Neversummer 4 Forum Archive

This was originaly a reply to de_slider's problem, but turned out long so i figured i'd post it in its own thread. This should all seem very basic and i hope most of you think 'well, this was a waste of time. thanks for posting what i already know' but, im sure theres some out there who didnt know.



HOW TO AVOID VIRUSES:

Following links are -ALL FREE- there is no excuse not to use them! THEY WORK BETTER then commercial products such as norton!

First, and most obviously... UPDATE WINDOWS... FREQUENTLY! Use the auto-update manager, and set it to 'check for updates, but ask before installing'.

Anti-virus:
DO NOT use Norton, or mcaffee. these are for grandparents. They also give horrible 'false-positives' that make you think you're infected when you are not. Only install one. multiple antivirus softwares can and will conflict with eachother due to the way they hook into your system.
I recommend AVG: http://free.grisoft.com/
Or Kaspersky: http://www.kaspersky.com/
Or Avast: http://www.avast.com/eng/download-avast-home.html

If one antivirus isnt enough for you, try the on-line scanning services such as:
Trend Micro Housecall: http://housecall.trendmicro.com/
Kaspersky Online Scanner: http://www.kaspersky.com/virusscanner


Anti-malware
THESE ARE A MUST!!! These are the standard programs for any removal and protection from malware, and everyone on the internet should have -ALL- of these tools installed:
AdAware: http://www.lavasoftusa.com/products/ad_aware_free.php
Spybot: http://www.safer-networking.org/
Hijackthis: http://www.trendsecure.com/portal/en-US ... hijackthis
Rootkit Hook Analyzer: http://www.resplendence.com/hookanalyzer

Note on the hook analyzer. Read the site. not all kernel hooks are malware. Scan your system and then reference the hooks in google to find out what they are for.


How to disinfect
First, run your antivirus software.
Second, run AdAware, then Spybot.
If this does not help, reboot your machine, and right before you see the windows picture loading, press F5 to bring up the boot menu (this may be different on other machines such as compaq or gateways)
Boot into Safe Mode WITHOUT Networking.
Run your antivirus software and then adaware/spybot again. If this still doesn't fix it, you've got a serious problem and should ask someone in here for more help =P This is where hijackthis comes into play. You will probably be asked to post a 'hijackthis log', and advanced users can diagnose your problem using it.


The basics:
When in doubt, Ask Google.
If you are suspicious about ANYTHING, file type, website, software, Google will help you determine if it is legit.

The Process List:
Opening the Task Manager, by rightclicking your taskbar or pressing CTRL-ALT-DEL and selecting 'Task Manager' will display a load of useful information. If you're not sure what a program is on the 'processes' tab, Google it and find out.

What to do with files you receive:
do NOT open email attachments that are executable. for any reason. (exe, bat, com, url, msi, etc) If you recieve one, do not download it unless you have reason to 100% trust this person who sent it to you, and you asked for it. There is -NO REASON- for anybody to send you one of these. You should be able to download whatever he is sending you from the OFFICIAL WEBSITE. ask him for the link instead. Check up on it. if it looks sketchy and you don't think you need it that bad, you probably don't.

media files files are mostly all safe. these include jpg, gif, bmp, png images... and mov mpg mpeg avi divx movies, and mp3 wav and ogg music. WMV files have been known to have problems in the past, so use your judgement based on who and where they came from. (generaly they are safe though)

Documents like .doc or .pdf have been known to contain viruses, so only open these from trusted sources when you HAVE REASON to. if your 'friend' randomly sends you a .doc, or .xls or any other document type, be suspcious. These can contain macros and other executable information.

in-browser videos sometimes tell you that you need to install or upgrade a codec in order to play. THESE ARE USUALY VIRUSES. If you have windows media player, quicktime, and flash installed and updated, you should not have to get a new codec.
If you DO need a codec installed, a legitimate site will tell you WHAT CODEC it is, and then you should look it up using Google and Wikipedia to find out where the official site is for this codec, and install it yourself.

For a good codec pack that will play virtualy anything:
http://www.free-codecs.com/download/K_L ... c_Pack.htm
Or, just use VLCplayer (wich also plays anything, but does not integrate itself into your system):
http://www.videolan.org/vlc/

Browser Loops wich require you to click OK/Yes/Install/Accept or it will just pop up again, DO NOT CLICK THE X or OK. press CTRL-ALT-DEL and kill your web browser process. Do not visit the site again.
Firefox now days also has these problems, but it is still recommended you use Firefox instead of IE as your main browser.

Phishing/false URLs
sometimes you will get a link to http://www.microsoft.com.ru This is NOT a microsoft website. Check carefully the server name of a link before you trust it. If you own blah.com, you are able to make http://www.microsoft.com.blah.com and probably fool people.

False Emails:
Anybody can send you an email from bgates@microsoft.com or even gwb@whitehouse.gov in about 2 minutes. Just because it looks like it came from a legit source, doesn't mean it did.


Finaly, Be paranoid. The internet is full of kiddies out to infect you. You probably know one and dont even know it.
With this basic type of attitude towards the internet, you can avoid pretty much any virus.

Not just kiddies these days. There's big money in infected PCs.

Another tip, never connect your PC to the internet without a firewall on even for a moment. I built a new PC to use as a gateway and disabled the firewall to try to get something working and it got 2 worms in 6 minutes.

If you are running XP Bink, you need to have SP2 before ya connect to the internet, I found this out the hard way. SP2 stops those files from being downloaded. I just made a copy of XP, added in the SP2 to it, and it installs all as one. Works like a charm.

Personally I use AVG Free, Adaware Free, and Spybot S&D.

I have those three programs installed. I run the Adaware and Spybot maybe once or twice every 2 or 3 months. They only ever pick up my cookies and windows history files etc.

I also don't use Outlook or Thunderbird or any other email program, I use the webmail provided through my ISP. It stops any emails from ever being directly downloaded to my PC unless I choose so. It also provides McAfee AV scanning for free in addition to my AVG. (I don't like McAfee either, I dont have it installed, but it works well enough for webmail scanning when it doesn't have to be on my system)

The AVG I have setup to scan every day at a certain time. Which I don't need it to, but meh my new system has more than enough resources. Again, it never picks up anything.

I used to use Zonealarm, but since I got WinXP I have only been using the Windows Firewall. I also have the firewall on my router enabled.

Ultimately, the best weapon you have against malware is yourself and your surfing habits. I might get a hit on a piece of malware every 3 or 4 months, maybe. It's usually after I have that "feeling" about a certain website/email/program install. I start up the scanning software and check when it does happen. I seem to have a subconscious knack for sensing "it". ( I like to chalk it up to my superior intelligence and/or sense of class )

I don't get that urge to click flashy or shiney things or links that offer me silly social stuff like "FREE EMOTICONS!!! GET THEM HER!!! derrr..." that so many people don't seem to be able to resist.
Or, the classic "picture with a .exe extension" lol
You like t3H [censored]? Here's a hint. You don't need a "downloader" or "access" program, or any program for that matter, aside from a browser.
(HAHA!!! "p R 0 n" is [censored] )

Pay attention to the info bar at the bottom of your browser and read the filenames on attachments.

If you're good at reading into things you can usually tell when a party is being a little too enthusiatic about whatever they are offering. If it seems that way, don't bother.
Always ask yourself, "Do I REALLY need this? Or, would it just be nice?"

When you read something and it doesn't have that "official" or "professional" formal feel about it don't click it. The majority of people online that are trying to infect you are usually not versed in the "official" or "professional" way of doing things. They are super geeks/nerds or lack formal education and it shows, so when they write a lure line or website it will seem cheesy, amateurish, or "not right".

It also helps to control who uses your system and for what. 5 people use my parents system and guess what? Ya. I even try to help them and install the above programs, but they are stubborn. Lucky for them I let them use my old system now, with a few stipulations (they have to allow F@H to run on it and allow me to administer the system. It's still mine after all, they're just using it). My current system is used almost exclusively by me and so is almost never exposed to whatever it is that my parents system get exposed to.

If they don't game, they don't need an admin account or a power-user account. Surfing websites? Reading email? Set them up a limited account. Heck even do that for yourself for when you aren't gaming.

********************
Edit:

Ha. Finally went back to actually read the initial post. lol
A few repeated items, but that goes to show you that it isn't BS.
Most of what I know I learned myself, it's good to see that I've come to the same conclusions.

I think this thread deserves a pin somewhere.

agreed

Another REALLY awesome tool:

http://www.mvps.org/winhelp2002/hosts.htm

I'm thinking about my security protection, and just wanted to see if the recommendations above still hold.

I'm using AVG Free 8.0 (runs great, doesn't bother me generally, though I can tell when the scan kicks in if I'm playing NWN, seems to have worked well protecting my main comp, though I have something called WinWeb Security 2008 screwing up my other comp), AdAware Free, and SpyBot S&D. No firewall but the Vista one; I'm thinking about installing the free Zonealarm firewall.

ZoneAlarm is great as a firewall. I use the ZoneAlarm security suite myself and have for the past 4 years. I havent had a problem since.

I use the Zone Alarm Suite as well. So far the Suite has worked well.

The only problem I have with the ZA Suite is the external drive (cavalry) I installed a couple of months ago. I have to kill the external drive software from the task manager before I turn on the external hard drive. Otherwise ZA bogs downs my computer and with the 'On Acces' scan for hours. I've gone to the website and done the recommended changes but no change.

Good stuff here, so I moved it to a more appropriate forum.

I use AVG, and I prefer the 7.5 version, since it takes up less memory.

I run Lavasoft and Crapcleaner often. Be aware that Crapcleaner will delete all your saved passwords and such, if your into saving that info.