Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Call for help - Proactive Malware Steps

Status
Not open for further replies.
bcastner

bcastner

IS-IT--Management
Aug 13, 2002
29,271
US
It has bothered me that we on Tek-Tips do not have a good FAQ on proactively preventing infection.

I invite your comments on products, freeware or commercial, that are part of your arsenal to prevent having a malware issue.

A short description of your steps would be appreciated.

Bill Castner
 
Hi Bcastner - Good idea...

PROACTIVE though, the only thing that is running on my system is TeaTimer out of SpyBot S&R and AntiVir 6.28, aswell as using FireFox Browser (less prone to getting hit with malware than IE)...

I've innoculated the PC using SpyBot and Spyware Guard, against ActiveX installs and have used several others, like XP-Clean (Unfortunately only in German) to edit/lock my HOST file against HiJacking...

now after getting hit with a bady (or as a preventive messure) I scan my system at least once a Week, using SpyBot S&D, AdAware SE 1.05, Giant AntiSpyware, and HiJackThis! and have found this to be one of the better combos to use... sofar no serious infections to be noticed...



Ben

If it works don't fix it! If it doesn't use a sledgehammer...
 
BigBadBen took pretty much what I was going to say.

I use Teatimer from Spybot, Spybot's host list (adservers.v3.net also has a good list, but blocks some legit sites, such as google's ads), I use Mozilla/Firefox, I educate users as much as I can (including myself) by staying up-to-date on latest viruses and malware, and I also make use of content filtering (which the home user can do as well) which helps protect against known exploits. I also make use of an IPS and firewall to again, block known baddies. And finally, on email, I use spamhaus'es sbl-xbl, to block sites that are known to send out spam and exploits through email. Hopefully you can decipher something out of that. :p Of course, there is the usual av software. We use McAfee at work.

----------------------------
"Security is like an onion" - Unknown
 
Hi Bcastner!

Excellent idea. I'm using
[ul][li]McAfee 7.1, Weekly update[/li]
[li]AdAware SE 1.05[/li]
[li]JavaCool SpywareBlaster[/li]
[li]SpywareGuard[/li]
[li]HiJack This 1.98.2[/li]
[li]Spybot S&D 1.2[/li]
[li]ie-spyad (self-installing list of restricted sites for ie)[/li]

at my workplace and additionally on my notebook:
[li]ATGuard SW firewall[/li]
[li]Mozilla firefox[/li][/ul]
Although I still occasionally use IE on my notebook too, since firefox won't display all pages correctly...

SpywareGuard runs permanently, Regular AdAware & S&D scans round it up...
Started getting this kind of paranoid a couple of months ago, when I was pestered by a CoolWebSearch...
Fixed it with HJT, re-boot in safe mode, clear all temp folders, re-run HJT.
No attacks ever since! ;o)
[cannon]

[blue]The last voice we will hear before the world explodes will be that of an expert saying:
"This is technically impossible!" - Sir Peter Ustinov[/blue]
 
I've implemented a Win2003 style lockdown on my flatmate's PC using IE6 options. If it seems to work, I'll give details on what I did (will know later this week or early next).

John
 
Hello,

I use most of the mentioned utilities. I also have a customized HOST file with a list of garbage sites furnished by.


Updated at least once a month.

Entries marked with Parasite or Trojan comments I
place them in the Internet Explorer Restricted Zone.

spool



Don't argue with an idiot, he will bring you down to his level and beat you with his experience.
 
Since I switched from IE to Firefox, I really have much less trouble. I encourage everyone I know to dump IE. Besides that, everything is free.

Ad-Aware
Spybot (tea timer)
Spyware Blaster
HiJack This
AVG (anti-virus)
Sygate (firewall)

All of this info and recommendations was trial/error based on reading a lot at this site!
 
Even though I've been using Mozilla for years, I am still forced to use IE for some things. As a result I lock IE down. These are simple steps and by no means are they comprehensive but they help. If you are using only IE, this is the minimun, IMHO, you should do.

In IE Properties, select the Security tab. Next hit the Custom Level button . . .
Download signed ActiveX controls - Prompt (I would prefer Disable but there are some situations where they must run, e.g. MS Update Page)
Download unsigned ActiveX controls - Disable
Initialize and script ActiveX controls not marked as safe - Disable
Run ActiveX controls and plug-ins - Prompt
Script ActiveX marked safe for scripting - Prompt
Font download - Prompt
Java Permissions - High
Access data sources across domains - Disable
Display mixed content - Prompt
Don't prompt for client certificate select . . . - Prompt
Installation of desktop items - Prompt (Disable if you never want to install a Google bar, etc.)
Launching programs and file in an IFRAME - Prompt
Software Channel permissions - Medium (at the least)
Active scripting - Prompt

James P. Cottingham
-----------------------------------------
To determine how long it will take to write and debug a program, take your best estimate, multiply that by two, add one, and convert to the next higher units.
 
At home i run
Spybot Search and Destroy
Adaware SE
Spyware Blaster
AVG Antivirus
CA PestPatrol 5
SP 2 With Firewall Settings
Enable Firewall settings on Wireless Linksys Router

Run from time to time
McAfee Stinger tool
CWShredder
Track Eraser Pro 5 and Plugins / Run after Browsing

At Work
Pix Firewall
CA PestPatrol 5 CE Scheduled to update/run and delete once a week Workstations only
Norton Antivirus Corp Edition 9 updated daily
HFNETCHKPRO for MS lovely monthly updates
Servers run Spybot, Spyware Blaster, and Adaware

Drew
 
This is just great stuff.

When I write it up it is slightly unclear as to whether some of these things are duplicating efforts, or possibly can interfere with each other.

I will try to sort and test myself to see something sensible. If you have run across a link that discusses this issue, I would appreciate it.

Bill Castner
 
Almost forgot:

Here is a comparably excellent resource on Spyware/Adware/Virus removal:

Hope this helps,
Andy

[blue]The last voice we will hear before the world explodes will be that of an expert saying:
"This is technically impossible!" - Sir Peter Ustinov[/blue]
 
i use most of the above plus CWshredder. I also use Kerio firewall with sygate, they don't conflict. I use AVG 7 and also have avast 4 which I use as a secondary scanner, but i have it disabled through msconfig. I also use aboutbuster for coolwebsearch probs.

khaz
 
Here is a good site with some simple (yet important) programs to stop DCOM, Messenger server, etc. See:
James P. Cottingham
-----------------------------------------
To determine how long it will take to write and debug a program, take your best estimate, multiply that by two, add one, and convert to the next higher units.
 
This will be so useful Bill, good idea.

Have a list of software programmes that I install for people, mostly home users. Some I remove after cleaning the machine but leave items 1, 2, 4, 7 and 8, also ensure there is anti-virus software installed.

Here is my list:

1. AdAware SE Personal

2. Spybot S&D 1.3

3. AVG 7.0. (Free version if they have no anti-virus).

4. SpywareBlaster


5. ZoneAlarm or Kerio 2.15(for more experienced users)


6. Bazooka (Your recommendation I believe?)


7. SpywareGuard (Keeps a very good record of BHO changes)


8. IE Spyad


9. System Security Suite (For cookie, temp and temp internet removal)

10. GRC (Some good information and utilities here.)


11. Bleeping Computers (Tutorials)

12.Eric L. Howes list for Spyware and Adware removal tools, most comprehensive list I have seen to date.


If people show any interest in securing their system I steer them towards a site like Bleeping computers where there are very good tutorials for most if not all of the above programmes.

Now I reach the part I find most difficult, getting users to update frequently. Had a good example today. Had a request from a guy to have a look at his system as it was giving him problems, very slow to boot...

Discovered that he had not updated any of his security software since my last visit in June. My flabber was well and truly ghasted, quite incredible as I left him written instructions on how to perform the updates.

As a last thought, I try to get my people to make a donation for any free software they install and use, most users can afford this expense and willingly donate.




Ted

"The difference between a misfortune and a calamity is this: If Gladstone fell into the Thames, it would be a misfortune. But if someone dragged him out again, that would be a calamity."
Benjamin Disraeli.
 
Wow,

You guys/gals are just great.

Let me see if a coherent FAQ can be developed.
Consider it a work in process, but I will make a stab at it later today.

Bill


 
Folks, just discovered my flatmates PC has a very serious hardware problem so won't be able to tell if my changes increased the security or not. (You have one guess as to who is trying to fix it)...

Can still write up what I did though and perhaps someone else can test.

John
 
jbarnett,

I have seen in the last two weeks VX2 variants, where a reinstall is the only solution.
 
bill, you can get rid of it using findit and the killbox, it's a tedious process in tracking down the culptit dlls, and the guard tmp file if there.

khaz
 
All very useful stuff.... thanks people, we have a home network and so have a firewalled gateway machine just for the job as well as many of the applications mentioned above..

I'm going to be coming back to this post a good few times over the next few days I think...

As an addition, I also use Sysclean from trend micro ( which I have found picks up alot of trojans that others miss - you have to use it in conjunction with the latest pattern file and it takes a little while but I have found it to be a helpful tool when used in conjunction with the others..

Great thread guys!

Kes:)
 
Something else I forgot to add:
It has some great tools, free, and you can add your own tools to customize your installation.

----------------------------
"Security is like an onion" - Unknown
 
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
DKIM for Exchange 2019
Replies
1
Views
291
DrB0b
DrB0b
2ffat
  • Locked
  • News
MalwareBytes may have been hacked
Replies
0
Views
179
2ffat
2ffat
goombawaho
  • Locked
  • News
Malware Injected Into CCleaner 3
Replies
2
Views
172
goombawaho
goombawaho
Tiffc0922
  • Locked
  • Question
Virus / Malware Scans on Local PCs
Replies
5
Views
194
goombawaho
goombawaho
goombawaho
  • Locked
  • Helpful tip
Evil: Poweliks Malware 1
Replies
1
Views
117
kjv1611
kjv1611

Part and Inventory Search

Sponsor

Back
Top