Info. of Viruses, Worms, Etc. 1

[csxkidd]

Hi,
Can anyone recomment some good reading on what the difference is between an actual computer virus, a worm, a trojan and other types of infections.

I would like to know why most antivirus program can't seem to fix anything that I get on my computer and a lot of times can't even quarantine it. Examples being, the Smitfraud, or the Vundo(i think that's the name) and others.

I just want to know what I'm dealing with when my antivirus tells me I have a worm, or virus, or backdoor trojan.

Can't hurt to be a little educated on the subject, lol.

Thanks for you guys help. I know the regulars here know exactly where to go to find this info. and probably know the exact articles posted on this site that answer my questions.

Thanks,
Chris

 

[pechenegs]

You really don't need all that information as it will be outdated very quickly as viruses etc are constantly evolving their attacks!

Most anti virus/ anti spyware are never up to date although most give daily updates, they cna as you mention identify the threats and even claim they have cleaned them but most can't even deal with some of the lesser attacks, hence the need to deploy more specialised tools to deal with a specific infection like Smitfraud or Vundo!



Briefly, viruses and all the rest including spyware, foistware and malware are all attempting to do one to four or five things!


Some want to hijack your computer and then claim if you download some spyware program it will clean the infection = Smitfraud.

Others want to hijack you and send you to various websites to bombard you with adverts to get you to buy crap software.

Others are trying to steal your information from your computer to get your banking details, mainly trojans and sdbots like Wareout!

Other bots want to hijack your computer and turn it into a zombie computer for a future DNS attack against a corporation such as Microsoft!

Pertaining to the two you mention, being Smitfraud and vundo, these two have been with us for around two to threee years. Smitfraud has had many variants like spyaxe, spysheriif which hijakcs your desktop, tells you you have a hijakc er and then offers to download even more worse hijackers to hijakc your machine!!


Here below are links for fixing Smitfraud and Vundo if you need them!



Please download

http://www.atribune.org/ccount/click.php?id=4

to your
desktop.
· Double-click VundoFix.exe to run it.
· Click the Scan for Vundo button.
· Once it's done scanning, click the Remove Vundo button.
· You will receive a prompt asking if you want to remove the files, click
YES
· Once you click yes, your desktop will go blank as it starts removing
Vundo.
· When completed, it will prompt that it will shutdown your computer, click
OK.
· Turn your computer back on.


Go here and downlaod the latest version of java, once
downloaded, go to add/remove and uninstall all previous versions of java
from add/remove and then instlall the latest version you just downloaded!

http://java.com/en/download/manual.jsp

Please download
SmitfraudFix
(by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press
"Enter"; a text file will appear, which lists infected files (if
present).
Please copy/paste the content of that report into your next reply.

Note :
process.exe is detected by some
antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a
virus, but a program used to stop system processes. Antivirus programs
cannot distinguish between "good" and "malicious" use of such programs,
therefore they may alert the user.
[URL unfurl="true"]http://www.beyondlogic.org/consulting/proc...processutil.htm[/url]




You should print out these instructions, or copy them to a NotePad file for
reading while in Safe Mode, because you will not be able to connect to the
Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following
:

• Restart your computer
• After hearing your computer beep once during startup, but before the
  Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

Once in Safe Mode, open the SmitfraudFix folder again and
double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter"
to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the
registry?"; answer "Yes" by typing Y and press "Enter" in order to
remove the Desktop background and clean registry keys associated with the
infection.

The tool will now check if wininet.dll is infected. You may be
prompted to replace the infected file (if found); answer "Yes" by typing
Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process;
please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at
C:\rapport.txt

Warning: running option #2 on a non infected computer
will remove your Desktop background.




Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

 

[pechenegs]

These websites below may help you, however, pertianing to what your asking you would really need to look at speciifc threats like the ones you mention!

The wilders board are a grat source of information on security programs and specics software like ewiod etc!

http://www.wilderssecurity.com/index.php?s=4f6664a5c74579c03d302244254e7f85

Dealing with the actual hijackers and threats, bleeping computer has advanced infomation, which you are probably really looking for on how hijakcers work and how to clean them, many tutorials, you'd need to become a member to access their info!

http://www.bleepingcomputer.com/forums/index.php?s=42f335a7a49a4d03a61ac36078044980&&&CODE=00#

Read here to see how to tighten your security:

http://forums.techguy.org/t208517.html

A good overall guide for firewalls, anti-virus, and anti-trojans as well as
regular spyware cleaners.

http://www.firewallguide.com/anti-trojan.htm

http://www.majorgeeks.com/downloads31.html

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

 

[eyec]

the weakest link in securing your PC is YOU.

curousity, opening links that are not from trusted sources, and opening emails from unknown sources/people are among the top avenues for virus/trojan/hijaker/etc to get onto and into you PC.

to curb some of these temptations, use your junk filters, hosts file, security software and keep everything patched and up to date.

i know because i have been there myself

 

[pechenegs]

Eyec, correct a star for you, and get a firewall router!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

 

[csxkidd]

What exactly is a firewall router and if I had one, would I need to turn off the built in firewalls on my Vista and XP SP2 PC's?

I have a wireless router about 4 years old and I don't think it has a firewall. I'm not really up to date on that sort of thing.

My router is Linksys BEFW11s4.

Also, in the middle of writing this, I went to check my firewall on my laptop which has XP SP2 and I get a box that says 'due to an unidentified problem Windows Can not display firewall settings.' Any suggestions on that?

I tried getting to it from the security center and by right clicking on on my wireless connections itself.

Thanks