Recent Infectee - comments on my new set-up (please!)

Hi all,

Long time browser of these forums and as a recent victim of what appeared to be a keylogger (although all my scans etc have yet to find anything...) I've reviewed and changed my security set-up.

My concern is as a recent victim I may have gone a little over the top so I'd appreciate any views and comments on what I've now selected. Currently I'm using free or trial versions of these applications but will happily pay for them if they prove worthwhile.

So here we go:

Prior to infection I was running:
- ESET SS
- Spybot S&D
- NoScript and ABP in Firefox

I have now added to the above:
- Prevx Edge
- KeyScrambler
- DefenseWall
- Sandboxie
- Spywareblaster
And on-demand:
- SAS
- Malwarebytes AM
- SDFix
- TrojanRemover

And not that it matters so much to my topic but for completeness, I was and still use Acronis TrueImage for backup purposes, and JungleDisk for backing up a few super-important files onto the Amazon S3.

I'm also considering changing ESET SS so I'm no longer using a firewall and AV from the same manufacturer. In this case I am now considering:
AV: either NOD32, Kaspersky or Avira (comments or alternatives would be appreciated on any of these)
FW: Online Armor or Comodo (again any comments or alternatives appreciated)

I know there are a lot of highly experienced pro's on here so I apologise if these questions are a little low-level or "newbish" for you all but after the pain I'm going through recovering from the fallout of the first successful attack on me in 20 years of using a PC I just want to make sure

Answers can be technical if you like, I should understand them

TIA,

D

 

You could try combinations like (as there is no right or wrong answer):

a)
sandboxie
prevx edge (or eset)

b)
defensewall
prevx edge (or eset)

c)
defensewall
sandboxie
prevx edge (or eset)

With defensewall or sandboxie, the above options are enough, all you'll need is an on-demand scan once in awhile with your choice of program. It won't matter as you won't be finding anything.

But if you intend on running all those programs at once, you might as well have a virus your system as it will be churning, slow and unresponsive.

Here's another option for you, light and free:

d)
Avira personal (free)
sandboxie (free)
online armor or comodo (free)

 

You've got way to much programs, it's total overkill.

You should try to understand how your risks and get a setup which deals with it.

Unless you're a really really high risk user you can probably get rid of at least Spybot S&D, SpywareBlaster, SDFix, TrojanRemover, KeyScrambler and Sandboxie.

You can stick with Eset SS, unless there's something wrong with it on your computer?

 

ESET + ThreatFire should be just fine for pretty much anything. You can add Prevx Edge there if you feel a bit paranoid.

 

New OA paid (3.1) plus Avira Free and DefenseWall paid are great and very user friendly.

When you would consider Comodo have a look at this https://www.wilderssecurity.com/showthread.php?t=234443 for an all freeware setup.

Regards Kees

 

Thanks all for the really helpful responses, I've cut a lot of the excess out

I really like the idea of DefenseWall though but it seems to have such a heavy impact on my system performance particularly disk churning... any thoughts?

Cheers,

D

 

No security product can detect every virus.
-
Also, Less is more, Don't be stupid and just plow everything on your machine.

 

What kind of impact? Any particular application or the system at all?

 

I apologise for being "stupid", I did say up-front that the question might be a bit too beginner for this forum but I wasn't sure where else to ask where I could get knowledgeable answers.

Anyway thanks for the input although, insults aside, it pretty much reflects what everyone else has said and what I suspected - I went a bit over the top

 

Seems to be a general lag across the system with everything taking a bit longer and lots of disk activity, although particularly when opening a hefty application like Firefox.

 

This case you need contact me at support e-mail.

 

I have to agree, your new setup is overkill. However, can you give more details on how you got infected with the keylogger, and how you discovered it ? (because you said "although all my scans etc have yet to find anything...")

 

I pretty much agree with this. Spybot S&D, SDFix, TrojanRemover, KeyScrambler (and Sandboxie) should go.

But for heavens sake keep SpywareBlaster. It's brilliant! It belongs in the company of SAS and MBAM that you've downloaded for extra scannings, which is wise. Stick to ESET SS - it's a fine product. I also agree that you could add ThreatFire from PC Tools.

 

I use "D" on Saraceno's list of suggestions, only I have the paid versions. But the free ones would be a great setup too. That and Firefox with adblock and Noscript.

Can't think of anything else, except a limited account and DEP for all programs. And oh yeah, keep Windows and all software up to date.

 

and

well both the statements seem self contradictory....and say if in 20 yrs you got infected once then too.... loading your pc with all possible secu. apps is indeed an over-kill....it will make our pc slow and sluggish for sure but not anymore secure.......and if indeed the scans find nothing then too going for a complete security overhall is a bit too drastic..............DW is great addition ...though

 

Well basically my gmail account became compromised and whoever broke into that found an e-mail that gave them enough detail to access an account I have on another system (WoW, game fans!). Not a password but enough personal information to get the password and e-mail address associated with it changed in their name. I'm a bit miffed as I use a secure token for 2FA access to that account but it appears customer services didn't apply the correct process for getting a "failed" token removed from the account and the intruder has applied his own/

So really I'm assuming it's a keylogger as the intruder would have needed to know it was a WoW account, would have had to searched my gmail to find a single two year old e-mail (since removed) and to have captured the password on that account at some point. The e-mail in my gmail gave him enough info to apparently remove my token from my account also although they are supposed to received copies of bills, driving licence and take a few days to achieve that (this took hours).

So I don't see what else it could have been as I'm soooo careful about what I download and run, always use fairly strong passwords and always use https when accessing google services (indeed I use the CustomizeGoogle addon to force that).

 

You don't have to apologize about anything as there isn't such a thing as stupidity in the security world. On the other hand there's a lot of misinformation on internet which makes choices problematic.

Only a few years back, the average Wilders member would happily brag about its 10+ programs as a good 'layered defense' (have a look at "What is your security setup these days?" thread in its early days).

Back on topic, IMO Eset SS is fine ( although,I personally don't like suites) + Sandboxie, and DefenseWall, should really give you some peace of mind.

I prefer to virtualize my system completely, although I must admit against keyloggers it wouldn't protect much, that's why I think very private matters should not be kept stored on your computer or allowed to transit on the web.

 

Totally agree with this. I use exactly the same configuration for months without any issues

 

Agreed

Why don't you look into some passive security that doesn't eat tons of resources? With a limited user account, software restriction policy, no autoruns for users (kafu.exe) and DEP you can make an antivirus almost redundant.

Here are some links for info: LUA

Software Restriction Policy

Tutorial for SuRun

Here's another good article on setting up a software restriction policy.

In addition I have no desktop firewall, but rather an old IBM ThinkCentre running the IPCop Linux firewall distro. I do have an antivirus, but running this setup the only activity it has is updating itself everyday

 

You do realize edge is meant to be run alongside an AV?

 

Its ment to be run standalone but is designed to work alongside all other populair security software

 

i was told by a prevx
agent this morning that prevx edge can handle to secure a system alone

 

now my question is if i decided to buy another program well for sure will not be another antivirus but i was thinking and i need and advise for this one,between SuperAntiSpyWare Pro and MalwareBytes Pro which one will be a good back up second opinion for prevxedge complement?
note:this is for familly's pcany advise thanks

 

Wichever u like best cus one is not better then the other, they r both magical at what they do