Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    2 Star Lounger
    Join Date
    Oct 2009
    Location
    Shoreline, Washington, USA
    Posts
    147
    Thanks
    0
    Thanked 1 Time in 1 Post



    KNOWN ISSUES

    Even well-guarded PCs may get infected


    By Dennis O'Reilly

    There's a window of vulnerability between new malware's first appearance and anti-malware tools being updated against the new threat; you may fall victim in that interim.

    That's what happened to one Windows Secrets Lounge member, whose well-protected system appears to have been subjected to a questionable download in his browser.

    The full text of this column is posted at WindowsSecrets.com/2010/02/04/02 (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.
    Last edited by revia; 2011-01-19 at 18:52.

  2. #2
    New Lounger
    Join Date
    Feb 2010
    Location
    Rego Park, NY
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    It's important to use a 'sandbox' software like Sandboxie http://www.sandboxie.com/.

  3. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    Rhode Island
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have a very similar story. Here's the sequence:

    I opened a mail in Yahoo (IE 7.0.5730.13), expecting that it would not open any attachments or links. As soon as I opened the mail, I saw Adobe PDF open up, and then close. I tried to bring up Task Manager and was advised that "Your Administrator has blocked access to Task Manager."

    Yikes! So I immediately powered down the PC and disconnected the network cable. I rebooted the machine and got the warning about wm32.netsky on a baloon bafore the system fully started. Whether that was Norton or Spybot I don't know.

    When the machine finished booting there was a large background that said my system was infected and recommended that I do a virus scan. There was also a new icon in the system tray that said "Your system is infected. Click here to have Windows download the latest avtivirus software." I DON"T THINK SO!!!

    I tried to run Norton, and it couldn't start the scanning engine. Spybot found the registry entries and corrected them, but the virus must still have been active because it found them and fixed them every time I ran it. I couldn't run any apps because they were all infected. I then tried an F-Secure rescue CD. It didn't find anything. I then tried to mount the drives on another system with a USB interface and scan them from a good system, and the drives were not recognized by the new machine. Why, I don't know. So I then loaded up an old 20G hard drive (amazing how the "old" hard drives can be 20G) with XP SP3, Norton and Spybot. I scanned the drive with both, and then with F-secure. They all still found nothing.

    Rebooting the machine with the infected drive produced the same results, so I decided to reformat and reload the C: drive. I have been less diligent than I should have been with my backups so I had to suffer. Fortunately, I configure my machines with System on C, Programs on D, and data on E. It took a while to reload the programs, but I'm almost back up to par now.

    What a story. Bottom line is I don't know for sure what hit me. I've only had two viruses in my life. The first one took me 30 min to recover because I had good backups. The second took several days. Hmm, where's the lesson there? Oh well.

  4. #4
    New Lounger
    Join Date
    Jan 2010
    Location
    ST Louis Park, MN
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    If you receive a suspicious file you can upload it to Virus total <http://www.virustotal.com/>. They will scan the file with most of Anti-Virus products. This doesn't guaranty that it isn't infected but it's a good start.

  5. #5
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Sacramento, CA, USA
    Posts
    116
    Thanks
    7
    Thanked 4 Times in 4 Posts
    Quote Originally Posted by Daniel Glasner View Post
    It's important to use a 'sandbox' software like Sandboxie http://www.sandboxie.com/.
    Excellent advice, and the latest free version brings back support for Win7x64. Acronis True Image Home 2010, the backup software, has a similar feature which also works with Win7.

  6. #6
    New Lounger
    Join Date
    Feb 2010
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The Kapersky scan is temporarly unavailable: http://www.kaspersky.com/virusscanner.

  7. #7
    New Lounger
    Join Date
    Dec 2009
    Location
    Austin, TX, USA
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I think that superantispyware portable is a particularly useful tool - http://www.superantispyware.com/portablescanner.html

  8. #8
    New Lounger
    Join Date
    Feb 2010
    Location
    Oregon
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I try to never download anything with a suspicious attachment. (by the time you run a test on it, it may be too late....) I may be superstitious, but once a file gets into your computer, there's no telling what it will do.

    And I never open a file unless I know what it is -- where it came from. Always require permission before downloading, or before opening a file.

    I work on computers and I've had people get in trouble because they think that if they open a file real quick and close it again that they won't have any trouble. 9The other problem is to have your email set to preview-- Outlook Express is a problem here, select iew || layout || uncheck preview pane..., very bad, do not preview unknown mail (I get around some of these email problems by scanning my email while it's still on the server with a program called Mailwasher--I use it on every computer I own it used to be free & I still use the free version...).

  9. #9
    New Lounger
    Join Date
    Dec 2009
    Location
    Bayfield, Colorado, USA
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Dennis,
    I run McAfee Security Center for real-time scanning on my machine. To run free secondary malware program, do I need to disable McAfee first? And if so, what portion needs disabled?
    I tried to install MS Security Essentials (see Langa in same issue of WS as your article) as a secondary real-time scanner and got a message that I needed to uninstall McAfee first.
    So, can I actually only install/run one real-time scanner at a time and then use free (uninstalled) versions as a secondary scanner with primary scanner disabled?
    Thanks,
    Jay

  10. #10
    New Lounger
    Join Date
    Dec 2009
    Location
    Washington, DC, USA
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Doug,

    One other thing you could have done before deleting partitions &c:

    Unplug from all networks and turn off WiFi. Log on as Administrator. Open System Restore (in XP, click Start || Control Panel || Performance and Maintenance || System Restore near the top of the left panel). The default is to go back to an earlier restore point, so click Next. Select a date before the trouble started, and restore. This will roll back the Registry and certain system files. (It may break any programs you have installed since then.)

    Reboot. Backup all your essential stuff to a flash drive.

    Then re-install Windows, taking care to delete *all* partitions, and to avoid the quick format. Update Windows, tweak your settings, re-install your apps and data, &c, &c. In most cases it is faster and easier to make a clean installation than to try to clean stubborn malware from your computer.And it will run better, especially if you optimize, e.g., with MyDefrag.

  11. #11
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,483
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by Daniel Glasner View Post
    It's important to use a 'sandbox' software like Sandboxie http://www.sandboxie.com/.
    As per my discussion elsewhere in The Lounge (here) (reply # 9) it is IMPOSSIBLE to sandbox Internet Explorer or Firefox under Windows. Sandboxie when used for this purpose is useless and misleading. I wish the editors of Windows Secrets Newsletter would stop promoting this piece of snake-oil for general Internet surfing protections!

    None of the posts advocating downloading and running third-party antispyware programs would do Doug Troughton any good whatsoever. What he had was a piece of Rogue Antivirus, and these Trojan Horse programs block all the well-known antispyware programs from running scans or reaching their download servers for definitions updates. The best solution in these cases is exactly what Doug did -- reformat, reinstall and rebuild. Do not rely on any recent Image Backup archives, as these may have been imaged after the initial infection took place. The results are a painful lesson in not opening e-mails or PDF's from unknown senders. Even when opening mail from known senders, there is a possibility of this sort of thing happening, but what are you going to do -- stop using web mail? And hope your e-mail client will stop the bad stuff? Good luck with that.

    Maybe I'm lucky, but Firefox with NoScript and the Avast Web Shields, have kept me safe from this sort of thing. Avast has logged several recent blocked attempts to compromise my computer from web sites or e-mail messages. Maybe this is just dumb luck, but I don't think so. Under Windows XP, I also use the Comodo Firewall with Defense+. This Firewall is probably not necessary under Vista or Windows 7.

    To the post about McAfee -- NOTHING else can be run as long as McAfee is installed. See the McAfee web site for a removal tool if interested.

    Merge acknowledged and accepted. I have edited this comment for clarity in light of a subsequent comment.
    -- Bob Primak --

  12. #12
    New Lounger
    Join Date
    Dec 2009
    Location
    Austin, TX, USA
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The supersantispyware portable version specifically addresses the issue of trojan horses/malware nullifying known malware removers. When it is downloaded a new name for the program is generated for every user and it does not have to be installed to perform. I believe that is is a pretty good attempt to address that situation. I agree that preventive maintenance is the best strategy also.

  13. #13
    New Lounger
    Join Date
    Oct 2009
    Posts
    13
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Jay Highland View Post
    Dennis,
    I run McAfee Security Center for real-time scanning on my machine. To run free secondary malware program, do I need to disable McAfee first? And if so, what portion needs disabled?
    I tried to install MS Security Essentials (see Langa in same issue of WS as your article) as a secondary real-time scanner and got a message that I needed to uninstall McAfee first.
    So, can I actually only install/run one real-time scanner at a time and then use free (uninstalled) versions as a secondary scanner with primary scanner disabled?
    Thanks,
    Jay
    Hello Jay,

    I've used several different online virus scanners and never had to disable the machine's resident antivirus application before running the scans. However, you should have only one resident AV program enabled at one time. That's why you should uninstall McAfee (or any other anti-malware program) before installing and enabling Microsoft Security Essentials. Once MSE is installed and enabled, you should be able to run the online virus scans--one at a time, of course.

    Let me know if you have any other questions.

    Regards,
    Dennis

  14. #14
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,483
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by Anthony Stephenson View Post
    The supersantispyware portable version specifically addresses the issue of trojan horses/malware nullifying known malware removers. When it is downloaded a new name for the program is generated for every user and it does not have to be installed to perform. I believe that is is a pretty good attempt to address that situation. I agree that preventive maintenance is the best strategy also.

    I forgot about that little gem in my comment. But be aware that as of now, Super Antispyware is only compatible with 32-bit versions of Windows Vista and Windows 7, not with the 64-bit versions which are being offered preinstalled these days. SAS says it's working on a 64-bit edition, but I question whether their portable version will be 64-bit compatible any time soon.
    -- Bob Primak --

  15. #15
    New Lounger
    Join Date
    Dec 2009
    Location
    Europe
    Posts
    4
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Common sense says don't open anything that may be dangerous EXCEPT IN A SANDBOX. Yes I am shouting. Take the few minutes to create a VM or use a program such as Sandboxie. As for opening mails it is probably better not to unless your spam filter is very good (Gmail's is) as opening it tells the spamer you are there. Yours Arava

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •