Jump to content


Photo

How can I prevent this from happening again?


  • Please log in to reply
6 replies to this topic

#1 Comrade

Comrade

    Galaxy's break

  • Full Member
  • Pip
  • 22 posts

Posted 05 April 2006 - 03:27 PM

I just rid myself of a Backdoor.Haxdoor virus and 27 spyware programs after a two-day cleanup. You can here me complain about my problems here:
http://forums.spywar...showtopic=72680
and here:
http://forums.spywar...showtopic=72716

After solving them, I realize that not only was I attacked by a tojan virus that gave some person somewhere complete access to my computer, I was also the victum of the 27 spyware programs which have been on my computer un-detected for who knows how long.

This has awakend me to the world of Compy Protection as before it was my mother who had removed any intruders but is now up to me. I was curious of how I could update my computer to help defend my personal date, whilst not lagging up my computer or popping up constantly when unwanted.

This computer is being used by my whole family and is constantly in use(we leave it on all day, and only turn it off at night). This means that since I have younger and older siblings, I need to protect the computer from my older brother's MySpace, as well as my younger's random arcade sites(such as MiniClip, Bonus, etc...). What programs would you suggest I install? I have the following programs already:

Norton Anti-virus
Spybot - Search and Destroy
Registry Cleaner
HijackThis
HaxFix
KillBox

I am using MS Internet Explorer, and although it was suggested elsewhere on this site to switch to firefox, I don't think that will be happening anytime soon, although I might when I get a new computer after this one breaks.
I am also using Microsoft Windows XP and don't want to change my OS either.
However, if I was to download two or three more programs that moniter downloads, or have weekly virus scans, which would you suggest?

Thank you! -Comrade

#2 dave38

dave38

    Devout Murphyite!

  • Retired Staff
  • PipPipPipPipPip
  • 8,508 posts

Posted 05 April 2006 - 04:43 PM

Why not get Firefox? It is more secure, as Activex controls are not supported.
Easy to use, and with the "noscript" extension, all most bulletproof.

I also suggest reading Tony Klein's post here How did I get infected in the first place.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#3 tsitraveler

tsitraveler

    Member

  • Full Member
  • Pip
  • 54 posts

Posted 05 April 2006 - 09:05 PM

One great step would be to get rid of Norton. As you've found, it's too easily corrupted by malware, and due to the way it integrates into the operating system, it then is used against you.

I use Nod32 by Eset. Heuristic scanning. Won't bog down your system. Catches trojans, viruses, worms. etc. Even protected users against the recent WMF exploit, without an update.

http://www.nod32.com/home/home.htm

Definitely use Firefox, or Opera, for the primary browser.

Regardless, IE needs to be hardened. Check your zone settings. Use IE-Spyads, which loads an extensive list of sites into the Restricted Zone list. If one of those sites is accessed, the zone restrictions can prevent malicious behaviour. Use a HOSTS file also, which actually prevents your computer from accessing sites listed in that file. It's a layered approach. You'll need to keep those lists updated.

Be sure to disable active scripting from all zones.

Lots of so-called viruses are actually worms. There's an excellent program to address this, called Wormguard, by DiamondCS. I've used it for years, on three different OSes. It's basically set-it-and-forget-it. Works flawlessly.

The most serious threat currently is the rootkit. DiamondCS has a program called ProcessGuard that will prevent rootkits from getting into your system.

http://www.diamondcs...u/processguard/

You need to protect the registry from unauthorized changes. Ad-Aware has AdWatch for this. Spybot S&D has the TeaTimer. An excellent tool for registry protection is RegRun, by GreatIS. It's really the top dog in that area, IMO.

http://www.greatis.com/security/

Very important - Set up a separate, password protected, Administrator account. Don't use it for surfing the net. Set up limited user accounts for that. The limited user accounts don't have unrestricted access to the machine kernel, so malware can't as easily slip past your defenses, to get a hold on your system. XP user accounts are administrator accounts by default. You need to change them to Limited.

BTW - For heavens sake, turn off Windows Firewall. Do it in services, so it stays off. It's not a good firewall. I currently use ZoneAlarm, but will be switching to Kerio. I've had issues with ZoneAlarm's recent versions, and lack of support, even tho I use ZA Pro. Also, ZA phones home now, since it was bought out by Checkpoint. Also, it discloses more info than I'd like it to, as I surf. Kerio is tighter in terms of browser/surfing disclosures, and it doesn't phone home.

Finally, consider virtualization. If you can use Ubuntu Linux on VMware, do it.

Best wishes.

Edited by tsitraveler, 05 April 2006 - 09:24 PM.


#4 tsitraveler

tsitraveler

    Member

  • Full Member
  • Pip
  • 54 posts

Posted 05 April 2006 - 09:22 PM

One more thing-

You mentioned kid's arcade games.

You need to update Macromedia to the latest versions, both Flash, and Shockwave. Next, you may want to set the privacy settings to prevent websites from storing tracking info on your system. The settings panel is at

http://www.macromedi...r02.html#118539

Note the tabs across the top of that panel. Click each one, review the settings for each, set to your preference.

Many don't understand that sites that utilize Macromedia content are allowed to store stuff on your harddrive, by default. This can be changed, and that settings panel is the way it's done.

#5 hornet777

hornet777

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 607 posts

Posted 06 April 2006 - 12:29 AM

http://forums.spywar...showtopic=72693
After all is invested in correctness, then how does it stand with truth?

#6 tsitraveler

tsitraveler

    Member

  • Full Member
  • Pip
  • 54 posts

Posted 06 April 2006 - 08:54 AM

Excellent link, Hornet.

The Macromedia settings panel in the post above is for Flash Player. For Shockwave, you don't have the option of not sharing info, so the work-around is to change the default setting to never auto-update. The following page explains the situation, and contains a link to the settings manager for the Shockwave updater.

http://www.macromedi...ctinfo/privacy/

#7 Comrade

Comrade

    Galaxy's break

  • Full Member
  • Pip
  • 22 posts

Posted 08 April 2006 - 01:13 AM

Thanks guys. Running through the list:

>>Why not use Firefox?

I wasn't going to, as this is the family's computer and I didn't want to change the browser and have my younger siblings not understand how it works and mess things up. Also my mother, who usauly controls what goes on here, wasn't to keen to switching browsers. I have since changed my mind though, as people on the forum I frequent(it's a game development forum) told me how simular it is the IE and that it's simple to use. As I just now got yet another virus, I will convince my parents that it is neccasary to be installed.

>>You need to upgrade macromedia, both flash and shockwave...

I went to the site you linked and it said 'You need macromedia flash to view this' so apparently I don't have flash anymore. I will check into that later though, and upgrade my stuff if I have it.

>>*Hornet777's link*

Nice link! I secured IE somewhat better and will delve into it more once I get my current virus out of the system. I will also install Firefox in a few days(Perhaps tomorrow, if everything works out fine)


Thanks for the tips and suggestions guys!




Member of UNITE
Support SpywareInfo Forum - click the button