Consolidated Security Thread (legacy)

[Medea]

Originally posted by: dwcal
I just want to add another free utility to the list. I searched all the threads and nobody's posted this yet. Haxfix is made for cleaning up the Haxdoor trojan. It saved my butt on a computer I was fixing.

http://forum.hijackthis.de/showthread.php?t=15448

I think it would be too difficult for Schadenfroh to add every tool to his list. First of all, he would have to have access to the developer's posts about updates. Marckie, as most developers, routinely updates Haxfix. Secondly, a lot of the tools are complex and involve more than just running the tool itself.

I'm glad it worked out for you, but people who don't have the same knowledge as you can make some serious errors with Haxfix - primarily because of the registry keys involved. Even in the link you provided, it states:
"Please take care using this program - don't play around!"

 

[Medea]

Originally posted by: hans007
i actually used to work in the symantec security response virus analysis lab. i suppose if any of you guys had any questions , maybe i could answer some of them.

Actually, yes, I have a question. IMO, Symantec and McAfee are the worst AV's to delete off of one's computer. I do have a link somewhere with instructions of how to remove the various versions of Symantec/Norton, but I can't put my hands on it right now.

Do you know of the link or one similar to it that gives a user step-by-step instructions for deleting the different Symantec/Norton versions?

Anything you might want to add?

 

[hans007]

Originally posted by: Medea

Originally posted by: hans007
i actually used to work in the symantec security response virus analysis lab. i suppose if any of you guys had any questions , maybe i could answer some of them.

Actually, yes, I have a question. IMO, Symantec and McAfee are the worst AV's to delete off of one's computer. I do have a link somewhere with instructions of how to remove the various versions of Symantec/Norton, but I can't put my hands on it right now.

Do you know of the link or one similar to it that gives a user step-by-step instructions for deleting the different Symantec/Norton versions?

Anything you might want to add?

go to symantec site. there is a special tool called "symantec removal tool" symnrt.exe . i think it is an active x download sadly. it should remove all products up to 2003 version if they have broken instlallers/uninstallers.

hope the helps.

 

[boomerang]

I have a situation that can't be unique to me. I can't run a lot of these removal apps in Safe Mode because the screen resolution won't allow me to see the entire application window,

I can't click on buttons to run scans, etc. Can't minimize, shift the window around or whatever.

Is there a trick or something I don't know or am overlooking?

 

[Medea]

Well, as you know, only the basic video driver (800x600) loads in Safe Mode. So, if the app opens maximized, you're going to have problems trying to get to the buttons on the bottom to click them.

The one thing that I have done is to open whatever app it is in Normal Mode in but not maximized. Then, when you boot into Safe Mode, the app is going to usually open in the size that it last was opened.

The other way is, while in Safe Mode and you can get to the top, "de-maximize it" so you can get to the buttons at the bottom.

Good luck - I know it can be a real PITA...

 

[Slickone]

Is it recommended to upgrade from Spy Sweeper 4 to 5?

 

[wgoldfarb]

I just came across Sandboxie. Is anyone here familiar with this?

If this works as advertised, would this eliminate the majority of threats from surfing (or even all)? Assuming you had a computer that was only used for web surfing, would Sandboxie eliminate the need for things such as Windows Defender or ewido?

 

[Schadenfroh]

Originally posted by: Slickone
Is it recommended to upgrade from Spy Sweeper 4 to 5?

Well, John would know more about that from me, but as a rule of thumb... always run the latest version of your antimalware tools.

 

[Schadenfroh]

Just a headsup for ipod owners, some ipods made after September 12, 2006 have a trojan loaded in it from the factory. Any of the antivirus programs listed in the OP should fix it.

http://www.dailytech.com/article.aspx?newsid=4592
COLD DEAL

Apple Computer has posted an article on its support site admitting that it has shipped a small number of fifth-generation Video iPods that contain, for your convenience, a pre-loaded Windows virus.

The iPods contain the Troj/Bdoor-DIJ trojan, which allows an attacker to access and control your system remotely. Apple has traced the source of the trojan to a single infected Windows machine at one of their manufacturers

 

[Schadenfroh]

Our very own John has updated his removal kit!

linked:
http://www.elitekiller.com/files/rogueremoval.zip

Here is what he sent me in the PM:

Are you receiving fake windows security alerts that prompt you to install/purchase a rogue antispyware application? Here's a removal kit that I put together. It contains noahdfear's smitrem, combofix, VundoFix and much more so check the readme! It will remove Spyware Quake, SpyAxe, Spyware Strike, SpySherriff, Winhound, PSGuard, Smitfraud, QooLogic, Vundo variants, Surf Sidekick, Look2me, and several other rogue applications.

We should all thank him for taking the time to compile such a comprehensive removal kit and making it available to us.

 

[John]

Schadenfroh, thank you for your continued support to me and this wonderful community. I've added another excellent tool to the rogue removal kit that was created by S!Ri

SmitFraudFix v2.112

Get rid of AdwarePunisher, AdwareSheriff, AlphaCleaner, Antispyware Soldier,
AntiVermins, AntivirusGolden, AVGold, BraveSentry, MalwareWipe, PestTrap, PSGuard, quicknavigate.com,
Security iGuard, Smitfraud, SpyAxe, SpyFalcon, SpyGuard, SpyHeal, SpySheriff, Spyware Vanisher, Spyware Soft Stop,
SpywareQuake, SpywareSheriff, SpywareStrike, Startsearches.net, TitanShield Antispyware, Trust Cleaner,
UpdateSearches.com, Virtual Maid, VirusBlast, VirusBurst, Win32.puper, WinHound, eMedia Codec, HQ Codec,
iCodecPack, iMediaCodec, IntCodec, Media-Codec, MediaCodec, MMediaCodec, MPCODEC, PCODEC, PowerCodec,
PornPass Manager, PornMag Pass, SoftCodec, strCodec, VideoCompressionCodec, VideosCodec, WinMediaCodec,
X Password Generator, X Password Manager, ZipCodec and much more!

I had trouble getting rid of virusburst on a computer until I ran this wonderful tool.

Updated firewall links:
Kerio 2.1.5
Sunbelt Kerio 4.3.268

 

[Medea]

Yep. SmitFraudFix is a great tool. However, download it when you think you need it. S!Ri, who created the tool, is constantly (and I do mean constantly) updating it. So, if you download it now, and in a week/month, etc. later, you find that you need it, the version you would have downloaded earlier would be out of date.

Indeed, SmitFraudFix v2.112 is outdated. S!ri has already updated to v2.113.

Since the link is not working in John's post, you can download the latest version from:
http://siri.urz.free.fr/Fix/SmitfraudFix.zip

 

[Schadenfroh]

Microsoft has released the final version of WIndows Defender (former GIANT AntiSpyware), grab it here:
http://www.microsoft.com/athome/security/spyware/software/default.mspx

 

[Ayah]

Thanks for this cool guide!! :beer:

 

[Underclocked]

Anyone familiar with Filseclab Personal Firewall? Seems to get good user reviews yet little mention elsewhere. Fellow called me told me he was using it - seemed to like it. I had not heard of it before. http://www.filseclab.com/

 

[flexy]

please check my site. I will gladly add any links and further resources. thx
(Yes, i am still adding content...the MAIN part of the site is the links and the community

UPD 12/15: Guys, i put a storefront on there which carries a huge selection of Anti Virus/Anti Spyware software. I'd be glad if you check it out, also to report if there are any troubles. I dont wanna spam but i think it might be legitimate to mention since my store *only* carries anti security software so it might be of interest for some.

Also..i am still looking for ways to get more dynamic content on it, eg. articles.

Thanks

 

[Schadenfroh]

Greetings!

Rev 10.1 is now live, changes include:
[*]Removal of outdated software
[*]Updated notes about Ewido and Windows Defender's recent changes.
[*]Correctly matches Rev 4.10 of my Hot Deals thread
[*]Link and text fixes
[*]Link to John's AVS FAQ thread added

Enjoy and do give feedback!

 

[nageov3t]

anyone have any good suggestions for detecting keyloggers before they're running on your box?

I recently had my WoW account hacked... I reformatted my entire PC, but I'm really not sure how to ever feel 100% safe logging in again.

would a keylogged pick it up if, say, instead of typing in my password, I just copied it from another window (an email message or something) and pasted it into the pw window, just hitting the ctrl c / ctrl v keys on my box? or would the keylogger actually pick up the text that I copied?

 

[Schadenfroh]

Kaspersky should do the trick.

 

[ElFenix]

anyone have any opinion of counterspy? seems it was in a partnership with giant back before MS bought giant. due to the partnership, counterspy gets updates not only from its own company, but also from MS, until midway through 2007.

 

[Schadenfroh]

Originally posted by: ElFenix
anyone have any opinion of counterspy? seems it was in a partnership with giant back before MS bought giant. due to the partnership, counterspy gets updates not only from its own company, but also from MS, until midway through 2007.

http://spywarewarrior.com/rogue_anti-spyware.htm

Looks clean, but I have never used it.

 

[Medea]

Originally posted by: ElFenix
anyone have any opinion of counterspy? seems it was in a partnership with giant back before MS bought giant. due to the partnership, counterspy gets updates not only from its own company, but also from MS, until midway through 2007.

It's got a good rep.
See: http://sunbeltblog.blogspot.com/2007/01/if-you-have-bit-of-time-i-could-use.html

 

[beggerking]

great thread.

 

[rxblitzrx]

Any chance on getting this updated for Vista?

 

[bloodandsoil]

I was a software quality engineer and worked in OS-level software development for 7 years. I have also done a year of work as a bench technician at a PC-repair shop. Currently employed as an information systems analyst with the U.S. Army.

Listen, there's no need to turn your PC into an anti-virus processing machine. I've seen many folks creating much unnecessary overhead. From personal and professional experience, here are my recommendations for a clean-machine.

1. Buy a legit copy of XP.
2. Update all critical updates.
3. Go here -- http://home3.ca.com/Microsoft/Default.aspx?lang=en-US -- and download a free 1-year version of Computer Associates Anti-Virus 2007. This is the anti-virus program that Microsoft itself uses on it's own computers. Less heavy than Norton or McAfee. Less buggy also.
4. Go to www.microsoft.com and get Windows Defender. This program originated when MS bought out Giant Anti-Spyware. Giant Anti-Spyware was hands-down THE best anti-malware program out there. Microsoft incorporated it's technology, re-branded and re-coded and voila...we have Windows Defender.
5. Optional step. Get Mozilla Firefox. Also, if you use a mail client like Outlook or Outlook Express (as opposed to webmail), recommend getting Mozilla Thunderbird.

That's it. No need to go crazy installing multiple anti-spyware, anti-adware, pop-up blockers, anti-malware, anti-virus, firewalls, etc. You just need ONE anti-virus program, ONE anti-malware solution, and ONE firewall.

Also, I recommend periodically booting into safe mode and running full scans with your anti-virus and anti-malware programs. And, if you suspect any infections, remove your HDD and mount it into a known clean system and run the scans externally.

OR you could just install Linux But I suppose if you play games then you really don't have a choice but to use Windows. Personally, I dual-boot. The ONLY thing I do on Windows is play games. Period. The rebooting gets tiresome but, hey, I have a fast system now so it's not too bad.