BetaONE will rise again!


Reply
  #1  
Old 2nd Feb 05, 09:53 AM
~*McoreD*~'s Avatar
~*McoreD*~ ~*McoreD*~ is offline
Super Moderator
 
Join Date: Jul 2002
Location: Australia
Posts: 2,902
~*McoreD*~ is an unknown quantity at this point
Antivirus, Antispyware, Antitrojan and Firewall Prorgams
Hi,

Got hit by a trojan on the very first day after a new install of Windows XP. I had avast! 4.5 Home Edition (to address Viruses) and Sygate Personal Firewall Pro 5.6 (to address attacks/hacks) installed. But it seems like I didn't have enough protection.

Damage:

The trojan did the following damage:
Disabled Task Manager.
Windows folder had to two executables that even loaded in Safe Mode: loadclean.exe and kernels32.exe.

I did some research and they were meant to do more damage to the system. Fortunately the firewall blocked the outgoing connections. (Now this is how Windows XP Firewall is not enough).

Recovery:

HKLM and KHCU had entries for kernels32.exe and I deleted them. Also ran a reg setting to get Task Manager back. Went to Safe Mode and deleted the two files.
Recovery wasn't 100%. Every time Windows started, a message popped up saying kernels32.exe was not found. Created a dummy file. It still opened up two command prompt windows.

Steps to take to prevent this happening again:

Until today I thought Antivirus and Firewall is all you need. I was very dissapointed. Formatted again and installed Windows XP. Determined this time to use the computer as a Limited User. But as usual got discouraged by all the error messages and usual program behaviours I had to face with applications. Limited User is too restrictive although I recommended this in the past. So that's not an option.

Now the system is clean but I have several questions. I was wondering...

1. Obviously it seems there is a need of a 3rd program that protects the system realtime. What program(s) could real-time protect your system from virus, spyware and trojan horses and also web attacks? My current system is: avast! 4.5 as an Antivirus and Sygate as a Firewall (AntiHacks)
2. Are AntiSpyware programs same as AntiTrojan programs?

Cheers,
McoreD
Reply With Quote
  #2  
Old 2nd Feb 05, 10:03 AM
roadworker roadworker is offline
BetaONE Supporter
 
Join Date: Aug 2001
Posts: 377
roadworker is an unknown quantity at this point
The 3th 1 you need is a specific program for trojans,1 of the best is TrojanHunter.My 1st security line is covered by Avast Pro,Outpost Pro and TrojanHunter;the 2nd defense line is AdAware's Adwatch,Microsoft AntiSpyware and Spybot's TeaTimer;all of them monitoring in realtime....

Periodicly I let them all run their scanning engine....


Antispyware programs can recognise a few trojans,as do most virusscanners,but not enough to be a secure antitrojan solution...
Reply With Quote
  #3  
Old 2nd Feb 05, 10:06 AM
war59312 war59312 is offline
BetaONE Supporter
 
Join Date: Jul 2001
Location: U.S.A
Posts: 2,220
war59312 has disabled reputation
Send a message via ICQ to war59312 Send a message via AIM to war59312 Send a message via MSN to war59312 Send a message via Yahoo to war59312
If you where running ProcessGuard the virus would never have ran in the first place.

Also, don't use a user account. User a power account.

You can read more about Power Users here compared to normal users and admins.

http://www.wellesley.edu/Computing/Win2k/w2kgroups.html

Pretty easy to do:

Start Menu > Control Panel

Administrative Tools > Computer Management

Computer Management (Local) > System Tools > Local Users and Groups > Users

Right click on the user to setup and click Properties (or just double click on the user )

Click the "Member Of" tab and then click Add Button toward the bottom. Click the "Advanced" button on the left bottom corner.

Click the "Find Now" button. Left click On Power Users. Click OK. Click OK again. Click OK one last time.

Done!!
__________________
Ad Muncher Usage Statistics for v4.7 Build 27105/1624
Adverts removed by Ad Muncher: 1,601,933
Approximate bandwidth saved: 12,515 MB
Counter started: April 2, 2003

Download: http://war59312.admuncher.com/download.shtml

Last edited by war59312 : 2nd Feb 05 at 10:15 AM.
Reply With Quote
  #4  
Old 2nd Feb 05, 11:59 AM
~*McoreD*~'s Avatar
~*McoreD*~ ~*McoreD*~ is offline
Super Moderator
 
Join Date: Jul 2002
Location: Australia
Posts: 2,902
~*McoreD*~ is an unknown quantity at this point
Thank you for your replies to continue discussion. I like your 1st defence line roadworker. I will try TrojanHunter.

My idea of using Limited User accounts, Will, was to restrict myself from modifying files in Program Files and WINNT folder. Power Users can modify or create files in Program Files and WINNT just like Administrators. Do you think it won't matter?
Reply With Quote
  #5  
Old 2nd Feb 05, 10:30 PM
war59312 war59312 is offline
BetaONE Supporter
 
Join Date: Jul 2001
Location: U.S.A
Posts: 2,220
war59312 has disabled reputation
Send a message via ICQ to war59312 Send a message via AIM to war59312 Send a message via MSN to war59312 Send a message via Yahoo to war59312
Well it matters but its just easier. Since if you use a user account then you have to go into admin to allow you access to all the folders. Meaning you have to turn off simple file sharing first and then right click on every folder and or files you want your user account access to. Just about everything. Only thing on my system that will run under a user accunt without giving access is sygate. Even F-Prot antivirus will not run under a user account until you give the user write access to its directory.

Just a real pain in the a$$. Users cant run a lot of command line commands either which really bites. I use them to run my games, fav. appz, etc. So cant use a user account.

But really its up to you.

You're still safer running under a power user than you are under an admin account since power users cant access other users' data without permission. So what you need to do is make sure you can not access the admin folders on your system. Like:

C:\Documents and Settings\Administrator\

Also be sure to rename the Admininstrator account in Computer Management.

I for one block my user account from accessing all users too. So I have moved all start menu shortcuts and desktop shortcuts for example to my user account. So there is no need to ever access the all user folder under my power user account.
__________________
Ad Muncher Usage Statistics for v4.7 Build 27105/1624
Adverts removed by Ad Muncher: 1,601,933
Approximate bandwidth saved: 12,515 MB
Counter started: April 2, 2003

Download: http://war59312.admuncher.com/download.shtml
Reply With Quote
  #6  
Old 3rd Feb 05, 04:20 AM
Fisher Fisher is offline
Senior Member
 
Join Date: Nov 2004
Posts: 269
Fisher is on a distinguished road
Best Anti-Virus and FireWall is "F-Secure Anti-Virus Client Security 5.55"
Reply With Quote
  #7  
Old 3rd Feb 05, 04:27 AM
~*McoreD*~'s Avatar
~*McoreD*~ ~*McoreD*~ is offline
Super Moderator
 
Join Date: Jul 2002
Location: Australia
Posts: 2,902
~*McoreD*~ is an unknown quantity at this point
FYI Will, Sygate and avast! both can run under Limited User.
@Fisher, I haven't tried it yet but I will soon.
Reply With Quote
  #8  
Old 3rd Feb 05, 04:33 AM
Fisher Fisher is offline
Senior Member
 
Join Date: Nov 2004
Posts: 269
Fisher is on a distinguished road
The common belief is that the combination of network firewall and antivirus software on servers, desktops and laptops is good enough. However, this is no longer true. Protecting against these new forms of attack require a firewall to be integrated within the antivirus software on each individual computer in any company.
The solution
F-Secure Anti-Virus Client Security offers protection against new breeds of threats. The centrally managed and easy-to-use solution consists of tightly integrated virus protection, proactive personal firewall, intrusion prevention and application control software for company desktop and laptop computers.
Automatic real-time antivirus protection
Integrated desktop firewall
Intrusion prevention
Application control
Automatic virus definition updates
Reply With Quote
  #9  
Old 3rd Feb 05, 03:40 PM
KingCobra's Avatar
KingCobra KingCobra is offline
Senior Member
 
Join Date: Dec 2001
Location: Illinois
Posts: 2,409
KingCobra is on a distinguished road
Send a message via Yahoo to KingCobra
@McoreD - Sorry to hear of your problems.

Face it we are all computer geeks here and we continue to move from one program to another for more protection. I notice myself spending more time reading about how to secure my system and trying different security programs than I spend time doing things I really own a computer for. Just think how the regular "Joe" feels out there. I've heard of people who buy a new PC every 6 months because it's so jacked up with viruses and spyware it wont boot up.

Here's an idea. Leave your system off the internet while using Windows and bootup with Knoppix Live to surf. Nothing to install on the HD and when you shutdown your system to restart everything is 100% clean again. If you fear someone getting to your HD while using Knoppix, conisder disconnecting your HD power with a switch our just use a different box for the internet.
__________________
Reply With Quote
  #10  
Old 4th Feb 05, 11:47 AM
robinwilson16 robinwilson16 is offline
Administrator
 
Join Date: Jul 2001
Location: UK
Posts: 903
robinwilson16 will become famous soon enoughrobinwilson16 will become famous soon enough
Seems like you have to be so careful these days

I just got some ad-ware on my system and now run microsoft antiadware or whatever it was called
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 09:58 PM.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.