Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Paranoid Scared And Ignorant


  • Please log in to reply
20 replies to this topic

#1 jaeluuc

jaeluuc

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 16 May 2006 - 10:36 AM

Windows XP

I have:
- whatever comes with the computer; Defender, Firewall ...?anything else
- F-Secure Anti-Virus
- Ad-Aware
- ewido

I use Mozilla Firefox and Yahoo mail plus

PARANOID
- do I have enough layers of protection?
- if scanning once a week is good, wouldn’t daily be better?
- one of the scans just started skipping 145 files/folders, aren’t they vulnerable?
- should I do another HJT to get a clean bill of health?

SCARED
- Ad-Aware and ewido were acquired during a ‘fix’, aren’t they temporary?
- I’ve read in some threads that some protections are incompatible

IGNORANT
- I’m so new that I don’t know how to know if there is a problem or what slow actually means

Thanks for your time and patience :thumbsup:
New Beginner
Windows XP

BC AdBot (Login to Remove)

 


m

#2 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:07:04 PM

Posted 16 May 2006 - 10:58 AM

1. Windows firewall is at best a stop-gap solution, since it only examines incoming packets; a fully operational firewall will also examine out-going packets to prevent malware from "calling home." There are several free firewalls listed here at BC:

http://www.bleepingcomputer.com/forums/topic3616.html

After installing one of these, turn off your XP firewall (off-line) before turning on your replacement, since running more than one active firewall can cause major conflicts.

2. How often you scan depends primarily on how careful you are whilst on the internet. If your Anti-virus has real-time protection, you need only scan once a week or so, since it should prevent any malware from being placed on your computer.
Much the same applies to the other layer of protection, namely the anti-spyware applications you use. Having several of these will not cause conflicts, and, since they use different criteria for scanning your hard-drive, will find slightly different groups of malware. While you may have installed these for cleaning a HJT log, they should be a permanent part of your protection.
As with any protective application such as anti-virus and anti-spyware applications, they are only as effective as their definitions are current; always check for updates before they scan your computer's files.

At the minimum, you should deploy:
One and only one firewall.
One and only one anti-virus.
At least two anti-spyware applications. You may wish to add Spybot Search and Destroy (see the link above) to your anti-spyware array.
Always keep your Windows current on any MS security patches.

3. Since you did not mention which application "skipped files," or what the skipped file types were, and if possible, any notice/warning it provided, I cannot comment.

I hope I have answered all of your questions. If not, or I was not completely clear, please reply.

Regards,
John
Whereof one cannot speak, thereof one should be silent.

#3 jaeluuc

jaeluuc
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 16 May 2006 - 11:30 AM

Thank you for responding John,

Okay, just to clarify -

- What do you mean by (off line) to turn off XP firewall?

- Will the Ad-Aware and ewido just expire their trial period on their own? What 2 or more should I get?

- Will these take care of the Trojans and other major things I keep reading about?

- I will tack on what I posted on another forum and got a wishy-washy 'solution' about the skipped files.

- I still don't really know what to look for to know if I have a problem, apparently it was very sick before and I found out just out of curiosity of how to stop some pop ups.

- Thanks again for helping me!
:thumbsup: here's the other post;

I am clueless as to if I even have a problem -

I have whatever protection that comes with Windows defender, F-Secure anti-virus, and what I was told to download free Ad-Aware

I’m more than a little paranoid after my initiating fiasco. I figured if running scans once a week was good – daily is better! Plus I am so trying to learn it all!

Several times it appears that defender lets things get in – here is an example of defenders history: (I’m not impressed!)


NAME....................ALERT LEVE..................ACTION TAKEN............STATUS
Unknown.................Unknown......................Allow........5/9............Succeeded
Network Essentials....Severe........................Ignore.......5/9............Succeeded
KaZaA.....................Medium........................Remove....5/7............Failed
Altnet......................Medium........................Remove....5/7............Failed
Network Essentials...Severe..........................Ignore......5/7...........Succeeded
Unknown.................Unknown......................Allow........5/6...........Succeeded
Unknown.................Unknown......................Allow........5/4...........Succeeded


An example of the specific details of one of them:

Network Essentials Severe Ignore 5/9/06 Succeeded
Category: Browser Modifier

Description: This program has potentially unwanted behavior

Advice: Remove this software immediately

Resources:
file:
F:\System Volume Information\_restore{CF7947OC-79F7-4821-8E34- 8E6EA7D3E7B5}\RP4\A0000395.exe

file:
F:\System Volume Information\_restore{CF7947OC-79F7-4821-8E34- 8E6EA7D3E7B5}\RP4\A0000396.EXE

There are many more in the \System Volume Information\, especially with Kaza (the F ‘brains’ are from an old computer years ago before we knew not to mess around with down loading ‘free’ music)



NOW; When I run the F-secure it comes back with a good report – nothing found

HOWEVER; it also tells me that it skipped 144 files! Almost all of which have to do with the F:\System Volume Information\......... (again not impressed!)

Here is the first page of the report:

Files not scanned:
• Cannot open file C:\hiberfil.sys
• Cannot open file C:\pagefile.sys
• Cannot open file C:\WINNT\Temp\TMP000000A9D418AAF235C81386
• Cannot open file C:\WINNT\system32\config\DEFAULT
• Cannot open file C:\Documents and Settings\Owner\Application Data\Microsoft\Windows Defender\FileTracker\{59728B2E-CCAF-4187-ADEA-BEE9179A5F90}
• Cannot open file C:\Documents and Settings\Owner\Application Data\ispnews\ispn.ini
• Cannot open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\012ab030439e389d6e2d92badf4b55ac_a585 e4a4-9725-406e-b638-04f1dc8105ed
• Cannot open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2896f3d4c065abc478962f556961fc70_a585 e4a4-9725-406e-b638-04f1dc8105ed
• Cannot open file F:\WINNT\BDE\BDEEngine2.dll
• Cannot open file F:\WINNT\$NtUninstallQ323172$\reg00003
• Cannot open file F:\WINNT\$NtUninstallQ319580$\reg00003
• Cannot open file F:\WINNT\$NtUninstallQ315000$\netsetup.exe
• Cannot open file F:\WINNT\$NtUninstallQ315000$\spuninst\spuninst.exe
• Cannot open file F:\WINNT\$NtUninstallQ314862$\qmgr.dll
• Cannot open file F:\WINNT\$NtUninstallQ314862$\spuninst\spuninst.exe
• Cannot open file F:\WINNT\$NtUninstallQ313484$\acgenral.dll
• Cannot open file F:\WINNT\$NtUninstallQ313484$\spuninst\spuninst.exe
• Cannot open file F:\WINNT\$NtUninstallQ311889$\termsrv.dll
• Cannot open file F:\WINNT\$NtUninstallQ311889$\spuninst\spuninst.exe
• Cannot open file F:\WINNT\$NtUninstallQ310507$\aec.sys
• Cannot open file F:\WINNT\$NtUninstallQ310507$\spuninst\spuninst.exe
• Cannot open file F:\WINNT\$NtUninstallQ309521$\dxmasf.dll
• Cannot open file F:\WINNT\$NtUninstallQ309521$\spuninst\spuninst.exe
• Cannot open file F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP99\A0097546.ini
• Cannot open file F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP99\A0097555.lnk
• Cannot open file F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP99\A0097562.ini
• Cannot open file F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP98\A0096302.ini
• Cannot open file F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP98\A0096376.ini
• Cannot open file F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP98\A0096384.lnk
• Cannot open file F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP98\A0096392.ini
• Cannot open file F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP98\A0096420.ini
• Cannot open file F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP98\A0096428.lnk
• Cannot open file F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP98\A0096435.ini

AND, When I tried to get to these files I was blocked in a variety of ways.

The Ad-Aware did not find anything either, but when you look at the number of files scanned compared to the others it is a lot lower.

Do I have a problem? Or is this normal –

And should I have more layers of protection?

Thanks for your time!
New Beginner
Windows XP

#4 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:08:04 PM

Posted 16 May 2006 - 02:31 PM

1. Simply turn off XP Firewall by going to Start - Control Panel - Windows Firewall and select off.
I don't know why you need to be off line (disconnect you're computer from the internet), but apparently
jgweed believes it's sufficient so I'd follow his advice.
2. It depends on what versions of Ad-Aware SE and Ewido you're using. Ewido should auto-switch to
its free version after the trial expires and as for Ad-Aware SE there is a free version so please verify
whether or not you're using the paid or free.
3. Ewido has excellent Trojan detection and F-Secure is a decent anti-virus, worm, Trojan program
itself so as for viral related malware, I think you're covered.
4. If you feel you're computer suddenly starts acting abnormal (dramatic speed changes, sudden reboots,and random programs),
massive swarms of popups (popups if you're not online), etc. these are all obvious signs of malware infection.
However, weekly scanning with each of your anti-malware programs should keep you're computer mostly clean.

Side notes:

Windows Defender is a BETA or program in testing which means it has a detection rate of almost zero (AKA removing it isn't a bad idea)
Like jgweed said, Spybot S&D should be added to your anti-malware defense.
Stanford '14
B.S. Candidate | Computer Science

#5 jaeluuc

jaeluuc
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 16 May 2006 - 03:25 PM

- Thank you so much Elendil for wrapping things up for me -

- I will follow all of the recommendations!

- Both the AdAware and ewido are the trial versions, and their time is nearly up.

- Still curious about the suddenly skipped files? All but 8-9 are basically the same on the old F drive which is not really used anymore. Should I try to delete them?

Thanks for getting to me! I appreciate your time and advice!
New Beginner
Windows XP

#6 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:07:04 PM

Posted 16 May 2006 - 05:13 PM

1. I suggesting switching firewalls OFF line, since then you would not be on-line for any period without a firewall up and running.
2. I am not sure about Ewido, but Ad-AwareSE does not have a trial period.
3. Keep Ad-Aware and download Spybot. Keep their definitions current. They will keep your hard drive relatively free of ad-ware and spyware.
These two are not anti-virus applications, and they are not designed to find viruses and trojans.
4. Windows Defender is in Beta release, which means, as do most BETA releases, that it is published for public testing. Betas may often have bugs and may cause conflicts with other applications; many times not all modules are fully functional. Under no circumstances should they be relied upon for "mission critical" uses (such as your computer's security).
5. Lastly, try running F-secure in "safe mode." This may allow F-secure to access these files, since they may not be used by your Windows operating with only the most essential parts running.

I hope this helps some.
Regards,
John

Edited by jgweed, 18 May 2006 - 09:12 AM.

Whereof one cannot speak, thereof one should be silent.

#7 jaeluuc

jaeluuc
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 16 May 2006 - 06:50 PM

Thanks John!

I've been reading and printing the tutorials here :thumbsup:

I really appreciate you checking on me!

I feel ready to armor myself but it will have to wait till tomorrow as a certain teenager just informed me he has a term paper due.

Many thanks again, I'll let you know how it all goes!

Jennifer
New Beginner
Windows XP

#8 The Shadow

The Shadow

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:07:04 PM

Posted 17 May 2006 - 08:14 PM

Jennifer,
AdAware SE/Personal is a totally FREE program and has NO expiration date. EVER!

It's companion program, "Spybot Search & Destroy" is likewise free and never needs a subscription.

Both programs do however need to be kept up to date on as often a basis as possible. Daily is just fine. :thumbsup:

Spyware Blaster, another completely FREE program will help to keep your computer free of spyware by passing off a list of bad web sites to your browsers to assist them in averting sites that would harm you.

This is the Big Three of spyware protection being used worldwide.

Here's where you can get them:
**********************************
Spybot Search & Destroy, a great anti Spyware program.
Can be downloaded from:
http://www.pcworld.com/downloads/file_desc...id,22262,00.asp


AdAware SE/Personal. Another top notch anti Spyware program.
Can be downloaded from:
http://www.majorgeeks.com/download506.html

Spyware Blaster, a great Spyware Blocker.
Protects both I.E. and Mozilla Firefox.
Can be downloaded from:
http://www.majorgeeks.com/download2859.html
***********************************

Good Luck,
Cheers :flowers:
For those wanting, or needing the Norton Removal Tool,
it's latest version is available Here:
http://service1.symantec.com/SUPPORT/tsgen...005033108162039

"The only bad backup is the one you decided NOT to make" Annonymous

#9 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:06:04 PM

Posted 18 May 2006 - 02:05 AM

Hi Jennifer. Along with SpywareBlaster add SpywareGuard 2.2. It has an active scan feature similar to Spybot S&D's TeaTimer. Both are very good scanners.
is another good program.
"2007 & 2008 Windows Shell/User Award"

#10 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:07:04 PM

Posted 18 May 2006 - 09:27 AM

Jennifer, now that the term paper is most likely finished and turned in, you can begin to install your layers of protection. Note that you have many anti-spyware applications from which to choose; each of the ones mentioned are good, and each will look for a slightly different set of problems on your hard drive when they scan it. How many you decide to install is entirely up to you, and will depend upon how paranoid you are, and the surfing habits of everyone using your computer. Ad-AwareSE is certainly the most popular of the group, and you should install that first and choose the rest from the others mentioned in this thread.

Naturally, you can have all the applications in the world installed on your computer, but if everyone using it does not have some knowledge about malware, how it works, and how it gets on your hard drive, then you will not be well-protected, since a vast majority of malware is the result of user actions. Printing some of the very good BC Tutorials will certainly provide this knowledge.

Let us know how everything goes!
Cheers,
John
Whereof one cannot speak, thereof one should be silent.

#11 jaeluuc

jaeluuc
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 20 May 2006 - 08:20 AM

Hi wonderful people helping me :thumbsup:

I've been pulled away dealing with other life issues and will be in and out this weekend (doing the Mom thing)

A couple of thoughts / questions:

-I was all set to start arming myself this morning, when reading the download information on Spybot S&D, the internet stuff caught my attention. They made it sound like it is only good for Internet Explorer. Then I went back and read more carefully the tutorials for them and Spyware Guard and Spyware Blaster - same thing. Will it still work for me if I use Mozilla Firefox?

- With the ewido about to expire, do I just keep downloading the 2 week trial or pay for a subscription?

- I have come across and read so much recently! I have tried to mark things so that I can go back to them again but somehow I missed saving a couple of places that had remarkable lists of available options for various protections. I have been All Over the forums here and at Tech Support Guy and can't remember where I found them. If y'all know, I'd like to find them again.

- Somewhere in my research I came across F-Secure Blacklight - Rootkit Eliminator. Since I have F-Secure AV I checked it out. They made it sound like it was going to end June 1. (?) I went through the process - clean - but is this something to worry about down the line?

- I have read so many scary and conflicting things about Cleaners. I have Easy Cleaner and experimented with it on the old F drive. Got so scared that I left everything in the Recycle Bin! Looked into CCleaner, that seemed a little more like I could handle but still not comfortable with it.

I greatly appreciate all of the help and advice!

Jennifer
New Beginner
Windows XP

#12 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:07:04 PM

Posted 20 May 2006 - 09:26 AM

Spybot's Teatimer real time protection only works with IE, but the scanning module will work no matter what browser you use. Since you are clever enough to use Ff, you escape thereby many of the vulnerabilites that teatimer attempts to protect you against. I am not sure about the other two applications you mentioned, but I would imagine given what you have told me, that the same thing applies.

You are right to be wary of all those "cleaning" applications, especially those that make registry changes (incorrect changes or deletions can radically effect the ability of Windows to operate). Unless you are very confident about your computer skills, you should avoid these applications like the plague.
There are many safer methods of cleaning the gunk out of your computer's carburetor, and we can discuss these at the proper time.

Personally, I would recommend you use Spybot and Ad-Aware SE, to begin with; these two should be more than enough to catch any malware you might get, especially since you are learning about all the bad practices to avoid while on the Internet. Uninstall Ewido; if you need it later for a special purpose, you can always install it at that time.

If you can remember the subject matter of the links you cannot find, if you would give a short description when you have the time, our members could provide some (if not the same) links for you.

Regards,
John

I fully understand the complexity of computer security, and this applies to just keeping track of all the very good information that you encounter. I suggest you use Ff's very good bookmark manager to create a "security" file (or files) and make a habit of bookmarking any page that seems important; you can easily rename the bookmarks to make them more useful for searching.
Another method is to make a habit of saving important texts (or key parts of them) to a word processing document, along with their links. Using a descriptive title of each pasted item (I keep them in one rather large document) along with an index of subjects/articles pasted does take a little effort, but you end up with a treasury of knowledge always handy for research or just review.
Whereof one cannot speak, thereof one should be silent.

#13 jaeluuc

jaeluuc
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 20 May 2006 - 06:26 PM

Hi John and everyone :thumbsup: ,

I can't take credit for the Ff move. The 'live' tech person helping me through my initiating nightmare switched it over. ~an aside~ You were one of those that welcomed me, I had to look up argot, :flowers:

Okay, back to the checklist:

- One of the original items was the 'skipped' files. I ran ewido and then the others, I think that is solved.

- Somewhere in my travels someone listed that they have 'ewido extended trial'. I'm going to track that down as I do like what it does, somehow it feels different than F-Secure, Ad-Aware and Defender.

- As for tracking things down, YOU answered my 'list' question with someone else (Izzy I think). I didn't bookmark it or save it on notepad as I usually do because it would always be there for me on a pinned message! I truly look foward to the day when I'm not such a novice!!!

- Reading back here, I missed it before but Shadow says Spyware Blaster works for Ff.

- I'll go with the Spybot and hope it will work as well with Ff.

- As for the cleaners, I truly laughed when you said "unless you are very confident about your computer skills"!!! I am so glad that you said I don't have to do that!!! Maybe some day you can walk me through the other process you mentioned. NOW, should I put back everything that I've been holding in the recycle that Easy Cleaner pulled out?

- That last find, the F-Secure Blacklight (I forget how I came across it - it is very separate from my normal F-S) for rootkits, should I keep it, have something else or are they covered with something that I already have?

Whew! I think that's it! (for now anyway :trumpet: )

Many Thanks

Jennifer
New Beginner
Windows XP

#14 jaeluuc

jaeluuc
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 24 May 2006 - 11:11 AM

jgweed where are you? I'm back - so much has happened!

Hi John (and all),

MY LEARNING HAS JUMPED EXPONETIALLY!!!

Update, I am now the proud (paranoid) user of:
~Ad-Aware SE Personnal
~Spybot - Search & Destroy
~a-squared
~ewido
~Spyware Blaster
~Spyware Guard
~CWShredder

~F-Secure Anti-Virus (which I already had, and there are issues with this and getting a seperate firewall)
~Windows Defender (with it's 1/2 firewall)

Issues still to address, please:
- F-Secure is still skipping files, I worry!
- I still would appreciate your guidance with the 'clean-up'

I keep going to the tutorials. Every time I learn, I learn there is more I need to do and learn! Just when I thought I could sit back and enjoy!

Many thanks again to you and any others that want to jump in!

jennifer
New Beginner
Windows XP

#15 buddy215

buddy215

  • BC Advisor
  • 12,613 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:04 PM

Posted 24 May 2006 - 12:49 PM

Hi Jennifer, I have read thru this topic and would like to make a few comments. (1) Windows Defender is a very good realtime anti malware program. It has picked up and someone on your end has chosen to ignore its warnings. For example--Network Essentials--SEVERE- ignore. Someone on your end chose to IGNORE the warning. (2) The security programs that you have chosen, if they are free versions, will need to be updated regularly. Weekly will be sufficient. (3) If you haven't already, in Internet Explorer and Firefox cookie options, block "third party cookies". (4) One of the great things about Firefox is the many extensions you can add to it. One that will add greatly to your ability to avoid malware is "NoScript 1.1.4.1". It will protect you from driveby downloads and will also prevent a lot of ads from loading on the pages you view. (5) Install "McAfee Site Advisor" on both IE and Firefox browsers. (6) If you decide you want to install a better firewall than Windows firewall, "Zone Alarm Free" is probably the easiest and most user friendly of the bunch. It will also disable automatically Windows firewall during installation. Remember, never have more than one firewall or antivirus program activated at the same time. (7) For peace of mind and because of what Windows defender was picking up, I would advise you to post a " Hijack This" scan. In closing, I would just remind you that a lot of malware, if not most, can be avoided by NOT opening unexpected email, clicking on links in emails, clicking on links in IM's and clicking on links on internet pages especially with the word "Free" in them and avoiding high risk sites such as por, P2Ps, gambling and free game sites.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users