So how did I get infected in the first place? - Safer-Networking Forums

**TonyKlein** · 2005-11-08, 18:37

There are a variety of causes, one common reason is that your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim.

1) Watch what you download and where from. If you insist on using a P2P program, please read File Sharing, otherwise known as Peer To Peer. (P2P)

2) It's important to always keep current with the latest security fixes from Microsoft. UPDATED WINDOWS

ActiveX in Internet Explorer

Even if you plan to use an alternate browser, you will have to use Internet Explorer for tasks like updating Windows or visiting any other site that requires ActiveX. Also, since Internet Explorer is integrated into the Windows core, keeping it secure is very important.

IE9 is available only for Vista and Windows 7. How to use Tracking Protection and ActiveX Filtering in Internet Explorer 9

For IE7 and IE 8, open IE and go to Tools > Internet Options > Security > Internet, then press "Default Level", then OK.In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed. Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option > Security.
So why is ActiveX so dangerous that you have to increase the security for it? When your browser runs an ActiveX control, it is running an executable program, no different from double-clicking an exe file on your hard drive. Would you run just any file downloaded off a web site without knowing what it is and what it does?

3) Make sure your installation of Java is up-to-date. Oracle (Sun)Microsystems-Java Security vulnerability in older versions left on system

4) Let's not forget How Spybot-S&D protects against the installation of Spyware/Malware.

*It is important to note that all of the above programs/files can be run simultaneously on your system. They will work together in layers, so to speak, to help protect your computer.
However, the following suggestions are designed to only run one of each. It is not a good idea to run more than one firewall, and one anti-virus program. Running more than one of these at a time can cause system crashes, high system usage and/or conflicts with each other.

6) We don't recommend the XP firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, if using XP it's far preferable to install one of the excellent third party solutions.

If you choose to install a third party software Firewall remember to disable the native Windows Firewall at that time. This study on firewall leaktests may be of interest before making a decision.

7) An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. Some very good and easy-to-use free A/V programs are Avast and AntiVir. It's a good idea to set these to receive automatic updates so you are always as fully protected as possible from the newest virus threats. Microsoft Security Essentials is also an option. Remember- run only one antivirus resident at a time.

If a personal computer is infected you may post a DDS log in the Malware Removal Forum to receive free assistance from our volunteer analysts.
Please see the FAQ first: "BEFORE You POST"(Please read this Procedure Before Requesting Assistance)

Happy safe computing!!

**tashi** · 2006-02-21, 17:22

The Java SE Runtime Environment (JRE) allows end-users to run Java applications.

Vulnerabilities in old Sun Java versions may be partly responsible for Vundo/Winfixer/Virtuemonde infections.

It is very important not only to keep Sun Java up to date, but also to remove older versions which have security holes and can be exploited by malware.

After installing the latest Sun Java if previous versions still show in "Add/Remove Programs", uninstall them from there.

Sun Java Version 1.6.0_26

This release contains fixes for security vulnerabilities. Oracle Java SE Critical Patch Update Advisory - June 2011

Download: http://java.com/en/download/manual.jsp

Release Notes: http://www.oracle.com/technetwork/java/javase/6u26releasenotes-401875.html

Java Help Center - General Questions: http://www.java.com/en/download/help/index.xml

------------------------------------------------
Java SE Runtime Environment 7
http://forums.spybot.info/showpost.p...0&postcount=12
------------------------------------------------

How do I uninstall Java on my Windows computer ?
http://www.java.com/en/download/uninstall.jsp

Why should I remove older versions of Java from my system?
http://www.java.com/en/download/faq/...erversions.xml

**tashi** · 2006-04-28, 20:03

14 ways to get Infected without trying

A little bit of humour but also based on fact.

1) Look for cracks, subdivided in illegal software and .....

2) Practice unsafe hex, browse the web for free pOrn

3) Look for software that adds smileys to your posts, mail etc

4) Look for kewl skins, screensavers etc

5) Look for spyware removers, concentrate on the kind that makes you pay before it removes anything

6) Install a P2P program and repeat all of the above

7) You always want the best; use p2p to download anti-virus/firewall software.

8) Do NOT pay for anything, the internet is a place where you can steal anything from everyone without even saying as much as thank you

9) Don't have/use/update antivirus/security software

10) Look for pokergames, slotmachines and other gambling outfits

11) Look for ringtones and other stuff to bling your phone

12) Click on those unexpected links and attachments in email, because you're curious...

13) Do loan your laptop to the next door neighbour for the weekend and give him your Admin account login so he can get his project done with no hassles

14) Let the Babysitter use your laptop for 'schoolwork'

Thanks to Metallica for most of those and CalamityJane, bitman, Lonny, shelf life.

**tashi** · 2007-06-14, 09:46

Quote:

A botnet is a collection of compromised computers under the remote command and control of a criminal “botherder.” Most owners of the compromised computers are unknowing and unwitting victims. They have unintentionally allowed unauthorized access and use of their computers as a vehicle to facilitate other crimes, such as identity theft, denial of service attacks, phishing, click fraud, and the mass distribution of spam and spyware. Because of their widely distributed capabilities, botnets are a growing threat to national security, the national information infrastructure, and the economy.

“The majority of victims are not even aware that their computer has been compromised or their personal information exploited,” said FBI Assistant Director for the Cyber Division James Finch. “An attacker gains control by infecting the computer with a virus or other malicious code and the computer continues to operate normally. Citizens can protect themselves from botnets and the associated schemes by practicing strong computer security habits to reduce the risk that your computer will be compromised.”

http://www.fbi.gov/pressrel/pressrel07/botnet061307.htm

Practice safe hex, protect your computer, other netizens and yourself.

**tashi** · 2008-11-06, 04:47

Secunia Online Software Inspector (OSI)

OSI -Online software inspector: http://secunia.com/vulnerability_scanning/online/

Check if your computer has a minimum security baseline against known patched vulnerabilities.

Detects insecure versions of common/popular programs installed on your PC
Verifies that all Microsoft patches are applied
Assists you in updating, patching, and protecting your PC
Activates additional security features in Sun Java
Runs through your browser. No installation or download is required

Secunia Personal Software Inspector (PSI) Free for personal use. FAQ

PSI -Install software inspector, download: http://secunia.com/vulnerability_scanning/personal/

---------------------------------------------------------

WOT's safe browsing tool for Internet Explorer or Firefox

http://www.mywot.com/

The WOT community has rated millions of websites and while not infallible it is a useful barometer to assist in avoiding sites that host malware, on-line scams and spam.

Process Explorer
http://technet.microsoft.com/en-us/s.../bb896653.aspx

Process Monitor
http://technet.microsoft.com/en-us/s.../bb896645.aspx

**tashi** · 2009-02-01, 18:30

Registry Cleaners, not recommended

USB/thumb/pen/flash drives/removable media - Autorun

UPDATED WINDOWS - Your first line of defense, links and tips

2005-11-08, 18:37	#1
TonyKlein Security Expert Join Date: Oct 2005 Location: The Netherlands Posts: 138	So how did I get infected in the first place? There are a variety of causes, one common reason is that your security settings are too low. Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim. 1) Watch what you download and where from. If you insist on using a P2P program, please read File Sharing, otherwise known as Peer To Peer. (P2P) 2) It's important to always keep current with the latest security fixes from Microsoft. UPDATED WINDOWS ActiveX in Internet Explorer Even if you plan to use an alternate browser, you will have to use Internet Explorer for tasks like updating Windows or visiting any other site that requires ActiveX. Also, since Internet Explorer is integrated into the Windows core, keeping it secure is very important. IE9 is available only for Vista and Windows 7. How to use Tracking Protection and ActiveX Filtering in Internet Explorer 9 For IE7 and IE 8, open IE and go to Tools > Internet Options > Security > Internet, then press "Default Level", then OK.In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed. Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option > Security. So why is ActiveX so dangerous that you have to increase the security for it? When your browser runs an ActiveX control, it is running an executable program, no different from double-clicking an exe file on your hard drive. Would you run just any file downloaded off a web site without knowing what it is and what it does? 3) Make sure your installation of Java is up-to-date. Oracle (Sun)Microsystems-Java Security vulnerability in older versions left on system 4) Let's not forget How Spybot-S&D protects against the installation of Spyware/Malware. It is important to note that all of the above programs/files can be run simultaneously on your system. They will work together in layers, so to speak, to help protect your computer. However, the following suggestions are designed to only run one of each. It is not a good idea to run more than one firewall, and one anti-virus program. Running more than one of these at a time can cause system crashes, high system usage and/or conflicts with each other. 6) We don't recommend the XP firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, if using XP it's far preferable to install one of the excellent third party solutions. If you choose to install a third party software Firewall remember to disable the native Windows Firewall at that time. This study on firewall leaktests may be of interest before making a decision.* 7) An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. Some very good and easy-to-use free A/V programs are Avast and AntiVir. It's a good idea to set these to receive automatic updates so you are always as fully protected as possible from the newest virus threats. Microsoft Security Essentials is also an option. Remember- run only one antivirus resident at a time. If a personal computer is infected you may post a DDS log in the Malware Removal Forum to receive free assistance from our volunteer analysts. Please see the FAQ first: "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) Happy safe computing!! __________________ Tony < - > CLSID List - A Collection of Autostart Locations Last edited by tashi; 2011-08-11 at 07:29. Reason: Updated

2006-02-21, 17:22	#2
tashi Member of Team Spybot Join Date: Oct 2005 Location: USA Posts: 27,728 Rated LASSHes: 18	Oracle (Sun)Microsystems-Java Security vulnerability in older versions left on system The Java SE Runtime Environment (JRE) allows end-users to run Java applications. Vulnerabilities in old Sun Java versions may be partly responsible for Vundo/Winfixer/Virtuemonde infections. It is very important not only to keep Sun Java up to date, but also to remove older versions which have security holes and can be exploited by malware. After installing the latest Sun Java if previous versions still show in "Add/Remove Programs", uninstall them from there. Sun Java Version 1.6.0_26 This release contains fixes for security vulnerabilities. Oracle Java SE Critical Patch Update Advisory - June 2011 Download: http://java.com/en/download/manual.jsp Release Notes: http://www.oracle.com/technetwork/java/javase/6u26releasenotes-401875.html Java Help Center - General Questions: http://www.java.com/en/download/help/index.xml ------------------------------------------------ Java SE Runtime Environment 7 http://forums.spybot.info/showpost.p...0&postcount=12 ------------------------------------------------ How do I uninstall Java on my Windows computer ? http://www.java.com/en/download/uninstall.jsp Why should I remove older versions of Java from my system? http://www.java.com/en/download/faq/...erversions.xml __________________ UNITE-ASAP Microsoft MVP. Consumer Security 2006-2011 Please help us improve Spybot, download our distributed testing client Last edited by tashi; 2011-05-25 at 07:52.

2006-04-28, 20:03	#3
tashi Member of Team Spybot Join Date: Oct 2005 Location: USA Posts: 27,728 Rated LASSHes: 18	14 ways to get Infected without trying 14 ways to get Infected without trying A little bit of humour but also based on fact. 1) Look for cracks, subdivided in illegal software and ..... 2) Practice unsafe hex, browse the web for free pOrn 3) Look for software that adds smileys to your posts, mail etc 4) Look for kewl skins, screensavers etc 5) Look for spyware removers, concentrate on the kind that makes you pay before it removes anything 6) Install a P2P program and repeat all of the above 7) You always want the best; use p2p to download anti-virus/firewall software. 8) Do NOT pay for anything, the internet is a place where you can steal anything from everyone without even saying as much as thank you 9) Don't have/use/update antivirus/security software 10) Look for pokergames, slotmachines and other gambling outfits 11) Look for ringtones and other stuff to bling your phone 12) Click on those unexpected links and attachments in email, because you're curious... 13) Do loan your laptop to the next door neighbour for the weekend and give him your Admin account login so he can get his project done with no hassles 14) Let the Babysitter use your laptop for 'schoolwork' Thanks to Metallica for most of those and CalamityJane, bitman, Lonny, shelf life. __________________ UNITE-ASAP Microsoft MVP. Consumer Security 2006-2011 Please help us improve Spybot, download our distributed testing client

2008-11-06, 04:47	#5
tashi Member of Team Spybot Join Date: Oct 2005 Location: USA Posts: 27,728 Rated LASSHes: 18	Useful Tools Secunia Online Software Inspector (OSI) OSI -Online software inspector: http://secunia.com/vulnerability_scanning/online/ Check if your computer has a minimum security baseline against known patched vulnerabilities. Detects insecure versions of common/popular programs installed on your PC Verifies that all Microsoft patches are applied Assists you in updating, patching, and protecting your PC Activates additional security features in Sun Java Runs through your browser. No installation or download is required Secunia Personal Software Inspector *(PSI)* Free for personal use. FAQ PSI -Install software inspector, download: http://secunia.com/vulnerability_scanning/personal/ --------------------------------------------------------- WOT's safe browsing tool for Internet Explorer or Firefox http://www.mywot.com/ The WOT community has rated millions of websites and while not infallible it is a useful barometer to assist in avoiding sites that host malware, on-line scams and spam. Process Explorer http://technet.microsoft.com/en-us/s.../bb896653.aspx Process Monitor http://technet.microsoft.com/en-us/s.../bb896645.aspx __________________ UNITE-ASAP Microsoft MVP. Consumer Security 2006-2011 Please help us improve Spybot, download our distributed testing client

2009-02-01, 18:30	#6
tashi Member of Team Spybot Join Date: Oct 2005 Location: USA Posts: 27,728 Rated LASSHes: 18	Registry Cleaners, not recommended USB/thumb/pen/flash drives/removable media - Autorun UPDATED WINDOWS - Your first line of defense, links and tips __________________ UNITE-ASAP Microsoft MVP. Consumer Security 2006-2011 Please help us improve Spybot, download our distributed testing client Last edited by tashi; 2009-07-18 at 02:57. Reason: Update

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode