Go Back   Steve's Digicams Forums > Welcome Center > Contact Steve's

Reply
 
Thread Tools Search this Thread
Old Jan 12, 2011, 7:21 AM   #11
Administrator
 
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378
Default

When you removed Firefox, it probably left the existing profile (which may have been corrupted), or whatever malware you removed may have been causing an issue with some sites.

As for Malwarebytes, it's not going to find everything either. None of them are foolproof. ;-)

What malware did Malwarebytes find on it? You can see this in the logs (you'll see a logs tab when you start it, and can click on a log and see more details). It's not uncommon for malware to download and install even more malware once a machine has been compromised. ;-)

Note that the free version of Malwarebytes is an "on demand" scanner. So, you can continue to use other products with it at the same time. The best way to use Malwarebytes is to download all updates for it before you get ready to scan. Then, reboot and run the scans from Safe Mode (press F8 as you're booting, and you'll get some menu choices to start Windows in safe mode). I'd start it without networking (to reduce the chance you've got a compromised file being loaded that's masquerading as a network driver). But, again, it's not perfect either (none of them are going to find everything).

Another pretty good product for detecting some malware that others miss is SuperAntiSpyware. They have a free version, too. Get it here:

http://www.superantispyware.com/

I help friends clean infected windows installs from time to time, and sometimes I need to use multiple products to get rid of all of it.

What are you using as a primary anti-virus solution? I'd disable it temporarily and try scanning your machine with the free version of Avira Antivir and see if you may still have some more malware installed. It's the left hand download link on this page:

http://www.avira.com/en/avira-free-antivirus

It's got a much higher detection rate than many products. But, it's not perfect either, as some root kits and boot sector malware can be difficult to detect when running scanners from a compromised operating system (since some load very early in the boot process and are good about evading malware scanners by returning false results to file queries).

So, the best way to be safer is to scan it from a known clean operating system.

One way to do that is by booting into Linux based rescue CDs designed for that purpose.

By booting into a different operating system from CD to perform scans, you don't actually load anything from a potentially compromised Windows install, making it more likely the scanners won't be fooled by root kits, etc. Dr.Web is pretty good with root kits and boot sector type malware.

http://www.freedrweb.com/livecd/?lng=en

Basically, download the .iso file you'll see in the folder that comes up. Then, use something like iso recorder to burn the iso to CD. After you install isorecorder, when you "right click" on the downloaded .iso file from windows explorer (go to the folder you saved the Dr. Web .iso file to using "My Computer" and right click on the .iso file), you'll see a new menu choice labeled "Copy Image to CD/DVD" that can burn the .iso file to CD. Get isorecorder here:

http://isorecorder.alexfeinman.com/isorecorder.htm

Then, after you burn the Dr. Web .iso to CD, reboot your PC with the CD inserted. If it doesn't boot into the CD, you may need to go into your PC's BIOS setup and change the boot order so that it looks to the CD first. Note that I have had some problems booting Dr.Web on some machines. So, if it doesn't work, don't be alarmed (you may need to try other products instead).

Avira also has a Rescue CD. It works on the same principle.

Basically, you're bypassing Windows entirely when you boot into a Linux Live CD. So, you can scan and disinfect the Windows drive without the malware being loaded and able to evade the scans (since you're booting into an operating system running from CD and you're not running anything from the compromised drive). Here's where you can get the .iso file for the Avira CD:

http://dlpro.antivir.com/package/res...-common-en.iso

You'll find similar Linux based scanners from some of other anti-malware vendors, too (BitDefender, Kaspersky and more). See this page about some of them:

http://www.techmixer.com/free-bootab...download-list/

Yet another way to approach it is to remove the hard drive and install it as a second drive in a Windows based PC. Then, boot into the already installed Windows drive on that machine, and scan the second [the infected] drive using a variety of scanners. That way you're only scanning the compromised drive (not booting into it or loading anything from it), making it more likely you'll find difficult to detect malware.

Of course, backing up your data files, formatting your drives, and reinstalling Windows from scratch is another approach. If I find a seriously compromised Windows installation, I'll often take that approach instead (since you can never be sure that scanners found everything)

As for Extensions, they're add-ons that add functionality to Firefox. If you click on Tools>Add-Ons in Firefox, you'll see sections for both Extensions and Add-ons you have installed. Sometimes one of those can cause issues. There are *many* available now. See here for some extensions:

http://addons.mozilla.org/en-US/firefox/extensions/

Here are some in the addons category:

http://addons.mozilla.org/en-US/firefox/

I have a number installed (Adobe Flash Player, EXIF viewers, no-script and more.

Another suggestion....

Make sure to setup a non-Admin (a.k.a., standard user) account and use it. That makes it harder for malware to install without permission. If you click on your start button and type in "create standard user account", you'll see a link come up that you can click on to do that. Then, you're not running as an Admin user.

Again, personally, I take a lot of precautions when I'm running in Windows, as there is just too many criminals trying to steal your data (with banking type trojans on the rise, trying to capture your account info, usernames, passwords, etc., via keyloggers that send that information back to servers operated by criminals).

Again, I use Avira Antivir as my primary anti-virus (as it's detection rate is very high compared to most).

I also supplement it with Threatfire:

http://www.threatfire.com/

I also keep Finjan Secure Browsing installed in Firefox (also free):

http://securebrowsing.finjan.com/

It's a good idea to use noscript with Firefox, too (also free). It can be somewhat of a hassle to set up. But, it blocks scripts from running on web pages you visit unless you give it permission.

http://noscript.net/

In addition, I keep SuperAntiSpyware and Malwarebytes installed, and scan with them on a frequent basis. They both have free versions available:

http://www.superantispyware.com/

http://www.malwarebytes.org/mbam.ph

I also scan my Windows installs from Linux periodically.

Another thing I'd suggest is making sure you're keeping Windows updated, as new vulnerabilities are patched on a regular basis. Ditto for MS applications like IE, Office, etc. (as vulnerabilities are patched on a regular basis).

The same thing applies to browser plugins (Adobe Flash Player, Adobe Acrobat Reader, etc.). Vulnerabilities are patched on a regular basis.

Another thing I do is use the Comodo Secure DNS servers. They're designed to block connections to sites with known malware (as you can become infected by simply visiting a site with specially crafted code in some cases, even if you don't click on anything). That service is free. See this page for more info:

http://www.comodo.com/secure-dns/

Another thing I do is scan anything I install in Windows using tools like http://www.virustotal.com and http://virusscan.jotti.org/en

These let you upload a file and have it scanned by a lot of different scanners to check for malware.
JimC is offline   Reply With Quote
Old Jan 12, 2011, 8:46 AM   #12
Administrator
 
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378
Default

P.S.

If my approach sounds a bit "over the top", keep in mind that a lot of new malware is being developed by criminals, and they're constantly modifying existing strains to evade detection. For example, Panda Labs reported seeing some 20 Million new (previously unknown) malware samples in 2010 alone. See page 19 of their annual report:

http://press.pandasecurity.com/wp-co...eport-2010.pdf

You'll find similar findings from some of the other anti-malware vendors.

BTW, another option is to setup your PC in a dual boot configuration with Linux. No operating system is totally secure. But, most malware is targeting windows now. So, you're far less likely to have a problem running Linux. Just be careful to install software only from trusted sources (as any operating system is vulnerable when you're installing software).

The latest version of Linux Mint (10) is very nice. It uses an Ubuntu 10.10 base (meaning any of tens of thousands of software packages in the Ubuntu repositories will run on it). Mint uses a custom menu system that is really great, along with custom software manager for installing new software.

Here's a review of Linux Mint 10. It's a really nice Operating System with lots of preinstalled software and codecs.

http://www.dedoimedo.com/computers/l...int-julia.html

You'll see download links in this press release about it:

http://distrowatch.com/?newsid=06357

If you've got less than 4GB, grab the 32 Bit release. Otherwise (4GB or more), use the AMD64 release (it's the 64 bit version for both for Intel and AMD CPUs).

You can use the free version of isorecorder to burn it to DVD (it will require a DVD versus CD).

http://isorecorder.alexfeinman.com/isorecorder.htm

After you install isorecorder, if you browse for the Mint 10 .iso file you downloaded using Windows Explorer and "right click" on it. You'll see a new menu choice to "Copy image file to CD/DVD" to burn it to DVD. Then, boot into the DVD and make sure it works OK on your PC (you can run it from DVD without installing it, but it runs slower that way).

If you like it, you'll see an Install Icon on it's desktop you can use to install it. You'll see a choice to install it "side by side with another operating system" during the installation. That way, it resizes your Windows partition to make room for it and installs it in a separate partition. Then, each time you reboot your PC, you can choose from either Windows or Linux mint from a boot menu it installs. That way, you can choose the operating system you want to use each time your reboot.

If you decide to install Mint 10, I'd also install showFoto and digiKam for image management and light editing, making sure to install the kipi plugins (these are used by a number of open source image editors and viewers to give them more features):

http://www.digikam.org/

Mint has a built in software managers you can use to install those types of programs with a mouse click or two (they're in the Ubuntu software repositories and it uses an Ubuntu 10.10 base).

Bibble Pro also has a Linux version available (and you could download a trial version to see how it works. Just download the .deb version for Debian and Ubuntu based distributions.

http://bibblelabs.com/

Personally, I use an anti-virus product in Linux, too (even though you're far less like to be infected by malware for a variety of reasons). I'd try the free NOD32 for Linux (that's what I run in Linux right now, even though I use different products with Windows). It's in it's beta stages and it's free. Get it here if you decide to install Linux:

http://beta.eset.com/linux
JimC is offline   Reply With Quote
Old Jan 13, 2011, 9:45 AM   #13
Administrator
 
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378
Default

BTW, Microsoft just updated their Security Essentials application (free malware protection product) to include Behavior Analysis (a.k.a., Hueristics).


Many other anti-malware products have done that for a long time, but Microsoft has just now "jumped on the bandwagon".

One problem that anti-malware vendors face is that new malware is coming out so quickly that signature based detection schemes just can't keep up with it. So, behavior analysis is really needed to detect more previously unknown malware types.

So, it may be worth a look, too. Previous versions of Microsoft Security Essentials have had somewhat mediocre detection rates; and I'll be interested to see how the new version compares as time passes.

Go here to get it:

http://www.microsoft.com/security_es...aspx?mkt=en-us

Here's a site that mentions the changes with the new version:

http://windowssecrets.com/2011/01/13...t-free-updates
JimC is offline   Reply With Quote
Old Jan 13, 2011, 11:14 AM   #14
Senior Member
 
deadshot's Avatar
 
Join Date: Apr 2006
Location: Hertfordshire UK
Posts: 759
Default

JimC,
Many many thanks for all the info, no one can say that you dont go the extra mile to be helpful.
I have been using AVG free version.+ Spybot.(I had a paid for version of Norton Symentec before that) When I downloaded Malwarebytyes I closed spybot down but still have it there dormant. Whatever the problem was,it's gone now.
When I looked a while, one review said of Avira a while ago that while it had very good detection rates it wasn't very good at removing threats that had slipped through ?.
So that made me stay with AVG at the time.
I have figured out what extensions are meanwhile.
I am saving your info and will try some of the things you recommended.
No doubt the copius info you have put here will help many others also, so well done.
Best wishes
Deadshot
__________________
D5100 +18-200mVR Nikkor lens.
SB400 Flash, ML-L3 Remote.
SB 700 Flash
Holster + Shoulder Bag.
Beike carbon 4 section tripod/monopod
Gorillapod SLR Zoom + BH1 ball head
Panasonic FZ1000
Panasonic FZ200
Nissin D i40 Flash
+ SLR Gorillapod
deadshot is offline   Reply With Quote
Old Jan 13, 2011, 11:51 AM   #15
Administrator
 
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378
Default

None of them are perfect (hence the multiple layers of protection I tend to use to try and minimize my exposure to vulnerabilities), especially with previously unknown malware types (and the last study I saw showed that none of the popular scanners detect more than about 59% of previously unknown malware, even those using heuristics). See this study:

http://www.av-comparatives.org/image...ro_nov2010.pdf

Most tend to do better with malware that's already in their databases. But, keep in mind that every .1 percent in this next study is almost 1000 missed samples (out of the approx. 900,000 samples used for this test, which is a very small percentage of malware samples that have been found so far). IOW, even if a product detects 99.8 percent (as does Avira), it can still miss a lot of malware:

http://www.av-comparatives.org/image...od_aug2010.pdf

IOW, IMO, the best defense is a good offense, using more than one layer of protection. ;-)

BTW, in addition to using something like the free Comodo SecureDNS offering I mentioned earlier (and it's free and easy to setup without installing anything) to avoid sites that are hosting malware, you can also find Security Gateways that screen traffic for malware for yet another layer of protection before it gets to your PC.

Here's one product that's free for home use. You'll need a spare PC with two network connections to install it.

http://www.astaro.com/landingpages/en-worldwide-homeuse

I've been considering taking a spare PC and setting it up for that purpose.
JimC is offline   Reply With Quote
Old Jan 13, 2011, 1:19 PM   #16
Senior Member
 
deadshot's Avatar
 
Join Date: Apr 2006
Location: Hertfordshire UK
Posts: 759
Default

Jim C ,I dont want to keep you tied up to this thread too long but I have recently had my wireles router encrypted. When I tried to set up a limited user account my wireless connection for that account went down. Plus with the Comodo DNS, I have to change the numbers by typing them in and I am not sure if that would muck up my wireless connections.
I realise this is a photography site so dont feel obliged to go any further.
Many thanks
__________________
D5100 +18-200mVR Nikkor lens.
SB400 Flash, ML-L3 Remote.
SB 700 Flash
Holster + Shoulder Bag.
Beike carbon 4 section tripod/monopod
Gorillapod SLR Zoom + BH1 ball head
Panasonic FZ1000
Panasonic FZ200
Nissin D i40 Flash
+ SLR Gorillapod
deadshot is offline   Reply With Quote
Old Jan 13, 2011, 2:59 PM   #17
Administrator
 
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378
Default

You may need to setup the wireless passwords separately for a different account. Just click on the icon in your tray for wireless and enter the new info and it should work fine.

As for a different DNS, that should not hurt anything. It's actually better to do it at the router level, too (and you'll find separate instructions on doing it that way, versus entering in the new DNS addresses at your PCs). If you want to be safer, write down your existing DNS addresses first so you can change them back if you do experience any issues (doubtful from my experience with Comodo SecureDNS).
JimC is offline   Reply With Quote
Old Jan 13, 2011, 4:16 PM   #18
Senior Member
 
deadshot's Avatar
 
Join Date: Apr 2006
Location: Hertfordshire UK
Posts: 759
Default

JimC
Many thanks!!
__________________
D5100 +18-200mVR Nikkor lens.
SB400 Flash, ML-L3 Remote.
SB 700 Flash
Holster + Shoulder Bag.
Beike carbon 4 section tripod/monopod
Gorillapod SLR Zoom + BH1 ball head
Panasonic FZ1000
Panasonic FZ200
Nissin D i40 Flash
+ SLR Gorillapod
deadshot is offline   Reply With Quote
Old Jan 13, 2011, 4:39 PM   #19
Administrator
 
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378
Default

Here's what you'll see if you are trying to access a site they have flagged. You can still access a site flagged as dangerous if desired. But, I wouldn't recommend doing that. Click on the image for a larger version.



JimC is offline   Reply With Quote
Old Jan 17, 2011, 7:46 AM   #20
Administrator
 
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378
Default

Quote:
Originally Posted by JimC View Post
BTW, Microsoft just updated their Security Essentials application (free malware protection product) to include Behavior Analysis (a.k.a., Hueristics).
Thumbs Down on the new version of Microsoft Security Essentials.

Against my better judgment (since MSE's detection rates have not been that good in the past compared to some of the other free products around), I installed it for test purposes in a Windows 7 installation.

Well, this morning, a new member posted a link to a site (very nice looking) that appeared to be related to the VLC Media Player project. It had feature lists, screen captures, and even videos showing off VLC Media Player.

But, the download button on the pages there pointed to a file named vlcsetup.exe that contained adware/spyware.

Note that the "real" site for this project is http://www.videolan.org (not malicious), with their downloads hosted at http://sourceforge.net/projects/vlc

The fake site (looks *very* legit) is now being filtered by our forums software, so that nobody can post a link to it, with the member posting a link to it now banned (new member, obviously trying to get others to download this software).

So, be careful if you see the VLC Media Player being promoted elsewhere. BTW, it's a very good media player, and I use it by default in both Windows and Linux.

The same thing goes for any software you want to install. Be careful you're getting it from the original author, and make sure it doesn't contain any malware. I'd make sure to upload any software you want to install using http://www.virustotal.com so it can be scanned with multiple malware scanners (they're using 43 different scanners now to scan any files uploaded). Even it comes back clean, still be suspicious unless you're downloading from a known reliable source, as the scanners may not know what to look for yet with brand new malware strains.

BTW, the free version of Avira Antivir immediately flags the file I was downloading this morning (VLCSetup.exe) from the site masquerading as being part of the project as Malicious.

But, a fully updated version of the new Microsoft Security Essentials does not, even if you right click on the download from Windows Explorer and use the new menu choice you'll see to Scan a file with MSE. It indicates no threats found.

I also test uploaded the file to http://www.virustotal.com where 26 of the 43 malware scanners they use flagged it as malicious. Microsoft's scanner did not.

So, I'll stick to products like Avira Antivir that have a better detection rate. It appears that Microsoft is still lagging behind in that area.
JimC is offline   Reply With Quote
 
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -5. The time now is 12:04 PM.