Outpost Pro with aol 9 broadband ok?

Discussion in 'other firewalls' started by timnicebutdim, Jan 24, 2005.

Thread Status:
Not open for further replies.
  1. timnicebutdim

    timnicebutdim Registered Member

    Joined:
    Jan 24, 2005
    Posts:
    66
    Hi,

    Just a little advice needed as i am a complete novice when it comes to security and no nothing about networking. Basically i recently became a victim of the VX2 trojan and it completely hijacked my system. Everytime i went online it connected to a server and secretly installed programs, trojans, mailware and spyware. It completley bypassed all of my security programs.
    Sadly i had TDS3 installed but i thought that it had real time protection running in the background and i now learn that if i had set it up properly then the VX2 trojan probably wouldn't have managed to install itself in the first place. I like to have the best security software available on my computer and that is why i purchased TDS3, however i found it much too technical for me to use properly, even when looking through the help files - probably one of the reasons i didn't realise you had to have exec protection installed and TDS3 running in the background when installing programs to be protected.

    Everytime i deleted the VX2 it just mutated into a different file and returned on boot up, TDS3, Ewido, Trojan Hunter 4.1, Microsoft Antispyware, Adware SE, Mcafee Firewall, Nortons Antivirus 2004 pro, Spy dotctor, Spysubtract, Spybot search and destroy, Webroot Spysweeper, various VX2 removal tools, nothing could get rid of it and in the end i managed to delete the file manually in a very odd way ( by changing the security settings in properties to deny all users ). Anyhow, i am going to wipe this computer because i am certain that changes have been made to it that are still giving me problems - so i will start again. I am pretty sure my system is now clean but in less than 20 minutes of trying to update my security signitures for my various security programs while infected i had over 100 trojans, 200 spyware and programs installed on my system - pretty scary stuff. I think i have got rid of them all but am now having problems sending emails with outlook and the odd strange error occasionally. Either way i need to wipe the computer and do a clean install for peace of mind alone.

    Now obviously after such a scare i want to change and update my security software, mainly my antivirus and firewall.
    I am currently using nortons 2004 professional and mcafee firewall ( came free with aol broadband but only version 4.5.2.30 ).
    I have heard that nortons is heard to uninstall so after the format i am going to choose NOD32.
    I am considering using OUTPOST PRO for my new firewall, i have heard that it is easy to use. I was thinking of using Stop n Look but it just seemed too complicated for me.

    Will OUTPOST PRO be ok for a novice like me or should i stick to the old version of Mcafee i currently have?
    Hopefully NOD32 will be ok for a novice like me also?

    Onething which bothers me about changing my firewall is that i have heard that some firewalls don't work so well with AOL, something to do with VPN issues whatever that means - http://www.dslreports.com/forum/remark,2546029~root=security,1~mode=flat .
    Also AOL recommends Mcafee, but i want better security this time round.

    So am i making the right choices in changing to NOD32 and OUTPOST PRO with aol broadband?
     
  2. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    I don't know about AOL, but I do know that OP has no problem with most networks. You just try the software. It will find most settings by itself. Paranoid2000 is the OP expert here!

    But first make sure your system is clean. I'm puzzeled by the amount of garbage. You better start from scratch.
    When you install Windows: use a CD and do not attach any network, cable or modem. Next install all security software and only then connect to a network.
    If you install OP: make sure there is no other firewall activated.
    When installing Windows: create a second account next to the default administrator account and only use that account when working on the system. This must be the best security measure ever invented!

    NOD will be fine for anti virus. Using OP it looks like a string combination.
     
  3. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Welcome to the forums Timnicebutdim,

    AOL can be a little more difficult than other ISPs since it does require special rules - the Outpost pro and aol... thread should provide all the information needed on this though. Outpost will provide more protection than an old version of McAfee but you may find checking the Outpost forum and the Web-Hikers' Guide useful steps beforehand (the Web-Hikers' Guide gives a good overview of Outpost's interface but covers the older 1.0 version - much of it still applies to the current version 2.5 though).

    Formatting and reinstalling Windows looks to be your best bet of recovering from this trojan. While there are plenty of programs that can prevent malware from installing - once something does get installed (and is able to hide its files, restore any parts that get removed and disguise its processes) removing it can be far harder. However TDS-3 and the other anti-trojans should be able to tackle it so checking at their respective forums (DiamondCS have a forum here for TDS-3 support) for detailed advice may be a good idea first.

    I do think it is important to try to find out *how* you got infected. If it was via an Internet Explorer exploit, then no firewall can fully protect against these (though the Active Content filter in Outpost and similar features in other firewalls can offer some protection) so switching to Firefox or Opera would be a sensible step.

    If you were infected via a file downloaded via P2P (or Usenet, IRC or another anonymous sources) then the key thing is to familiarise yourself with TDS-3 and configure it properly. If you find it too difficult to use, then alternative anti-trojans like BOClean or TrojanHunter are easier (BOClean is noted for being very light on resource usage but has no trial download). Also consider DiamondCS' Process Guard - this is simple to use and will prevent most trojans from installing on your system as well as protecting your other security software from being bypassed or shut down (covering a key weakness of Outpost - its poor termination protection). However PG needs to be installed on a clean system.

    For anti-virus protection, I would agree with Meneer that NOD32 is a good choice since it has low resource usage and good heuristics (meaning it has a good chance of picking up new viruses not yet added to its database). Kaspersky Anti-Virus does offer very good malware detection (covering trojans and other malware) but is far more demanding on a system.
     
  4. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Very critical point raised by P2K here. Just highlighted it for your attention.
    My suggestion. For Content Filtering... Use Proxomitron [www.proxomitron.info] and use Sidki and Kye-U's configuration files [merged together] for max safety from errant websites.

    Ewido is also another option for Anti-Trojan. No configuration options though.

    I wwould awlso swuggest getting a "Hardware Router" if you are using broadband/ADSL/DSL/Cable internet...
    Netgear seems an obvious choice for most people. I'm afraid I have no other info on hardware.

    Even though I would suggest different software, P2K has just named for you THE most effective and EASIEST to configure and use software. Coincidentally, they're programs with the excellent unofficial support.

    I think someone who's used RegRun/UnHackME or similar should be called in. http://www.greatis.com/security/
     
  5. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
  6. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    How you DID manage to remove a polymorphic was pretty flimsy for me... take care, VX2 may just be hidden/dormant.

    I recommend KAV as an AV though. It's supposed[/b] to take care of trojans/polymorphics better than ANY other AV known to mankind.

    Some of us do this every couple of months, just to be safe. ;)

    Have fun... Hard work ahead of you my friend.
    G'Luck
     
  7. timnicebutdim

    timnicebutdim Registered Member

    Joined:
    Jan 24, 2005
    Posts:
    66
    I got infected from a program at download.com that i wanted to use for link checking on my site. I basically am a search engine optimizer , a very good one but i don't know anything about security - i have found it hard to learn the functions of TDS3. I read a bit about outpost and even that confused me. If i can run it out of the box with good security then maybe its a better option than my older version of mcafee. I am really tempted by Zonealarm but i keep hearing that its very resource intensive and a bit of a pain to uninstall.

    As far as TDS3 is concerned it can't remove the varient of VX2 i had because the VX2 just mutates to a new file upon boot up. I also tryed Ewido, Trojan hunter 4.1 - nothing could get rid of it because it mutated to a new file on boot up each time. I did a lot of research into VX2 and currently there is no security software in the world that can automatically remove it because it gets so deep into a system, it has to be removed manually by using Hijack This logs and other log programs. I posted my log in another forum but the thread was deleted ( i don't know why ), also i asked for a check with my log after removing it but never got a reply.


    How i got rid of it and all the rubbish it installed from the server was to keep my computer on and remove everything found with the following programs, TDS3, Ewido, Trojan Hunter4.1, Adware SE, CWS Shredder, Spybot search and destroy, Spydoctor, Spysubtract, Nortons Antivirus Pro 2004, Microsoft Antispyware, aol spyware protection...

    After i was left with two files in my system 32 folder which were both similar in name, two dlls. One was the file that had to be deleted on bootup and the other was the file i suspected it to mutate into once the other was deleted, they both were created on the same date. I went into properties for both files and set the security for both to deny all for users and system. Then i rebooted into safemode.
    I was then able to delete the file that would have been deleted on bootup ( it was no longer protected ), however i still wasnt able to delete the file which i suspected it to mutate to next. Even so, when i rebooted again it no longer mutated to that file and a scan of my system seemed clear, no more VX2 or any related files found.
    I then used VX2 Finder to restore Administive priviliges and used killbox to remove a file from my recycle bin that stoped things showing in the recycle b in.
    I had no more warning from my security software when going online and several scans since has shown the computer to be clean, although i still get the odd strange error now and again. But i will format now anyhow.

    Anyhow - thats how i got rid of it, but trust me - the variant i had would not remove with any of the VX2 removal tools and various advice given in forums on how to get rid of it.

    Remember that i am a total newbie when it comes to security and even simple things to you guys like - get a Hardware Router - is confusing to me and completly off my level of understanding. That is why i wanted to see if you think outpost pro will be the best choice for me.

    It might be better for me to get a firewall not as good that i can run properly than once which is better that i can't configure and end up having less protection.

    Thansk for all your advice so far.
     
  8. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    I just thought I would mention that I have been using aol 9 broadband and outpost pro for some time now and I have not come across any issues so far and both are working well together.
    As u will see in the link provided by paranoid 2000, my setting for aol and outpost are there for u to see and they work very well for me as well.

    https://www.wilderssecurity.com/showthread.php?t=63227

    Your friend

    THE MUL
     
  9. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    I presume you have informed Download.com about this. As for out-of-the-box setup, Outpost's installer will scan your system and create rules for those applications it finds. You should have a working configuration at that point and can just delete the rules in Options/Application for those programs that you don't use for Internet access (if running Windows 2000, keep the settings for services.exe and for Windows XP, those for svchost.exe since these are critical for network access).
    HJT log analysis is a time-consuming job so those forums that accept HJT logs do have rules that must be followed - your post may have been deleted for not following those rules.
    For someone totally new to security, ZoneAlarm would probably be a better choice since it simplifies things as much as they can be. Its downsides are that it "phones home" (you can't stop it), it sometimes does not uninstall properly (causing problems when you try to use another firewall) and it tends to up the paranoia factor by reporting any unsolicited connection attempt as an "attack".
     
  10. timnicebutdim

    timnicebutdim Registered Member

    Joined:
    Jan 24, 2005
    Posts:
    66
    I decided to play around with some of the programs suggested to get a feel for them before wiping this computer.

    I really had my heart set on nod32 as the new antivirus to be using but had heard a lot about kaspersky.

    Anyhow after several days of updating , adware se, spybot, microsoft antispyware, tds3, trojanhunter 4.1, and nortons and scanning my computer each day to see if there was anything left behind ( for curiosity since i am wiping this computer soon anyhow ), all programs said my computer was clean.

    So then i disabled nortons and installed a trial version of nod32 to play around with it before wiping the computer. I made sure the heuristics and all options were set to the highest level and done a full scan of my computer.
    Nod32 said it was clean.

    I used nod32 for a couple days and really liked the interface and how fast my computer seemed after switching from nortons to nod32.

    Then i decided to uninstall nod32 and test a trail of kaspersky.

    I didnt think there would be anything found so i left the settings of kaspersky on normal and did a full scan. Really i just wanted to see how much kaspersky hog of my system resources would be... much to my surprised it found 16 trojans viruses on my system.

    I am surprised that nod32 and tds3 ( with all the highest scanning settings on ) did not find any of these.. 16 is a lot.

    I am very pleased with kaspersky as it seems the better than my other software by detecting these.

    Anyhow what confused me is how it handled the 16 trojans it found.
    I am not sure if it has deleted them all or not - this is the downside.
    It said it found 16 but reported only 6 to be disinfected - what does this mean... do i have 10 left that it could not get rid of?

    In the report under some of the trojans it said "Could not be disinfected - reason - object disinfection canceled" ?
    Also the file format of some of these were confusing ( Outlook\Personal Folders\Top of Personal Folders\Deleted Items\ ) - i cannot find that file in explorer.
    Some of the trojans were also in C:\System Volume Information\ but i cannot access that in explorer ( it says it access denied ).

    The other thing which confused me as that some files were password protected and i have never set any files to be password protected so these ones could not be scanned.

    I have attached the scan report if anyone wants to take a look ( had to delete some of the spybot password protected results because the file was too big to upload ) .

    I know i am going to wipe this computer anyhow but id like to know if kaspersky did get rid of all the viruses rather than just 6 of the 16 it found.

    Any help appreciated.
     

    Attached Files:

  11. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Kaspersky will detect items of malware that aren't viruses (e.g. bundled adware, "phishing" emails) so it will pick up items that other anti-virus software does not - the downside is it is far more resource-hungry and requires careful setup on some systems.

    I would recommend that you consider opening a new thread in a more appropriate forum (Other Anti-Virus or NOD32) to discuss this topic further.
     
  12. timnicebutdim

    timnicebutdim Registered Member

    Joined:
    Jan 24, 2005
    Posts:
    66
Loading...
Similar Threads
  1. jhr76
    Replies:
    20
    Views:
    1,485
Thread Status:
Not open for further replies.