I haven't been able to access Windows Update for a few months without using TOR. Should I be worried that a malicious man in the middle might be poisoning my downloads? I know the possibility exists, but WU should have checksums and such to verify updates, right?
What OS are you running? This doesn't sound right at all. Also, I really hope you aren't downloading windows updates through TOR.
A very special Fuck You goes out to McAfee's corporate AV division, who seem to have decided that keeping definitions up to date is so last year, and let a bunch of TDSS droppers drive-by our shit at work.
And a bonus to the suits who refuse to adopt Firefox as the standard browser.
FireFox + NoScript, because fuck you, Internet.
PeregrineFalcon on
Looking for a DX:HR OnLive code for my kid brother.
Can trade TF2 items or whatever else you're interested in. PM me.
A very special Fuck You goes out to McAfee's corporate AV division, who seem to have decided that keeping definitions up to date is so last year, and let a bunch of TDSS droppers drive-by our shit at work.
And a bonus to the suits who refuse to adopt Firefox as the standard browser.
FireFox + NoScript, because fuck you, Internet.
You would be better served running a sand boxed browser without flash or Java installed than Firefox + NoScript.
I have no real comment on McAfee. At this point I just install MSE on every computer I use (I'm not working in an office at this point in time.) and recommend Astro or Barracuda for the gateway.
FencingsaxIt is difficult to get a man to understand, when his salary depends upon his not understandingGNU Terry PratchettRegistered Userregular
edited March 2010
Okay, I finally had so much bullshit (And an Antivirus vista malware thing that prevented me from running anything and was complete bullshit) That I had to revert to a previous thingo. So hopefully, this will be okay.
Getting Noscript, Malwarebytes and MSE back up. Also, Chrome works now!
I just had to clean a PC that had one of those fake security programs on it. I booted into safe mode and used Ccleaner to delete the program from the Auto start menu. The I rebooted, installed Malwarebyte's Anti-malware, & was able to clean everything out. This damn thing was blocking everything from being opened, running, or installed.
For nasty malware that stops processes from launching, you can always try the various flavors of RKill or else run the "Force Breach" function of HitmanPro 3.5. Note that both are free options (you don't need to buy or even scan with HitmanPro to use this function). Then you can use the scanners of your choice to attack the problem.
Unrelated note: My sincere apologies for neglecting the thread lately. I've been embroiled in a work project that exceeds my normal definition of 'busy', and will likely be at it for a while longer. When I'm all done and tidied up, though, I'll get back into the habit of filtering through news. Also, I'd like to put together a section for the OP on 'passive protection'. Basically, an in-depth section about sandboxing, virtualized machines, critical OS settings, and optional policies like limited user accounts and software restriction. I'm beginning to think more and more these days that proactive protection along these lines is far and away the best method of securing a machine. Anyhow, when I put it together, I may post the section independently to see if it gets the thumbs up before adding it to the OP.
You could add the fact to the OP that you need a copy of windows that validates correctly if you want to use MS Security Essentials. (I use it, just wanted to point it out to others)
I just had to nuke my netbook harddrive from orbit after foolishly allowing a friend to use her USB flashdrive on my computer. Not even MalwareBytes could completely clean it out. And I'm wondering--is it even possible to safely use USB drives anymore?
Letting in other people's flashdrives was obviously stupid and I won't do it again, but those autorun.inf trojans seem to be everywhere nowadays. And since one of the chief reasons I use my flashdrive is to ferry stuff to and from a public computer which EVERYBODY plugs USB drives into, it doesn't really matter how clean I keep my computers--the drive is going to be infected anyway, and it would only take a particularly nasty virus or trojan that's too new or whatever for MSE/Malwarebytes for this to happen again.
I did some research after this and found out how to disable autorun on my computers, but would that meaningfuly protect my computer? Are there any other methods that I might make flashdrive-using safer, like how sandboxing can make web browsing safer? Or should I just switch full time to using Google Docs/ Dropbox to zap stuff between computers?
Pipe Dreamer on
0
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
You could add the fact to the OP that you need a copy of windows that validates correctly if you want to use MS Security Essentials. (I use it, just wanted to point it out to others)
Duly noted and added to the OP. It's actually pretty significant, and I shouldn't have overlooked it. A lot of folks over on Wilders have been losing their heads over the new Windows Activation scheme, so it's an important thing to note that it's necessary.
I just had to nuke my netbook harddrive from orbit after foolishly allowing a friend to use her USB flashdrive on my computer. Not even MalwareBytes could completely clean it out. And I'm wondering--is it even possible to safely use USB drives anymore?
Letting in other people's flashdrives was obviously stupid and I won't do it again, but those autorun.inf trojans seem to be everywhere nowadays. And since one of the chief reasons I use my flashdrive is to ferry stuff to and from a public computer which EVERYBODY plugs USB drives into, it doesn't really matter how clean I keep my computers--the drive is going to be infected anyway, and it would only take a particularly nasty virus or trojan that's too new or whatever for MSE/Malwarebytes for this to happen again.
I did some research after this and found out how to disable autorun on my computers, but would that meaningfuly protect my computer? Are there any other methods that I might make flashdrive-using safer, like how sandboxing can make web browsing safer? Or should I just switch full time to using Google Docs/ Dropbox to zap stuff between computers?
Deactivating autorun is a huge step in the right direction. A lot of flash drive based infections will be neutered just by doing that. For more rigorous safety measures you can certainly Sandbox to ensure that anything on the flash drive is kepy away from critical system files.
Sandboxie has an option for you to set certain folders to 'forced' sandboxing... Meaning that if you set E:\ as a 'forced' folder, anything that assumes that drive name will be opened and operate within the confines of a sandbox, until you manually remove anything from the sandbox. The big disadvantage is that the 'forced' folder functionality in Sandboxie is a paid-version-only feature. Other sandboxing programs like Returnil or Shadow Defender might provide more robust protection, but they have the disadvantage of sandboxing your entire computer, rather than just the flash drive.
Hopefully someone more knowledgeable than I will have a better suggestion. Sandboxie will certainly do this, but only if you shell out the bucks, which is less than ideal, I realize.
I just had to nuke my netbook harddrive from orbit after foolishly allowing a friend to use her USB flashdrive on my computer. Not even MalwareBytes could completely clean it out. And I'm wondering--is it even possible to safely use USB drives anymore?
Letting in other people's flashdrives was obviously stupid and I won't do it again, but those autorun.inf trojans seem to be everywhere nowadays. And since one of the chief reasons I use my flashdrive is to ferry stuff to and from a public computer which EVERYBODY plugs USB drives into, it doesn't really matter how clean I keep my computers--the drive is going to be infected anyway, and it would only take a particularly nasty virus or trojan that's too new or whatever for MSE/Malwarebytes for this to happen again.
I did some research after this and found out how to disable autorun on my computers, but would that meaningfuly protect my computer? Are there any other methods that I might make flashdrive-using safer, like how sandboxing can make web browsing safer? Or should I just switch full time to using Google Docs/ Dropbox to zap stuff between computers?
Deactivating autorun is a huge step in the right direction. A lot of flash drive based infections will be neutered just by doing that. For more rigorous safety measures you can certainly Sandbox to ensure that anything on the flash drive is kepy away from critical system files.
Sandboxie has an option for you to set certain folders to 'forced' sandboxing... Meaning that if you set E:\ as a 'forced' folder, anything that assumes that drive name will be opened and operate within the confines of a sandbox, until you manually remove anything from the sandbox. The big disadvantage is that the 'forced' folder functionality in Sandboxie is a paid-version-only feature. Other sandboxing programs like Returnil or Shadow Defender might provide more robust protection, but they have the disadvantage of sandboxing your entire computer, rather than just the flash drive.
Hopefully someone more knowledgeable than I will have a better suggestion. Sandboxie will certainly do this, but only if you shell out the bucks, which is less than ideal, I realize.
Well first you want to set you Anti-virus to scan USB flash drives. This is literally the only settings change I recommend for MSE.
Second, Sandboxie is better than nothing but it is not full proof. If you accidentally click to install something Sandboxie will let you infect you system. Comodo is supposed to have a decent sand box program in their Inetnet Security suit, it might still be in beta.
I don't believe it was brought up and I did not see anything close in the OP so I am asking for recommendations:
Does anyone have sites they prefer to check for strange processes, .dll's, or other files, in regards to whether they are malware or legit? Obviously google is the first place to look however I have come across contradictory answers at times for certain things. Generally I am looking at macafee/symantec/kaspersky knowledge bases, and I believe the site is threatexpert.com (don't quote me on that).
I thought about it earlier today since I was scanning my PC with combofix and it found 2 suspected keyloggers (ijl11.dll and vb6ko.dll) and I have found multiple answers regarding whether they are truly something malicious or something legitimate. Combofix ended up deleting them so I can only assume they were something dangerous but as I said I can't really get a good answer either way.
Also kaspersky.com allows you to scan files that are <1 mb if that is of any value to anyone.
Uniblue is blacklisted by ESET, and I assume it's for a reason.
Unfortunately, the only process library that I've found that is reliable and not a scamware site is the WinPatrol Plus database. It requires a membership, though, and is less than up-to-date with Windows 7 libraries and executables, since it's still building the cloud.
The best solution is just to upload all suspect files to Virus Total. It uses 41 different antivirus/antimalware engines to scan any file (up to 20 MB, I believe).
Edit Note: If Symatec comes back with something like "Suspicious.Insight", and all other engines return null results, disregard it. It's a stupid false positive that I can't believe Virus Total are leaving in the database. Basically the new Symantec system has a 'reputation' based ranking for every file it scans, so if it's never seen a file before it automatically flags it as 'suspicious' - This comes through Virustotal as a threat.
I just had to nuke my netbook harddrive from orbit after foolishly allowing a friend to use her USB flashdrive on my computer. Not even MalwareBytes could completely clean it out. And I'm wondering--is it even possible to safely use USB drives anymore?
Letting in other people's flashdrives was obviously stupid and I won't do it again, but those autorun.inf trojans seem to be everywhere nowadays. And since one of the chief reasons I use my flashdrive is to ferry stuff to and from a public computer which EVERYBODY plugs USB drives into, it doesn't really matter how clean I keep my computers--the drive is going to be infected anyway, and it would only take a particularly nasty virus or trojan that's too new or whatever for MSE/Malwarebytes for this to happen again.
I did some research after this and found out how to disable autorun on my computers, but would that meaningfuly protect my computer? Are there any other methods that I might make flashdrive-using safer, like how sandboxing can make web browsing safer? Or should I just switch full time to using Google Docs/ Dropbox to zap stuff between computers?
I remember Bleeping Computer's Flash Disinfector being a decent option for this; it creates a folder named autorun.inf on any plugged-in flash drives, which then cause attempts by malware to write their own .inf files to fail automatically. This could probably be done manually, but...
So I've temporarily been forced to turn my server into a desktop machine. It has Windows Server 2003 on it. I'd like to install some sort of anti-virus on it, any suggestions?
So I've temporarily been forced to turn my server into a desktop machine. It has Windows Server 2003 on it. I'd like to install some sort of anti-virus on it, any suggestions?
So I've temporarily been forced to turn my server into a desktop machine. It has Windows Server 2003 on it. I'd like to install some sort of anti-virus on it, any suggestions?
So I've temporarily been forced to turn my server into a desktop machine. It has Windows Server 2003 on it. I'd like to install some sort of anti-virus on it, any suggestions?
Yeah, I use MSE on my Win7 desktop. I'm asking specifically here for Server anti-virus programs.
Shorn Scrotum Man on
0
Options
pyromaniac221this just might bean interestin YTRegistered Userregular
edited March 2010
Which one is generally held in higher regard around here, Avast! or MSE? I can't really decide between the two since I know nothing about antivirus systems and I really don't want to pay for norton or anything
Which one is generally held in higher regard around here, Avast! or MSE? I can't really decide between the two since I know nothing about antivirus systems and I really don't want to pay for norton or anything
I think for free AV, MSE seems to be the go-to recommendation. AVG and Avast have fallen out of favour over time.
So, right now I have MBAM, MSE, AVG and Spybot S&D.
Is this overkill? And if so, which ones should I keep? The OP suggests the first two, but I might miss the security of Spybot asking me whenever I install and change stuff. :x
Get rid of AVG, definitely, since you don't need more than one antivirus running at a time. As for Spybot, I'm not so sure it's still relevant; most of the time people seem to just run with MBAM.
As for Spybot, I'm not so sure it's still relevant; most of the time people seem to just run with MBAM.
This depends on your use. I keep Spybot around for it's immunization features. For anyone still using XP you can add Tea Timer to the list of reasons to keep it.
Let me put it this way, since Spybot SD does not run in the back ground it's not hurting anything by being installed.
Pretty decent little walkthru for how to acquire and install Ubuntu on to a flash drive in order to use it as a diagnostic and repair tool for a Windows install.
Okay, so I managed to get a ton of viruses last night.
I was on a... less than savory site in Google Chrome(!) when MSE popped up with 6 antivirus warnings. I told it to delete/disinfect (I'm not certain what disinfect does, but it was the only option for some of the files), and it did so successfully. I've now run Malwarebytes in safe mode (It found trojan.agent and removed it), and I'm running Spybot from regular windows as I type this. What are the chances my computer is still infected? The only odd behaviour I'm noticing is that when I try to bring up the internet connection status window, it closes almost immediately. Could this be from another virus?
I ran RootkitRevealer yesterday, prior to Malwarebytes and got this, but I don't know for sure what it means.
HKLM\S-1-5-21-682003330-1303643608-725345543-1004\Software\SecuROM\License information* 18/01/2010 10:55 PM 0 bytes Key name contains embedded nulls (*)
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\MpScanCache-0.bin 05/04/2010 8:51 PM 1.51 MB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\MpScanCache-1.bin 09/03/2010 8:10 PM 780.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{6352EE5E-01EC-4201-9E11-15535753E589} 05/04/2010 8:50 PM 6.05 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{68B6A65C-9A7C-4EBB-A20F-FDA62C80E248} 05/04/2010 9:34 PM 6.13 KB Hidden from Windows API.
C:\Documents and Settings\Joel\Local Settings\Application Data\PCHealth 05/04/2010 8:44 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Joel\Local Settings\Application Data\PCHealth\ErrorRep 05/04/2010 8:44 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Joel\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff 05/04/2010 8:44 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Joel\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\A471A.cab 05/04/2010 8:44 PM 147.47 KB Hidden from Windows API.
C:\Documents and Settings\Joel\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\A471A.txt 05/04/2010 8:44 PM 2.43 KB Hidden from Windows API.
C:\Documents and Settings\Joel\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\dwq.snt 05/04/2010 8:44 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Joel\Local Settings\Temp\{A14F59A0-C621-4E48-98D6-7F02FAF336A7}.tmp 05/04/2010 8:44 PM 2.82 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\A3567.cab 05/04/2010 8:44 PM 382 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\A3567.txt 05/04/2010 8:44 PM 2.77 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\DW20.EXE-2834F196.pf 05/04/2010 8:44 PM 28.94 KB Hidden from Windows API.
C:\WINDOWS\Temp\MPTelemetrySubmit 05/04/2010 8:44 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\Temp\TMP000007FDA269F5BBA9485008 05/04/2010 9:45 PM 512.00 KB Visible in Windows API, but not in MFT or directory index.
What should I do now? Will scanning with MSE from safe mode find anything it didn't get the first time?
I've been seeing quite a few reports that Firefox isn't as secure as it once was billed as, and that IE8 and Chrome have taken the crown in terms of security. Out of curiosity, how does Firefox + NoScript + Adblock Plus fare against Chrome without any such extensions? I'm thinking Chrome would trump it purely based on the sandboxing, but it'd be good to get other opinions.
I've been seeing quite a few reports that Firefox isn't as secure as it once was billed as, and that IE8 and Chrome have taken the crown in terms of security. Out of curiosity, how does Firefox + NoScript + Adblock Plus fare against Chrome without any such extensions? I'm thinking Chrome would trump it purely based on the sandboxing, but it'd be good to get other opinions.
Just a warning though Chrome doesn't sandbox it's add-ons though. And I believe Flash falls into the add-on category.
NoScript will stop "scripts" from running but it won't prevent some of the more devious attack methods. To give you an idea a flash video/game could easily install something in the background while it's running. The same goes for Java apps.
Install MSE and make sure it stays up to date & running.
Firefox was never super extra secure. It's security for several years rested on the fact that it had a really low market share.
Now that it's pretty damn popular it's no surprise that hackers are focusing more on it.
A big part of Firefox's supposed security was that it did not have ActiveX. Because for some reason it was easier for tech journalists and wannabe Security Professionals to recommend install Firefox instead of showing how to set ActiveX to "prompt" in IE's settings. Well IE7 locked down ActiveX years ago and was the first browser to run in a sandbox mode in Vista.
To sum it up Firefox was touted as more secure because it wasn't Internet Explorer.
I've been seeing quite a few reports that Firefox isn't as secure as it once was billed as, and that IE8 and Chrome have taken the crown in terms of security. Out of curiosity, how does Firefox + NoScript + Adblock Plus fare against Chrome without any such extensions? I'm thinking Chrome would trump it purely based on the sandboxing, but it'd be good to get other opinions.
It's all about the (Adobe) plugins, not the browser. The thing to understand is that neither Firefox or Chrome ever have any vulnerabilities widely used in the wild. Both have extremely aggressive security patching schedules, releasing patches for security issues in a few days and then either prompting to update on start or simply having GoogleUpdater running in the background at all times silently upgrading you to the newest. There's still theoretically 0-days, but they always get patched before achieving any real use because malware authors have no motivation to bother with them. Microsoft still only patches once a month except for rare exceptions, so IE vulnerabilities are still used somewhat, but Adobe Flash and Adobe Reader are what malware distributors really care about. Flash in particular is an insecure mess that take forever to get patched and gives your exploit compatibility with 98% of the market. What's not to like?
Unfortunately, you probably need Flash, and neither Firefox nor Chrome will protect you from Flash vulnerabilities. However, advertisements are by far the primary malware vector nowadays, and there's been plenty of cases where malicious flash ads have gotten into ad distribution networks for sites like the New York Times. Unfortunately Chrome doesn't have an adblocker that properly blocks ads instead of just hiding them, letting exploits get through. So I would recommend Firefox with Adblock Plus.
Noscript will, if nothing else, block flash and java apps until you explicitly allow. You could even globally allow javascript and check "Apply these restrictions to whitelisted sites too" in Options>Embeddings for a decent increase in security. Oh, and Adobe Reader is garbage anyway, so if you're still using it replace it with sumatraPDF or something. And check what plugins you have and remove any you don't use.
Anyone else have Zune and MSE on their systems? I've been having this odd issue where every single time I launch Zune and it starts to display Album Art, MSE pops up saying it's detected a threat, asking me to clean it. Looking in the history says the threat is "Exploit:Win32/MS04028!jpeg", and MSE links to this page, which isn't much help.
The files it's triggered by are always in AppData\Local\Temp, and have names like "1sp7CFF.tmp" MSE itself just describes it as "This program is dangerous and exploits the computer on which it is run."
I was thinking it has something to do with this, but that doesn't even apply to Windows 7. I've also had no other run-ins with malware on this system (that I know of, anyway). Thoughts?
I have both the Zune software and MSE--I don't have your problem, so it's not a inherent conflict between the two programs. It'd be rather surprising if they were, given that they're both made by Microsoft.
AVG was all right back around 7.0, I think, especially if you liked the GUI. Now its a little too big to be practical, I suspect.
So my friend is raving about this Advanced System Care program. A bunch of people on the WoW forums (yeah I know) said it's a great way to keep your computer safe and speed up the net connection, etc etc.
Anyone here know much about it? I mean it sounds like snake oil to me, and from what I found out they stole some stuff from Malwarebytes or at least that's what comments on review pages are screaming. I can't seem to find any hard information on what it does, or where it does it.
It looks like BS deep fried in snake oil. There is a good chance this program does more harm than good.
Advanced SystemCare is built with Turbo Boost to speed up PC by shutting down unnecessary background processes, cleaning RAM, and intensifying processor performance.
Safely cleans registry junks, compacts registry bloat and defragments the registry for blistering-fast performance
Registy cleaning, defragging, & compacting are snake oil.
For security MSE is the best free option and you can throw in Malwarebyte's Antimalware as well as Super Antispyare. For cleaning CCleaner & Revo Uninstaller. Windows Vista & Se7en both actively defrag but if you want to get hardcore checkout Smart Defrag.
Get rid of AVG, definitely, since you don't need more than one antivirus running at a time. As for Spybot, I'm not so sure it's still relevant; most of the time people seem to just run with MBAM.
Spybot has some great extra features... and I use it in combination with MBAM to ensure everything is gone.
I love Spybot's built in file shredder and Startup Process killer., and obviously the immunisation is really helpful.
Posts
What OS are you running? This doesn't sound right at all. Also, I really hope you aren't downloading windows updates through TOR.
Also check into this app for windows updates. http://lifehacker.com/5488259/autopatcher-keeps-windows-7-systems-up-to-date
And a bonus to the suits who refuse to adopt Firefox as the standard browser.
FireFox + NoScript, because fuck you, Internet.
Can trade TF2 items or whatever else you're interested in. PM me.
You would be better served running a sand boxed browser without flash or Java installed than Firefox + NoScript.
I have no real comment on McAfee. At this point I just install MSE on every computer I use (I'm not working in an office at this point in time.) and recommend Astro or Barracuda for the gateway.
Getting Noscript, Malwarebytes and MSE back up. Also, Chrome works now!
For nasty malware that stops processes from launching, you can always try the various flavors of RKill or else run the "Force Breach" function of HitmanPro 3.5. Note that both are free options (you don't need to buy or even scan with HitmanPro to use this function). Then you can use the scanners of your choice to attack the problem.
Unrelated note: My sincere apologies for neglecting the thread lately. I've been embroiled in a work project that exceeds my normal definition of 'busy', and will likely be at it for a while longer. When I'm all done and tidied up, though, I'll get back into the habit of filtering through news. Also, I'd like to put together a section for the OP on 'passive protection'. Basically, an in-depth section about sandboxing, virtualized machines, critical OS settings, and optional policies like limited user accounts and software restriction. I'm beginning to think more and more these days that proactive protection along these lines is far and away the best method of securing a machine. Anyhow, when I put it together, I may post the section independently to see if it gets the thumbs up before adding it to the OP.
Twitter: busfahrer -- Quake Live: busfahrer -- StarCraft II: busfahrer.184 (EU)
Letting in other people's flashdrives was obviously stupid and I won't do it again, but those autorun.inf trojans seem to be everywhere nowadays. And since one of the chief reasons I use my flashdrive is to ferry stuff to and from a public computer which EVERYBODY plugs USB drives into, it doesn't really matter how clean I keep my computers--the drive is going to be infected anyway, and it would only take a particularly nasty virus or trojan that's too new or whatever for MSE/Malwarebytes for this to happen again.
I did some research after this and found out how to disable autorun on my computers, but would that meaningfuly protect my computer? Are there any other methods that I might make flashdrive-using safer, like how sandboxing can make web browsing safer? Or should I just switch full time to using Google Docs/ Dropbox to zap stuff between computers?
Duly noted and added to the OP. It's actually pretty significant, and I shouldn't have overlooked it. A lot of folks over on Wilders have been losing their heads over the new Windows Activation scheme, so it's an important thing to note that it's necessary.
Deactivating autorun is a huge step in the right direction. A lot of flash drive based infections will be neutered just by doing that. For more rigorous safety measures you can certainly Sandbox to ensure that anything on the flash drive is kepy away from critical system files.
Sandboxie has an option for you to set certain folders to 'forced' sandboxing... Meaning that if you set E:\ as a 'forced' folder, anything that assumes that drive name will be opened and operate within the confines of a sandbox, until you manually remove anything from the sandbox. The big disadvantage is that the 'forced' folder functionality in Sandboxie is a paid-version-only feature. Other sandboxing programs like Returnil or Shadow Defender might provide more robust protection, but they have the disadvantage of sandboxing your entire computer, rather than just the flash drive.
Hopefully someone more knowledgeable than I will have a better suggestion. Sandboxie will certainly do this, but only if you shell out the bucks, which is less than ideal, I realize.
Well first you want to set you Anti-virus to scan USB flash drives. This is literally the only settings change I recommend for MSE.
Second, Sandboxie is better than nothing but it is not full proof. If you accidentally click to install something Sandboxie will let you infect you system. Comodo is supposed to have a decent sand box program in their Inetnet Security suit, it might still be in beta.
Does anyone have sites they prefer to check for strange processes, .dll's, or other files, in regards to whether they are malware or legit? Obviously google is the first place to look however I have come across contradictory answers at times for certain things. Generally I am looking at macafee/symantec/kaspersky knowledge bases, and I believe the site is threatexpert.com (don't quote me on that).
I thought about it earlier today since I was scanning my PC with combofix and it found 2 suspected keyloggers (ijl11.dll and vb6ko.dll) and I have found multiple answers regarding whether they are truly something malicious or something legitimate. Combofix ended up deleting them so I can only assume they were something dangerous but as I said I can't really get a good answer either way.
Also kaspersky.com allows you to scan files that are <1 mb if that is of any value to anyone.
WoWtcg and general gaming podcast
WoWtcg and gaming website
Uniblue is blacklisted by ESET, and I assume it's for a reason.
Unfortunately, the only process library that I've found that is reliable and not a scamware site is the WinPatrol Plus database. It requires a membership, though, and is less than up-to-date with Windows 7 libraries and executables, since it's still building the cloud.
The best solution is just to upload all suspect files to Virus Total. It uses 41 different antivirus/antimalware engines to scan any file (up to 20 MB, I believe).
Edit Note: If Symatec comes back with something like "Suspicious.Insight", and all other engines return null results, disregard it. It's a stupid false positive that I can't believe Virus Total are leaving in the database. Basically the new Symantec system has a 'reputation' based ranking for every file it scans, so if it's never seen a file before it automatically flags it as 'suspicious' - This comes through Virustotal as a threat.
I remember Bleeping Computer's Flash Disinfector being a decent option for this; it creates a folder named autorun.inf on any plugged-in flash drives, which then cause attempts by malware to write their own .inf files to fail automatically. This could probably be done manually, but...
MSE
I'm pretty sure MSE is for client versions of Windows only, not server. He'll be stuck with corp versions of whatever, or the server version of nod32.
Yeah I just checked XP SP2, Vista, or Win7. It's been so long since I've used Win Server 2003 I don't remember if it has compatibilty mode or not.
*EDIT* It should be noted that this post refered to pyromaniac221's original post, not what he's editted it to be now.
I think for free AV, MSE seems to be the go-to recommendation. AVG and Avast have fallen out of favour over time.
Is this overkill? And if so, which ones should I keep? The OP suggests the first two, but I might miss the security of Spybot asking me whenever I install and change stuff. :x
This depends on your use. I keep Spybot around for it's immunization features. For anyone still using XP you can add Tea Timer to the list of reasons to keep it.
Let me put it this way, since Spybot SD does not run in the back ground it's not hurting anything by being installed.
http://lifehacker.com/5504531/the-complete-guide-to-saving-your-windows-system-with-a-thumb-drive
Pretty decent little walkthru for how to acquire and install Ubuntu on to a flash drive in order to use it as a diagnostic and repair tool for a Windows install.
I was on a... less than savory site in Google Chrome(!) when MSE popped up with 6 antivirus warnings. I told it to delete/disinfect (I'm not certain what disinfect does, but it was the only option for some of the files), and it did so successfully. I've now run Malwarebytes in safe mode (It found trojan.agent and removed it), and I'm running Spybot from regular windows as I type this. What are the chances my computer is still infected? The only odd behaviour I'm noticing is that when I try to bring up the internet connection status window, it closes almost immediately. Could this be from another virus?
I ran RootkitRevealer yesterday, prior to Malwarebytes and got this, but I don't know for sure what it means.
HKLM\S-1-5-21-682003330-1303643608-725345543-1004\Software\SecuROM\License information* 18/01/2010 10:55 PM 0 bytes Key name contains embedded nulls (*) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\MpScanCache-0.bin 05/04/2010 8:51 PM 1.51 MB Hidden from Windows API. C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\MpScanCache-1.bin 09/03/2010 8:10 PM 780.00 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{6352EE5E-01EC-4201-9E11-15535753E589} 05/04/2010 8:50 PM 6.05 KB Hidden from Windows API. C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{68B6A65C-9A7C-4EBB-A20F-FDA62C80E248} 05/04/2010 9:34 PM 6.13 KB Hidden from Windows API. C:\Documents and Settings\Joel\Local Settings\Application Data\PCHealth 05/04/2010 8:44 PM 0 bytes Hidden from Windows API. C:\Documents and Settings\Joel\Local Settings\Application Data\PCHealth\ErrorRep 05/04/2010 8:44 PM 0 bytes Hidden from Windows API. C:\Documents and Settings\Joel\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff 05/04/2010 8:44 PM 0 bytes Hidden from Windows API. C:\Documents and Settings\Joel\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\A471A.cab 05/04/2010 8:44 PM 147.47 KB Hidden from Windows API. C:\Documents and Settings\Joel\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\A471A.txt 05/04/2010 8:44 PM 2.43 KB Hidden from Windows API. C:\Documents and Settings\Joel\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\dwq.snt 05/04/2010 8:44 PM 0 bytes Hidden from Windows API. C:\Documents and Settings\Joel\Local Settings\Temp\{A14F59A0-C621-4E48-98D6-7F02FAF336A7}.tmp 05/04/2010 8:44 PM 2.82 KB Hidden from Windows API. C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\A3567.cab 05/04/2010 8:44 PM 382 bytes Hidden from Windows API. C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\A3567.txt 05/04/2010 8:44 PM 2.77 KB Hidden from Windows API. C:\WINDOWS\Prefetch\DW20.EXE-2834F196.pf 05/04/2010 8:44 PM 28.94 KB Hidden from Windows API. C:\WINDOWS\Temp\MPTelemetrySubmit 05/04/2010 8:44 PM 0 bytes Hidden from Windows API. C:\WINDOWS\Temp\TMP000007FDA269F5BBA9485008 05/04/2010 9:45 PM 512.00 KB Visible in Windows API, but not in MFT or directory index.What should I do now? Will scanning with MSE from safe mode find anything it didn't get the first time?
Thanks
Now that it's pretty damn popular it's no surprise that hackers are focusing more on it.
Just a warning though Chrome doesn't sandbox it's add-ons though. And I believe Flash falls into the add-on category.
NoScript will stop "scripts" from running but it won't prevent some of the more devious attack methods. To give you an idea a flash video/game could easily install something in the background while it's running. The same goes for Java apps.
Install MSE and make sure it stays up to date & running.
A big part of Firefox's supposed security was that it did not have ActiveX. Because for some reason it was easier for tech journalists and wannabe Security Professionals to recommend install Firefox instead of showing how to set ActiveX to "prompt" in IE's settings. Well IE7 locked down ActiveX years ago and was the first browser to run in a sandbox mode in Vista.
To sum it up Firefox was touted as more secure because it wasn't Internet Explorer.
It's all about the (Adobe) plugins, not the browser. The thing to understand is that neither Firefox or Chrome ever have any vulnerabilities widely used in the wild. Both have extremely aggressive security patching schedules, releasing patches for security issues in a few days and then either prompting to update on start or simply having GoogleUpdater running in the background at all times silently upgrading you to the newest. There's still theoretically 0-days, but they always get patched before achieving any real use because malware authors have no motivation to bother with them. Microsoft still only patches once a month except for rare exceptions, so IE vulnerabilities are still used somewhat, but Adobe Flash and Adobe Reader are what malware distributors really care about. Flash in particular is an insecure mess that take forever to get patched and gives your exploit compatibility with 98% of the market. What's not to like?
Unfortunately, you probably need Flash, and neither Firefox nor Chrome will protect you from Flash vulnerabilities. However, advertisements are by far the primary malware vector nowadays, and there's been plenty of cases where malicious flash ads have gotten into ad distribution networks for sites like the New York Times. Unfortunately Chrome doesn't have an adblocker that properly blocks ads instead of just hiding them, letting exploits get through. So I would recommend Firefox with Adblock Plus.
Noscript will, if nothing else, block flash and java apps until you explicitly allow. You could even globally allow javascript and check "Apply these restrictions to whitelisted sites too" in Options>Embeddings for a decent increase in security. Oh, and Adobe Reader is garbage anyway, so if you're still using it replace it with sumatraPDF or something. And check what plugins you have and remove any you don't use.
Anyone else have Zune and MSE on their systems? I've been having this odd issue where every single time I launch Zune and it starts to display Album Art, MSE pops up saying it's detected a threat, asking me to clean it. Looking in the history says the threat is "Exploit:Win32/MS04028!jpeg", and MSE links to this page, which isn't much help.
The files it's triggered by are always in AppData\Local\Temp, and have names like "1sp7CFF.tmp" MSE itself just describes it as "This program is dangerous and exploits the computer on which it is run."
I was thinking it has something to do with this, but that doesn't even apply to Windows 7. I've also had no other run-ins with malware on this system (that I know of, anyway). Thoughts?
AVG was all right back around 7.0, I think, especially if you liked the GUI. Now its a little too big to be practical, I suspect.
Anyone here know much about it? I mean it sounds like snake oil to me, and from what I found out they stole some stuff from Malwarebytes or at least that's what comments on review pages are screaming. I can't seem to find any hard information on what it does, or where it does it.
http://www.iobit.com/advancedwindowscareper.html
It looks like BS deep fried in snake oil. There is a good chance this program does more harm than good.
Advanced SystemCare is built with Turbo Boost to speed up PC by shutting down unnecessary background processes, cleaning RAM, and intensifying processor performance.
Safely cleans registry junks, compacts registry bloat and defragments the registry for blistering-fast performance
Registy cleaning, defragging, & compacting are snake oil.
For security MSE is the best free option and you can throw in Malwarebyte's Antimalware as well as Super Antispyare. For cleaning CCleaner & Revo Uninstaller. Windows Vista & Se7en both actively defrag but if you want to get hardcore checkout Smart Defrag.
Spybot has some great extra features... and I use it in combination with MBAM to ensure everything is gone.
I love Spybot's built in file shredder and Startup Process killer., and obviously the immunisation is really helpful.
PSN - sumowot