Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clean Up After A Mess


  • Please log in to reply
10 replies to this topic

#1 cccm

cccm

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 15 December 2007 - 03:38 PM

hi
i would like to have your opinion on the following issue.

I have had experieneced a lot of malware attacks and i strongly suspect that my pc has been ROOTKIT attacked, as i used the pc for non critical purposes and with very minimal protection. However, i decided to get a new hard drive to replace the one with all the malware, because i would like to use the computer for some very sensitive data handling.

1) my first question is, will i be safe using a new hard drive form all kinds of malware including the most dangerous rootkits. i mean can the motherboard be infected.. if so how to see if it has been infected.
------------------------------------------------------------------------------------------------------------

My second question is; when i use the new hard drive and install the OS (win xp with sp2) what to do next...ie. do i update windows first or download my anitvirus prog first..

i am asking because, i have no hardware firewall (router) and my internet connection is VERY VERY slow so it would take me over an hour to update windows.

2) Am i safe trying to update windows with no hardware firewall, no antivirus prog running for over an hour?
put in mind the previous history of attacks and the fact that i will be handling quite sensitive data and need to be supersafe.

the antivirus prog that i will use, i will download from the internet (since my current drive is a malware junkie, i wont use it to download and burn)..

thanks
cccm

BC AdBot (Login to Remove)

 


#2 CTH_Tom

CTH_Tom

  • Members
  • 295 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 15 December 2007 - 04:51 PM

Since the only website you'll be on is Windows Update I would do the updates first. Use XP's built-in firewall to keep unwanted traffic out.
X

#3 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:09:46 AM

Posted 15 December 2007 - 06:04 PM

Just to be on the safe side, disconnect your computer from the modem while installing the OS.
After the installation, check to make sure the Windows firewall is enabled.
Only after assuring that it is, hook back up, install Windows updates.
Be prepared for a lot of reboots after these updates.

After those have installed, you can then download and install your anti-virus then a firewall of your choice.

Edited by Queen-Evie, 15 December 2007 - 06:05 PM.


#4 david28

david28

    Forum Member


  • Banned
  • 1,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:16 AM

Posted 15 December 2007 - 10:05 PM

If you have the firewall, anti-virus and anti-spyware programs on a CD or USB etc then install them first, but if you plan on downloading them, then just use the Windows XP Firewall and update, then download the anti-virus programs. (What anti-virus, anti-spyware an dfirewall progarms do you plan on using too?)

#5 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,574 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:10:46 AM

Posted 15 December 2007 - 10:32 PM

Your mothrboard can't hold the infections once the computer is shut down and restarted.

BIOS can be compromised. Many people, after infections, restore their BIOS. Don't ask me how. I don't know. I only did it once on an old computer. You need to find out who makes it and get a new version. At the very least, reset it. It's one of the menu items once you boot into the BIOS - you need to find out how to do it before trashing your current system.

If your XP is original or SP1, someone I know got a SP2 CD from Microsoft, because a download over a dial-up was supposed to take something like 20 hours.

I agree that Windows updates can come first. If you can avoid it, skip the network configuration during the installation, since you will be (should be) off-line, totally disconnected while installing. Also skip various nags for msn passwords and registration. All that can be done later. The network will configure itself once you connect, XP is smart about it.

You can download a good software firewall, antivirus, antispyware and put in on a USB flash. But I would not be doing it on that infected computer. Can you do it on a clean computer at work or some friends?

#6 cccm

cccm
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 15 December 2007 - 11:09 PM

so
IF- after os installed- i enable SP2 firewall- go to the net a get updates for windows (would take me aprox. 2 hours) with no secuirty suite running but windows firewall..

THERE IS NO CHANCE OF BEING INFECTED what so ever- i want to stress this point as i plan to use this pc for sensitive use..

put in mind that i have been previously attacked on the previous system

can rootkits reside in motherboard or the (BIOS)
i read that removing the motherboard battery and putting it again erase all motherboard memory


my plan is to got to kaspersky site and download kaspersky internet security 7 and use counterspy + lavasoft ad aware + spybot
is this combination strong enough to trust for such usage

also i am worried about keyloggers-- how one can beat them (beside scans by the previously mentioned progs)

thanks
cccm

Edited by cccm, 15 December 2007 - 11:12 PM.


#7 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,574 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:10:46 AM

Posted 16 December 2007 - 12:10 AM

BIOS does get attacked by rootkits, that's precisely why people update/reflash the BIOS. Don't worry about the motherboard. I don't know whether battery reset will clean BIOS. I think it just reverts to default settings.

If you're thinking of using Kaspersky anything, be aware they don't want you to run anything else. They are very sensitive and you may fail the installation. Besides, once you have their suite there will be no need WHATSOEVER for Spybot or Ad-Aware or Counterspy in my opinion. I'm not a great fan of suites. You'd be better off with separate products. Consider Kaspersky antivirus standalone. You can trial for a bit and see how it react to something like Spybot (without teatimer). Kaspersky is very strong, very good protection. The need for the suite is debatable. But maybe good for you. If you do Kaspersky, make sure to install it first after MS updates, before ANY other antimalware.

For AV try NOD32 from eset. Or free AntiVir from Avira. They all protect against viruses and spyware and trojans and keyloggers. Ad-aware and Spybot have really been superceeded by SuperAntiSpyware (free or paid, your choice). That with free Avast AV might do a good job as well, though AntiVir is better.

Remember, spyware or keyloggers are usually harmless, until they run, at which point (or when a bad download happens in email or clicking bad links) a good AV product stops'm dead.

If you install SP2, run their firewall and just do the updates, there's no way you can get infected. Do not google, do not open email, do nothing other than Microsoft updates and legitimate antivirus/antieverything sites. I'd still think you should download all that stuff now someplace, before you begin. It'll go smoother.

Edited by tos226, 16 December 2007 - 12:18 AM.


#8 cccm

cccm
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 16 December 2007 - 12:11 PM

so to make sure that the motherboard is clean or rather the BIOS is clean, i should contact the manufacture for instructions (GIGABYTE)?
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
BUT i read in an article in a pc site that there is a statistics or an experiment that concluded that unpatched windows cant survive on the net more than 30 minutes..
---------------------------------------------------------------------------
also that windows firewall is weak and can easily by bypassed by malware
--------------------------------------------------------------------------
i think i have a cd that contained Norton internet security 2007 (from the manufacturer) but its lost and i will try to search for it...

But i have used this cd a lot on infected computers to install it on.. my question is if i use this cd to set NIS on the new computer.. is there any risk of infection as the cd was used to install NIS on a severly compromised pc (including rootkit)
------------------------------------------------------------------------

i would like also to take your opinion on Norton internet security 2007.

if i manage to get it on a clean cd, should i install it before i update windows..

which to update first windows or norton internet security 2007
-----------------------------------------------------------------
thanks
cccm

#9 CTH_Tom

CTH_Tom

  • Members
  • 295 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 16 December 2007 - 04:26 PM

BUT i read in an article in a pc site that there is a statistics or an experiment that concluded that unpatched windows cant survive on the net more than 30 minutes..

Read the same or similar article when a test was done by a university on the malware problems you can get from surfing the internet with an unpatched OS. The test was done on sites that were known to download malware on your computer if you didn't have the critical updates. You were advised 3 times to go to Windows Update first when connected to the internet and nowhere else until the patches are installed.

also that windows firewall is weak and can easily by bypassed by malware

Xp's firewall is a one way firewall. It will block any unwanted connections coming from the internet.
What it won't do is block malware from connecting to the internet. If your system is malware free then this isn't a concern.

i would like also to take your opinion on Norton internet security 2007.

From postings I've seen from many forums NIS is the most problamatic security suite there is.
I wouldn't even wish it upon my worst enemy. :thumbsup:

I used Norton's in the past and have been infected while it was installed on my computer.
I have NOD32 and just love the hell out of it. Low on resources catches spyware as well as malware.
I would make the Eset website the next place to go on the internet after Windows Update. Try it out for the 30 day trail and see how you like it. If you still want Norton after the trail at least you can be assured your computer is malware free.

Edited by CTH_Tom, 16 December 2007 - 04:27 PM.

X

#10 david28

david28

    Forum Member


  • Banned
  • 1,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:16 AM

Posted 17 December 2007 - 12:32 AM

CTH_Tom please try to be a bit more nice to new members, I know I am not a moderator, but I think you coudl be possibly a bit more nice.

#11 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:09:46 AM

Posted 17 December 2007 - 08:38 AM

If you have installed a new hard drive (after ditching the previous one), have installed XP on it, then at that moment you can assume it is malware-free. As I remember, the Windows version of a firewall runs by default. Now there should be no harmful application on your new hard drive that would ask for internet access, so at that time, all you have to worry about is incoming attacks; these the Windows Firewall should prevent, one you install your IP software.
Immediately install Windows security patches, and do not visit any other sites until all of these have been installed, since your focus is to prevent any harm to your "pristine" hard drive.
The next step is to install additional protection from malware. Certainly a better software firewall, an Anti-virus (updated immediately), and your choice of anti-spyware applications (updated immediately). As a precaution, you should thoroughly scan your hard drive with each application as it is installed and updated.
Cheers,
John
Whereof one cannot speak, thereof one should be silent.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users