.
  • Mozilla Firefox, Chrome and Opera are next-generation browsers that are more secure and faster than Internet Explorer, immune to most known browser hijackers, and outfitted with built-in pop-up blockers and other useful accessories.

    *NOTE*: Whatever browser you use it should be kept updated, since some of the updates are security related.
6.) Firewall
  • It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built into Windows XP. It doesn't block everything that may try to get in, it doesn't block anything at all outbound, and the entire firewall is written to the registry. (The built-in Vista firewall blocks both incoming and outbound, but is still written to the registry). Since most malware accesses the registry and can disable the Windows firewall, it's preferable to install one of these excellent third party solutions.
  • Three good free ones are PCTools Online Armor and Outpost. The trial version of Sunbelt Kerio Personal Firewall will also work in "free mode" after the trial period expires. Private Firewall is compatible with 64bit systems.
    Please only use one firewall at a time!

    *NOTE*: The Windows built-in firewall in Windows 7 also blocks both incoming and outbound and is all you need.
7.) Install Javacool's SpywareBlaster
  • This excellent program blocks installation of many known malicious ActiveX objects. Run the program, download the latest updates, "Enable All Protection" and you're done. Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
  • Don't forget to check for updates every week or so. Also see this tutorial by Grinler. (Note: This tutorial is for an earlier version, so there may be some minor differences)
8.) HOSTS file
  • Another good program is MVPS HOSTS. This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
  • For information on how to download and install, please read this tutorial by WinHelp2002.

    *NOTE*: Windows 7 does not use a HOSTS file at all, so there is no need for this type of program for it.

Other Cleaning / Protection Software

9.) Spybot
  • Spybot Search & Destroy is a good free scanner. See this topic for instructions on how to run a scan with Spybot.
  • Spybot has an "Immunize" feature which works roughly the same way as SpywareBlaster above.
  • Another feature within Spybot is the TeaTimer option. TeaTimer detects when known malicious processes try to start and terminates them. It also detects when something wants to change critical registry keys and prompts you to allow this or not. See this tutorial by Grinler for more information. (Note: Tutorial is for an earlier version, so there may be some minor differences)

    *NOTE*: Spybot is not as effective as some other programs now available and may even be redundant if you have other anti-spyware protection programs.
10.) Malwarebytes' Anti-Malware
  • An outstanding all-purpose anti-malware scanner and cleaner is Malwarebytes' Anti-Malware. Although there is also a paid version with added features, the free version is fully functional.
    See This Article for details on how to download and scan with Malwarebytes' Anti-Malware.
11.) Windows Defender
  • Microsoft now offers their own free malicious software blocking and removal tool, "Windows Defender" (Not compatible with Windows 98 and ME.) It also features real-time protection.
12.) Lock down ActiveX in Internet Explorer
  • Even if you plan to use an alternate browser, you will have to use Internet Explorer for tasks like updating Windows or visiting any other site that requires ActiveX. Also, since Internet Explorer is integrated into the Windows core, keeping it locked down is very important.
  • IE9 is only available for Vista and Windows 7.
  • For IE9 go here
  • For IE7 and IE 8, open IE and go to Tools > Internet Options > Security > Internet, then press "Default Level", then OK.
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed. Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option > Security.
  • So why is ActiveX so dangerous that you have to increase the security for it? When your browser runs an ActiveX control, it is running an executable program, no different from double-clicking an exe file on your hard drive. Would you run just any file downloaded off a web site without knowing what it is and what it does?
13.) Finally, after following up on all these recommendations, we suggest you run the Qualys BrowserCheck to perform a security analysis of your browser and its plugins to identify any security issues. Full documentation and usage guide can be found here.
Also, we suggest you check your Applications and Programs to see which ones need to be updated with either Secunia vunerability scanner or FileHippo Update Checker

Happy safe computing!

Member of UNITE
Support SpywareInfo Forum - click the button