11.30.05
Posted in Malware, Software at 2:45 pm by Keith
gHack’s Beginners Guide to Securing a PC.
I will explain the basics of securing your computer, will tell you what you need to secure it and give you alternatives if there are any. But first of all, all programs that I name will be freeware or open source. We want a secure computer but don´t want to pay hundreds of $$ for it. There will also be some geeks who will comment that program XY is way better and pro than the program I named and that only people with no security understanding whatsoever will use. Don´t listen to them, there are many factors that play a role in selecting a suitable software. I tried to find the best mix between security and userfriendliness.
gHack has a good list here, with some programs that I’ve recommended here on TechTips. His first antivirus recommendation is Antivir Personal Edition; I’ve never used this program but I agree that AVG is a good alternative. I don’t like his other alternative suggestion; Avast. I’ve used it in the past and didn’t like the user interface. gHacks makes the bold suggestion of not using a software firewall, saying they only give a false sense of security. I disagree as a layered approach is benefitial. It is just important to realize that all of the other security procudures cannot be ignore because you have a firewall; you must still run Windows Update frequently and have good antivirus and antispyware programs installed (and used!).
Powered by Gregarious (34)
Share This
Permalink
11.28.05
Posted in Malware, Software, Windows at 5:03 pm by Keith
The newest version of the popular AVG Anti-Virus Free Edition is available for download. The new version of AVG Free provides increased scanning speed as well as additional improvements which include a new event-history log and added options for filename extension definitions.
Powered by Gregarious (34)
Share This
Permalink
11.21.05
Posted in Firefox, Malware, Software at 3:39 pm by Keith
0-day IE/Javascript exploit in the wild. Another good reason to switch to FireFox. If you insist on using Internet Explorer consider turning javascript off using the following directions:
- Open Internet Explorer.
- Select Internet Options from the Tools menu.
- In Internet Options dialog box select the Security tab.
- Click Custom level button at bottom. The Security settings dialog box will pop up.
- Under Scripting category disable Active Scripting, Allow paste options via script and Scripting of Java applets
- Click OK twice to close out.
Powered by Gregarious (34)
Share This
Permalink
09.29.05
Posted in Malware, Software, Windows at 1:48 pm by Administrator
Here are a couple free online services for virus discovery.
Trend Micro’s House Call will scan your PC for viruses through your web browser (IE only, installs an ActiveX utility). You can do a virus scan, a security scan (spyware & known security vulnerabilities), or combine the two for a “complete scan.” Testing it out it claims to have found 11 viruses and 1 spyware program on my machine that is regularly scanned with McAfee and Adaware.
Virus Total allows you to upload a file to their server for scanning. It will detect whether the file is a virus using several antivirus engines. You can use their web interface to upload the suspicious file, or email it them. It currently scans with the following antivirus engines: AntiVir, Avast, AVG, Avira, BitDefender, CAT-QuickHeal, ClamAV, DrWeb, eTrust-Iris, eTrust-Vet, Fortinet, F-Prot, Ikarus, Kaspersky, McAfee, NOD32v2, Norman, Panda, Sophos, Symantec, TheHacker, and VBA32.
I would warn that neither of these should be considered a replacement for regular virus and adware scanners.
Powered by Gregarious (34)
Share This
Permalink
09.01.05
Posted in Malware, Windows at 6:54 pm by Keith
McAfee has a free program for finding and removing viruses called Stinger. This stand-alone executable is especially effective if you rename it and run it in safe mode to avoid detection by clever viruses.
Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.
Powered by Gregarious (34)
Share This
Permalink
08.24.05
Posted in Malware, Windows at 4:29 pm by Keith
SANS has a tip about hidden registry entries. Sounds like these could be a real PITA, allowing malware to be even sneakier than usual.
Powered by Gregarious (34)
Share This
Permalink
08.11.05
Posted in Malware, Windows at 3:37 pm by Keith
If you don’t allready know about this tip then read carefully and error on the side of caution. It involves editing the Windows registry; which can ruin your Windows installation (i.e. computer won’t start) if done incorrectly. If in doubt get help from a professional.
Most malware programs set themselves to start automatically when the computer starts up. They do this by making an entry in one of a few specific directories in the registry. Removing these entries will prevent these malware programs from starting automatically, making them less bothersome and easier to remove.
You can edit the registry with regedit. To start regedit go to the start menu and select Run…, then type in regedit and click the OK button. The Registry Editor will open with a list of directories on the left side. The directories you are looking for are named Run, RunOnce, or other variations beginning with Run. They are located in two different places: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ and HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\. You can go through each of these Run folders and look for anything suspicious. It isn’t a good idea to remove everything from these Run folders (and don’t remove the folders themselves!); most of these entries will likely be legitimate such as your antivirus program, CD burning software, or display drivers/applications. Delete keys corresponding to any malware (do a google search for the key/executable name if in doubt) from each of these Run folders. After rebooting the corresponding malware shouldn’t start up. Now you can run your antivirus/spyware-removing programs with a better chance of getting rid of that pesky malware.
Another easier and safer, although not quite as thorough, way to access the same information is through msconfig (not available in Windows 2000). Go to the start menu and select Run…, then type in msconfig and click OK. The System Configuration Utility will open. Click on the Startup tab. Now you can look through the list that comes up for anything that you don’t want to start automatically, unchecking the corresponding check-box. Again, be careful not to remove anything you need. After clicking on the OK button you will be prompted to restart the computer. After restarting you will get a warning that the System Configuration Utility has been used, uncheck the box on this warning so that it won’t bug you everytime you reboot and click OK.
further info
Powered by Gregarious (34)
Share This
Permalink
08.10.05
Posted in Malware, Windows at 10:08 am by Keith
Although there are some viruses that can infect your computer without user intervention through unpatched or unknown vulnerabilities most infections are enabled through the actions of the computer user. The most common method is email attachments. You should keep this in mind every time an attachment shows up in your inbox. There are some common sense things you can do to avoid opening a virus-laden attachment.
- First and most important: don’t open an attachment that you aren’t expecting. Even if it is from someone you know! Many viruses will send through the infected computer’s email program or spoof the sender so that it looks like the email came from someone you know and trust.
- Check out the file extension. If the file has a common file extension like .jpg or .gif it is probably safe. If you don’t recognize the file extension look it up. If it is any kind of executable file don’t open it (.pif, .scr, or .exe). Also, don’t be fooled by something like monkeypicture.jpg.exe; it’s the last file extension that matters. This is far from a foolproof method; so refer to rule #1.
- Keep your PC up to date and secure. If you do open a virus-laden attachment it is less likely to do damage if your PC is up to date and secure. That means running Windows Update frequently (at least once per month), and running and updated Virus scan program (Bit Defender, AVG, McAfee, Nortons)
Powered by Gregarious (34)
Share This
Permalink
08.06.05
Posted in Malware, Windows at 7:50 pm by Keith
TeChico has a great write-up on how to get rid of Aurora popups. Aurora, A.K.A. ABI is some particularly nasty adware. So far the adware removal programs seem to have trouble with this one so TeChico’s manual removal instructions are your best bet. The fix is pretty involved and involves downloading a few files, but it will get the job done and may be the only option short of re-installing Windows.
Powered by Gregarious (34)
Share This
Permalink
08.05.05
Posted in Malware, Windows at 5:31 pm by Keith
A couple general tricks for removing malware from a Windows machine:
Turn off System Restore
Windows’ System Restore will sometimes restore the malware that you are trying to remove. So, before you reboot your computer after removing malware do the following: right-click on My Computer and select Properties; click on the System Restore tab; click the check box for Turn off System Restore on all drives; click OK. Then go ahead and reboot the computer. You should turn System Restore back on after rebooting (just uncheck that check box); it may come in handy some time.
Boot to Safe Mode
The Windows operating system has multiple modes. Safe Mode does its best to only start the most basic of Windows functions; not allowing most malware to start automatically. Some malware programs know how to disable or hinder malware-removal programs, so it is best to make sure the malware isn’t running before you try to remove it. To access a non-default mode press the F8 key while your computer boots up. You will be presented with a short list of boot up options. Using your keyboard select Safe Mode and press Enter. Things will look a little different in Safe Mode; the resolution will probably be much lower than usual. Go ahead and run your malware removal program(s), such as Ad-Aware or Bit Defender and reboot when finished.
It is a good idea to use one or both of these techniques (even in tandem) when trying to get rid of pesky adware, spyware, and viruses.
Powered by Gregarious (34)
Share This
Permalink