Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The scum beat me, so I'm giving up.


  • Please log in to reply
13 replies to this topic

#1 orion1500

orion1500

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 25 April 2005 - 02:57 AM

Hello. I have been trying to learn how to rid the scumware from my pc, but I am giving up and plan to nuke it and start over. I run Adaware, XClean, Spybot, and numerous scans more than I run my vacuum cleaner. I delete cookies and temporary internet files daily. However, I just ran a Panda scan and found over 100 files infected. Just before that, the XClean scan showed 10 new trojans since yesterday. The scum beat me.

When I reformat, I plan to copy the registry, system files and task manager processes. Maybe that will help me recognize good from bad later on.

Once I have loaded all my software, drivers, etc., I know to download the virus and spyware protection and get the Windows updates. I should mention that my XP operating disks are three years old.

My questions are:
1) Where do I go first? I have a SP2 disk with an offer of free virus protection, which I will need. Will that load without getting the previous updates first?

2) There are so many recommended downloads for scanning, detecting, fixing, etc., that I read about on the forums that I am concerned about overkill. Which group of programs would cover my pc well?

3) I have backed up all my documents, music, photos, and list of favorites. Could I reinfect my pc when I reload them?

4) I have always used Internet Explorer, but I have been getting so many antispyware ads lately that have the IE heading (never got them before) that I don't trust IE anymore. Could you recommend the best brower?

5) My kids use IM all the time, but I think it's part of the problem. Any info there?

6) Which toolbars should I avoid?

Sorry for all the questions, but I might as well ask them in a single post. I want to do this right the first time. I would greatly appreciate your help. Thanks much.

Carolyn

Edited by orion1500, 25 April 2005 - 03:00 AM.


BC AdBot (Login to Remove)

 


m

#2 windowsxp550

windowsxp550

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Location:Maplewood, Minnesota
  • Local time:03:42 AM

Posted 25 April 2005 - 03:33 AM

in regards to one of your questions...

Personally I switched from IE to Firefox (Mozilla), and couldn't be happier. It is set up very similar to IE and the install is a snap (It even auto imports your favorites and settings from IE).

In my opinion Internet Explorer is a HUGE security risk. It is a window application that can pretty much access any part of your computer (open up My Computer and type a web address in the address line, and voila, all of a sudden you are on IE and websurfing...My thoughts are if it is that easy to go from your local computer to the internet, why wouldn't it be just as easy to go from the internet to your computer?...see what I mean?)

Ever since I installed Firefox, the pop ups have slowed to a trickle and my spy protection programs rarely find anything.

So my vote would be for Firefox....whatever you do decide to switch too, definately switch from IE.
Free PC Help: At FixMyXP.com, our Speciality is Windows XP.
Got An XP Problem or Question? Get expert help, all free Check it out!
Click Here to go to FixMyXP's Windows XP Help Forum

#3 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:06:42 PM

Posted 25 April 2005 - 04:04 AM

Hi orion1500

The smartest move you could make is to come to this site for advice (no I'm not on commission). Have a look in the Tutorials section for ways to keep your system secure on the internet and what to do before you connect.

In general terms though:
  • Browser: You need IE for windows updates, but use Firefox for everything else.

  • Anti-Virus: You can have AVG for free or you can purchase Norton Anti-Virus for ~$100 and then pay ~$50 per year for updates and it will be almost as good. You should only run one AV program.

  • Anti-Spyware: minimum requirement is AdawareSE, SpyBot S&D, and SpywareBlaster. Others may say you need even more. They compliment one another it doesn't matter how many you have.

  • Firewall: Turn off the windows firewall and install Sygate or ZoneAlarm. Only run one firewall.

  • Windows updates: Not sure but I think SP2 is cumulative, i.e. you dont need to have SP1 to install it. Someone will correct me if I'm wrong on this.
Good Luck :thumbsup:

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#4 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:03:42 AM

Posted 25 April 2005 - 08:22 AM

I'm betting a big part of your problems are the kids IM programs. Which ones do they use? You can set up MSN Messenger to scan any incoming files with your AV. A lot of those viruses are sent without the senders knowledge and kids tend to accept anything coming in. To set up scanning in MSN go to Tools>Options>Messages and under File Transfer place a check mark in "Scan files for viruses using" and browse to your anti-virus 's folder in Program Files and select the .exe that opens your virus program. Guaranteed the kids won't like it cause it takes 30 seconds to scan but I guarantee you will. :thumbsup:

Are you currently using an anti-virus program other than Panda Active Scan? If not your wide open.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#5 caterbro

caterbro

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 25 April 2005 - 09:04 AM

I run Adaware, XClean, Spybot, and numerous scans more than I run my vacuum cleaner.  I delete cookies and temporary internet files daily.

do things methodically. disconnect your PC from the network or dialup (make sure your tools are up to date). boot your computer into "safe mode with networking". delete temp files(ALL the Temp directories should be emptied- there are lots of them), empty recycle bin. run AdAware, then Spybot.

use SB's Tools to clean out your start menu, BHOs, and bad search pages. go to %Windows\Downloaded Program Files and remove any thing you don't recognize. reconnect your PC to the internet and use TrendMicro Housecall. Don't use the beta ver. in safe mode.

repeat AdAware scans for each profile (VERY important). reboot. if that doesn't fix it, then format and re-load.

When I reformat, I plan to copy the registry, system files and task manager processes.  Maybe that will help me recognize good from bad later on. 

probably not, unless you plan to speand a lot of time learning the registry. what ever you do, do not run the .reg files, or you are back to square one. If you are re-imaging, don't bother with it.

My questions are:
1) Where do I go first?   I have a SP2 disk with an offer of free virus protection

? what disk is this? install windows. install your antivirus. go to windowsupdate.microsoft.com and install all critical updates. install AdAware, SpyBot and, or if you feel like dropping $40, get Webroot Spysweeper. don't bother with a 3rd party firewall, unless you really like the hands on approach.

Try Opera or Firefox for nice web experiences- you'll find the IE isn't too bad once you have all the latest patches and the XP firewall running. honest.:thumbsup:

tell your kids that the internet is like a bad neighborhood- do not accept pics, files, music over IM without being very careful, tell them to stop visting shady sites, etc.

keep all your backups on a CD- scan them with an antivirus as you reload them(usually automatic). your Favorites are the most likely source of re-infection

hth

Edited by caterbro, 25 April 2005 - 01:58 PM.

Carl
----
Official puter fixer :D

#6 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:03:42 AM

Posted 25 April 2005 - 09:55 AM

Good advice there from caterbro.

? what disk is this?


Sounds like the February 2004 Security Update CD freebie from MS with a one year free trial of Etrust. Its a good AV with a ZoneAlarm clone you can install if you want but you don't have to.

I have always used Internet Explorer, but I have been getting so many antispyware ads lately that have the IE heading (never got them before) that I don't trust IE anymore. Could you recommend the best brower?


Thats a malware program. Nothing to do with IE.

As caterbro says, install XP, then the security CD, connect to the net, install the AV (it will update as part of the install), do Windows Updates including IE and the Microsoft Anti-Spyware Beta and download AdAware, Spybot and SpywareBlaster.

Don't let the kids download anything without permission. A lot of those IM programs have add-ons and enhancers riddled with malware. No cursurs, screensavers, games or smilies without you checking them out first. There are lots of legit games you can download from Macromedia (Shockwave), Real Arcade and (I like) PopCap games, or you can purchase some. Post here to ask about any programs like that.

Can anyone comment about setting up user accounts for the kids in XP that restrict them from downloading and installing anything?

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#7 twinsdad

twinsdad

  • Members
  • 411 posts
  • OFFLINE
  •  
  • Location:Northern California
  • Local time:03:42 AM

Posted 25 April 2005 - 09:55 AM

Carolyn: First, welcome to BC! You've already received good advice from some heavyweights (I'm a lightweight) but here's additional input:

1) I'll second the recommendation re Firefox. An easy download and install and, for me, a great trouble-free browser. It'll take you just a few minutes to get used to it and when you're ready there are all kinds of cool tweaks such as tabbed browsing and pipelining that you can read about in the BC Browser Forum. You'll need to keep IE as it's tangled-up in your OS, but I've not used it (except for IE updates) in six months.
2) The BC Tutorials (tab above) are great, first because they are so well written that even I can follow most of them, and secondly because they are viewed and reviewed by everyone here with corrections and updates as needed. Two that might be especially helpful to you are this one about what to do before you connect a new computer to the Internet and this one about keeping your computer safe.
3) As Rimmer stated, you want one (and only one) good firewall. I use ZoneAlarm, but there are others. Here's a BC Tutorial about firewalls.

Good luck and please post back with your results and any problems you encounter; that way we all can learn.
"Love to eat them mousies, mousies what I like to eat; bite they little heads off, nibble on they tiny feet". B. Kliban

#8 caterbro

caterbro

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 25 April 2005 - 01:54 PM

? what disk is this?


Sounds like the February 2004 Security Update CD freebie from MS with a one year free trial of Etrust. Its a good AV with a ZoneAlarm clone you can install if you want but you don't have to.

i can't recomend the Etrust- the AV is fine, but their firewall does wierd and horrible things if you try and run ZoneAlarm after removing it or something- i forget the exact issue, but it was a doozy. Norton AntiVirus, TrendMicro or AVG- that's my standard lineup.
Carl
----
Official puter fixer :D

#9 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:03:42 AM

Posted 25 April 2005 - 03:13 PM

Perhaps I could have been clearer, I like the AV but I don't like ZA or its clones, which is why I mentioned you can install if you want but you don't have to. Uninstalling can lock your browsers from the internet, sometimes after a short period of browsing.

I don't recomend Norton or McAfee either. They are so busy bloating up their programs in competition with each other that they've forgotten the consumer.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#10 orion1500

orion1500
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 25 April 2005 - 11:04 PM

Thanks to all for your suggestions. I am glad to hear my suspicions were correct about IM. My daughter accepted a download from a friend, and that's when things went really bad - picked up trojans. I also noticed yesterday that when I logged on my Norton Internet Security had been disabled. That has never happened before., and then it happened twice in one day! I questioned my kids, but they said they didn't touch it. So now I feel that even my safety features are compromised. Can malware even penetrate Norton?

My kids don't go to "shady sites" because they know I check where they've been, but they don't know about temp files so they can't cover their tracks, and thus behave. I was also suspicious of My Favorites, although I didn't realize they could instigate things like Windows shutdowns, etc.

I am definitely going to nuke this thing because I cannot feel comfortable about cleaning all the scum out. I will read the tutorials and then go for it. Luckily I have another computer that can reach for for help while I'm reformatting.

As for the SP2 disk, yes, it was a February thing. I read on the Windows Update site that they offered a free years subscription to either Panda, McAfee, Norton and something else, I think. I'm going for Panda, unless someone here steers me elsewhere.

No one mentioned anything about Toolbars to avoid, although I've heard some are dangerous. Any opinions on that question?

Thanks and wish me luck!

Carolyn

#11 windowsxp550

windowsxp550

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Location:Maplewood, Minnesota
  • Local time:03:42 AM

Posted 26 April 2005 - 01:33 AM

Toolbars are almost always either adware or spyware. And the ones that are not (such as Google, MSN etc), it always seems as though as time goes on they find Big Security Holes in them. Here is an article from PCWorld that talks about the Google Toolbar, http://www.pcworld.com/resource/printable/...d,103706,00.asp .

So, instead of taking the approach of which ones should you Avoid...I would really take the approach of Which Ones are Ok and Safe. The good toolbars typically are from companies that are well known and reputable, such as Microsoft, Google, Adobe etc..

If you must use toolbars, then DEFINATELY switch off of IE...using IE and Toolbars As I mentioned in my previous post, that since IE is so integrated into windows it acts almost as a gateway to your computer. Toolbars, typically are adware spyware, so when you install a Toolbar like that into IE, it creates a Huge Security Risk.

Take a look at this article
http://news.com.com/Pop-up+toolbar+spreads..._3-5229707.html

So, if you must use toolbars use a different browser and Only use toolbars from Well known Reputable Companies (ie. Microsoft, Adobe...).

Btw, Firefox has Google toolbar integrated into the top right hand corner of the browser and that can be changed to other search engines... and no I am not affiliated in any way with Firefox...I personally just feel that it is a much better (and safer) browser to use...
Free PC Help: At FixMyXP.com, our Speciality is Windows XP.
Got An XP Problem or Question? Get expert help, all free Check it out!
Click Here to go to FixMyXP's Windows XP Help Forum

#12 SaxonManFinland

SaxonManFinland

  • Members
  • 159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British was living on Russian Boarder in Finland
  • Local time:09:42 AM

Posted 26 April 2005 - 02:08 AM

On this computer there are three users, each with their own Log On Screen.

1 A "Click and Go"
2 A "Click Anything and See What Happens"
3 Me. "Paranoid but Determined"

Because of Problems getting infected with downloading updates etc, I changed my AV to ZONE ALARM PRO (YES I PAID FOR IT WILLINGLY and It in my opinion is GOOD). The control of Web Sites, blocking, Security, ADblocking, Two Way on line notification and the Cookie scans and controls etc is great

It allows me to set a PASSWORD so ONLY I can change the settings........and the settings are simple. I can block, even at the simple level Chat Lines, Free Games, Downloads etc etc etc. In advanced Mode it gets even more fun blocking any IP's, and lots of other stuff I don't understand, you care to specify.

With following BC advice and running the progs they recommend I must say I NEVER see any POP UPS, BANNER ADDS, or IE Sales Rubbish. Not had a problem since and I have to say I was about to reformat or throw the PC out the window before Grinler cleaned my PC.

Sometimes we have to spend a few Shillings to get what we want, but for me it has been money very well spent........and I now run a Normal PC, XP with SP2, IE really everything standard and it is a pleasure. :thumbsup:

#13 caterbro

caterbro

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 26 April 2005 - 03:30 AM

Can malware even penetrate Norton?

malware can *especially* penetrate Norton, because, the PC user is essentially being tricked into downloading the bad files- Norton protects against many, many methods of infection, but can't do much if you have (without even knowing) agreed to download the bad file. That's not its job.

It's like gettting all your shots at the doctor's, and then some guy comes along and says, "here, have this pill(full of poison)!" -all the inoculation in the world can't stop you from swallowing it. for PCs, security holes in Windows make it a possibility to "agree" to download something and not know it.

so, Norton, while it does what it is supposed to do very well, can't protect against things that it can't control.

I'm going for Panda, unless someone here steers me elsewhere. 

junkola- I've run Panda scans and had problems reoccur while I watch- it quarantines and deletes files and i watch them come right back. I reccomend Norton Antivirus(NOT Norton Internet Security or SystemWorks), a free program called AVG, or PC-cillin from Trendmicro; F-prot works well for older machines. Panda is a piece of poop, in my eyes. McAfee, also junk, mostly because of all the "included" features you don't need.

for toolbars? what do you need them for? use only ones you recognize- Yahoo, Google, AOL, MSN, etc. the rest are probably evil. good luck!- make backups before you re-image! - remember to check all the different user profiles for documents and pictures...:thumbsup:
Carl
----
Official puter fixer :D

#14 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:03:42 AM

Posted 26 April 2005 - 05:04 AM

These viruses and trojans don't really "penetrate" Norton, rather they prevent it from running or shut it down. Not just Norton either but the whole gamut of AV programs. Part of the routine when they install is to block the executables that start the AV and Firewall programs. They can also block the Windows Update site and deny you access to msconfig, Internet options and regedit. Some even block you from downloading programs like HiJack This, Spybot and AdAware.

A typical IM spread virus is W32.Stang.

W32.Stang is a worm that spreads via Microsoft MSN Messenger and attempts to end processes and lower security settings. The worm also disables the Task Manager and Registry Editor.


The most dangerous and common way that viruses spread through IM programs right now is through the transfer of files that have the extension .pif. Tell the kids to look at what is being transferred and not to accept any file extension they don't recognize. Maybe a little education is in order. I use MSN and have a number of young people on my contact list that regularly ask me about whether they can download something or describe problems they are having and I help them out with removing viruses. They really don't like getting them and are really unhappy when they do because now they can't talk to their friends without spreading the virus or their computer gets really slow.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users