I had problems in the past..

But NO MORE!

Its a fairly simple solution.

Sure I use Vista (ultimate - just in case it craps out I have the full thing backed up on DVD's), but I don't use IE on it.. in fact I don't use *ANY* browser, email software, etc., on it.

The Solution:

Use Microsoft Virtual PC 2007 and load up another OS (up to you) and put on your browser/mail account of choice.

I personally protect even that system with:

1. Clean Cache 3 (set to clean at browser close).
2. AVG Free
3. CyberHawk
4. WinPatrol
5. ZoneAlarm

All "free".

All on a Win2k virtual machine with 512 meg of mem.

Works like a charm..

..and *IF* it ever becomes seriously screwed and can't be fixed (at least by me).. then I can always use another virtual machine with the same exact set-up. (..bookmarks with firefox can either be up-loaded for safety (via a plug-in), or I can always go in and copy it).

..on final cool feature with this set-up:

Sometimes you quickly learn that things aren't working quite right (because of some piece of malicious crap), in that instance there is no need to diagnose and then try to repair the problem - instead:

..you can just *close* the virtual system and then open it back up again with the problem as gone as if it never happened.

I find the easiest way to get rid of most malware is just to backup the user's data, settings, etc, and blast Windows. Then, reinstall Windows, secure the box with the anti-virus and anti-spyware programs of choice, and restore data and settings. I like this way because it's more thorough and gives me better peace of mind. It may not necessarily be the quickest way, (although in a few cases it probably is) but it's a more permanent and less fiddly solution for a very sticky problem.

What I don't understand is why ad companies make these things that are capable of ruining people's systems. I mean, something that tracks your browsing and "encourages" normal ads from "the company" is one thing, but if someone can't even boot their computer, they're NOT gonna be seeing any ads, going to one's web page, and once they find out what happened, definitely NOT gonna give those people their business.

I mean, I'm sure a lot of them are just jerk "h4xxo0rz" and script kiddies, so my argument there doesn't apply, but mweh.

I deal with trojans, viruses, spyware, rootkits, and various malware programs on a daily basis. The joys of running computer repairs. Throughtout my journey I've come along to rely very heavily on the following programs for removal:

Naturally starting with HijackThis is the best process, following that I find using a few removal programs helps.

1) Spyware Doctor - The BEST in removal IMO
2) Symantec Antivirus - Does a great job, right up there with SD, works fantastic when left to actively protect the computer while another program scans.
3) AVG Spyware - Picks up a large array of cookies and malware the other top one miss.
4) Counterspy - Not the best but gets maybe 5 traces the others don't.
5) Spybot - Don't know why, but it gets something sometimes.
6) Spy Sweeper - Probably the third best but I run it amongst one of the last. Does a great job managing the quarantine files the others delete on their uninstall.
7) Registry Mechanic - Fantastic at cleaning up the broken sections left from the removals.

Other programs I haven't listed I find do very little to help. Avast has never really gotten much and Kaspersky can't find anything more than what the others remove. AVG has a rootkit scanner which is only subpar but whatever.

Checking Google helps too for things like the Vundo or Virtumonde. There are good tools like VundoFix.

I had 2 winXP machines at home, rebuilt my wifes machine and installed Ubuntu, and added a Mac laptop to my arsenal.

The WinXP machine needs constant pampering, I run it very safely and have not had to reinstall in 5 years, but still it needs a very different level of maintenance to the other two.

I really like the Mac, very low maintenance so far, interface is far superior and if I want to geek out I can always open a terminal window.
Of course, price IS a factor, but I've felt that I got what I paid for, so far. The machine has all features I think I might use, and they all work properly (and efficiently and in a simple manner that I feel confident I can explain to almost anyone)

Ubuntu was a little more troublesome (mainly to install dvd and mp3 support, not really complicated but something that must be done) and the interface isn't quite as good as the Mac (still, no worse than XP, in fact in some ways better) and installing new programs is GREAT! The package manager just works, and in most cases it's better to install stuff on Ubuntu than any other system I've used. Synaptic is the nicest package manager I've tried so far.
On Ubuntu I've not tried features such as webcams, bluetooth and other comfy features like that, so can't comment on them.

Only issues I've had are that Beryl (fancy pants desktop addon) doesn't work properly with my graphics driver (most Nvidia cards), while not really neccessary it looks quite cool, way cooler than Vista anyway and in some areas nicer than MacosX.
The other issue was that some USB wifi dongles lack drivers, that was an issue on one computer I installed Ubuntu on.
Both systems felt like they had been given turbo pills after nuking XP and installing Ubuntu.

Added bonus!
Much less spyware, and both Ubuntu and MacosX come relatively secure out of the box (additional steps can be taken easily, but the systems are WAY better behaved)

#123,
http://www.heise-security.co.uk/articles/92241
http://www.eweek.com/article2/0,1895,1904647,00.asp

I used to collect viri, trojans and worms. Had a directory full of em'. It eventually went south when I reinstalled Slackware to upgrade and did not save the dir.

Hi ho

IMO, the worst thing about viruses and spyware is that they have created a market for antivirus and antispyware software.

My father has the family PC locked down so tight you can hardly use it, an old box with 512 MB of RAM and a slower-than-molasses hard drive. He's got Norton Internet Security installed, Spy Sweeper, and a popup blocker. Whenever I'm home to visit, using the internet is torturous at best.

I had a machine from a friend with a minor infection. I booted into safe mode, removed it, it came back, I installed MS's malware removal tool, it worked, system is running fine.

Since McAfee was installed, and obviously not doing it's job, I decided to uninstall it and at least get some decent AV on there.

Uninstall, reboot, system error, registry security key is corrupt.

Thanks Mcafee!

you can detect rootkits by using Windows Remote Desktop to login to the other computer. For some reason, the rootkit doesn't stay hidden when viewed remotely.
a couple years ago, i rootkitted my other box, and the remote desktop app saw it clear as day in the Task Manager.

What a Friday night topic :D
What is computer security? It's nothing more than risk management. More valuable assets = more security measures.
What makes a secure design?
- Good coding practices.
- Good code auditing (nothing beats Open Source at auditing/fixing code)
- Good security model (limited account, network access control, integrity checking, etc)
- User education.
Now compare Windows with any Unix flavour and you'll see why Windows malware is so prevalent.
Rootkits (a 20 yr. old thing) are the next thing in the "cat and mouse" game between AV companies and malware writers. It's a simple act of surviving: http://www.viruslist.com/en/analysis?pubid=204791949
If you (malware) survive, you can steal passwords, pump spam, display ads, hijack the DNS lookups, make DDoS attacks, etc. It's all about the money. Why put effort in programming something like Rustock.B (a piece of art, BTW, see http://www.symantec.com/security_response/writeup.jsp?docid=2006-07... and http://www.symantec.com/enterprise/security_response/weblog/2006/12... ) if there isn't money to be made?

The best tools to detect and remove a rootkit infection (they're free):
http://rkunhooker1.narod.ru/
http://www.superantispyware.com/superantispywarefreevspro.html
http://www.ultimatebootcd.com/
Although, if you suspect a rootkit infection, the best procedure is backing up the data and nuking the HDD: http://dban.sourceforge.net/
To prevent future infections and do a quick recovery:
http://wiki.castlecops.com/Understanding_Computer_Infections
http://en.wikipedia.org/wiki/Disk_cloning

As a side note, it's worth mentioning that IE7 in Vista even under Admin is more secure than Firefox.

Firefox will execute with standard priviledges in Vista, IE7 runs in a priviledge mode below standard.

Any remote exploit or malware that executes through Vista IE7 will not have sufficient rights to accomplish anything.

One could argue that's splitting hairs given the strength of even a standard account.

Of course compare Firefox in XP SP2 running Admin to Vista's IE7 and the situation becomes much more stark.

Lets see ... How widespread is the problem... every computer of every friend/family member has them, and every computer any woman touches will be infiltrated shourtly because they can't stand it....they can't, they are just wired to click them purty little pop up thingys that are so coooll.

I cuss my wife daily over the "computer trash" sites like myspace etc that are just gigantic magnets for this crap. But you know its just best to let her have her own computer to trash and just reload the system every once in a while. I have got pretty good and registry diving.

My uncle has two computers in his office, one he uses exclusively, and one for his female help... the one for the help I have to disinfect about every two months, and all I ever do to his is install updates.

I hired a new employee at the shop, and it took me a month to get him to quit inviting trouble. My adware/spyware/virus went from 1 or 2 /month to like 20 or 30 in a month.

Killing the bastards responsible for this is too good they should have to be human toilets till they die of natural causes.

Funny, It wasn't that many years ago you to had to reinstall Windows once a year so your computer would just run.
Now, you have to reinstall Windows every year just to get rid of all the slime it collects.
Then it's only clean for about 15 minutes.

This might help with the reinstalls:
http://autopatcher.com/

Oldtech

Along with av software etc, definitely use a good browser like Firefox with NoScript or similar installed.

I'm such a loser that my computer has never, ever, been infected with any malware even without running any anti-virus software for a decade!

It's like sex. I just don't do risky stuff other than drive a car with a lead foot. But I may just be really lucky.

And my greater family lives in the stone age. We only just recently all got cell phones.

Think about it : no more problems.


Right...because there are no user issues on OS X.

Jobsian RDF in full effect.

We've gotten hit pretty hard by trojans/rootkits at work, especially the ecard one.. It's not too hard on us, we just swap out the infected machine for a fresh one, and take the infected one back to the lab where we get to have our way with it. I used to mess around and try to clean it, but now just nuke it and reformat. The last thing we need is an auditor from hell asking which machine in finance had the rootkit.

Try Ubuntu, OSX, not running as administrator.

Flame on! :)

Do not go to questionable sites and do not open-up questionable emails.

If you are truly paranoid. Do not plug your computer into the internet.

Adware and Malware sucks, but it is fact of life if you want to surf the web.

A lot of this all amazed me as well. I see myself as extremely savvy on not opening the wrong emails or downloading the wrong files. In fact, I have not run any active antivirus or antispyware programs in the last three years. The only defense I have up is Windows Vista's default firewall. But I have also not had any problems at all in those three years. Perhaps I have 300 spyware programs on my computer watching my every move and logging every key stroke, but they don't show their heads if they are here. Perhaps I should run a scan...

#5, how in the world did he get a virus that quick?! Did he download something, or visit a web page that was less than reputable? What are the odds that some sort of IP scanner out there hit on his computer's IP and moved in with malware?

this happened to my computer when my wife was using it. Some of the posters here basically called me and my wife idiots (blaming the victim). Switched to a Mac and have never looked back.

My GF is having some problems with her computer running slow. AdAware crashes when I try to use it, even on a new install. But AVG gives the machine a clean bill of health. I'm waiting on her to tell me if she's opened one of those "card" emails. Ugh, I hope she didn't.

And what's with AVG lately? It identifies all kinds of stuff as Generic Trojans, even the AdAware install .exe? I know that's not a virus. Or is it...?

The greeting card email spams are actually spelled correctly and have reasonable grammar - i.e., they're a direct copy of the emails that the real companies use. You would have to know that the URL being an IP Address was a sign that it is dodgy (and you'd have to mouseover the Click Here... link to see it too), in addition the lack of names in the email.

If you don't want to spend your valuable time fixing relatives computers because of spyware, viruses and adware, then tell them to buy a Mac. I'm sure that eventually they'll be targetted as well, but right now and for the foreseeable future they're not, and that means less hassle, less telephone calls and less wasted time.

Has anyone heard something about a program that does individual program virtualization?

@Damage: I spent parts of several days this week recovering his data, wiping the drive, and reinstalling the OS and key apps

I am wondering Scott: Why not use an image application? It can save you lots of time on reinstallations. I personally use ShadowProtect http://www.storagecraft.com/products/ShadowProtectDesktop and it is a live saver. StorageCraft sells parts of their imaging and snapshot technology driver to big names like VMWare and Symantec Ghost. For the ones interested you can read a lot about ShadowProtect at Wilders forums http://www.wilderssecurity.com, just make a search for it.

Since I started to use imaging on all the machines that I maintain the reinstallations have go down to almost 0. I started with Ghost many years ago but after Symantec bought it I changed to Acronis True Image. I stayed some years with it and this year I changed to ShadowProtect due to its excelent and reliable snapshot technology for incremental images.

There are also some freeware appz that do the work well for imaging.

What I do is: Install OS, image, patch it all, install drivers, install important appz and image again. Combined with a descent backup policy for documents (or having them on another partition/disk) makes a reinstall a work of just 5 minutes :)

Man, after reading a lot of these posts with their rather lengthy but often complex solutions, how is anyone other than a die-hard enthusiast expected to keep up? This is downright depressing.

An interesting poll among the informed readers of TR would be "How many viruses or other forms of malware have affected one or more of your personal computers"? That could be very revealing.

Finally, I want to take issue with the comments about "not going to questionable sites". On the one hand, that's sound advice. But if you're doing a Google search for something, you run the risk clicking onto a "questionable site". I always look at the url when doing google searches, but there is still a risk.

I'd say the problem is very widespread. Even with my assistance, my family doesn't know s**t from shinola about how to safely use a computer.

What I'm curious about is, what do these trojans do? I know they can steal pricate info or "give a hacker control of your computer", but what does that means, exactly? I throw around the word "zombie PC" like anyone else here, but how often are people's computers really remotely controlled?

I've conducted malware removal professionally for quite some time. I certainly don't consider myself a security expert, but when it comes to these dirty little SOBs, I'm a freaking ninja :-)

For those that care, and since this seems a good a place as any, here's a quick and dirty do it yourself WinXP malware removal guide. There are only a handful of registry entries that malware et al can utilize to load during the Windows boot process that makes them impossible to remove even in Safe Mode - so much of this process is one that allows you to boot into a clean Safe Mode environment where you can conduct the usual malware removal scans.

Boot off a boot CD of your choice that includes a remote registry editor (UBCD4Win has my vote) and, in addition to the standard run entries in both HKLM and HK_USERS, check the following:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler (only Browseui... and Component Categories... should be listed by default, although occasionally reputable programs will insert an entry here)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks (should only have one key listed beginning with AEB6...)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad (should only have four keys listed: CDburn, PostBoot..., SysTray, WebCheck)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows (AppInit_DLLs should be have no data value)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon (Check "Shell" should only have Explorer.exe)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify (Check for suspicious/randomly named subkeys. This location in particular is a favorite for a lot of malware as the Winlogon process runs before Windows boot, and thus files that startup here begin both in normal and safe mode, and can't be killed from within Windows as a result)

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft (check to make sure the Firewall and Security Center aren't disabled)

HKEY_USERS\[username]\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer (only NoDriveType... should be listed)

Once these are clean, clear all cache files, and manually quarantine any suspicious looking *recently* modified files (depending on when the infection occurred, likely a few days to a few months) in the following directories:

Windows
Windows\system32
Windows\system32\drivers

If you're not sure about a file, you can usually check the properties of said file to see whether it lists a valid publisher. For whatever reason, I've only rarely seen a bit of malware try to masquerade as a valid publisher, and when they do, something is usually misspelled. A quick warning here: not all files which do *not* list publishers are necessarily bad. You can also google the file name if you're not certain, and see what hits you get. And, again, I recommend moving these files to a quarantine folder, not deleting them outright.

Now you can 'safely' boot to Safe Mode. Disable System Restore. For the really paranoid, use autoruns (http://www.microsoft.com/technet/sysinternals/Utilities/AutoRuns.mspx) to remove any last vestiges of infected files/registry entires, and you can run HiJackThis if you like for good measure. This is also a good time to install and scan within Windows using your favorite malware cleaning apps (AdAware, Spybot; etc). There are a few programs that can't be installed in Safe Mode, so you can quickly boot to normal mode to install these programs, though I recommend running any scans in Safe Mode.

There will always be .01% of machines that are truly owned, and nothing but a format and reinstall will work. These instructions should suffice for the vast majority systems. Happy hunting.