Consolidated Security Thread (legacy)

[Schadenfroh]

This thread has been discontinued, please see the new Consolidated Security Thread

http://forums.anandtech.com/messageview...?catid=33&threadid=2004933&STARTPAGE=1

 

[mundane]

Thanks for the comprehensive guide. I've used your resources a number of times while 'fixing' various family members' PCs.

 

[Ausm]

Very Nice ...IO sent a copy to alot of my friends with credit going to you.


Ausm

 

[Schadenfroh]

There, should be a bit easier to read and look up things now and cheers to the mod for sticky

 

[Diasper]

Also for trojans and other malware there's ewido and a-squared - both are truly excellent freeware and highly recommended. I'm surprised they haven't been added to the guide already - if you test them out you'll know what I mean and that they should be added to the guide straight away.

When running them I'd run the scanners differently:
Switch off restore points
Safe mode
Winsock Fix
Bazooka - just to scan to see what we have - see approx numbers
CWshredder
Crap cleaner
Anti-virus
Microsoft anti-spyware
adaware
spy sweeper
ewido
a-squared
spybot

Also, if stuck for an anti-virus product to run or rather if yours hasn't been cutting it download a 30 day trial of Kaspersky - it's the absolute best of personal virus scanners (av-comparatives). That would help cut out alot of crap. Afterwards, ewido and a-squared should pick up alot of the extra crap.

If really loaded down with trojans Trojan Hunter and TDS-3 also do trial periods.

Don't forget to uninstall all these trial programs after.

 

[Diasper]

For the safest browsing I use a combination of a tweaked (and uptodate) firefox along with privoxy.

Privoxy acts as a proxy server on your PC and filters all the content so will remove harmful content from webpages or indeed block whole webpages if necessary. It also removes pesky ads. Basically, it does a whole ream of things but which make it incredibly useful and further serve to cut down on any possibility of infection.

 

[walkure]

Thank you for all the info! A family member just called me to fix his spyware-infected computer, and this will help!

 

[Diasper]

Further stuff you can do in extreme circumstances - you can actually install Anti-Vir very happily on your pc when you have another anti-virus on there as I've found it to be among the more compatible anti-viruses as it lets you switch it off completely and not start-up if you choose - instead you can occasionally switch it on update it and run some scans before putting it back to bed again until you need it again.

That could again be integrated into malware removal.

 

[Diasper]

A preventative measures I'd also recommend BugOff by Merjin (sp?) that fixes various holes in IE that still haven't been patched yet after a long time. Useful alongside spybot immunize, spyware blaster as preventative measures.

Also another one that didn't get mentioned here is Xp-Antispy which can help switch off various OS vulnerabilities in XP to help reduce infection susceptibility.

Also consulting Black Vipers website who wrote a guide about which services you can switch off can also help turn off various other vulnerabilities.

As for Firewalls I recommend Zonealarm although stick with 5.5.094.000 as Version 6 is hasn't been tested properly yet (as of 11 august 05) and has various bugs.

 

[Diasper]

Note also that ad-aware has various plug-ins that can help in removing spyware.

Notably it has a plug-in specifically to remove VX2.

A further note on which free anti-virus to use for day to day, I'd recommend AVG for its general low resource usuage and its good scan results on windows viruses.

As back up I'd run Anti-vir as said before - just switch it on whenever you specifically want to run a scan.

Avast I personally found too resource intensive and where AVG falls down ie trojans etc ewido and a-squared pick up on. Of course, different combinations can be successful.


Anyway great guide - I hope a couple of things I've said can be incorporated.

Let's keep up the anti-malware fight.

 

[Diasper]

Just found another anti-malware tool; remover that scans specifically for worms, trojans and backdoors.

Just ran it. Seems good enough. Probably worth running after ewido and a-squared.


Also various other specific virus and other fixes here - too many to list. Anti-virus should have largely incoporated those fixes into themselves but if you run into a wall over a specific virus one of those might be able to help.

 

[Schadenfroh]

Hello, Diasper, and thank you for your contribution to this thread.

A preventative measures I'd also recommend BugOff by Merjin (sp?) that fixes various holes in IE that still haven't been patched yet after a long time. Useful alongside spybot immunize, spyware blaster as preventative measures.

This is already covered in Section D

Also consulting Black Vipers website who wrote a guide about which services you can switch off can also help turn off various other vulnerabilities.

This is also covered in Section D, Black Viper's website is no longer up and a mirror of it is what is linked now. I do not know what happened to his site.

as Version 6 is hasn't been tested properly yet (as of 11 august 05) and has various bugs.

Indeed, i have read many complaints at DSL reports and the broadband forums i visit.

Note also that ad-aware has various plug-ins that can help in removing spyware.

Notably it has a plug-in specifically to remove VX2.

This plugin is already covered in Section B and C

Also various other specific virus and other fixes here

Indeed an excellent site, i love majorgeeks and their download services, main reason nearly all of the tools i have linked here are to majorgeeks.

 

[Diasper]

Hehe, yeah I didn't see some of the things I added were in there after ...lazyness however prevented me from correcting them

Glad I could be of help in some things.

Great guide.

 

[SagaLore]

Wow, another comprehensive information post by Shad. :thumbsup:

Why don't you just come to work for me, I'll pay you in :beer: and

 

[Strk]

Anything about removing psguard? I've done everything, but there are parts of it that still pop-up on me

 

[IHateMyJob2004]

Why no sticky? Actually, I thought that this used to be a sticky?

 

[IHateMyJob2004]

Norton Anti-Virus uninstalled

AntiVir DLed and about to be installed!

 

[n7]

Wow, awesomeness

 

[Strk]

.

 

[boomdawg]

Please post your HJT log in another thread, doesn't seem right to tie up this one with your own problem.

 

[microAmp]

Originally posted by: boomdawg
Please post your HJT log in another thread, doesn't seem right to tie up this one with your own problem.

Better yet, use http://hijackthis.de/

 

[Schadenfroh]

Originally posted by: microAmp

Originally posted by: boomdawg
Please post your HJT log in another thread, doesn't seem right to tie up this one with your own problem.

Better yet, use http://hijackthis.de/

Indeed, it is mentioned in Section C

 

[xtknight]

Oooh, Crap Cleaner, I love it.

CLEANING COMPLETE - (39.775 secs)
------------------------------------------------------------------------------------------
2,321.7MB removed.

 

[Schadenfroh]

Originally posted by: boomdawg
Please post your HJT log in another thread, doesn't seem right to tie up this one with your own problem.

Yeh, i guess we should move in that direction. That is all that was in the last one. Perhaps we should make a hijackthis log thread in tech support? I would prefer them just to post it at spywareinfo though. This thread was intended to consolidate malware discussion and applications that remove them and prevent them, a general security thread rather than to solve individual problems, anyways, i believe i told him in a PM to post it, but in the future, lets just shy away from that and keep this thread on the discussion of security issues in general rather than individual infections.

 

[Diasper]

Something else you missed

Bit defender anti-virus is FREE.

Add that onto AVG, Anti-Vir and Avast.

Except this one beats them all in detection rates - AVG and Avast by some margin.

Also they have ALOT of individual removal tools available for those who don't use Bit Defender and are having difficulty with removing a particular nasty