Nasty Virus defeated.

[Ed/KB1HYS]

The windows system picked up a nasty virus this morning, came in through a browser hijack (I think) and immediately started to delete the dll files!! It also corrupted rundll32.exe.
I run AVAST anitvirus, Teatimer (a registry protection product), AdAware on that system, using Opera as the browser.  It some how got past them.  Don't know how.   I did manage to stop it and recover from the damage, but dang that thing was nasty.  the process name was   his.exe, which was identified as a trojan by Adaware. the domain name that delivered it was located cz.cc/     I blocked that domain, as we don't do a lot of stuff in the Czech republic!

Anyway, off topic I know but just wanted to let people know about a bad bug.

[AB1OQ]

I hope that you just blocked that individual IP address because believe it or now Avast comes from the Czech Republic.

AB1OQ

[k4kyv]

About 3 days ago Avast caught a trojan in my system, that apparently arrived via an e-mail to my wife from her brother. I was able to get rid of it using MalwareBytes. But twice in the past two days, 3rd party bloatware has stealthily installed itself while I was updating software I already have long installed. Yesterday, I updated Realplayer on the XP machine upstairs, and Google Chrome installed itself. I updated Avast in the laptop this morning, and Norton syminstallStub.exe mysteriously appeared on my program list. Not sure if any of these incidents on two computers are related. I immediately uninstalled both of the rogue programs.

[W1RKW]

I use Avast here and though I never had any problems, some people I know who use it have experienced issues with the systems that were not caught by Avast.  I've contemplated dumping it myself just because I think it's time to use something else so not to be complacent. Maybe this is the time to change.

[Pete, WA2CWA]

I'm running the new Norton 360, version 5.1, on most of my machines. No problems. Well into the background; hardly know it's there until it catches something. I've been a Norton user since the beginning of time. Have Avast (the free one) on the shack computer running the Flex stuff. Never been impressed with the free stuff.

[K5UJ]

Can't you configure your machines to not install anything automatically by setting them to ask you before anything gets installed?

[k4kyv]

I used to run the paid version of McAfee, but started having technical issues with it.  When it expired, I didn't renew but instead installed Avast, which worked much better and caught stuff missed by McAfee. Norton is said to be a resource hog. I'm not interested in a "suite" that eats up gobs of memory and CPU capacity, and don't wish to put all my eggs in one security basket.  I use the free versions of Avast and Zone Alarm, Malwarebytes and Windows Defender. Plus the custom HOSTS file that blocks websites known or suspected to spread malware. The only paid service I use is System Mechanic, which seems to help keep the old XP computer purring along. I have read numerous reviews of all the security software on the market, and none of it is foolproof. You still have to be careful. I never open  unknown attachments, even when they come from trusted sources and all my security software gives it a clean bill. I trash all those chain e-mails that contain some bogus political, health or conspiracy theory news item, or warn about a devastating new computer virus that is about to make my hard drive catch fire and burn the house down, and then proceed to tell me I urgently must forward to everyone I know on the planet.

A few months ago some SPAM distributor in Asia got into my Hotmail account, and was sending junk to everyone on my mailing list. I changed passwords and scanned with Malwarebytes and so far have heard nothing more about it.

[Steve - K4HX]

Not completely. But running a non-admin account sure helps.

Can't you configure your machines to not install anything automatically by setting them to ask you before anything gets installed?

[Pete, WA2CWA]

I used to run the paid version of McAfee, but started having technical issues with it.  When it expired, I didn't renew but instead installed Avast, which worked much better and caught stuff missed by McAfee. Norton is said to be a resource hog. I'm not interested in a "suite" that eats up gobs of memory and CPU capacity, and don't wish to put all my eggs in one security basket. 

Those were some of the earlier Norton products. Norton 360 version 5 is a very smooth and efficient beast. I run it on one XP machine that only has 512 Meg of memory and have not seen any degrading of PC performance. I think up on the Norton site it's on sale right now for under $50 for one year for a 3 PC usage.

[Jim, W5JO]

So that is what  Kaspersky keeps blocking.  It has been doing that for the past 30 mins. or so and no harm here.  Gad I hate people who develop and distribute that crap.  Maybe some pimple faced teen ager in a dark basement.

[Detroit47]

Those were some of the earlier Norton products. Norton 360 version 5 is a very smooth and efficient beast. I run it on one XP machine that only has 512 Meg of memory and have not seen any degrading of PC performance. I think up on the Norton site it's on sale right now for under $50 for one year for a 3 PC usage.

I run run Norton 360 also no trouble I and never know it's there until it catches something. One thing I do that most people don't is put as much ram as I can in a computer when I build it. This machine is running a 2.66 gig processor with 3.0 meg cashe, 2 cores, four threads, and 8 gig of ram. I go to any site I want and open anything I want no problems.

73 N8QPC

[W1AEX]

Not completely. But running a non-admin account sure helps.

Steve is right about that. Running with a limited privilege account can help prevent an infection from embedding itself into the OS. As an alternative, when you really need a machine running with admin privileges, you can use a utility such as "DropMyRights" to run selected software such as your browser, email client, and chat client at a level below admin.

If you really want to play it safe, you can run your browser-email-chat clients in a sandbox to prevent any chance of malicious code execution.

I have always found it wise to use Acronis or similar image software to simply create full OS drive backup images about once a month to make restoration easy in the event of a drive failure or other nasty event. It takes less than 30 minutes to create a full drive image and it encourages me to do some "house cleaning" and to delete files that have accumulated in my download folder at least once a month.

Of course nothing is foolproof, but the image solution is really good insurance!

At any rate, congratulations on the successful clean-up Ed!

[AF9J]

Guys, how does Avast compare to AVG?  I've been running the free version of AVG for a few years, but the 2011 version gave me page loading errors with IE (forcing me to switch to another browser).  I have Malware Bytes, but I don't know if it catches everything, when I run scans with it.

[Detroit47]

It has been my experience that any free software isn't worth installing. You get what you pay for. The only free stuff that isn't really free, you have to have a legit copy of windows is Microsoft security essentials. That is my humble opinion; I spend about 8 hours a day on a computer at work. So I have a little experience my work computer is a Linux box so it is pretty immune to most viruses anyhow

http://www.microsoft.com/security/pc-security/mse.aspx

73  John N8QPC

[k4kyv]

FWIW, a recent issue of PC World gave Avast a higher score.  Both are said to consume fewer computer resources and slow the computer down less than Norton or McAfee.  There are some other paid commercial ones, but I am not familiar with any of them. None are foolproof.

I would strongly recommend the custom HOSTS file.  It not only blocks sites that are known to distribute malware; it also blocks a lot of the banner ads that slow you down when you try to load a web page.  With HOSTS activated, my Hotmail account looks just like an ISP account.  With it disabled, it is full of distracting ads, each one of which has to take time to load before the page opens.

It is free of charge. They offer periodic updates every 3 weeks or so, but you have to actively download them.  They no longer automatically notify you by e-mail when an update is available. For more info, go to http://winhelp2002.mvps.org/hosts.htm  Be sure to pay attention to the directions how to prevent the HOSTS file itself from slowing down the computer.

Editors Note: in most cases a large HOSTS file (over 135 kb) tends to slow down the machine...

BTW, I just finished updating RealPlayer on the laptop and sure enough, there was an "advanced options" button on the update page, that I overlooked when updating on the XP machine. I clicked on the button, and there were several options listed, including the capability of downloading and saving YouTube videos and such, a desktop icon, and installing Google Chrome and making it the default browser. All three were checked by default.  I unchecked everything except the YouTube download capability.

I hate it when they try to sneak bloatware on your computer and force you opt out, instead of simply offering it with a conspicuous link that allows you to opt in.

[KC4VWU]

Have bugs? Quick solution -- Macintosh.

I had to literally dump my Dell every year and do a re-install. Mac Mini makes my life much happier now.

73, Phil

[Opcom]

So that is what  Kaspersky keeps blocking.  It has been doing that for the past 30 mins. or so and no harm here.  Gad I hate people who develop and distribute that crap.  Maybe some pimple faced teen ager in a dark basement.

much of it is organized crime.

[WB4AIO]

There is a Firefox add-on called Noscript that I highly recommend.

It makes your browser's default behavior be rejection of all scripts and embeds, which is where most of the nasties come from these days. A happy side benefit is that huge numbers of ads simply disappear. Most sites remain perfectly functional.

You can tell it to allow scripts temporarily or permanently for sites you trust when necessary.

Happy restoration and surfing,

Kevin, WB4AIO.

[W1AEX]

I would second Kevin's advice regarding NoScript. It's an excellent plug-in for Firefox that offers tremendous browsing protection for free. Between that and the Adblock Plus plug-in, web pages pretty much look like content without ads wherever you go. They do an excellent job of preventing script execution in hacked frames on sites that have been unknowingly compromised.

I can't comment on AVG since I have never used it. I have used AVAST Free since version 4.0 (it's now up to version 6.0.1000) and have always found it to offer an excellent layer of protection. It's pretty light on system resources and when teamed with MalwareBytes, NoScript, and a limited privilege account you can feel quite safe as you browse and do the normal things one does with a PC.

[KX5JT]

I use a combination of AVG free and common sense to not click on bait.  So far, I've never got hit.  *knock on wood*

[W1RKW]

I concur with Don on the hosts file modification and the MVPS.org host file.  It works like a champ and one can tailor it to ones liking for various regularly visited websites.  It's a basic text file.

I just updated mine for a website I frequent and that was recently updated with all sorts of ad-spam.  I simply watched the various servers being connected, jotted them down  on paper then entered them into the hosts file.  The website now loads much faster and all the ad-spam is gone.  Loss for the website owner but my gain.