Pages

17 March, 2009

Fighting the Trojans


So, three nights, now, I've been doing battle with the Trojans. Where they came from, I don't know - probably one of Microsoft's infamous security flaws, coupled with the fact that one of the buggers seems to have been clever enough to knock out McAfee. (Rather reminds me of the guard dog I owned once. She actually got stolen. That's one pathetic guard dog, and McAfee's one pathetic program, although it worked fine until now.)

Thanks to you lot and your help with me stepmum's computer lo these many months ago, I knew just where to go: Spybot Search and Destroy. I tried Ad-Aware, too, but it requires someone who knows what the fuck they're looking at. So does Hijack This. Spybot's been fighting valliantly on the front lines, all by its lonesome because McAfee apparently has decided that Virtumonde isn't adware. The thing about Virtumonde is, when you remove one bit, it's already seeded itself elsewhere.

Enter Avast.

Avast is awesome.

Aside from their hideous sounds - I mean, for fuck's sake, is it really necessary to have some fucker screaming "Virus!" at you while sirens wail? But that's easily disabled. And I've been watching it play whack-a-mole with Virtumonde all night.

It doesn't just quarantine, it kills.

And it appears to have been made for novices such as myself. It's not quite as mindless as McAfee, but it doesn't require much effort to understand and use. And it doesn't seem to suck quite as much memory, which is nice.

Between SpyBot and Avast, I don't think the trojans stand a chance.

7 comments:

  1. I have been using Avast for a couple of years now, it's on all the computers in this house :-)
    Adaware is not so bad and Hijack this is good because you do a sweep then post the results back to the hijack this forums and let the guru's there decipher it for you :-)

    ReplyDelete
  2. Yes, well, first you have to get off your lazy arse and post to their forums... which I haven't quite worked up the energy to do, sad to say. There's also the vague sense of not wanting to impose on others, which I know is silly. Either that, or it's just one of those personal things - I likes me a good fight, and it's kind of fun deploying my own troops at the moment.

    Glad to know you're using Avast. That makes me feel even better about choosing it as one of my soldiers.

    ReplyDelete
  3. Virus Database updated.
    The first time that went off in the middle of the night it freaked my wife right out.

    You're right though, it is great.

    ReplyDelete
  4. Unfortunately once you're infected there's no real way to be sure you've gotten everything aside from a complete hard drive wipe. While there are those infections that make noise and popups trying to get your credit card information there are those that actively stay under the radar and just record things like your keystrokes and traffic. Get yourself a thumb drive, copy all of your plantext files (word docs can still be infected, but all you need them for is text), sleep on it for a few nights to make sure you got _everything_ and format your computer. Alternatively you can buy another hard drive and start over on that one if you have the lingering doubt that something useful might still be on your current one.

    It sucks, but I think it's less hassle in the long run. Then put avast on, it's great at stopping trojans before they can root themselves in.

    ReplyDelete
  5. Yup, most of your pay anti-virus programs are right useless in comparison, I got Avast about five years ago during grad school when I was recipient of a particularly nasty virus thanks to using a flash drive and bringing my work home with me. Almost lost my thesis thanks the bastard. Since I use it and search and destroy to kill off spyware, only use firefox for browsing and my life has been a happy one.

    ReplyDelete
  6. Eric S. Raymond wrote a great document a while back on how to ask for help in the computer world. Before asking for help, he advises:
    [quote]
    Before asking a technical question by e-mail, or in a newsgroup, or on a website chat board, do the following:

    1. Try to find an answer by searching the archives of the forum you plan to post to.
    2. Try to find an answer by searching the Web.
    3. Try to find an answer by reading the manual.
    4. Try to find an answer by reading a FAQ.
    5. Try to find an answer by inspection or experimentation.
    6. Try to find an answer by asking a skilled friend.
    7. If you're a programmer, try to find an answer by reading the source code.
    [end quote]
    Don't worry about number 7. Most folks on the forums aren't programmers, even on open source forums. If you don't know anyone with the requisite skills, don't worry about 6. Usually, people are glad to help if you've tried on your own. Describe what you've tried to do before posting, particularly if it's your first post on a forum.

    One more thing that Eric might not have mentioned - if you do figure out the problem, say so where you asked for help. Explain what you did or found. It's a way of giving back.

    ReplyDelete
  7. hen I used to build/fix computers for a living this was my work flow

    First make the recovery CD's

    Second thing I do is go into add/remove programs and remove the following:
    Norton or Mcrappe
    Any CD or DVD burning and playing software
    Any trial ware including the MS office 90 day trial (This way they wont make documents they cant access after the trial)
    Any branded software, ie if its an HP, anything labelled HP gets tossed, be careful here, if they have an HP printer installed already, you will want to be careful what you get rid of.
    Any other anti malware software installed, its usually a trial anyway
    Get rid of quicktime (unless they are going to use iTunes) and get rid of real player, and any codec packs installed
    I also kill the "game packs" that come with the computers, they usually have spyware as well.
    Get rid of AOL, and all internet and network "helper" programs.
    Get rid of all toolbars
    Get rid of all offers
    I also get rid of any software they use to control wireless if install on the system, the built in controls for wireless in XP and Vista are simpler and easier to use.

    Reboot, then show hidden files and folders, and delete any folders on the root of C except Windows, Documents and settings, Recycle Bin, and Program files. Vista is different, keep Windows, Users, System Volume Information, Program Data, Program Files and Program Files (x86), Boot, and Recycle Bin.

    Then I reboot and run Hijackthis, and look for running processes of any of the software I removed, some if it is still there, and I get rid of em. If the system came with Norton I also run the Norton removal tool to get rid of the rest of the program.

    Next open IE, make note of the home page settings, then go to the advanced tab and use the two tools at the bottom, "restore advanced settings" and "reset" Then close IE, re-open, go back to tools, put back their preferred home page, then click on the settings button in the main tab and do the following:

    Under Enable Tabbed browsing, make sure all options are checked
    Under when a popup is encountered check the last one, Always open popups in a new tab

    Then close the settings tab, open a new tab, check never show this again, and IE is setup for easier use for the standard user.

    Then run CCleaner, do a full clean-up including the optional:
    Windows Error Reporting
    Old Prefetch Data
    Menu Order Cache
    Tray notifications Cache
    Windows size/location Cache
    User Assist History

    Then I run the registry cleaner, backing up the registry when it prompts

    Then I install service packs if needed, reboot, then install all windows updates.

    Reboot, then I install the following programs:
    Adobe Acrobat Reader
    Flash Player
    Shockwave
    Java Player
    CD burner XP (simple free cd burning app)
    OpenOffice.org (Only if their computer doesn't have a office program)
    Quicktime Alternative(unless they use itunes, then regular quicktime will have to do)
    Real Player alternative
    VLC
    Klite Full Kodec pac (all of the above players and codec pack will allow them to play almost any video file from the net)

    I also run a quick registry addon that puts the full IE icon on the desktop instead of a shortcut. (http://www.howtogeek.com/howto/windows-vista/add-internet-explorer-icon-to-windows-vista-desktop/)I also setup their email and make sure there is a shortcut to it on the desktop and in the task bar.

    Last thing, install the AV program or suite they will be using, then reboot

    Tweak any settings at this time (start menu settings, task bar settings, folder behaviour etc)

    Again run CCleaner just like above and also run the registry cleaner.

    If its XP, I run the defragger and I am done. If Vista, then its done, the defragger is a background task and need to be manually run.

    This is of course if you decide to start from scratch, though for my money that's a bit over the top for what seems like a simple virus attack.

    ReplyDelete

Note: Only a member of this blog may post a comment.