Jump to content


Please note: You can easily log in to MPN using your Facebook account!

OT: Help! My PC is under attack!


Phil W

Recommended Posts

Originally posted by Loufrance:

And in response to all of this Mac Vs. Pc(with Windows) Vs. Linux- I've used them all to a certain extent but I have the most exp. with Windows, if most of the Pc's used in homes,schools, etc. were Mac's their would be loads of malware, spyware and virues for them.

It all depends on market share, when a virus writer writes a virus they want to affect as many computers as possible yet target one platform.

Actually, market share has little to do with why most malware writers write malware. Writing malware (or writing software to find and eliminate malware--part of what I do for my "day job" in IT) is basically another form of problem-solving. It's kind of like working on crosswords or other kinds of puzzles.

 

Exploits (programs that take advantage of one or more weaknesses in another program) are some of the easiest forms of malware to write: find a bug in a program, and use that bug to do something different. Exploit writers are opportunists who capitalize off of the fact that a lot of software is released with various bugs.

 

Contrary to popular opinion, malware has, is, and will continue to be written for Macs (running OSX or Linux) or PCs (running Linux) too.

 

The most important tool you can have for fighting all of the various forms of malware isn't an anti-virus program, a firewall, a file-recovery utility, etc; rather, it is an up-to-date backup. Backup your files regularly and often; make sure that you make multiple copies of your backups--both in multiple places on your HD and on removable media (like a DVD, flash drive, etc). Having a backup will give you the ability to recovery from most disasters--except, of course, if your computer dies. :eek:

 

Right now, you don't know what is installed (and possibly running hidden) on your computer, and you need to get your computer into a known state (meaning you know exactly what's running on it). You need to reboot your machine with a bootable system recovery CD/DVD. If that CD/DVD also has up-to-date anti-malware utility on it, then run the utility. If there is no such utility on that CD/DVD, then safe your data either to removable media (like CD-/DVD-R[W]) or USB/FireWire drive, and then scan/repair the infected files on a clean machine. If you don't have access to another, clean machine, then you'll probably have to reinstall everything on your system--including Windows XP (making sure to re-format all of the partitions on your HD). After you've reinstalled Windows and all of the relevant bug-fixes, and after you've installed and updated your anti-malware program, then you can scan/repair any infected files. After that, then you can copy the scanned/repaired files back to your machine.

 

Furthermore, several people suggested--assuming you have multiple computers--that you use one for music and another for surfing. However, if you only have one computer--and can't afford to get another one right now--then I'll provide you with two other options.

 

First, you can boot your computer with a bootable Linux CD (like the knoppix or ubuntu live CDs). This way even if you were to accidentally read an unsolicited email, get slammed with pop-ups (which is highly unlikely in Linux), etc; then you can reboot and everything will be as good as new--because nothing has to get saved to your HD. Yet, if you'd like to save any files from that session, then you can save that data to flash drive. Actually, I'm doing this so that I can test several things without commiting to a particular set of tools before I'm ready.

 

Second, you can purchase VirtualPC or download VMWare for free, and you can set up either one so that you can do all of your online stuff within a virtual Windows XP session. You get pretty much the same benefit as you'd get with the bootable Linux CD--except that it's remotely possible (but not very likely) for exploits to be written to compromise (or attack) VirtualPC or VMWare.

Link to comment
Share on other sites



  • Replies 42
  • Created
  • Last Reply

Originally posted by dp2:

Second, you can purchase VirtualPC or download VMWare for free, and you can set up either one so that you can do all of your online stuff within a virtual Windows XP session.

 

or... you could buy a second hard disk and install another copy of Windows XP on it and use the dual boot option to switch between your "everyday" PC and your "musical" PC.

Korg PA3X Pro 76 and Kronos 61, Roland G-70, Integra 7 and BK7-m, Casio PX-5S, Fender Stratocaster with Fralin pickups, Fender Stratocaster with Kinman pickups, 1965 Gibson SG Standard
Link to comment
Share on other sites

Originally posted by Dreamer:

Originally posted by dp2:

Second, you can purchase VirtualPC or download VMWare for free, and you can set up either one so that you can do all of your online stuff within a virtual Windows XP session.

 

or... you could buy a second hard disk and install another copy of Windows XP on it and use the dual boot option to switch between your "everyday" PC and your "musical" PC.

The main reason I didn't specify the second HD option is that the HD could show up as a second HD when either copy of XP boots. If either HD is infected, then it's only a matter of time before both HDs become infected. Additionally, the dual HD (each with its own copy of XP) setup also assumes that the malware won't target the MBR. Both HDs could be toast in the case of an MBR attack.

 

The key, that remains unaddressed in a typical dual HD solution (like the aforementioned one),

is that any potential exploit can't write to CD in the first case, and would most likely not be able to write to the actual HD in the second case. I wrote 'most likely', because there's a small possibility (less than a 1% chance) that a malware writer could write something that could 1) infect the virtual XP session, 2) get that virtual session to load another exploit targeted for either the VirtualPC or VMWare software, 3) get that compromised VirtualPC or VMWare software to infect the host OS (the OS [XP in this case] running VirtualPC or VMWare with a third exploit, and 4) get the infected host OS to load a fourth exploit to do the real nasty stuff to one's system.

 

I hope I didn't bore or lose anyone with all of that "geek-speak". :)

 

The point is that both of the solutions that I suggested make it exceedingly difficult for a would-be attacker to compromise one's system.

Link to comment
Share on other sites

Rule one about PCs is to always have a separate computer for your music

Yep, I'm using an external hard drive for all the music stuff.

disabling the preview pane Yep, I do this with Outlook - that preview pane is a menace

ZoneAlarm is very good

I've installed that so I'll see how I go.

manual cleaning fortunately I didn't have to edit the registry and get my hands dirty - but who knows - I'm only hoping that the problem is gone now.

Norton isn't just a piece of crap, it's an expensive piece of crap. Not only that, it can be very difficult to get rid of

I'm really regretting paying to upgrade to the latest version- it's much more clumsy. I run AVG on my old laptop and it's fine. I tried to uninstall Norton once while I checked out a problem and it left all sorts of traces - Office files could not open properly.

"1. Get a hardware router even if you have only one computer - they will increase your protection immensely. I've run a test, and there was one port that could be found, but it couldn't be accessed." -I'll look into that

 

2. The XP guru where I deal on computers believes that the firewall in XP is as good as any. That's what our three machines use. Why install and pay for something you already have. and Norton disabled it $$33!!**! - hence the problem - I'm now using that and Zonealarm

 

3. The other programs mentioned such as Spybot are also effective. Worked well!

 

4. The most effective preventive measure was mentioned by Jazzwee I believe. I NEVER open any unsolicited e-mail, particularly on my music machine. I'm petty rigorous about email - I have a feeling the bad stuff got in another way

 

5. Personally (and in the opinion of those others) Zone Alarm should be avoided - it is also very difficult to get rid of."

 

Oh-oh!

 

Good advice here! Just for the records, since installing ADSL last month, I've had several problems with spam, viruses, and spyware attacks. I got rid of them by doing three things:

 

- Running Search and Destroy;

- Enabling Windows Firewall;

- Blocking popups on Explorer.

Yes, the problems with mione began when I updated Norton and my ISP increased by ADSL speed. I've blocked popups but stuff was still getting through but the programs I've run seem to have taken care of it (fingers crossed).

" still have Norton installed, but it's a cosmic piece of excrement. The only reason why I haven't disinstalled it is, a couple of friends tried to do exactly that recently, and both had their whole system messed up heavily."

Likewise, likewise!

Link to comment
Share on other sites

Awhile back I had problems similar to those being described. As others have mentioned, a combo of Hijackthis and Ad-Aware was adequate (in my case) to clean up the mess.

 

However - the problem didn't stop completely until I made it a point to update my OS RELIGIOUSLY.

 

A large chunk of malware software is written IN RESPONSE to Microsucks announcing and posting a fix to a hole in their security that they've corrected. They post the fix - and the hackers immediately dismantle it to see precisely what the original hole happened to be. They then program malware to exploit the hole that MS was nice enough to identify for them.

 

So, those people who actually update and install every patch are (relatively) safe. But everyone who doesn't keep their OS up-to-date can look forward to getting hacked routinely, (pretty much with every MS patch that gets released).

 

Obviously, this isn't the only form of malware, but it IS a large chunk of it. Be sure that after cleaning up your system, you check the MS site for any and all patches and security upgrades.

Link to comment
Share on other sites

Some great advive here from Sandy, Dreamer, dp2, Lou France and Darkon. Sorry I haven't replied yet. I'm printing all this out to look into. I use an external 50 gig hard drive for my music stuff and back up all my valuable stuff on there. The hardest one to backup is always Outlook but I manage.

I spent 4 hours last night installing Mozilla Firefox, Ad Aware SE, Spy Bot Search and Destroy, Microsoft Windows Defender, HijackThis and ZoneAlarm. Things seem to have improved.

Link to comment
Share on other sites

In one word

 

Kaspersky

 

Updates every hour, anti-virus protection, anti-hacker, fire wall, etc. No problems. The only problem I have is with the registry pop-ups, fixed them with a Windows fix-it, was free, and froze the computer sometimes. Took it off the computer and the pop-ups came back. Used a program called "Wipe-Disc" and reloded the operating system on it and still had these damn pop-ups come back again. I believe it happens from loadoing and unloading programs on the computer. I thought using a program called "Wipe Disc" would give me a like new hard drive.......it didn't.

 

I was in a computer store and was about to slect another virus protection program when a guy next to me said"Don't get that". I asked who he was, and he said he worked at Microsoft in Michigan. He said they never use the Microsoft virus protection system. I had to laugh, but he was very serious and said go look at Kaspersky products and do it now.

 

$70 US for the first year ( I got the box and disc, because I don't trust not having the program in my hands)and $45 to renew. Most viruses are from Russia, Kaspersky is a Russian program. Go figure.

 

Check it out, you will be very impressed. Many very large corporations use this program to secure their information, look them up and see for yourself.

 

Just my two cents worth on the topic.

 

Jazzman :cool:

Link to comment
Share on other sites

Thanks Jazzman, I will check that out once my N**!$n AV subsriction runs out (if I can uninstall the wretched thing).

 

Things seemed to have imporved somewhat on my computer.

 

I'm wowed by the collective knowledge and ability of the Musicplayer forumites.

I hope no-one has the problems I've had (but someone probably will) and I'd like to think that in that case this thread (and the parallel threads on the guitar and bass forums) would provide a useful (if OT) resource.

Link to comment
Share on other sites

Originally posted by Phil W:

Rule one about PCs is to always have a separate computer for your music

Yep, I'm using an external hard drive for all the music stuff.

disabling the preview pane Yep, I do this with Outlook - that preview pane is a menace

ZoneAlarm is very good

I've installed that so I'll see how I go.

manual cleaning fortunately I didn't have to edit the registry and get my hands dirty - but who knows - I'm only hoping that the problem is gone now.

Norton isn't just a piece of crap, it's an expensive piece of crap. Not only that, it can be very difficult to get rid of

I'm really regretting paying to upgrade to the latest version- it's much more clumsy. I run AVG on my old laptop and it's fine. I tried to uninstall Norton once while I checked out a problem and it left all sorts of traces - Office files could not open properly.

"1. Get a hardware router even if you have only one computer - they will increase your protection immensely. I've run a test, and there was one port that could be found, but it couldn't be accessed." -I'll look into that

 

2. The XP guru where I deal on computers believes that the firewall in XP is as good as any. That's what our three machines use. Why install and pay for something you already have. and Norton disabled it $$33!!**! - hence the problem - I'm now using that and Zonealarm

 

3. The other programs mentioned such as Spybot are also effective. Worked well!

 

4. The most effective preventive measure was mentioned by Jazzwee I believe. I NEVER open any unsolicited e-mail, particularly on my music machine. I'm petty rigorous about email - I have a feeling the bad stuff got in another way

 

5. Personally (and in the opinion of those others) Zone Alarm should be avoided - it is also very difficult to get rid of."

 

Oh-oh!

 

Good advice here! Just for the records, since installing ADSL last month, I've had several problems with spam, viruses, and spyware attacks. I got rid of them by doing three things:

 

- Running Search and Destroy;

- Enabling Windows Firewall;

- Blocking popups on Explorer.

Yes, the problems with mione began when I updated Norton and my ISP increased by ADSL speed. I've blocked popups but stuff was still getting through but the programs I've run seem to have taken care of it (fingers crossed).

" still have Norton installed, but it's a cosmic piece of excrement. The only reason why I haven't disinstalled it is, a couple of friends tried to do exactly that recently, and both had their whole system messed up heavily."

Likewise, likewise!

Using to firewalls is something I advise you avoid Phil, you should disable the Windows Firewall.

Speaking of Norton, I've had recent problems with that and that's the reason I switched to Nod32. One of the biggest problems I faced with Norton was that it kept telling me my subscription expired, long story short their tech support was no help to me so I switched Av packages.

The idea of using a router with a built in firewall is a great idea.

 

Excellent advice DP2, I was aware of a few of those soloutions but another one I'd like to suggest is to get a program that can "mirror" a brand new OS installation and have it put the mirror on dvd what I like to do is make the "mirror disc" after I update Windows and put on my choice of browser and security software etc.

Link to comment
Share on other sites

Loufrance, that's also an excellent idea, and you wrote much tighter and simpler than I probably would have wrote it. ;)

 

By the way, another name for that "mirror image" is a "golden image".

 

With the right software, something like Acronys, one could make that golde image CD/DVD bootable.

Link to comment
Share on other sites

Originally posted by Phil W:

"Using to firewalls is something I advise you avoid Phil"

Will do! What problems does it cause?

Most likely conflicts,you could also suffer from slowdowns etc. I'd have to read up on the issues to be able to be more specific but the best way I guess I can explain it is having 2 stuck up security guards who refuse to work together, if they conflict most of the time anybody can stroll in and do as they please.
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...