OT - Malware experience

[Adrienne Boswell]

I have a good friend who asked me to come out and take a look at her
daughter's computer because it was really slow. Spybot Search and Destroy
came up with 1,401 malware programs and/or tracking cookies. The anti-
virus came up with 89 viruses and trojans. I got everything cleaned up,
installed a Hosts manager, Firefox and Opera (default). Then I told them
that IE was off limits.

Three days to fix this. Scarey.

 

[SAZ]

I have a good friend who asked me to come out and take a look at her
daughter's computer because it was really slow. Spybot Search and Destroy
came up with 1,401 malware programs and/or tracking cookies. The anti-
virus came up with 89 viruses and trojans. I got everything cleaned up,
installed a Hosts manager, Firefox and Opera (default). Then I told them
that IE was off limits.

Three days to fix this. Scarey.

IE is partially to blame, but the viruses are the fault of a missing or
outdated anti-virus program.

 

[Arne]

IE is partially to blame, but the viruses are the fault of a missing or
outdated anti-virus program.

And how many other computers was infected by the daughter's computer?

There should be a law against unprotected computers and computers who
infect others!

 

[Chris F.A. Johnson]

I have a good friend who asked me to come out and take a look at her
daughter's computer because it was really slow. Spybot Search and Destroy
came up with 1,401 malware programs and/or tracking cookies. The anti-
virus came up with 89 viruses and trojans. I got everything cleaned up,
installed a Hosts manager, Firefox and Opera (default). Then I told them
that IE was off limits.

Three days to fix this. Scarey.

You could have installed GNU/Linux in a couple of hours or less.

 

[cwdjrxyz]

I have a good friend who asked me to come out and take a look at her
daughter's computer because it was really slow. Spybot Search and Destroy
came up with 1,401 malware programs and/or tracking cookies. The anti-
virus came up with 89 viruses and trojans. I got everything cleaned up,
installed a Hosts manager, Firefox and Opera (default). Then I told them
that IE was off limits.

Three days to fix this. Scarey.

To many, a computer is now just another home appliance. It is expected
to work properly as delivered. Many do not know much about how it
works and do not care to know. A new major brand name computer usually
comes with some sort of trial virus protection these days. However
many likely do not pay for it after the trial period ends. In a few
years the computer then often becomes very slow and those, who do not
have a friend such as you, assume it is worn out or outmoded and buy a
new computer. If you have to hire someone to spend the required time
to evict all of the bugs, you often would pay about as much as many
used PCs are worth. However the hackers have become better and more
numerous in recent years, and the computer gets infected and slows
down much faster than often was the case in the past. Many would balk
at replacing a computer only 1 or 2 years old. This may force some
people to reconsider how they use a computer and paying for virus
protection software. Actually there is free virus protection software
that works fairly well. Some of the broadband isps are now pushing and
providing such software. For example ATT/Yahoo DHL does and makes
users of their service aware of it from time to time. Also Yahoo Mail
has fairly good virus scan software included in their free e-mail
service, and they scan all attachments before opening. This likely
prevents many virus and other problems from getting downloaded to less-
than-careful computer owners.

 

[andrew]

I have a good friend who asked me to come out and take a look at her
daughter's computer because it was really slow. Spybot Search and Destroy
came up with 1,401 malware programs and/or tracking cookies. The anti-
virus came up with 89 viruses and trojans. I got everything cleaned up,
installed a Hosts manager, Firefox and Opera (default). Then I told them
that IE was off limits.

Another good reason to leave Windows behind? The Operating System /
Default browser should never be that insecure.

Andrew

 

[Neredbojias]

Well bust mah britches and call me cheeky, on Wed, 11 Jul 2007 20:11:27
GMT Adrienne Boswell scribed:

I have a good friend who asked me to come out and take a look at her
daughter's computer because it was really slow. Spybot Search and
Destroy came up with 1,401 malware programs and/or tracking cookies.
The anti- virus came up with 89 viruses and trojans. I got everything
cleaned up, installed a Hosts manager, Firefox and Opera (default).
Then I told them that IE was off limits.

Three days to fix this. Scarey.

I have good and current anti-virus software, but what are these 1401
malware programs you're talking about? Will using something like Ad-Aware
regularly prevent such things? Firefox is my favorite browser, but at
times I have to use ie (6) for various reasons.

 

[Adrienne Boswell]

Gazing into my crystal ball I observed Neredbojias

Well bust mah britches and call me cheeky, on Wed, 11 Jul 2007
20:11:27 GMT Adrienne Boswell scribed:


I have good and current anti-virus software, but what are these 1401
malware programs you're talking about? Will using something like
Ad-Aware regularly prevent such things? Firefox is my favorite
browser, but at times I have to use ie (6) for various reasons.

I use AVG Free from Grisoft - been using it for years, IIRC, I heard
about it here in alt.html many, many moons ago. It runs a complete check
every night.

As far as malware, I use Spybot Search and Destroy. It seems to do
better than Lavasoft. It runs a bot/ware check every Saturday night.

Here are some of the preventative measures I use:
1. Hosts file with DNS Client disabled - there's no place like 127.0.0.1.
I don't get to see a lot of adverts, I miss a lot of third party cookies,
and I don't get to go to a lot of sites (gambling, porn, etc.) that I
don't care about anyway. Of course, I could edit the hosts file, or
disable it if I _want_ to go somewhere strange. I just got Hosts Manager
from <http://www.abelhadigital.com/> . Very nice program.
2. I use Spyware Blaster
<http://www.javacoolsoftware.com/spywareblaster.html>, and I keep it up
to date.
3. I use Sunbelt Personal firewall (used to be Kerio). I like it much
more than others because it's not memory hungry, and it also alerts me if
one program is trying to start another.
4. StartUp Monitor and StartUp Control Panel from Mike Lin
<http://www.mlin.net/>. Startup Monitor sits nicely waiting to stop
anything the wants to change the startup options (Adobe, Quicktime, etc
all try to have themselves loaded at startup). Startup Control Panel is
great for managing what happens on startup.

All of the programs I use have little footprints. I don't usually like
using suites, and I stear very clear from Norton - it's a PITA to try to
remove and uses waaaaayyyy too much memory.

Well, those are my recommendations. I've been doing things like this for
a long time, and I've never had a virus or malware problem. I hope my
list will help someone else.

 

[John Hosking]

Well bust mah britches and call me cheeky, on Wed, 11 Jul 2007 20:11:27
GMT Adrienne Boswell scribed:


I have good and current anti-virus software, but what are these 1401
malware programs you're talking about?

Well, she said "1,401 malware programs and/or tracking cookies." To me,
this is like saying, "New York Police arrested 1,401 rapists and
litterers." A distinction between the two would have been useful.

I presume the majority of the 1401 items Adrienne found were cookies.
Malware needs careful removal but cookies can be deleted by even my
least-technical supportees, even in IE. It's nice that Spybot S&D finds
the "tracking cookies," but I don't believe they belong in the same
category as malware. Otherwise the terrorists have won. ;-)

 

[Adrienne Boswell]

Gazing into my crystal ball I observed John Hosking

Well, she said "1,401 malware programs and/or tracking cookies." To me,
this is like saying, "New York Police arrested 1,401 rapists and
litterers." A distinction between the two would have been useful.

There were about 20 malware programs, 20 BHOs, a few browser hijackers,
and the rest were cookies.

One of the malware programs was a virus/spyware remover/firewall program
that my friend paid for. She's disputing it with the bank, and they are
issuing her a new card. I told her to watch her credit report for signs
of identity theft.

I presume the majority of the 1401 items Adrienne found were cookies.
Malware needs careful removal but cookies can be deleted by even my
least-technical supportees, even in IE. It's nice that Spybot S&D finds
the "tracking cookies," but I don't believe they belong in the same
category as malware. Otherwise the terrorists have won. ;-)

Actually, I don't mind _some_ tracking cookies. I like the ones at
Amazon that seem to follow me all over the place, reminding me that I
really need that thing that I can't afford, like gadgets for my Kitchen
Aid, or toys for my Weber.

 

[Neredbojias]

Well bust mah britches and call me cheeky, on Thu, 12 Jul 2007 05:30:16
GMT Adrienne Boswell scribed:

Gazing into my crystal ball I observed Neredbojias


I use AVG Free from Grisoft - been using it for years, IIRC, I heard
about it here in alt.html many, many moons ago. It runs a complete
check every night.

As far as malware, I use Spybot Search and Destroy. It seems to do
better than Lavasoft. It runs a bot/ware check every Saturday night.

Here are some of the preventative measures I use:
1. Hosts file with DNS Client disabled - there's no place like
127.0.0.1. I don't get to see a lot of adverts, I miss a lot of third
party cookies, and I don't get to go to a lot of sites (gambling,
porn, etc.) that I don't care about anyway. Of course, I could edit
the hosts file, or disable it if I _want_ to go somewhere strange. I
just got Hosts Manager from <http://www.abelhadigital.com/> . Very
nice program. 2. I use Spyware Blaster
<http://www.javacoolsoftware.com/spywareblaster.html>, and I keep it
up to date.
3. I use Sunbelt Personal firewall (used to be Kerio). I like it much
more than others because it's not memory hungry, and it also alerts me
if one program is trying to start another.
4. StartUp Monitor and StartUp Control Panel from Mike Lin
<http://www.mlin.net/>. Startup Monitor sits nicely waiting to stop
anything the wants to change the startup options (Adobe, Quicktime,
etc all try to have themselves loaded at startup). Startup Control
Panel is great for managing what happens on startup.

Well, I _thought_ I was familiar with the host file, but what do you mean
by DNS client disabled? -Putting 127.0.0.1 after (mis)appropriate links?

All of the programs I use have little footprints. I don't usually
like using suites, and I stear very clear from Norton - it's a PITA to
try to remove and uses waaaaayyyy too much memory.

Yep. A month after I got my new 'puter, I took it off both I own and
used Kasperskys to replace it. Kas seems quite good.

Well, those are my recommendations. I've been doing things like this
for a long time, and I've never had a virus or malware problem. I
hope my list will help someone else.

I've never had a problem (of that nature) either, but I like to keep
aware of all the possibilities.

Thanks for the list/recommendations. I've captured and saved it and will
investigate as time permits.

 

[Neredbojias]

Well bust mah britches and call me cheeky, on Thu, 12 Jul 2007 06:00:56 GMT
John Hosking scribed:

Well, she said "1,401 malware programs and/or tracking cookies." To me,
this is like saying, "New York Police arrested 1,401 rapists and
litterers." A distinction between the two would have been useful.

I presume the majority of the 1401 items Adrienne found were cookies.
Malware needs careful removal but cookies can be deleted by even my
least-technical supportees, even in IE. It's nice that Spybot S&D finds
the "tracking cookies," but I don't believe they belong in the same
category as malware. Otherwise the terrorists have won. ;-)

Yes, I can handle cookies. It's the malware I'm concerned about and
Adrienne's reference to it and ie didn't make me any more comfortable.

 

[JH]

I have a good friend who asked me to come out and take a look at her
daughter's computer because it was really slow. Spybot Search and Destroy
came up with 1,401 malware programs and/or tracking cookies. The anti-
virus came up with 89 viruses and trojans. I got everything cleaned up,
installed a Hosts manager, Firefox and Opera (default). Then I told them
that IE was off limits.

Three days to fix this. Scarey.

One thing that hasn't been mentioned is to update all windows service
packs, security updates etc. before going on the net without a router
with built-in firewall. A lot of people re-install Windows (without
service packs) and as soon as they plug in their unprotected usb or
cable modem, within a few minutes the computer is infected.

 

[Bernhard Sturm]

The anti-
virus came up with 89 viruses and trojans. I got everything cleaned up,
installed a Hosts manager, Firefox and Opera (default). Then I told them
that IE was off limits.

Three days to fix this. Scarey.

if the computer was that infected, are you sure you have no rootkits
sitting on it? I know that most spyware-removal-tools and scanners are
not able to detected sophisticated rootkits (such as the infamous
BMG-sony-rootkit). Sometimes it's just best practice to wipe the HD and
make a clean install when you have encountered such a 'victim'.

cheers
bernhard

 

[Travis Newbury]

Then I told them that IE was off limits.
Three days to fix this. Scarey.

As soon as another browser becomes the most popular you will be saying
"Then I told them that [browser name] is off limits." Being #1 has
its bad side too.

 

[SpaceGirl]

You could have installed GNU/Linux in a couple of hours or less.

--
Chris F.A. Johnson <http://cfaj.freeshell.org>
===================================================================
Author:
Shell Scripting Recipes: A Problem-Solution Approach (2005, Apress)

Have you even the slightest clue of how kids actually use machines? A
linux machine would be pretty much the least ideal platform, given the
lack of proper flash, games etc. I think the very first time she
realises she can no longer use her bebo or myspace or youtube pages
she'd be back on Windows.

 

[Travis Newbury]

Have you even the slightest clue of how kids actually use machines? A
linux machine would be pretty much the least ideal platform, given the
lack of proper flash, games etc. I think the very first time she
realises she can no longer use her bebo or myspace or youtube pages
she'd be back on Windows.

Ahhhh reality. Good to see that someone else understands that "best
way" and "right way" are not the same. So your daugher will not use
it because it can not do the kinds of things she wants a computer to
do. My parents won't use it because it is way to hard and don't want
to deal with something new. and most businesses won't use it because
the business world runs on windows.

Is windows the best way? Nope. Is it the right way? Yep

*Disclaimer: Nothing is best or right 100% of the time

 

[Chaddy2222]

Ahhhh reality. Good to see that someone else understands that "best
way" and "right way" are not the same. So your daugher will not use
it because it can not do the kinds of things she wants a computer to
do. My parents won't use it because it is way to hard and don't want
to deal with something new. and most businesses won't use it because
the business world runs on windows.

Is windows the best way? Nope. Is it the right way? Yep

*Disclaimer: Nothing is best or right 100% of the time

This is all very true, getting a Mac would have been a better
suggestion, as they can run most Windows applications, such as Flash
and others. Also have you read about the URL Handler bug in FF, it
users JS and maeans that external applications can be launched in IE.

 

[Ben C]

This is all very true, getting a Mac would have been a better
suggestion, as they can run most Windows applications, such as Flash
and others.

Just to squash a couple of rumours right here, Flash runs perfectly well
on Linux (but is also fortunately quite easy to disable) and so do
websites like MySpace and YouTube.

You install it by putting a CD in the drive and clicking on a few
buttons labelled things like "Yes" and off you go. Just as easy to use
as Windows, but you get a lot more software with the default
installation.

 

[mbstevens]

Just to squash a couple of rumours right here, Flash runs perfectly well
on Linux (but is also fortunately quite easy to disable) and so do
websites like MySpace and YouTube.

You install it by putting a CD in the drive and clicking on a few
buttons labelled things like "Yes" and off you go. Just as easy to use
as Windows, but you get a lot more software with the default
installation.

I actually had to go get a cup of coffee while some non-FOSS goodies
downloaded, since mine was not on CD.

But I will second that: Flash works perfectly, MySpace and YouTube also
work perfectly. I also have a nice free Flash authoring tool. With
whom *do* these rumors get started?