Viruses / Malware - Stop them before they start

[WizardHawk]

The best way to clean up virus attacks is to not suffer them to begin with. Most of the things people talk about are common sense and everyone knows them, but we all at times get lazy about them and fail to protect ourselves. I'm speaking about keeping entry points such as Java, Flash, and Silverlight fully patched and all security updates to your operating system up to date. Those alone prevent many attacks.

It used to be that doing those things and keeping an up to date anti-virus program on your machine was enough. Well it can be argued it wasn't ever bullet proof, but for most it was enough. Not anymore.

One mistake many, even seasoned professionals, do is run their desktop in admin mode. I mean it's just easier to not have to log out and into another account to install things when you are the only user right? But keeping a separate standard user account that is your normal use is a huge thing that can prevent a lot of issues. Also don't turn off UAC (User Account Control). I know it's annoying when it pops up all the time, but with it off you are asking for trouble from drive by web sites that can now do as they please to your drive without any warning or notice at all. Just don't do it.

So what else can you do? Most people know about Malwarebyte's anti-malware (MBAM), but the free version of that doesn't do anything to prevent infection. It is just a good tool for helping to clean some/many of them up.

If you really want to prevent all real possibility of infection look into sandboxie. The free version alone will help almost eliminate any possible attack in the first place although I do admit novice PC users will likely not get nearly the benefit of at least intermediate users because you have to be able to tell when something is bad before letting it on your computer and novices likely won't be able to.

SandboxIE runs your browser and any file/program you like in a complete sandbox (virtual) environment. All changes made to a hard drive, registry, system files, or other areas are done so completely out of harms way. Bad web site with a drive by trojan on it? No problem. Not sure if an attachment is bad and you don't trust your AV scanner? No problem. Browse in the box and run that suspicious app in the box and see what happens. Even run a AV scan on whatever was done in the box BEFORE it ever reaches your full machine.

Another free tool outside of MBAM is Emsisoft emergency kit. Great tool to use with sandboxie as you aren't so much worried about scrubbing/fixing issues as simply identifying if a file you have in your sandbox is bad or not. Feel free to fully install that suspicious program in a sandbox and then run that scan. If it finds something purge the sandbox and delete that file. The infection literally never happened.

Web of Trust - This free download adds a user driven feedback system to browsing. You see a green, yellow, or red circle after links based on reports by other users. This tip will help everyone including novice users. Simply steer clear of even potentially problem sites.

Someone else should write up a good guide on free or trial tools for cleaning up infections. Leave this thread to helping to prevent them to begin with. Add your suggestions and I'll go back and add them to this message so people can just scan the OP for info.

 

[KansasSooner]

If you don't need Java uninstall it period. If you do need it use the Java control panel applet to disable it until needed. Java from Oracle (Sun) is different from JavaScript, which most browsers run by default but can also be turned off. Doing so will disable a lot of web sites though.

 

[HaroldSeattle]

The best way to clean up virus attacks is to not suffer them to begin with. Most of the things people talk about are common sense and everyone knows them, but we all at times get lazy about them and fail to protect ourselves. I'm speaking about keeping entry points such as Java, Flash, and Silverlight fully patched and all security updates to your operating system up to date. Those alone prevent many attacks.

It used to be that doing those things and keeping an up to date anti-virus program on your machine was enough. Well it can be argued it wasn't ever bullet proof, but for most it was enough. Not anymore.

One mistake many, even seasoned professionals, do is run their desktop in admin mode. I mean it's just easier to not have to log out and into another account to install things when you are the only user right? But keeping a separate standard user account that is your normal use is a huge thing that can prevent a lot of issues. Also don't turn off UAC (User Account Control). I know it's annoying when it pops up all the time, but with it off you are asking for trouble from drive by web sites that can now do as they please to your drive without any warning or notice at all. Just don't do it.

So what else can you do? Most people know about Malwarebyte's anti-malware (MBAM), but the free version of that doesn't do anything to prevent infection. It is just a good tool for helping to clean some/many of them up.

If you really want to prevent all real possibility of infection look into sandboxie. The free version alone will help almost eliminate any possible attack in the first place although I do admit novice PC users will likely not get nearly the benefit of at least intermediate users because you have to be able to tell when something is bad before letting it on your computer and novices likely won't be able to.

SandboxIE runs your browser and any file/program you like in a complete sandbox (virtual) environment. All changes made to a hard drive, registry, system files, or other areas are done so completely out of harms way. Bad web site with a drive by trojan on it? No problem. Not sure if an attachment is bad and you don't trust your AV scanner? No problem. Browse in the box and run that suspicious app in the box and see what happens. Even run a AV scan on whatever was done in the box BEFORE it ever reaches your full machine.

Another free tool outside of MBAM is Emsisoft emergency kit. Great tool to use with sandboxie as you aren't so much worried about scrubbing/fixing issues as simply identifying if a file you have in your sandbox is bad or not. Feel free to fully install that suspicious program in a sandbox and then run that scan. If it finds something purge the sandbox and delete that file. The infection literally never happened.

Web of Trust - This free download adds a user driven feedback system to browsing. You see a green, yellow, or red circle after links based on reports by other users. This tip will help everyone including novice users. Simply steer clear of even potentially problem sites.

Someone else should write up a good guide on free or trial tools for cleaning up infections. Leave this thread to helping to prevent them to begin with. Add your suggestions and I'll go back and add them to this message so people can just scan the OP for info.

A safe down load link that doesn't include crapware would be good to post.

 

[KansasSooner]

A safe down load link that doesn't include crapware would be good to post.

About the only place that doesn't include crapware is majorgeeks, one of the few places still on the net that doesn't.

 

[HaroldSeattle]

Sorry to say, but you have to carefully now adays even using major geek. It is still the best download site, but not as good as it once was.

 

[KansasSooner]

Sorry to say, but you have to carefully now adays even using major geek. It is still the best download site, but not as good as it once was.

It hasn't got as bad as CNET or Softpedia, and for the most part the major players of really good software are not piggybacked with crapware or unwanted downloaders...

 

[HaroldSeattle]

I used NirSoft (I think that is what it was called) to down load ImgBurn. It was the one site that didn't include crapware to download ImgBurn.

edit, it was Ninite a great place to download your favorite software at one time.

 

[KansasSooner]

I used NirSoft (I think that is what it was called) to down load ImgBurn. It was the one site that didn't include crapware to download ImgBurn.

For Windows 7 I just use the built in software for ISO and for USB I use Universal-USB-Installer from pendrivelinux.com. (sorry about the edit, not used to the left button not being quote).

 

[HaroldSeattle]

Nice to see I'm not the only one doing some editing. Windows 7 ISO software isn't to bad , but I always preferred ImgBurn.

 

[WizardHawk]

A safe down load link that doesn't include crapware would be good to post.

That's why sandboxie or some other sandbox app is handy. Just download and install inside the sandbox and then just scan that box. Takes seconds instead an hour or more and you can easily/quickly browse every folder and file that changed. If it seems legit then you can do it for real.

It sucks we are in an age where that is something that has to be done, but it really is the best bet for dealing with unknown files.

 

[HaroldSeattle]

That's why sandboxie or some other sandbox app is handy. Just download and install inside the sandbox and then just scan that box. Takes seconds instead an hour or more and you can easily/quickly browse every folder and file that changed. If it seems legit then you can do it for real.

It sucks we are in an age where that is something that has to be done, but it really is the best bet for dealing with unknown files.

No link for a safe down load?

 

[WizardHawk]

You can pickup sandboxie from their website. The download from their page is safe.

Sandboxie - Download Sandboxie

Only issue for you is I'm pretty sure they currently support IE, Chrome, and FF. I don't know if other browsers work with it.

I'm typing this message out now from a sandbox. Everything works exactly as it does on your machine, only much safer.

The only thing you have to remember is saving bookmarks and links from inside it obviously doesn't save them to your drive. I typically have one sandbox open and one normal and pretty much only use the normal for global housekeeping like bookmarks.

Sandboxie adds a line to most right click menus to run pretty much everything in a sandbox. I use it to test questionable files all the time. I've discovered many infected files that way.

 

[mrwallace2ku]

lolz... good stuff here..I gotz an "unopened file" on my desktop entitled "partiers" or some shit, not sure to handle this shit other than NOT open it EVER. First saw it TODAY.


Advice? Whiz?

 

[HaroldSeattle]

You can pickup sandboxie from their website. The download from their page is safe.

Sandboxie - Download Sandboxie

Only issue for you is I'm pretty sure they currently support IE, Chrome, and FF. I don't know if other browsers work with it.

I'm typing this message out now from a sandbox. Everything works exactly as it does on your machine, only much safer.

The only thing you have to remember is saving bookmarks and links from inside it obviously doesn't save them to your drive. I typically have one sandbox open and one normal and pretty much only use the normal for global housekeeping like bookmarks.

Sandboxie adds a line to most right click menus to run pretty much everything in a sandbox. I use it to test questionable files all the time. I've discovered many infected files that way.

I use Panda Safe if I ever want to surf ..cough.... sites that may be risky. The down side is nothing is ever saved to your hard drive. For everyday surfing, I want bookmarks and such. If I catch a virus or malware I can not shake, just reformat and reinstall. Only happens once in a blue moon.

 

[WizardHawk]

lolz... good stuff here..I gotz an "unopened file" on my desktop entitled "partiers" or some shit, not sure to handle this shit other than NOT open it EVER. First saw it TODAY.


Advice? Whiz?

Well I wouldn't open a mysterious file that just suddenly appeared on your computer, but it's not common for rogues to just put files on your machine. I would scan that file and also scan your computer with your anti-virus and/or malwarebyte's antimalware.

You can typically right click over a file and click on scan with whatever you have installed.

I use Panda Safe if I ever want to surf ..cough.... sites that may be risky. The down side is nothing is ever saved to your hard drive. For everyday surfing, I want bookmarks and such. If I catch a virus or malware I can not shake, just reformat and reinstall. Only happens once in a blue moon.

Just to clarify, you have full access to all bookmarks and all features within sandboxie. You also have an option on every file download to save it outside of the sandbox. It is only saving new bookmarks that is a common task that can't really be done in a sandbox. I don't save bookmarks often so it isn't anything that slows me down.

Just knowing that no silent process is possible and the security improvement that brings makes it well worth it.

Just look at Wallace's question above. If he was really curious about that mysterious file that suddenly appeared he could simply right click over it and click on run sandboxed and see what it is and what it does in a completely safe environment.

I use it that way. We end up with questions about files at my work all the time. No matter how often you tell staff never ever open any attachment you weren't expecting, make sure they use your name or our company name in the email (no generic emails) etc, there are always questions about if a file they got is legit. I have them sent to me and I examine them in a sandbox. It takes seconds to find out what they are and what they do. You just pick your sandbox drive as your scan target and it finishes in a couple of seconds with a complete run down of what was loaded.

I know that may not apply to everyone. You will just simply not open any email attachments and delete any mysterious files you didn't download yourself. That is just one use of sandboxing. When you combine WOT (web of trust) with a sandboxed browser you totally eliminate any chance of getting drive by web infections. For people like you and Kansas your knowledge makes you less vulnerable to those to begin with. For the novice to intermediate computer user the odds of getting a web surfed infection is relatively high. Adding Sandboxie to firefox or chrome completely solves that for them. And without taking away any functionality or slowing them down at all.

I ran my own business doing on-site tech support for mostly home users and small businesses for 10 years. The vast majority of my clients were novice to intermediate users. Rarely did I come across any computer where a user surfed the web that didn't have unwanted tool bars, spyware, malware, etc. If all of them sandboxed they wouldn't have EVER had even one. And they wouldn't have to learn a lot to protect themselves.

 

[seattlefan75]

I use AVG and malwarebytes anti malware to scan and clean my computer from time to time I watch plenty of **** and download movies that came out for rent from redbox off piratebay using UTorrent

 

[Peter Gozintite]

I am playing in the sandbox now. Thanks man.

 

[WizardHawk]

I am playing in the sandbox now. Thanks man.

Yeah, it really is better to contain the problem up front than to clean them up after given the very bad trojans and viruses out today. There is a new variant of the cryptolocker out now that will again encrypt and block your access to all of your files. Sandboxed it won't do a thing to you other than make you laugh.

I forgot to mention that sandboxie doesn't start over after you reboot. You have to tell it to delete all to clean the box out. This means if you browse every day you can just leave the box alone until there is a problem and just reset it then. If things seem to be running weird just do a full delete and reopen the box and whatever was infecting it will be gone. Easy as can be.

 

[KansasSooner]

Hey Harold, have you seen this? I might give it a try tomorrow while backup is running to see if it really works as there is a codec package I like that always includes extra crap but I need to update it. Will report back afterward.

How to avoid installing bundleware with the help of Unchecky | PCWorld

 

[HaroldSeattle]

Hey Harold, have you seen this? I might give it a try tomorrow while backup is running to see if it really works as there is a codec package I like that always includes extra crap but I need to update it. Will report back afterward.

How to avoid installing bundleware with the help of Unchecky | PCWorld

Had it for a very short time, before I ended up doing a reinstall. Going to try it again.