security guide proof reading request

Discussion in 'other software & services' started by Bethrezen, Jan 14, 2005.

Thread Status:
Not open for further replies.
  1. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi all

    I'v put many hours and much effort in to the writing of this guide and I think its more or less ready to go save the odd bit of tweaking and i was wondering if a few of the expert here would be good enough to spair a bit of there time proof read my work for me and give me some feed back dont be afraid to say that iv got somthing wrong or x bit is un nessery just be sure to say why

    thanks

    If you are reading this then you are one of the unlucky ones that is having trouble with Parasites, Viruses, Trojans, Spyware, Hijackers, Browser Helper Objects or other forms of un-welcome Malware this situation usually occurs when either your system lacks basic security, your security settings are too low or you aren't being responsible enough about what you download what ever the case coming here is a good first step because you are making your self responsible for the security of your computer, not Norton not Microsoft not Zone Labs You !!

    I hope by the time you have read through and carried out the information contained in this help file you will be a littlie wiser and your system will be a lot safer

    The first stage in this process is cleaning instructions on how to do this are given below. Once we've finally gotten your system clean you'll want to keep it that way right ?? of course you do !!

    This is stage 2 in which we will lock down your system and install and configure all the software you are going to need to keep your system safe because when Microsoft ships there system they are trying to make it "easy" for you to surf the web, NOT SAFE !!!

    The First thing we need to do however is to download all the diagnostic and cleaning tools we may need and get your system clean then updated them with their latest definitions

    Note: Where possible iv tried to list free solutions because I don't believe that people should have to spend thousands for good security this said however keep in mind you get what you pay for so its still worth investing in paid software

    Anti-Spyware: Ad-Aware, Spybot-S&D
    Anti Virus : AVG, AntiVir, Avast
    Anti Trojan: A² (Beta), Ewido Security Suite (2000/XP Only), TrojanHunter (Payware)

    Specialist: Hijack This, Start Up List

    Now although TrojanHunter isn't free it is regarded as quite a good newb friendly Anti Trojan only catch is that it must be updated manually see the update instructions Here

    You should also read This page as it contain additional information and links to other resources and programs not covered in this guide that can further help you identify & fix your problem

    Ok now we have downloaded all the tools you are likely to need restart your computer in safe mode and run a scan

    You should also

    1. Delete all *.tmp files on your drive as some of them may contain malicious code for your Malware

    2. Run a search on your hard drive for any files ending with *.hta or *.js If you find any open them in notepad and look to see if they contain the URLs that you have been hijacked to if so delete them

    3. Delete any system restore points you have unless you know unequivocally that they are clean because Viruses Trojans and other forms of Malware are renowned for hijacking your restore points to prevent you from removing them

    4. Make sure that there aren't any start up entries for your malware if so disable it

    Failure to carry out any of these steps can cause re-installations of the very Malware you are trying to get rid of

    To open msconfig click start run and type msconfig

    To help you Identify processes that may be suspicious or just unnecessary look them up Here

    To reveal Window hidden files and folders

    Windows Me/2000/XP:

    Double-click [My Computer]
    Select [Tools] menu, click [Folder Options]
    Select the [View] tab.
    In the [Advanced Settings] list, under [Hidden files and folders], select [Show hidden files and folders].
    Click [OK]

    Windows 98:

    Double-click [My Computer].
    Select [View] menu, click [Folder Options].
    Select the [View] tab.
    In the [Advanced Settings] list, under [Hidden files], select [Show all files].
    Click [OK]

    Windows NT 4.0:

    Double-click [My Computer].
    On the [View] menu, click [Options].
    On the [View] tab, select [Show all files].
    Click [OK]

    If your problem is that your browser has been hijacked and the above hasn't solved your problem you may have an Active X or Browser Helper Object problem to see if its an Active X hijack open the Downloaded Program Files folder and see if there are any Active X files inside if so delete them

    To check for Browser Helper Objects click start run and type regedit then click search and type in Browser Helper Objects and have a look and see if anything is listed if there are we will fix these later with Hijack This you may also want to look in the plug-ins folder in the Internet Explore directory to see if anything has been placed there that shouldn't be there if so delete it

    If your problem is that your Control Panel / Internet Options has been Disabled here is how to fix it

    Do a file search for a file named "control.ini" and open it in Notepad If inetcpl.cpl=yes is present under the [don't load] section delete it save the change and exit Notepad the Control Panel / Internet Options should now be Re-enable if not try Re-booting

    To do this under 2000 and XP however you will need to do a little registry editing click on the start menu and select run then type regedit and browse to HKEY_CURRENT_USER\Control Panel\don't load\ and if present delete inetcpl.cpl the Control Panel / Internet Options should now be Re-enable if not try Re-booting

    If you are still unable to remove your Hijacker/Malware. Then you may need a few other specialist cleaning tool

    Cool Web Shredder

    A small utility for removing CoolWebSearch (aka CoolWWWSearch, YouFindAll, White-Pages.ws and a dozen other names)

    NOTE: Since October 19, 2004. CWShredder was sold to InterMute and is owned and maintained by by them

    Kill2Me
    A removal tool specifically for the Look2Me parasite. This tool removes versions 115, 116, 117 118, 120, 121 and 122 (the most recent ones) on all Windows versions.

    If files get left behind because they are in use and you are unable to remove them then try

    Dr. Delete or DelLater

    These are small utilities for removing files that are in-use by scheduling them to be deleted at the next start-up.

    If one of your anti-spyware programs won't run, and keeps closing its self then it's likely you have a version of Coolweb Search that’s disabling it as there has been a variant of the Coolweb going round recently that can auto closes several anti-spyware apps when you try to open them.

    If this is happening to you then its easy to put a stop to it just download CoolWWWSmart.Search Killer Once you've run this tool it should allow your disabled program to function normally

    If in the unlikely event that above hasn't solved your problem then it could be that you have a new variant in this case you may be asked to run a process manipulation program here are a few recommended ones

    Dependency Walker, Advanced Process Manipulation (APM), Process Explorer, KillBox

    If you have tried all of the above and you are still either unable or unskilled enough to remove your Hijacker/Malware then you should post your HijackThis/Startup List log

    If you want instant help with your HijackThis log file analysis while you wait for someone to review your log please see This web page

    Alternatively if you want to analyse your log yourself you can try looking up the various processes, tasks and entries at the following locations

    Answers That Work Task List, BHO's and Toolbars, Startup List, Layered Service Providers (LSP's), WinTasks Process Library, Startup Applications List, O18, O20, 21 and 22 Entries

    Some things to keep in mind when Posting Hijack This or Start Up List logs

    1) Paste in your Hijack This or Start Up List log after describing the problem that you are having.

    2) When you post your Hijack This or Start Up List log post the whole log do not remove anything from it. That specifically includes the top of the log that lists version information.

    3) Please do not post a new topic titled "Hijack This log" or "Start up list log" or anything similar. Please give your post a title relevant to your problem if you have been hijacked by xupiter.com, put that in the title If you get redirected to lop.com when you try to load a site that doesn't' exist, put lop.com in the title etc.

    4) If you turn out to have a new hijacker or spyware, it is likely that people will need a copy of the files involved so that they can have them added to detection databases. In this case someone will probably remember to ask for them, and give an address to submit those files to. However it's possible that someone may tell you to delete them without realizing that people want those files. If you seem to have something new, ask to be certain before deleting the files responsible. Sometimes people may already have the files in which case it is ok to delete them.

    Some Things To Look For When Analysing Your Hijack This Log

    First put a check mark next to every search and start page setting it lists which you haven’t put there yourself do the same for any hosts file entries. If it lists anything as O5, O6, or O7*, fix those as well. However please ask for advice at the forums before using Hijack This to change anything else.

    Second Hijack This will list any Browser Helper Objects installed on your computer. Check the BHO's listed against the list of all known BHO's maintained Here If you find one listed as some sort of Spyware, Malware or Hijacker put a check mark next to it and have Hijack this fix those as well.

    The second stage in this process is securing your system now that we have gotten your machine cleaned you'll want to keep it that way right ?? of course you do !! instructions and how to do this are given below however cleaning and securing your compute is only half the battle

    Maintaining your new found security on the other hand this is the hard part and requires a fundamental change in the way you think about cyber space fortunately it needn't be difficult just follow the following recommendations and exercise a little common sense and hopefully you will never have malware problems again

    Now in order to maintain good system security there are several things that you should do

    The First most important thing you should do is to make sure you have all the correct security software the minimum you should have to maintain a healthy system is a good Firewall, Anti-Virus, Anti-Trojan and Anti-Spyware here are a few recommended ones

    Firewall: Zone Alarm, Outpost, Sygate

    These are programs that inspect all the traffic flowing in and out of your computer while online allowing you to decide which programs you wish to allow or disallow access to the net think of a firewall as a bouncer for your computer keeping all the undesirable riff raff out off your system and making sure that all the programs that are on your system behave them selves

    Anti-Virus: AVG, AntiVir, Avast

    These are programs that look for and destroy Viruses a Virus is a destructive bits of code that can do allsorts of nasty things to your computers from giving it a cold and making things crash to giving it a heart attack and killing your hard drive resulting in system restore

    Anti-Trojan: A² (Beta), Ewido Security Suite

    These are programs that look for and destroy Trojans a Trojan is similar to viruses in the fact that they can do allsorts of nasty things to your computer but unlike a virus a Trojan wont kill your system but rather install a hidden back which means that anyone can access your system and everything on it including things which you would like to keep secret like your bank account details worse still not only can they steal data off your compute but they can also download and install things on your compute as well even worse than that anyone utilising this hidden door also has the capacity to use your compute for illegal activities and guess who's going to get in trouble for that ?? The poor victim YOU !!!

    Anti-Spyware: Ad-Aware, Spybot-S&D

    These are programs that look for and destroy Malware similar to but less severe than a Trojan or a Virus Malware is any program or bit of code that

    A. Doesn't fall under the heading of Virus or Trojan

    B. Surreptitiously does nasty and/or undesirable things to your system with out your permission ranging from the benign and annoying such as displaying popup windows with ads when you surf the net to the severe and serious such as hijacking your browser to porn sights hijacking your net connection so that when you connect to the net you aren't connecting to your ISP but to some premium rate number or perhaps keylogging tracking or just general spying/stealing of personal data such as passwords or privet emails etc

    In addition to the above you may also want to consider the following , Spyware-Blaster, Spyware-Stopper (Shareware) and SpyBlocker (Shareware)

    These are programs that doesn't scan for and clean Malware but rather it-prevents it from ever being installed what these do in effect is to add a list of banned programs/sights to your system so when ever one of these banned programs or sights trys to sneak on to your system or display in your browser they are automatically refused

    Real-time protection against Malware: Spyware-Guard, Prevx Home

    Similar to the above these programs function much like a virus or Trojan scanner sitting in the back ground silently watching for anything that is trying to sneak on to your system and when detected they stop it

    Single file encryption software: Axcrypt, PGP

    Whole disk encryption software: DriveCrypt (payware)

    Although encryption software isn't necessary for everyone it is of secondary importance and highly recommended if you have any sensitive file that you want to keep away from prying eyes however be aware that encryption software is only as strong as the password you select

    Though of you that are considering encryption software as a means to protecting though valuable files you may also like to consider Whole Disk encryption this is a form of encryption that protects entier hard drive rarther than just single files completely preventing access to your system without the proper access credentials

    The Second most important thing you should do is to always keep as current as possible with all the latest bug/security fixes not only for Windows but for all your programs this is especially important when it come programs like your Anti-Virus, Anti-Trojan and Anti-Spyware

    The Third most important thing is to secure your system by locking down all of Windows BIGGEST security holes these includes Internet Explorer, Outlook Express, Windows Media Player and File And Printer Sharing among others

    A good way to eliminate a lot of these problems is to simply get rid of Microsoft’s inferior technology all together and use one of the many safer Freeware/Open source alternatives, by doing so you will not only be saving your self from all the current security vulnerabilities created by these programs but all the future one as well

    However choose wisely get some advice from professional security experts at boards like this one because there are programs that are known to be a little on the questionable side

    One such group are shells programs that are based on the code/engine of another programs for instance Slimbrowser, Avant Browser, Maxthon or AOL Browser these are programs based on the Internet Explorer engine

    Now although shells them selves aren't inherently dangerous where the problems come in is when the shell program is based on the code/engine of another program that is known to be buggy and insecure such as Internet Explorer what this means is that in all likely hood your shell program will inherit all the same vulnerabilities and exploits as the program it was based off

    Which is why Id also strongly recommend against the use of such programs what I would stress here how ever is that no matter what you chose no program is perfect and its going to have bugs and vulnerabilities the best thing you can do is to seek expert help then make up your own mind based on your needs and the advice you are given then once you have made your choice again seek expert help on how best to configure it for maximum safety and security

    below are few recommended replacements

    Browser: Firefox, Opera

    Email Client: Thunderbird

    Media Players: Winamp, JetAudio, Quicktime alternative, Real alternative,

    If on the other hand you are just interested in looking at what Freeware/Open source alternatives are The Source Forge or Openwares

    One other method of cleansing your system of a lot of Windows superfluous code and features is

    XP/98lite (payware)

    I have personally used 98 Lite for a couple of years now and can definitely vouch for its effectiveness not only for securing, speeding up & stabilising my system but it also comes in handy when upgrades go wrong and Microsoft doesn't offer an uninstaller

    If you are looking for further proof of why you should rid your system of Microsoft’s inferior technology and why you the end user should remove these features and programs I would see this classic example of Microsoft’s incompetence

    The Forth most important thing you should do is to use password protect because this prevents unauthorized access to your system and stops people/malware tampering with your operating system and/or programs settings

    The problem here however is quite often if you have a lot of passwords you’ll often get them mixed up or forget them altogether and this puts people off using password protection however it doesn't have to be like this there are programs known as password vaults these are programs that will store all your passwords in a protected archive allowing you to safely log in to any of your password protected accounts with a single click of the mouse

    below are a couple of such programs

    Robo Form, Account Logon

    Be aware however that password protection is only as strong as the password you select choose a good passwords which isn't easy to brake, it should be over 10 characters, with numbers, letters, Symbols, upper and lower case letters and it shouldn't be a word that appears in the dictionary

    The Fifth most important thing you should do is to back up your data this way if your hard drive ever get corrupted you wont loose everything get an imaging program these are special programs that can make an exact duplicate of your hard drive and burn it to a CD or some other form of removable media so that way if the worst should happen all you need do is just restore your back up this avoids or at least reduces the often costly lost of data as long as you remember update your back up regularly

    One such imaging program is true image weather you are a novice or an expert this program is for you its extremely user friendly and comes highly recommended I can vouch for it I've used it for years and I cant tell you how many time its saved me from having to do a lengthy system restore

    It is advised however that you wipe your system and do system restore then patch and update everything before you make your first back up this way you will know that you are making a clean back up

    It is also advised that before you update this back up that you first restore to it again this is so that you know that your updated back up is clean

    By doing this you will always know that no matter how badly your computer gets messed up either by Virus, Trojan, Hijacking or some other form of malware you always have a quick easy way to fix the problem

    Below is a few other recommended imaging programs

    Acronis True Image (Payware)

    The Sixth most important thing you should do is watch what you download !! Many Freeware and P2P programs like Grokster, Imesh and Kazaa come with an enormous amounts of spyware that will eat resources, slow your system or clash with other software, possibly causing your Software, Browser or even Windows itself to crash below are a few pages that maintain a list of clean and infected clients

    Spyware-Free/Spyware-Infested P2P/Filesharing Apps
    Spyware-Free/Spyware-Infested P2P/Filesharing Apps
    Spyware-Free Download Managers/Assistants

    You may also want to check out the Rogue/Suspect Anti-Spyware Products & Web Sites list

    The Seventh most important things you can do is to is to be informed subscribe to security news letters to keep up to date with all the latest threats read and learn as much as you can because knowledge is power the more knowledge you have the safer you will be below is a few links to resources that will help you do just that

    http://www.tom-cat.com/security.html
    http://www.dslreports.com/faq/security
    http://www.spywarewarrior.com/uiuc/main-nf.htm
    http://www.claymania.com/safe-hex.html
    http://www.uksecurityonline.com/husdg/

    Ok so recommendations over its time to get to work and start locking things down

    First its recommended that you Disable file and printer sharing if you don't need it as it will enhance security and give attackers 1 less way into your system Complete instructions for Windows 98 and Windows NT can be found Here Instructions for Windows XP and Windows 2000 can be found Here

    Next we need to lock down 3 of windows other big security holes Internet Explorer, Outlook Express & Windows Media Player in order to make these safe from attack by Viruses Trojans drive by install and other such vulnerabilities we are going to have to reconfigure there security settings Instructions for this can be found Below

    we will start with Internet Explorer first now there seems to be a lots of differing opinions about what the best set up for IE should be and I am in the process of writing up a set of instructions that will allow IE to remain functional while increasing its security in the mean time till I’m finished here are a few links to information on the subject

    http://www.lavasoftsupport.com/index.php?showtopic=14537
    http://www.dslreports.com/forum/remark,133...ity,1~mode=flat
    http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

    You can also further secure Internet Explorer down by installing the following

    BugOff can be found Here

    another similar application is Qwik-Fix

    Qwik-Fix can be found Here

    IE-SPYAD: Restricted Sites List For Internet Explorer Found Here

    ActiveX Spyware Block List One Can Be Found Here

    In addition to theses you may also want to consider the use of a host file

    What is a host file ? & What’s it do ?

    Read Here or Here to find out more

    Next we need to lock down Outlook Express

    NOTE: Outlook Express it part of Internet Explorer so the settings for one can affect the other.

    Open Outlook Express Select Tools/Options

    Select The Read Tab

    Check Read all messages in plaintext

    Select the Security Tab

    Place a dot in Restricted Zone
    Check Warn Me When Other Applications Try To Send Mail As Me
    Check Do Not Allow Attachments To Be Saved Or Opened That Could Potentially Be A Virus

    Select The Maintenance Tab

    Check Purge deleted messages when leaving IMAP folders
    Check Empty Messages From The Deleted Items Folder On Exit

    Next close the options window and Select View/Layout

    Uncheck "Show preview pane"

    Note: This last one is a HUGE security issue and It's really important that it be disabled because viewing an email in the preview pane is effectively the same as opening it which mean if its infected with a virus viewing it in the preview pane will execute the virus it contains

    For further insight on securing Outlook Express see This

    Finaly Windows Media Player

    Open Media Player Click Tools/Options

    Select The Privacy Tab

    Uncheck Everything

    Select The Security Tab

    Uncheck Run Script Command When Present
    Check Do Not Run Script Commands And Rich Media Streams If Player Is Running Inside A Web Page

    Select The Player Tab

    Check Once A Month
    Uncheck Download Codecs Automatically

    After following these instructions you my also want to apply this patch by Java Cool

    Windows Media Player Scripting Fix

    Ok now that we have locked down Internet Explorer, Outlook Express, Windows Media Player and File & Printer Sharing its time to cover a few OS Specific problems

    First you should apply these 2 patches from the creators of BOCLEAN

    HTA Stop 2003

    However Win 2000 And XP users should see this warning before applying this patch

    DSO Stop2

    For toughs of you that are still using Win95/98/ME you should apply these 2 excellent patches from DiamondCS

    Anti-Polymorphism Patch

    Saved Passwords Lock Patch

    Next if you are still running Win 98 Se you should also apply this excellent UNOFFICIAL Windows98 Second Edition Service Pack

    Toughs of you that are using WinXP should grab a copy of XP Antispy

    Note: However please be aware that if you are using Ewido Security Suite you do not need this as Ewido Security Suite already includes XP-Antispy

    XP Antispy

    Toughs of you that are running older systems like 98/ME/2000 should grab a copy of Safe XP insted this app is very similar to XP Antispy but unlike XP Antispy Safe XP is designed to also work on older systems like 98/ME/2000

    Safe XP

    Ok now you have secured your system you we need to test your defences effectiveness below are a few sights that provide security validation services to allow you to do just that

    http://cybercoyote.org/security/tests.shtml
    http://www.firewallleaktester.com/
    http://www.spywarewarrior.com/uiuc/info17.htm

    If you have any Questions, Comments or Suggestions reguarding this thread then please feel free to post them Here

    And finally I'd like to say a huge thank you to everyone who has helped me write this I couldn't have done it with out you id also like to say a huge thanks Andy Reynaerts who has been of grate assistance to me

    Thank you all your help is greatly appreciated
     
    Last edited: Jan 14, 2005
  2. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi

    No one wanna give this the quick once over for me to verifiy that iv got it right and not made any mistakes or perhaps missed somthing ??
     
  3. securityuser

    securityuser Guest

    I'm lost. Why would the mods have to deliberate about anything? If he's connected to another site is something wrong with that? Is it supposed to be Wilders Forums and nothing else for members? Help me out as I am lost as to what you could have possibly meant?

    I like what you have put together. I am going to go over it some more. There are spelling and grammatical errors that need to be fixed, but the content is quite good!
     
  4. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    hi, Bethrezen :) i think you have done a great job. here are some of the things i feel can be improved -

    at the start you have written -

    Anti-Spyware: Ad-Aware, Spybot-S&D
    Anti Virus : AVG, AntiVir, Avast
    Anti Trojan: A² (Beta), Ewido Security Suite (2000/XP Only), TrojanHunter (Payware)


    then you write -

    Ok now we have downloaded all the tools you are likely to need restart your computer in safe mode and run a scan

    you dont make it clear if they should download all the above, or some of the above. i'm mainly thinking of the AVs.

    also, there's some spelling mistakes and grammatical mistakes too. - "there", instead of "their". missing full stops and commas etc.

    here's a good hosts file tool. it's called HostsMan 1.2. the download page is below.
    http://www.abelhadigital.com/

    you should also make it clear that spybot will lock the hosts file, so it will need to be unlocked before you can make changes to it.

    i can improve on the grammar and spelling. although, it probably wont be perfect, my grammer isn't the best :( and also, i might be able to improve the article by presenting it in a different way, and adding a few things to it. that's if you will let me rewrite it; it's up to you.

    if you let me redo it, it wont matter if you don't want to keep it, or just want to take parts of it, as i'll be happy to keep it for myself :)
     
  5. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi all

    thanks for your replys

    yes I moderate the spyblocker forum as a pass time I also help out with various other bits and pieces and is requiered writing guides and the like

    Humm good point ill be sure to add a note

    I am aware of this but being dyslexic its hard for me to do anything about it because I just don't see the errors and my spell checker doesn't have the ability to do a grammar & punctuation check this said if someone would be willing to go over it and point out my errors I'll quite happily correct them

    i see what you mean me thinks a rewording is in order for that section

    humm might also be worth adding one or 2 other host management tools to hostess and host manager good call that reminds me sould also have a look at grc.com they got a few good lil things that should also be added

    could you point out where you think this lil note should go ?

    sure why cant hurt post your suggested revisions/rewrites etc and we can take it from there

    try this copy the section from the guide that you are rewriting colour it blue then put your suggested rewrite under it so I can compare the differences in presentation easily with out needing to scroll back and forth
     
  6. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi

    just a few quick revision to a few of the points made

    the blue bits are the new revisions what do ya think ?

    If your problem is that your browser has been hijacked and the above hasn't solved your problem you may have an Active X or Browser Helper Object problem to see if its an Active X hijack open the Downloaded Program Files folder and see if there are any Active X files inside if so delete them

    however be aware before you clean this folder out that legitimate Active X controls reside here also and deleting them could cause problems if there needed by some program so if you are unsure what they are part of and if there safe to delete either look them up or go to one of the forums listed later in this guide and seek professional help

    The First thing we need to do however is to download all the diagnostic and cleaning tools we may need and get your system clean then updated them with their latest definitions

    The minimum you should have is an Anti-Spyware: Anti Virus : & Anti Trojan: scanner below are a few recommended ones you should download at least 1 from each section in addition to this you should also download hijack this as it will be required by the professionals later on to verify that your computer is clean

    What is a host file ? & What’s it do ?

    Quote: . . .

    Read Here or Here to find out more

    if after you have read toughs articles about the host file you decide that you would like to use one then it is advised that you download a host file manager below are a few recommended ones

    Hostess, HOSTS Manager, HostsMan
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Bethrezen, you might like to check out the comprehensive steps found in General Cleaning.

    You may also want to take a look here for further discussion on security and how to make a system that much stronger and here for more.

    This is what works really well for me, very simple to use and maintain.

    Hope this helps...

    Cheers :D
     
  8. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi

    thanks for your replys will make a few changes as soon as i got a lil free time

    Blackspear

    some good info in them links will be sure to read them through and add the links as apropreat

    Spanner

    couple of good suggestions also :)
     
  9. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Now this is excellent! The longest security guide for computer newbies has been published.

    Here's a suggestion from me:

    For very good protection against trojans try TDS-3
    First released in 1997, TDS (Trojan Defence Suite) is one of the longest established anti-trojan programs in existence and today is widely considered to be the most powerful and comprehensive anti-trojan program by the Internet security community. TDS-3 has a team of anti-trojan professionals including Wayne Langlois, Gavin Coe and Jason Annice. You can even talk to them at the forum!

    http://tds.diamondcs.com.au/index.php?page=download
    The evaluation version of TDS is time-limited to 30 days and missing some features.
    If you find the demo useful or wish to use TDS beyond 30 days, please register - it's fast, easy, and very affordable.
    --------------------------------------------------------------------------
    The ultimate protection for Windows, ProcessGuard

    LATEST AWARDS

    - Highest award from FileCart - the Award Of Excellence, and staff rating of 5/5
    - Highest possible award from FirewallLeakTester.com - Best Choice, after meeting a strong list of criteria.
    - Analysed and certified to be 100% Clean by Softpedia.
    http://www.diamondcs.com.au/processguard/img/award1.gif http://www.diamondcs.com.au/processguard/img/award2.gif http://www.diamondcs.com.au/processguard/img/award3.gif

    SUMMARY
    ProcessGuard is a powerful new cutting-edge program that greatly increases
    the security of your computer by preventing processes from being able to attack
    each other. It is considered by experts to be a must-have program for all users
    of Windows, and is the only program available that can actually prevent the
    installation and infection of all known rootkit stealth trojans.

    Now THAT'S a powerful defence in itself! But there's much more ...
    Each capability of ProcessGuard is powerful in its own right. For example, a program which simply blocked rootkit trojans from installing would be very valuable in its own right, yet this is just one feature of ProcessGuard! Here is just a brief list of some of the main uses of ProcessGuard:

    http://www.diamondcs.com.au/processguard/img/check.gif Securing processes from being attacked (terminated, suspended, modified)
    http://www.diamondcs.com.au/processguard/img/check.gif Controlling which programs are/aren't allow to run
    http://www.diamondcs.com.au/processguard/img/check.gif Blocking rootkit trojans and other malicious drivers from installing
    http://www.diamondcs.com.au/processguard/img/check.gif Protecting physical memory from malicious modification
    http://www.diamondcs.com.au/processguard/img/check.gif Blocking hooks and code injections
    http://www.diamondcs.com.au/processguard/img/check.gif Determining which programs are being executed on your system
    http://www.diamondcs.com.au/processguard/img/check.gif Determining which programs are attacking others on your system
    http://www.diamondcs.com.au/processguard/img/check.gif Analysing the inter-process behaviors of programs
    http://www.diamondcs.com.au/processguard/img/check.gif Keeping a log of all programs that execute (important for post-infection analysis)

    You can find out more information on ProcessGuard by visiting this site: http://www.diamondcs.com.au/processguard/index.php?page=download
     
    Last edited: Jan 23, 2005
  10. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi nadirah

    excelent suggestions id forgotten about thoughs 2 just a shame process guard dont work on 98 eles id get a copy my self

    as for tds good program but from what i here its quite complex and is only recommended for advanced users this said thay do provide good suport :)
     
  11. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    here's a rewrite for you...

    However, be aware, before you clean this folder out, legitimate ActiveX controls reside there too. Deleting them could cause problems if they're needed by a program. So, if you are unsure what they are apart of and whether they're safe to delete, either look them up, or go to one of the forums listed later in this guide and seek professional help.
     
  12. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi

    just a few quick edit incorperating a few of the changes you have suggested


    The First thing we need to do however is to download install and set up a firewall if you don't have one already. Then we need to download and install all the diagnostic and cleaning tools we may need to get your system clean. Once done we then need to updated our scanners are with their latest definitions.

    The minimum you should have is a Firewall: an Anti Virus: Anti Trojan: & Anti-Spyware: scanner below are a few recommended ones

    you should download and install at least 1 from each section what you should not do however is to run 2 instance of the same type of program so for instance dont run 2 Anti Viruses or 2 firewalls at once as doin so can cause clashes resulting in improper operation.

    In addition to this you should also download Hijack This as it will be required by the professionals later on to verify that your computer is clean


    Note: Where possible iv tried to list free solutions because I don't believe that people should have to spend thousands for good security this said you pay for so its still worth investing in paid software

    Firewall: Zone Alarm, Outpost, Sygate, Look 'n' Stop (payware)

    Anti-Spyware: Ad-Aware, Spybot-S&D
    Anti Virus : AVG, AntiVir, Avast
    Anti Trojan: A² (Beta), Ewido Security Suite (2000/XP Only), TrojanHunter (Payware),
    Trojan Defence Suite (Payware)

    Specialist: Hijack This, Start Up List

    Now although TrojanHunter isn't free it is regarded as quite a good newb friendly Anti Trojan only catch is that it must be updated manually see the update instructions Here

    Again TDS isn’t free and must be manually updated however if you are looking for the most comprehensive Trojan protection around then TDS is for you see Here for update instructions

    You should also read This page as it contain additional information and links to other resources and programs not covered in this guide that can further help you identify & fix your problem

    Ok now we have downloaded all the tools you are likely to need restart your computer in safe mode and run a scan

    Note: Run only ONE scanner at a time as doing other wise could cause improper operation resulting in a failed removal of your Malware


    If your problem is that your browser has been hijacked and the above hasn't solved your problem you may have an Active X or Browser Helper Object problem. To see if its an Active X hijack open the Downloaded Program Files folder and see if there are any Active X files inside. If so you may need to delete them how ever, be aware before you delete anything in here that, legitimate ActiveX controls reside here too.

    Deleting them could cause problems if they're needed by a program so you should check each one to see what its a part of right click on them and select properties and see if any of them relate to your malware if so select uninstall if you are given that option if not just delete it.

    If after clicking properties you are still unsure what the're apart of and whether they're safe to delete, either look them up, or go to one of the forums listed later in this guide and seek professional help.

    what ya think
     
    Last edited: Jan 23, 2005
  13. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    sorry but this statement is outdated and simply not true anymore.
     
  14. Ronin

    Ronin Guest

    If you do say so yourself :)
     
  15. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Yes that's your opinion, I'm not sure if the statement has been updated in any way by DiamondCS.
     
  16. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    not opinion, it's a fact! ;)
     
  17. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Ok, now I understand... :)
     
  18. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Nadirah,

    What's your opinion in this whole story? You are quoting proxyproxy144. And I am sure some others as well.
     
  19. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    Hi All

    well iv finally put my guide up :) it can be found here

    http://spyblocker-software.com/IPB/index.php?act=ST&f=8&t=1644

    for everyone that had been helping me with this id like to say a huge thank you your help has been invaluable.

    This said I'm still tweaking and changing things so keep your suggestion comments rewrites etc. coming

    If you have any further suggestions questions comments re-writes etc. then you can post them here or at the SpyBlocker Board here http://spyblocker-software.com/IPB/index.php?act=ST&f=8&t=1644
     
  20. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    I did not quote anybody. Why do you say that I'm quoting proxyproxy144 and some others as well. I made that post entirely from my own thinking. Who's proxyproxy144?
     
  21. Bourne

    Bourne Guest

    Ha Ha, you kidding right?
     
  22. Cursed Ghost

    Cursed Ghost Guest

    dont ya think this is just a lil off topic o_O

    i mean this sort of chit chat isnt realy very constructive
     
  23. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    You're right. Let's end all these off topic comments and arguments. Thanks.
     
  24. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi all

    I was wondering if anyone else has had some time to give my guide the once over ? and make any suggestions I know there is a lot of info there and that its a lot to take in and consequently replies where going to be slow but as I haven't had any replies recently I though id ask

    To see the most up to date version of my guide look here: http://spyblocker-software.com/IPB/index.php?act=ST&f=8&t=1644 because the one at the top of this thread is out dated
     
Loading...
Thread Status:
Not open for further replies.