My friend keeps getting her computer infected with spyware, even I told her not to download anything without asking me first. What are some things I can lock down to prevent this from happening? She has windows XP, but I could probably put a copy of vista on there if it would really help.

My friend keeps getting her computer infected with spyware, even I told her not to download anything without asking me first. What are some things I can lock down to prevent this from happening? She has windows XP, but I could probably put a copy of vista on there if it would really help.

UAC really would only help someone who is aware. If she "keeps" getting malware, she's probably inviting it on her machine.

Just set her up w/ Avira antiviri. . . or if shes willing to pay NOD32/Kaspersky. Hell get the full suites if you can. Then if anything happens, wash your hands and walk away. lol

Nothing will prevent, you can only slow it down....

Get her to use Firefox
Install Spybot S&D, train her to manually update and reimmunize
Install SuperAntiSpyware, train her to run frequent scans
Install MallwareBytes, train her to run frequent scans
Install CCleaner...train her to use it
Install a good antivirus like AntiVir, KAV, or NOD32
Set the DNS in her router to be OpenDNS servers

Get her to stop doing facebook and myspace sites like that which are frequent hijacked and poisoned.

Get her to stop doing facebook and myspace sites like that which are frequent hijacked and poisoned.

This isn't the first time i've heard this, but I have to ask. How are people getting hijacked and poisoned on social networking sites? I've had a MySpace account since it was a social networking site for professional adults. . . (hard to believe eh?) and a Facebook account for almost four years now.. and I've never had an issue with it. Hell I even play some of the games, and have some of the apps installed...

Is it the "click first, learn later" attitude most people have? Or am I just lucky?

This isn't the first time i've heard this, but I have to ask. How are people getting hijacked and poisoned on social networking sites? I've had a MySpace account since it was a social networking site for professional adults. . . (hard to believe eh?) and a Facebook account for almost four years now.. and I've never had an issue with it. Hell I even play some of the games, and have some of the apps installed...

Is it the "click first, learn later" attitude most people have? Or am I just lucky?

I'm not sure...maybe just your timing...you never visited the sites on the day they had the injections? You read it now and then...."Facebook site infected with worm....thousands infected". It's not a myth or internet folklore...it's true, it does happen.

Maybe you use an alternative browser?
Maybe you keep your Windows updates and those who get infected don't?
I have a friend who works at a computerlab at a college..whenever one of those social sites gets hijacked...he gets swamped with students computers that got hit.

I'm not sure...maybe just your timing...you never visited the sites on the day they had the injections? You read it now and then...."Facebook site infected with worm....thousands infected". It's not a myth or internet folklore...it's true, it does happen.

Maybe you use an alternative browser?
Maybe you keep your Windows updates and those who get infected don't?
I have a friend who works at a computerlab at a college..whenever one of those social sites gets hijacked...he gets swamped with students computers that got hit.

Hmmm, I guess I'm just lucky. Or maybe it has to do with Windows Updates + NOD32 + UAC variable I add. Oh well. =D

My friend keeps getting her computer infected with spyware, even I told her not to download anything without asking me first. What are some things I can lock down to prevent this from happening? She has windows XP, but I could probably put a copy of vista on there if it would really help.

You never removed it in the first place. Once its there, its perma there. Those people who think they can tweak files/change registries/rename files etc to remove malware are living in the past. Once some professional bad software is on your system the only way to get rid of it is a clean install.

And what kind of firewall does she have? a router (cheap is fine) is always good idea. Disable UPNP.

My friend keeps getting her computer infected with spyware, even I told her not to download anything without asking me first. What are some things I can lock down to prevent this from happening? She has windows XP, but I could probably put a copy of vista on there if it would really help.

To be perfectly and frankly honest with you, have your friend use a limited user account for her web-surfing. That is the first and cardinal rule for users who seem to have repeat problems with malware-- remove the obvious vector (the user privs) and you'll see dramatic changes right away. This is how (Windows) business networks do it, this is how Unix and Linux and even MacOS does it, and this is really the number one way for regular home users to make a huge difference in the fight against malware.

Vista might be helpful, but it might not be necessary. Try to get a decent antivirus program on there for sure, but in special cases you may also want to install Drivesentry (http://www.drivesentry.com/default.aspx) or something similar, though I think DS is the only free one (currently). I'm fairly certain that application whitelisting is going to be the new way that malware is effectively battled for the users, and it will definitely begin requiring more web-based development to focus on creating dynamic content using software installed in the user space instead of the system space, making for fewer problems for system admins but also easier times for users to block, isolate, and remove malware on home or personal computers. I'm not convinced software like DS handles the job of app whitelisting as well as I'd like, but for being freely available (to home users) it's definitely a new way of fighting spyware and viruses.

Hmmm, I guess I'm just lucky. Or maybe it has to do with Windows Updates + NOD32 + UAC variable I add. Oh well. =D

Or maybe it has something to do with not being a stupid user. Anti-virus free my entire computer career, never had a virus, never had spyware, never hard a worm. Just don't click on stupid stuff and keep your computer up to date.

You never removed it in the first place. Once its there, its perma there. Those people who think they can tweak files/change registries/rename files etc to remove malware are living in the past. Once some professional bad software is on your system the only way to get rid of it is a clean install.

And what kind of firewall does she have? a router (cheap is fine) is always good idea. Disable UPNP.
I almost never mess with trying to remove spyware, I am a big fan of reformatting - it may take a while, but it always works. I'm not sure what firewall she has, but I know she has a wireless router because she has a laptop. I'm somewhat limited in what I can do because she lives far away. Last time she just shipped the computer to me, I reformatted it and sent it back. I had superantispyware, avg and maybe spybot on there. I'm not sure what the problem is now, she complained of it acting weird (popups?) and now it won't even boot into windows (goes to a black screen). So for all I know it could be a hardware issue, but she had at least one infection since I sent it back.

I definitely think the limited account is a good idea. I even thought about trying to put some kind of linux on there even though I have absolutely no experience with linux, but I'd like to avoid that since I'm sure there will be some kind of issue where something she wanted to do wouldn't work with linux and I don't want to have to troubleshoot it.

Here we go, found her emails.


On a serious note, I really am about to throw my computer out a window. Now everytime I get on the internet, it redirects me to some antispyware thing. It's making me insane. I have to go to work, but I will call you tonight.

I forgot what this was, but she got the name of the program and I tracked down some step by step removal instructions and it worked.



Im sure you will be as excited to hear this as I am to tell u, but I need u to please call me tomorrow and help me fix my computer....again. I promise I didn't download anything, but it shut down a few minutes ago and I went to turn it back on and it does that first screen where it says windows xp and shows the bar loading up, then when the desktop screen should come up, its just black. I can see the mouse arrow on the screen but the rest of the screen is completely blank. I'll call u when I get back from the airport... :)

This is her last email, and I don't know what to tell her. Sounds like the hard drive might be dying.

Or maybe it has something to do with not being a stupid user. Anti-virus free my entire computer career, never had a virus, never had spyware, never hard a worm. Just don't click on stupid stuff and keep your computer up to date.

See I have contracted various things as of late, but UAC and NOD32 just went wild. As mentioned by other people on various threads, sometime known secure sites become infected. I was just stating I've never had an issue with Social Networking sites. Running AV free to me is doing bad to the community. Even if I don't know it's there, I might be running a BotNet or helping with a DDoS attack.


Im sure you will be as excited to hear this as I am to tell u, but I need u to please call me tomorrow and help me fix my computer....again. I promise I didn't download anything, but it shut down a few minutes ago and I went to turn it back on and it does that first screen where it says windows xp and shows the bar loading up, then when the desktop screen should come up, its just black. I can see the mouse arrow on the screen but the rest of the screen is completely blank. I'll call u when I get back from the airport...

I've had a family member from across the country call me with the same thing. I wasnt able to diagnose it being 3000 miles away, but I had them just format and reinstall. (I have them setup with Mozy for backups.)
The funny thing about the call is it starts out with "Okay so I purchased that Eset Antivirus like you told me too" So here I am, thinking they need help configuring it. "I think I got a virus yesterday though" UGH! lol. Who buys an anti-virus AFTER they get malware?

I guess if it wasn't for people like them, I'd be out of business.

Don't use windows:cool:

Ubuntu......or guest account. Stupid computer users do stupid things.

Don't use windows:cool:

Ubuntu......or guest account. Stupid computer users do stupid things.

Linux or Mac isn't for everyone. Linux by far is not as "use friendly" as many people think. And not everything a Windows users, uses is made for Mac. I'm sure OP doesn't want to deal with "I used to use X Software on my XP machine, whats the equivilant for OS X?" every other week.

Make her limited user as others have said. Let her know that when she installs programs shes going to have to use the "Run As..." option on the install. Be done with it.


Oh and. . . Kick his ass Steve Dave!

I suggest using a typewriter

Firefox with NoScript = best solution overall for that XP box. Adding to it would be Eset Smart Security to cover AV and malware protection duties, not much else needs to be done.

Spybot, Malware Associates, SuperAntiSpyware!, etc... all those products have proven to be absolutely useless in my own experience of testing them out. I really can't see how they remain recommended so often. I use Firefox 3 (now 3.0.5) with the latest NoScript, NOD32 v2.7, and that's it. If I run any of those "malware/spyware detection" apps I just mentioned, the most I'll get back from their long slow searches is a tracking cookie at worst, so I simply say they're not even worth installing these days.

The browser is the front-line defense in the "war on malware" since all the problems are coming from pages on the Net. If you stop all that crap with the browser and a plugin or two, then the rest of that crappy software isn't necessary at all. Back up the solid browser front-line defense with good AV software (Eset is back on top again, but Avira is excellent for a free solution). CCleaner ftw, however, it's very useful but not for malware/spyware - but then again it's not designed for that stuff.

FF3 + NoScript on XP boxes = about as good as you can get in terms of stopping the shit before it even gets on your boxen. Eset Smart Security = about as safe as you're going to be as the back-line defense in case something gets through the browser.

The rest? Save for CCleaner, useless...

This isn't the first time i've heard this, but I have to ask. How are people getting hijacked and poisoned on social networking sites? I've had a MySpace account since it was a social networking site for professional adults. . . (hard to believe eh?) and a Facebook account for almost four years now.. and I've never had an issue with it. Hell I even play some of the games, and have some of the apps installed...

Is it the "click first, learn later" attitude most people have? Or am I just lucky?
I've gotten some messages from friend's that say something like "Jane has posted a new video of you" and when you login to watch it, it tells you your adobe flash requires an update and wants you to download an exe file. Pretty legitimate looking and I'm sure a lot of people fall for it.
There are probably other ways too, that's just the type of thing I've seen a few times.
My first instinct was to send that person a message that they probably have a virus, but then I realized I would be the one cleaning it off, so I decided against it.

Firefox with NoScript = best solution overall for that XP box. Adding to it would be Eset Smart Security to cover AV and malware protection duties, not much else needs to be done.

Spybot, Malware Associates, SuperAntiSpyware!, etc... all those products have proven to be absolutely useless in my own experience of testing them out. I really can't see how they remain recommended so often. I use Firefox 3 (now 3.0.5) with the latest NoScript, NOD32 v2.7, and that's it. If I run any of those "malware/spyware detection" apps I just mentioned, the most I'll get back from their long slow searches is a tracking cookie at worst, so I simply say they're not even worth installing these days.

The browser is the front-line defense in the "war on malware" since all the problems are coming from pages on the Net. If you stop all that crap with the browser and a plugin or two, then the rest of that crappy software isn't necessary at all. Back up the solid browser front-line defense with good AV software (Eset is back on top again, but Avira is excellent for a free solution). CCleaner ftw, however, it's very useful but not for malware/spyware - but then again it's not designed for that stuff.

FF3 + NoScript on XP boxes = about as good as you can get in terms of stopping the shit before it even gets on your boxen. Eset Smart Security = about as safe as you're going to be as the back-line defense in case something gets through the browser.

The rest? Save for CCleaner, useless...
Sounds like good advice. I was already thinking about No Script, but I haven't used it much. Installed it, but it was blocking everything, including youtube, so I got tired of messing with it and turned it off. I'm sure you can set up whitelisting, and that's something I'm planning to revistit soon.

SuperAntiSpyware seems pretty good at cleaning stuff off, but I don't know how good it is at preventing. The free version doesn't do anything automatically. I got my mom to buy the full version and I have it installed on her PC along with NOD32. Last time I checked her machine was pretty clean.
ESET Smart Security looks like a nice product, looking around for a good deal on it.
What do you think of this NOD32 setup guide?
http://www.wilderssecurity.com/showthread.php?t=197509

make her buy a mac?

seriously just have her run regular anti-spyware / anti-virus / anti-adware programs, or set them up to run automatically for her once a week or something.

I've gotten some messages from friend's that say something like "Jane has posted a new video of you" and when you login to watch it, it tells you your adobe flash requires an update and wants you to download an exe file. Pretty legitimate looking and I'm sure a lot of people fall for it.
There are probably other ways too, that's just the type of thing I've seen a few times.
My first instinct was to send that person a message that they probably have a virus, but then I realized I would be the one cleaning it off, so I decided against it.

That is called TrojanDownloader:Win32/Zlob. To the original poster, it sounds like she may have gotten either Trojan:Win32/FakeSecSen, or Trojan:Win32/FakeXPA. My advice is to get an up todate AS/AV solution. Windows OneCare for example. (I work on the antimalware technologies that go into Windows OneCare, so I might be biased. ;) ) Kaspersky, Norton, etc are also good...

As to how social sites get infected, a lot of the time, their advertising server got compromised, and spammed out an exploit. TrojanDownloader:Win32/Anicmoo was used a lot for that a couple months ago.The user didn't have to click anything, and FireFox or IE was just as vulnerable.

As I've said numerous times, just setup the users network, or talk her through it to have defense in depth. Up to date AV/AS, Firewall, Router, Limited User, etc...

This posting is provided "AS IS" with no warranties, and confers no rights.

I've gotten some messages from friend's that say something like "Jane has posted a new video of you" and when you login to watch it, it tells you your adobe flash requires an update and wants you to download an exe file. Pretty legitimate looking and I'm sure a lot of people fall for it.
There are probably other ways too, that's just the type of thing I've seen a few times.
My first instinct was to send that person a message that they probably have a virus, but then I realized I would be the one cleaning it off, so I decided against it.

This is a perfect post to use over in the "Do I really need Antivirus/Malware protection for my Vista PC?" thread where many people tried to make the point that a machine can be infected without the user's knowledge - I have no doubt EnderW's getting emails from legitimate friends in that statement above, not just emails from people (aka scammers/spammers) he doesn't know, and sometimes they're laced with this kind of "Jane has posted a new video of you" type threat/attack.

That other thread has basically become useless where it's one person fighting off the Horde (somewhat) to defend their position that it's fine for them (meaning that one person) to not run any kind of AV/malware/spyware software (that poster's POV was he doesn't like such software, considers it a nuisance and performance reducer, hence he won't use it) even in spite of the fact that in today's truly interconnected world his PC could suddenly find itself another link in a chain of malware infecting machines or part of a huge DDoS attack.

I consider that irresponsible behavior but, what can a person do to convince such a shallow mind, right?

"The needs of the many outweigh the needs of the few..." in some respects. Our society is as fucked up as it is because of some people that just have to do things their own ways, irregardless of the consequences that their actions may or may not have on the "big picture." Too many people putting themselves in solitary situations and saying "I don't fucking care" to the rest of us even when such actions or statement fly in the face of reason.

And it always comes back to haunt 'em sooner or later, soooo... ;)

Sounds like good advice. I was already thinking about No Script, but I haven't used it much. Installed it, but it was blocking everything, including youtube, so I got tired of messing with it and turned it off. I'm sure you can set up whitelisting, and that's something I'm planning to revistit soon.

That's the whole point of NoScript. You only whitelist the sites that you explicitly tell it to trust. It just wouldn't work if it let everything through by default and you blacklisted sites manually (although you can probably set it to run like this if you really wanted to).

One of the top rules of good security: deny permissions by default.

That's the whole point of NoScript. You only whitelist the sites that you explicitly tell it to trust. It just wouldn't work if it let everything through by default and you blacklisted sites manually (although you can probably set it to run like this if you really wanted to).

One of the top rules of good security: deny permissions by default.
Yeah I realized that was the point, I was hoping there was some kind of known whitelist you could install, but didn't see anything like that. I'm actually gonna look into it more now that I have some free time coming up. Only problem I've ever had is someone posted a link on a different forum that looked like an embedded youtube video, but it ran some kind of swf file or something that fucked up the browser window and kept moving it around so you couldn't close it and some gay porn started playing. And my NOD32 came up with an instant virus detection.
That seems like the exact type of thing no script would prevent.

make her buy a mac?

That reminds me: someone I know who uses a Mac recently reported to me that they've got something going on with their computer where the browser constantly has random pop-ups going on when she's using it. Sounds like spyware/adware is starting to make the transition.

That reminds me: someone I know who uses a Mac recently reported to me that they've got something going on with their computer where the browser constantly has random pop-ups going on when she's using it. Sounds like spyware/adware is starting to make the transition.

Macs have a Zlob like malware called Trojan:OSX/DNSChanger. There are also reports of a rogue AV product targetting Macs, but I haven't seen a sample...

This posting is provided "AS IS" with no warranties, and confers no rights.

This posting is provided "AS IS" with no warranties, and confers no rights.

This always makes me lawled all day long

Here we go, found her emails.


I forgot what this was, but she got the name of the program and I tracked down some step by step removal instructions and it worked.



This is her last email, and I don't know what to tell her. Sounds like the hard drive might be dying.

yeah sounds like something bad in the boot sector allright. I wouldn't call that spy-ware, modern spyware doesnt want you to know its there. If she has critical files on the hard drive, Spinright (http://www.grc.com/sr/spinrite.htm) will probably solve the problem, but its about as expensive as a new hard drive, so you might just wanna get a new HDD.

Firefox with NoScript = best solution overall for that XP box. Adding to it would be Eset Smart Security to cover AV and malware protection duties, not much else needs to be done.


that really is a fantastic tool but it just breaks so many damn sites. Definatly not something I would want to put an average user on. Sandboxie (http://www.sandboxie.com/) (quick fast and light VM) is recomendable but then its not exactly too user friendly either.


This posting is provided "AS IS" with no warranties, and confers no rights.

yeah he works for MS alright. hahaha

This is a perfect post to use over in the "Do I really need Antivirus/Malware protection for my Vista PC?" thread where many people tried to make the point that a machine can be infected without the user's knowledge - I have no doubt EnderW's getting emails from legitimate friends in that statement above, not just emails from people (aka scammers/spammers) he doesn't know, and sometimes they're laced with this kind of "Jane has posted a new video of you" type threat/attack.

That other thread has basically become useless where it's one person fighting off the Horde (somewhat) to defend their position that it's fine for them (meaning that one person) to not run any kind of AV/malware/spyware software (that poster's POV was he doesn't like such software, considers it a nuisance and performance reducer, hence he won't use it) even in spite of the fact that in today's truly interconnected world his PC could suddenly find itself another link in a chain of malware infecting machines or part of a huge DDoS attack.

I consider that irresponsible behavior but, what can a person do to convince such a shallow mind, right?

I dont run AV, but then I reformat every 4 or 5 months :p, which reminds me I'm on month 4...

Being plagued on my nephew's system with "Aspch.exe".

Malwarebytes says it finds it, and deletes it. But it's right back in a heartbeat.

places autoruns as well... aspch, swg, updatemgr

You can turn one off, and then turn another off and the first pops back on.

Safemode didn't help at all.

Any tools known that can help, or is it kill XPpro and start over? Kid plays WoW, gonna be pissed at me if I make him have to reinstall and re-update it. Could save his WoW updates, but who's to say they aren't infected and would just reinfect the fresh install, etc.

This always makes me lawled all day long

He works for Microsoft so, it's basically required when people under that umbrella make personal posts unrelated to their employment. :D

As for NoScript "breaking" things, it doesn't do that - but since it blocks everything from the start, you have to tell it to allow for content when you first visit a "new" site, that's all. It's not an issue for me, but yes, for people that first start using NoScript with Firefox their immediate reactions - if I don't warn them in advance, of course - is that it seems to break everything and nothing works. Easy enough to "fix" with a single mouseclick, however. :D

Windows Steady State
http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx

Returns the PC back to admin configuration after every reboot.

I'd considered SteadyState as a solution, but, considering that it does tend to keep the box in a static state, for regular consumers, even ones with major hassles of keeping it clean from virus/malware/spyware activity, it can lead to more troubleshooting issues than without it, actually.

It is a great product, for what it can and does accomplish, but for average Joe PC owners (not me, I assure you), I wouldn't recommend it for usage on personal PCs.

Windows Steady State
http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx

Returns the PC back to admin configuration after every reboot.
Hmm, that could be a winner. Will it keep the programs I've installed?

You can still have programs installed with SteadyState, but if you do it make sure that the other person either uses online e-mail or is storing the e-mail on a separate drive. If not SteadyState will constantly restore the mail DB to its pre-snapshot state along with everything else. Any configuration changes or customizations-- including saved files or bookmarks) made will have the same caveat, so keep that in mind before going into it.

-----

Macs have a Zlob like malware called Trojan:OSX/DNSChanger. There are also reports of a rogue AV product targetting Macs, but I haven't seen a sample...

The person I knew of had the latter. Of course, this also means I'm going to make sure to get a decent Mac A/V when I get my MBP back. I already use Firefox instead of Safari (for obvious reasons).

Great to see you (online-wise) again. I know I was the one gone for a while, but it looks like the names have changed a bit around here. Besides you and XOR I'm not seeing many familiar names. :)

Some of us change from time to time... ;)

Any tools known that can help, or is it kill XPpro and start over? Kid plays WoW, gonna be pissed at me if I make him have to reinstall and re-update it. Could save his WoW updates, but who's to say they aren't infected and would just reinfect the fresh install, etc.

virus's seldom infect known files. I mean wow being as big as it is maybe, but I doubt it. Backing up or program files is almost always safe.

Firefox with NoScript = best solution overall for that XP box.


What I was going to say.


Of course having a resident AV running is a good idea...blah, blah, blah....For free I like Avast, other people like AntiVir. For paid AV.. Kaspersky or NOD32.

Hmm, that could be a winner. Will it keep the programs I've installed?

Honestly, I have not had any hands-on time with it myself, just heard about it on several podcasts to protect users from themselves. Just a suggestion, might give it a shot.

I hope someone with some experience using this will chime in for you.

Sounds like it would address all the problems you are having, and as long as the email lives in "the cloud" and documents get saved off to an external device, this could be a nice solution for you.

My understanding of this program is that you install it at the end, when you have all the programs installed that you want, it just "reverts" the computer back to the last known state of Steadystate installation. This however, wouldn't allow you to save documents directly to the computer after this install. She only has to reboot once she has everything saved off, when the PC starts acting up again. A clean slate everytime. Interesting indeed. :cool:

Let me know how it goes, if you decide this route.. thinking of using it with my kids when the get alittle older. (They are 9 and 4 now)

Good luck! :p