Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

How did I get infected?


  • Please log in to reply
117 replies to this topic

#16 Stheno

Stheno

  •  Avatar image
  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 08 February 2008 - 07:44 AM

any comments about the possible unsafe practice of closing the 'nasty' windows via the X, which may 'hide' a 'malicious intent' :thumbsup:


If you click the "X" it tells the program to quit. It sends a "exit" command to the program.

This exit is processed by the program and malicious coders can have code execute upon the receipt of the "exit" command.
Programs for the most part close themselves with this, so relying on a suspicious program to exit nicely without doing harm is much in the same as asking a home intruder to leave without stealing or breaking something.

By closing it via task manager (or google a very nifty thing called process explorer) it in effect bypasses the reliance on the program to play nice.
Basically windows is then forcing an exit. Thereby reducing the possibility of a threat.

I know there are far more technical terms to use in my description, and there might be more to it, but it seems this has rang fairly true in my experiences.

Now, if you get a browser popup with that "X" you will need to kill your browser in the task manager. I know that it is annoying to retrace your steps on what page you might have opened, but its far better than retracing an entire windows reinstall, or going through the removal of viruses.

Anyway, the net is one person safer each time ANY security help is read and listened to, so have a good one be safe.

BC AdBot (Login to Remove)

 


#17 grap6b

grap6b

  •  Avatar image
  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 07 March 2008 - 10:56 PM

Thanks for the suggestion sir. When I was using internet explorer two years earlier, I got infected once. But now I am using mozilla firebox as a browser. What are the security suggestion for this browser?

#18 ruby1

ruby1

    a forum member


  •  Avatar image
  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 05 April 2008 - 09:50 AM

having found this

http://www.geekgirls.com/security_spyware_prevention.htm

if you scroll down to browsers

Close pop-ups using the X in the top right-hand corner


this I for one do NOT advocate as the X is known to be a route to harbour nasty critters

I have also located another which suggests to use the X to close the window

I thought it was well known that the X can harbour a nasty just waiting to infect your computer

#19 Rocco5955

Rocco5955

  •  Avatar image
  • Members
  • 22 posts
  • OFFLINE
  •  
  • Location:Rosendale, NY
  • Local time:11:57 PM

Posted 18 August 2008 - 03:47 PM

am I also correct in assuming that if one has a hardware firewall , then a software firewall is NOT necessarily needed or required?


A hardware firewall will prevent 'ET' from phoning in, but if he is already in, he CAN phone home. A software firewall not only prevents 'ET' from phoning in, but prevents him from phoning home. This is what I tell people.

Also, I do not use the 'X' to close a pop-up. When I see one, which is rarely, I close the browser from within the task manager. I tend to kill processes there anyway, it's just so much more convenient for me.

"Understanding is a three-edged sword." -- President John Sheridan


#20 TulShulty

TulShulty

  •  Avatar image
  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 29 August 2008 - 08:49 PM

wow i didnt know about the X thing. Knowledge is a wonderful thing :-) ty Is there a kill program out there or just use task manager?

#21 Revenwyn

Revenwyn

  •  Avatar image
  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 03 October 2008 - 12:19 PM

ok not knowcking the suggestions but wont that slow down the performance of many pc`s and/or slow down internet ?


yes in fact these will slow down your PC , apps such as spyware bot installs a real time scanner called teatimer and SD resident which run in the background, also your virus scanner and firewall will slow down your PC, but you know what, its better to have a 15% slower PC then to be at a risk of infection.
There are some things that will really slow down your PC such as the new adaware 2007 adwatch, that will take a good chunk of your resource and really slow things down so i would not suggest that at all, maybe run the app itself to find any spyware or MRU's cookies etc.
also i recommend for everyone to have at least 2MB of ram, that will help you a great deal ;)
Email me if you have any questions, will be glad to answer.

much luck :thumbsup:



Okay, so I live in a little pocket of land with no form of high speed internet. Internet use is PAINFULLY slow. I don't want to have it 15% slower!

Oh yes, don't you mean 2 GB of RAM?

Edited by Revenwyn, 03 October 2008 - 12:20 PM.


#22 saint satin stain

saint satin stain

  •  Avatar image
  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Huntsville, AL and Greenwich Village
  • Local time:11:57 PM

Posted 19 October 2008 - 09:46 AM

Okay, I confess, I didn't read all of the responses, but did a fast scan after the first 5 or 6. I did get the direction of the comments. I went in a new direction for defense, no, let's call it real: WAR. This guy Gizmo sez, don't get infected.

The ideas are not all mine; actually few are mine. If you see one of your ideas without attribution, forgive me, and speak out, claim it. Beginning with a fresh install of XP Professional behind a router I don't have to download SP2 and SP3; I have them on disc. I install antivirus and software firewall (with HIPS feature) and leave a default settings. I harden the system. I begin by using Local Security Policy and applying a template that you can get from Microsoft IP Security Policies on Local Computer: I use the IPrules For Home Use but with one exception, I uncheck Deny All UDP Traffic. You do this if you want to update your computer clock with a time server on the internet; if you don't leave it checked. You can make these settings yourself, but a template makes it easier. You still have to check the settings.

These are basic IP rules that give the home user only what they need to browse the web, get files and email. Other than that, all other ports are locked down. .

Disable all unneeded, unnecessary Services; Uninstall Telnet. Turn of Simple File sharing.

Two sites that can offer suggestions, but think about them, which ones will apply to your situation: http://labmice.techtarget.com/articles/win...tychecklist.htm and http://home.comcast.net/~SupportCD/OptimizeXP.html. Other resources: http://www.lbl.gov/ITSD/Security/systems/w...-checklist.html and for free support software Nirsoft and Windows Sysinternals.

Lock down XP Pro with local settings, harden it, and keep all software updated. For your core security use a router with SPI firewall in it, use an effective antivirus with antispyware that is light on resources, use a software firewall light on resources, use a sandbox program, and SpywareBlaster. You don't need a separate realtime antispyware. My selections for these are

Linksys WRT54G2 V1 but helpful guide: http://www.firewallguide.com/wireless.htm

Eset's NOD32 Antivirus
Online Armor (paid, also has a free version and a version with antivirus: Kaspersky)
Sandboxie (free and paid versions. I have paid.)
SpywareBlaster (venerable veteran of the internet wars)

TallEmu (Online Armor) and Sandboxie have their own forums; the Eset forum is hosted by WildersSecurity Forum.

Go to their sites and read their guides.
To check antiviruses go to AV-Comparatives
To check firewalls go to Matousec

For everything Home PC Firewall Guide
Spyware Warrior
Nonags
Black Viper

Use Mozilla Firefox or Opera; although IE7is more secure than previous versions.
I use several, all Gecko browsers: Firefox (default), Flock (for social sites), and K-Meleon and K-Ninja. I use Firefox portable and Iron version of Google browser on usb drives; portable Thunderbird.
Basic security extensions for Firefox and Flock (if the Flock extension site doesn't have it use the Firefox extension (Flock is Seamonkey under the hood): NoScript, CSLite or Permit Cookies, KeyScrambler, McAfee SiteAdvisor, NetCraft AntiPhishing Toolbar, and RefControl. I run all browsers and email clients sandboxed. I have to explicitly allow malicious software to write to my system. The antivirus still works to read malware.

I use the mail clients Mozilla Thunderbird (default) and Windows Live Mail to download to my desktop email from twelve of my fourteen email addresses; two I check with my mobile. Reason I have so many, I have internet accounts in the City and the Rural. When I am in the City I get 12 and the same in the Rural.
Extensions for Thunderbird: Allow HTML Temp, the only one you need; set Thunderbird to receive all email Plain Text and you can allow html if you think it is safe for each. All email clients are run sandboxed.

There are details I forgot or left for you to find on the research sites given. The last security app is hardwired, no software and is superior to any computer, security app hardware or software, and if used properly you, with the help of the apps I use, will probably avoid infection. Your brain. The brain of an imbecile or moron is superior to any computer. The computer to simulate human walking weighs too much to put in the robot. Imbeciles and moron walk with ease, some get elected to the congress. Use your brain!

Some ondemand scanners and diagnostic programs I use (other than the NirSoft and Sysinternals ones) for defense:
GMER(and catchme), IceSword, Rootkit Unhooker, ewido anti-spyware microscanner, Malwarebyte's Anti-Malware, SUPERantispyware (free), Trojan Remover (only one not free. I have had this a long time; you pay once and get all new updates forever, or until you die. You may use it as ondemand or schedule it to scan on boot.)

I also use PGP Desktop and even though I and family and friends only encrypt about 11% of our emails (last year) it is a necessity for me, especially since the revelations about the NSA spying of the Bush administration. The NSA can't break this encryption. I don't use wireless networking, only wired. You don't need to take your laptop into the backyard. Get a life. Cook steaks, cavort with wife and kids, mow the lawn with a push mower, and do other life things.

Don't do banking on a mobile! Use wired networks! Learn hacking so you know how those miscreants think and the possible attack vectors. You don't have to become an expert.

Don't get infected!
http://www.techsupportalert.com/how-to-secure-your-pc.php
If you use Sandboxie, you can use the Windows Firewall or any of the top recommended firewalls at Matousec, router, any of top 3 free antiviruses or top three or four at AV-Comparatives, and a few ondemand scanners.

I have XP Professional ver.2002, SP3, AMD Athlon 1.19 GHz, 768 MB of RAM and with Online Armor, NOD32, PGP, and Sandboxie (when browsing and emailing), Weather Watcher, Copernic Desktop Search, MozyHome Backup, and PGP I don't perceive any slowdown or drain on my system. Firefox and Thunderbird are open now too, so is Say The Time and a few small apps(in assembly) and the RAM free 263 MB, Commit charge about 30% a little more or less, If you use the Windows Firewall, don't use PGP, a desktop search, or desktop weather the values will be lower. I upped my original 512 MB and, though the tech said that upping it to a grand would give just a little more juice and might not be worth it (I'm poor), I may up it to a grand.

Don't use suites, too heavy. Use Sandboxie as the core and work around it.

I have finished my rant. Come on take it apart, sift, measure, and tell me my damn fool measures won't work. Add details that my feeble brain missed. Tell me about safe and reliable sources of freeware, objective tests.

saint satin stain
Responsible for what I say,
not for what you understand.
www.leftinalabama.com


#23 Jcc3258

Jcc3258

  •  Avatar image
  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Van Buren Township, Michigan
  • Local time:12:57 AM

Posted 26 October 2008 - 12:08 PM

Does this issue effect windows vista home basic if it does Let Me Know

All my xp mechines are up to date with this patch.

Thanks Jason user Jcc3258

#24 yenzies

yenzies

  •  Avatar image
  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 28 November 2008 - 06:59 PM

Didn't know about the "x" thing... Completely enlightened. :D Thanks!

#25 TSalarek

TSalarek

  •  Avatar image
  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kentucky and Florida, USA
  • Local time:12:57 AM

Posted 07 December 2008 - 07:06 PM

Does this issue effect windows vista home basic if it does Let Me Know

All my xp mechines are up to date with this patch.

Thanks Jason user Jcc3258


All virus issues affect all computers, some more than others. Contrairy to popular belief Apple is not immune and Linux, etc can be hacked (it's just a lot harder)

As far as slowing down the system: No single anti-malware product will get all that might be trying to get you. It is RECOMMENDED to install multiple AV products. HOWEVER only ONE should be running in REAL TIME (the others should be manual scan)

The different programs may conflict and may compete for system resources so make sure only one is set to run in the background. that one will (hopefully) catch the nasties on the inbound and block them. Periodically though,you'll want to disable that one and manual scan it with the other programs to make sure it didn't get corrupted; as the active program it becomes the bait for the malware while your manual scan AV are waiting in ambush. and MAKE SURE all the AV programs are kept updated; open them and hit Update at least once a week.

It can not be said enough: YOU ONLY NEED ONE FIREWALL. More than that and you get the same system issues as above, plus you may negatively affect surf-ability. Just make sure that it is on and actively protecting and make sure you have all updates from the manufacturer. Though having one system wall and one router wall (like in a home network with multiple computers), provided the settings are balanced, does not seem to cause problems.

The people that make viruses and other nasties want to get in and take over as quickly and as quietly as possible. The harder you make it for them to get in, the less likely you are to get bit.

**think of it like bronchitis. Firewalls and innoculators (like in Spybot S+D) and practicing Safe Internet are the prevention; hopefully if you do these you wont get sick. If you do catch something, AntiVirus, AntiAdware, and AntiSpyware are the antibiotics that will help cure you.

#26 tokatee

tokatee

  •  Avatar image
  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 19 March 2009 - 02:20 AM

"If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type."

I do download a lot of crappola from the Internet, so one would think that I would be a "high-risk" user. And I am. I have been bitten more than once by BadDogz. Over the past few years, I have implemented a more stringent approach for downloading files. I now scan all files, with my AV, MBAM, several DOS-based AV apps, and finally several ARKs. I do this in batches, otherwise I would be spending a lot time just scanning. I never execute (double-click) on a file until after I have gone through these procedures.

About six months ago one of my ARKs turned up a file that was not what it was supposed to be. It was supposed to be a .xxx file (not one of those ones listed above), and it was categorized as 'hidden." I labored over this problem and tried to determine its real format by trying to examine its properties. Right-click>Properties. Nothing! By accident I examined the file with WinRAR, and it turned out to be something very different than what I expected. Let's just say that it was not Gladys Knight singing "I Heard It Through the Grapevine." It was a program loaded with several .dlls and other .rar/zipped files. It was immediately deleted and never executed.

The moral of this story is that file extensions can be altered to fool someone. And that it is usually the user who is the cause of most computer infections by ignoring some very basis practices.

#27 Lassar

Lassar

  •  Avatar image
  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois
  • Local time:11:57 PM

Posted 21 March 2009 - 12:48 PM

:thumbsup:

FireFox + NosScript is alot more safe then Internet Explorer.

I advise to put the internet security zone in IE to high. And then just add only trusted sties like microsoft to it.

I think that FireFox + NosScript is immune to malicous sites. Unless you have a extension that is malware.
What do you get when you cross a plumber with a TV repair guy ?
Answer: A FCC GROL tech; who loves to tinker with antennas.

#28 saint satin stain

saint satin stain

  •  Avatar image
  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Huntsville, AL and Greenwich Village
  • Local time:11:57 PM

Posted 24 March 2009 - 02:48 PM

:thumbsup:

FireFox + NosScript is alot more safe then Internet Explorer.

I advise to put the internet security zone in IE to high. And then just add only trusted sties like microsoft to it.

I think that FireFox + NosScript is immune to malicous sites. Unless you have a extension that is malware.



Firefox plus, NoScript, CS Lite, RefControl, and WOT. Sandboxie too.

saint satin stain
Responsible for what I say,
not for what you understand.
www.leftinalabama.com


#29 rcmck

rcmck

  •  Avatar image
  • Members
  • 46 posts
  • OFFLINE
  •  
  • Location:everywhere
  • Local time:11:57 PM

Posted 07 May 2009 - 05:49 PM

Nice Tips, I just wish you would have suggested people replace internet explorer altogether and not how to make IE6 safer. As a web designer, the sooner that "browser" just goes away and dies, the sooner I can live a happy life.

#30 Animal

Animal

    Bleepin' Animinion


  •  Avatar image
  • Helper Emeritus
  • 35,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:08:57 PM

Posted 07 May 2009 - 10:57 PM

It's not the browser per se. It's market share and allure to malware writers bang for buck potential. On the flip side it's how the browser is used as well. Safe surfing habits make virtually any browser a low risk proposition with the same type of privacy and protection modules in place.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)

Follow BleepingComputer on: Facebook | Twitter | Google+




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users