Help
This topic is locked
While the most common culprits are freeware, adware and shareware applications, paid-for commercial software has been known to contain spyware as well. Malware applications are usually bundled as a hidden component in mislabeled freeware and shareware downloaded from the Internet. They are almost always installed on your system secretively to ensure its widespread use and to prevent the end-user from discovering it. Malware infection can also occur if your browser is exposed to malicious web scripts or you encounter Rogue security programs. For more detail on how rogue programs with their infections install themselves, read:
- Anatomy of a malware scam
- How does rogue security software get on my computer?
- How Malware Spreads - How did I get infected
- How to Tell If That Pop-Up Window Is Offering You a Rogue Anti-Malware Product
Think you're infected with malware? These are some common symptoms to be aware of.
• You see pop-up advertisements even when you're not on the Web.
• Your Web browser home page or browser search settings have changed without your knowledge.
• You have difficulty connecting to the Internet or browsing to web sites.
• You notice additional components or a new toolbar in your browser that you did not install or cannot remove.
• Your computer is sluggish and takes longer than usual to complete certain tasks.
• You experience a sudden increase in computer crashes.
-----------------------------------------------------------------------------------------------------------------------------------------------
To protect yourself against malware and reduce the potential for re-infection, here are a few helpful suggestions:
1. Keep Windows and Internet Explorer current with the latest security updates from Microsoft including all service packs. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer. If you have not done so, go to Microsoft Windows Update and download all the "critical updates" for Windows. Doing this will fix security holes through which attackers can gain access to your computer. Further, unpatched and infected Windows systems on the Internet are a security risk to everyone. When there are insecure or infected computers connected to the Internet, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, spammers have more platforms from which to send e-mail and more machines become compromised.
Visit Calendar Of Updates and the Microsoft Security Bulletin Summaries TechNet page on a regular basis for information on Microsoft Advisories and other important security update notifications.
2. Prevent spyware, homepage hijacking and increase your browser security by using these free programs:
- SpywareGuard
- SpywareBlaster
- ZonedOut
- Comodo BOClean Anti-Malware
- Block Unwanted Parasites with a Custom Hosts File - Instructions for the MVPS HOSTS File.
- BitDefender Online Scanner
- Trend Micro Housecall
- Trend Micro Housecall Scan for Firefox <- Internet Explorer not required; does not use ActiveX
- F-Secure Online Scanner
- ESET Nod32 Online Scanner (Vista compatible but Internet Explorer must be Run as Administrator.)
- Simple and easy ways to keep your computer safe
- Microsoft Solutions for Security: The Antivirus Defense-in-Depth Guide
- Your Guide To Staying Safe Online
- Hardening Windows Security - Part 1 & Part 2
- How to Stop 11 Hidden Security Threats
- Configuring Internet Explorer for Practical Security and Privacy
- How to Secure Your Web Browser
- Safe Web practices - How to remain safe on the Internet
- How to Set Security Options in the Firefox Browser
- Use Task Manager to close pop-up messages to safely exit malware attacks
- Free games, animated characters, and screen savers.
- Music, movies, and file-sharing programs.
- Instant Messaging (IM) attachments.
- Toolbars for your Internet browser.
- Unknown email files and attachments.
-- Scan a suspicious url address by submitting the link into the "URL to scan:" box at LinkScanner and click "Scan".
-- Scan a file before you download it by submitting the download url link to Dr.Webb Check URL Scan and click "Scan" - (the restriction of the checked file is 12 Mb).
8. Be wary of freeware products. Always read the EULA (End User License Agreement) carefully. Some "freeware" programs come bundled with malware. You can analyze license agreements for interesting words and phrases before installing software by using Javacool's EULAlyzer. Always scan the downloads with your anti-virus program because even trusted sites have being known to be compromised.
9. Use a Firewall to protect yourself. A hardware firewall can provide a strong degree of protection from most forms of attacks coming from the outside. A software firewall generally offers the best measure of protection against Trojans and worms but they are harder to configure and must share resources with other running processes which can decrease system performance.10. Avoid gaming sites, porn sites, pirated software, warez, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, uTorrent). They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Malicious worms, backdoor Trojans IRCBots, and rootkits spread across P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. Porn sites can lead to the Trojan.Mebroot MBR rootkit and other dangerous malware. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
- P2P Software User Advisories
- Risks of File-Sharing Technology
- P2P file sharing: Anticipate the risks...
- When is AUTORUN.INF really an AUTORUN.INF?
- Nick Brown's blog: Memory stick worms
- USB-Based Malware Attacks
- Danger USB! Worm targets removable memory sticks
Quote
...Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file...
For most novice users, the easiest way to inoculate a USB flash drive is to create a Read-only folder on the drive and name it autorun.inf. This folder will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and executing malicious files as described in How to Maximize the Malware Protection of Your Removable Drives. An easier alternative is to use Panda USB Vaccine. Note: Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code.
Another option for XP users is Flash_Disinfector by sUBs. Please read About Flash Disinfector by Papakid and USB/Flash Drive Safety by TheJoker.
If using Windows Vista, please refer to Disable AutoPlay in Windows Vista.
If using Windows 7, please refer to Engineering Windows 7: Improvements to AutoPlay.
12. Always use the most current version of Java Runtime Environment (JRE). Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.It's a good practice to Create a New Restore Point to prevent possible reinfection from an old one AFTER cleaning your system. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point will help prevent this and enable your computer to "roll-back" to a clean working state. If you're not sure how to do this, read "How to Create a Restore Point" and "How to use Cleanmgr". Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.
Finally, stay informed, use common sense, and always practice safe web surfing habits. "Knowledge and the ability to use it is the best defensive tool anyone could have. An uninformed user can be their own worst enemy when acting in ignorance."
IMPORTANT NOTE: Backdoor Trojans, IRCBots, Keyloggers and Rootkits are very dangerous. Backdoor Trojans provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information like passwords, personal and financial data which they send back to the hacker. Keyloggers sit stealthy on your system and monitor all the keys you press including all your logins and passwords. Rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.
If you had any of these infections and if your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect your computer from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breech. Because your computer was compromised please read:
- How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
- What Should I Do If I've Become A Victim Of Identity Theft?
- Identity Theft Victims Guide - What to do
- Internet Crime Complaint Center (IC3): Filing a Complaint
- Guarding Against Computer Theft
- When should I re-format? How should I reinstall?
- Help: I Got Hacked. Now What Do I Do?
- Where to draw the line? When to recommend a format and reinstall?
Attempting to reinstall Windows (repair install) without first wiping the entire hard drive with a repartition/reformat will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system causing problems will still be there afterwards and a Repair will NOT help!.
Note: If you're using an IBM, Sony, HP, Compaq, Toshiba, Gateway or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. Also be sure to read Technology Advisory Recovery Media. If the recovery partition has become infected, you will need to contact the manufacturer, explain what happened and ask them to send full recovery disks to use instead..
This post has been edited by quietman7: 05 February 2010 - 10:20 AM
