Tricks to get you to download or Saving yourself from Stupidity

Discussion in 'other security issues & news' started by lotuseclat79, Oct 11, 2005.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,101
    To make a long story short, I duped myself into downloading something that required a password to open it. I opened it with the password, and it installed swhost.exe on my next reboot as a set of hidden + system files (dlls, .exe).

    Thank goodness I had watcher.exe scanning for such things, so I was able to delete the nasties from both my registry and C:\Windows\system32 at bootup.

    The stupidity hit hard when I allowed the installation before the reboot under the auspices of Prevx Intrusion Prevention. Dumb, and dumber!

    BTW, swhost.exe is Proxy-Agent.d that turns your PC into a spam host according to McAfee. Ugh!

    -- Tom

    P.S. Watcher (free):
    http://www.h5.dion.ne.jp/~legoland/minuscule/watcher/index.html
    Prevx Home (free): http://www.prevx.com/prevxhome.asp
     
  2. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    Is this an advert?
     
  3. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,101
    Hi Joliet Jake,

    No! It actually happened to me yesterday, and I consider the post to all who will read it to use better "common sense" than I exercised, which may be the best way to protect yourself when surfing the "wild, wild" Internet.

    -- Tom
     
  4. tjones

    tjones Guest

    Thanks for posting about Watcher lotuseclat79. It does look like a good program. It sounds similar to Winpatrol. But i wonder if it's protection would be redundant if you already had Winpatrol, MSAS, Antihook, and Prevx home running. Does it add any new protection to what those programs already do? Can it be shutdown easily? If so, could malware shut it down easily? How is its system resource useage? Do you get a lot of warnings while using the program? When do you get warnings the most? After every program update? After Windows update? Sorry for the million and one questions about Watcher, i'm just trying to determine if the program is worth using with what i already have running. Thanks if you or others can shed some light on these questions.
     
  5. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,101
    Hi tjones,

    Redundancy is the hallmark of reliability, witness NASA's redundant systems in the Shuttle. But in this case, it is more toward having a multi-layered security strategy in place in my view.

    I also run MSAS Beta and it could not have warned me at bootup time for something that I had already Allowed with Prevx Home running prior to bootup - that's when Watcher kicked in to give me one last chance to recover from my own stupidity.

    I do not run Antihook, but it sounds as if there may be some redundancy there - I don't know for sure.

    I do not run Winpatrol, so, I do not know for sure.

    When Watcher launches, it produces a small window that can be closed easily by clicking on the red x in the upper right-hand corner.

    Malware won't shut it down unless it knows about watcher, or defeats all of the startup programs from launching - that would be one nasty malware!

    Watcher hits 4224KB peak memory usage until Confirm/Remove window launches for up to 5600KB peak memory usage.

    Warnings occur on bootup after a previous new installation of software, including after Windows Updates (reboot) - usually not too much to deal with, but a godsend with the problem I had yesterday. You can launch Watcher at any time during a session. Unless the system area is affected or the newly installed program is in the Startup list, then you probably won't get a warning window, since Watcher is geared to watch the system files.

    -- Tom
     
  6. My guess is most people here running a combo of any of these

    Processguard,Regdefend, Antihook,Safensec,Onlinearmor,Prevx,Winpatrol,MSAS/Counterspy,SSM,MJregistrywatcher,
    Avoraxshield, etc etc, would cover all these areas in real time or near real time.

    Still I secondary check by watcher on boot might be worth it......
     
  7. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Watcher is very nice. One point that I think tjones might be missing here, though, is that it doesn't run resident. It does a scan when you start your computer, shows you the results (letting you remove anything that's been added), and then closes. It's handy for more than just killing malware, it will alert you to any changes to key areas of your system. It's especially nice to have for persistant annoyances (like qttask.exe) and things you might have missed by your security software, whether you allowed without thinking or had it disabled. It may also alert you to things that your security software did not, depending on your setup. It's free, so give it a try. If you don't like it you can uninstall or stop it running from startup.
     
  8. T772

    T772 Guest

    Hi Notok have you or lotuseclat79 got a link for 'Watcher', tried to do a google but didnt get very far, thanks T
     
  9. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,101
  10. Tom772

    Tom772 Guest

    Hi, Lotuseclat, thanks for the link. This is a security must monitors so many things from start up to the registry, 'excellent' program.

    Watcher creates a snapshot for several sensitive areas of your system:
    # running processes (anytime)
    # running processes at logon time
    # startup registry keys
    # services registry keys
    # other sensitive registry keys
    # sensitive directories (c:\, Windows directory, "system32" directory, etc.)
    # other sensitive files
    # scheduled tasks

    Thanks again

    T
     
  11. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,702
    Location:
    Texas
    Hi Guys,

    Perhaps not necessary for those running PG & RD!


    rico
     
Loading...
Thread Status:
Not open for further replies.