Windows messed up bad

I

Ihavebadluck

Weaksauce
Joined
Sep 25, 2003
Messages
66
My buddy has got a HP and it keeps getting worse, first IE would just open a blank window and not work. and now the only programs that work are AIM and Winamp. Im thinking either its a virus or hard drive corruption?

He has Mcafee and it didnt find anything, he also used some other trojan scanner and found MyDoom that could not be removed. This sounds like a virus to me.

Can anyone recommend a good free antivirus program?

Is AVG good?
 
Avg is fine, but don't forget to install spybot to handle spyware and crappy IE hijackers.
Spybot Homepage
I agree with your sentiments in regards to Mcafee.
 
get/run:

Spybot S&D (weekly, update it, good thing you already did it :D)
Lavasoft's AdAware (the Personal Use one is fine, update it)
HijackThis (update it as well)
a personal firewall, i personally recommend Agnitum's Outpost 1.0 (the free one) with the free plugin Blockpost; i personally loathe ZoneAlarm and Kerio Personal Firewall.
 
AVG is pretty good. Also you might want to look into NOD32. Plus get rid of that MyDoom worm.
 
Originally posted by NeoNemesis
lol I should learn to read.:rolleyes:
Click to expand...

actually I wasnt refering to your post but rather making a joke about the qoute I posted that was related to your post
and refering to my previous post regarding the ability of malware to compromise most any security measure once inside ;)

and if that isnt a convoluted statement I dont know what is :p

to defeat rudimentaru malware from compromising security software always install it to non-default directories
like instead of C:\Program Files\Spybot - Search & Destroy
change it to C:\sCr3wYoUhaXoRs
that way any malware that is hardcoded to attack the security .exe directly has to be smart enough to go look for it
also employ a filechecker to monitor changes to security exe's (its an active checksum program)
however they are also coded to attack the process directly
ProcessGuard
Ever since the days when the very first anti-virus scanners were created, virus authors (and now authors of trojans, worms, and so on) have been looking for ways for their viruses and other creations to fight back by attacking the security software that detects them (such as scanners) or restricts them (such as firewalls). Over the last couple of years in particular a growing trend has emerged with a lot of new remote access trojans now terminating, tampering with and even destroying most security software - many even come with built-in lists of several hundred security programs to look for which they then terminate and delete before infecting a system. When a virus destroys your antivirus software you're left with very few options

Known Attacks - Introduction

This section documents the main types of attacks that processes can launch against other processes on a local system (such as a trojan attacking a security program, a rootkit injecting into a system process, or a firewall "leak test" attempting to hitch on a web-browser).

These process vs. process attack techniques can typically be categorised into three distinct, but related groups:

Termination - the attacking process attempts to kill the target process. This is the most common attack.

Suspension - the attacking process attempts to suspend the target process (usually by suspending all threads belonging to the target process), leaving it resident but in an inactive, frozen state.

Modification - the attacking process attempts to modify or inject code in the target process, usually with the intent of changing the behaviour of the target process, or hiding its own code in the context of the target process. The target process remains resident and active, but in a modified state.

However, there are other types of attacks, including:

Hooks - the attacking process attempts to load a DLL into all processes on the system that use user32.dll, allowing it to then perform functions on behalf of other processes. This can make termination attacks easy, as well as firewall leak-tests, as well as password-stealers, as well as keystroke-loggers, and more.

Thread Activation - the attacking process attempts to start a thread in another process, usually with the start address being a function like ExitProcess, or in the case of the Windows File Protection attack, a function that unloads Windows File Protection.

Leaktests - the attacking process attempts to transmit data to the Internet, usually using advanced techniques such as hooking and thread activation in order to bypass firewalls. Although not originally designed as an anti-leaktest program, Process Guard has been demonstrated to have remarkable results against such programs.

Drivers - kernel-mode drivers (.sys files) have the power to perform some very low-level functions, and in the case of rootkits they can actually modify the behaviour of critical operating system functions.

All of the attacks represent a very serious and very real threat to local system security, particularly because the majority of people execute programs on their system without actually knowing what the code in the program does, but all of these attacks can be easily defeated by DiamondCS Process Guard.

follow Know Attacks link above to access links to Attacks in Detail
Click to expand...
 
You must log in or register to reply here.
Back
Top