Gnutella Forums

Gnutella Forums (http://www.gnutellaforums.com/)
-   Tips & Tricks (http://www.gnutellaforums.com/tips-tricks/)
-   -   viruses, spyware, and other nasties. (http://www.gnutellaforums.com/tips-tricks/43811-viruses-spyware-other-nasties.html)

banmicrosofttoo August 20th, 2005 08:33 PM

viruses, spyware, and other nasties.
 
UPDATED 27 AUG 2005 0617

First, make sure your version of windows is up to date by visiting http://windowsupdate.microsoft.com if you have a legit license. IF YOU DO NOT HAVE ONE, PURCHASE ONE OR BUY A NEW PC WITH WINDOWS PRELOADED.

Second, install Microsoft Anti Spyware. I have had problems with Spybot Search and Destroy a long time ago, so I don't use it. I used Giant Anti Spyware, which was before Microsoft bought out Giant.
URL: http://www.microsoft.com/athome/secu...e/default.mspx

Third, install a virus scanner. There are free ones, so theres no excuse for not having one.

AVG - www.grisoft.com - used in the past, is a very good scanner with free updates.

ClamWin - www.clamwin.com - I recommend this because clamscan is a very good UNIX virus scanner (for mailservers/webhosting), and this is a port to the Windows platform. Free updates.

HouseCall - http://housecall.trendmicro.com - Has anti-virus, security scan and spyware scan, plus it's an online scanner, so you can run a scan whenever you want, and don't have to install any software.

Fourth, do not trust executables (programs, games, etc.) on p2p. A virus spreads by infecting other executables, which could be in that user's shared folders. You download and install the program, you get yourself infected. Also, I have heard rumors that people are making hacked versions of software for p2p that will take over people's computers.

Don't believe me, the software was FlashFXP and I have seen an infected version of Trillian floating around.

What benefit does a person have sharing software with you. He has more to gain by inserting a backdoor/virus/trojan, whatever on your computer. Plus, if it says the program is virus free, the file still might be infected by an unknown backdoor/virus/trojan. People who write such programs regularly change their versions to get around virus scanner detection.

Only trust freeware, shareware, and commercial programs from their respected websites and from authentic third-party websites like www.download.com or www.tucows.com

Fifth, stop using Internet Explorer.
Use Opera www.opera.com, Firefox www.getfirefox.com, or Mozilla www.mozilla.org. - that will stop a lost of the spyware from installing from the Internet, because spyware seems to be easier for people to download on Internet Explorer by ActiveX or "drive-by" downloading.

"Drive-by" downloading is when you are prompted to download and install something before you can "view" some material. This is popular on lyric pages, more "grey" areas on the Internet, and on porn sites. These "viewers" are normally spyware or dialers, which can reconfigure your dialup to dial expensive overseas porn which you find out by a large phone bill.

If you decide to use Internet Explorer (for whatever reason), please install BHODemon - http://www.majorgeeks.com/download3550.html

BHOs are browser help objects, which is an Internet Explorer only feature *cough*mistake*cough* that allows something like Google Toolbar, Yahoo Toolbar, etc. to install in Internet Explorer to help you browse. Spybot Search and Destroy plus Adobe Acrobot Reader are both examples of legit BHOs. Bad BHOs can be keyloggers, password stealers, generate popups, etc. generally nasty stuff. BHODemon takes care of it.


TRY THIS FOR MAXIMUM PROTECTION ONLINE


Download Privoxy Here. Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, modifying web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy has a very flexible configuration and can be customized to suit individual needs and tastes. Privoxy has application for both stand-alone systems and multi-user networks.


Privoxy is easy to install. Double-click the exe and let the setup run. When you are done, configure your web browser to connect to localhost and port 8118 as your proxy server.

It makes the Internet run so much smoother. The greatest thing about Privoxy is that it knows when websites have IE exploits on them to attempt to mess with your computer, and Privoxy will prevent you from going to that site. However, you can ignore Privoxy and go anyway if you're on Firefox/Mozilla/Opera.


moderator: please make this thread sticky.

Dagam3 August 23rd, 2005 04:56 PM

Re: viruses, spyware, and other nasties.
 
1 Attachment(s)
Quote:

Originally posted by banmicrosofttoo
HouseCall - http://housecall.trendmicro.com - Has anti-virus, security scan and spyware scan, plus it's an online scanner, so you can run a scan whenever you want, and don't have to install any software.
Look what, spyware scan, found on my computer...

Dagam3 August 24th, 2005 10:55 PM

Hey... the spyware scan program showed me the LimeWire as a p2p program who can threats my computer and asked me if I want to remove this threat... I know that LimeWire isn't a virus...:D I only wanted to "share" with you this funny "error"... If you you want to see this with your own eyes just scan your comp. online... (as I did) Sorry if you got me wrong...

banmicrosofttoo August 25th, 2005 11:21 AM

im not sure why they're catching it as spyware. does the free version have ads in it? if so, that's most likely why they're flagging it as spyware.


i have a program called radmin 2.2 by famatech which is like pcanywhere, VNC, or any remote control program that is used to access a computer over the Internet. norton antivirus cannot stand it when radmin is installed on people's computers. it automatically says its a virus, however radmin is a commercial program sold by a legitimate company for legitimate purposes.


i believe norton has a comparable product to pc anywhere, therefore thats why they're flagging the thing as a virus. if it was a norton product, i seriously doubt that it'll find its own products as viruses.

the perfect way to stop viruses is to change your whole attitude about the Internet. if you treat every piece of software on p2p as a potential virus, you will notice your infections going down.


i dont run a virus scan and the last virus i had was one that was supposed to download and install while i was browsing the Internet, but I was using Firefox and the virus scanner noticed the virus in Firefox's cache. :)

et voilą August 27th, 2005 08:42 AM

I've made this thread a sticky as it might be a good help to newbies and more experienced user alike. This means that we want that future posts in this particular thread to be informative for the community only in fighting against viruses, spywares and other nasties ;)

Meanwhile, thread has been cleaned by me, so only on subject posts were kept in the original thread.

Merci

banmicrosofttoo August 27th, 2005 01:35 PM

thank you very much.

Dagam3 August 27th, 2005 03:45 PM

More Clear...
 
Quote:

Originally posted by banmicrosofttoo
im not sure why they're catching it as spyware. does the free version have ads in it? if so, that's most likely why they're flagging it as spyware.
No it doesn't...
Quote:

Originally posted by banmicrosofttoo
i have a program called radmin 2.2 by famatech which is like pcanywhere, VNC, or any remote control program that is used to access a computer over the Internet. norton antivirus cannot stand it when radmin is installed on people's computers. it automatically says its a virus, however radmin is a commercial program sold by a legitimate company for legitimate purposes.


i believe norton has a comparable product to pc anywhere, therefore thats why they're flagging the thing as a virus. if it was a norton product, i seriously doubt that it'll find its own products as viruses. (...)

I agree about the Norton Antivirus... is true... In the end is all about selling the software by draging down the others... (the "pure" economy)
Quote:

Originally posted by banmicrosofttoo
i dont run a virus scan and the last virus i had was one that was supposed to download and install while i was browsing the Internet, but I was using Firefox and the virus scanner noticed the virus in Firefox's cache. :)
I'm using FireFox too...

banmicrosofttoo August 27th, 2005 04:00 PM

i think some scanners tell on you for having p2p apps installed.. like retina network scanner would find bit torrent on my machine and prompt me about what to do about it.. if it violated my company's acceptable use policy.

The Elder August 27th, 2005 05:55 PM

Have I been violated ??
 
I've been using LW for a little over 1 year and have had very few problems. Questions, Yes. This is my first post and I hope it is appropriate for this thread.

Two nights ago I was running LW minimized (not downloading anything). Occassionally I would check on the progress of uploads and everything seemed normal. In the mean time I was editing mp3 tags for files I wanted to add to my shared folders.

I normally share 5 folders with different type music. When I checked my shared folders in LW, four of them were missing. I checked options even though I knew uploads had been occurring from these folders all evening. The folders were no longer listed as shared. I immediately closed LW and went to my directory where these folders are kept. They were gone as well as one other folder.

I used windows to search for the folders and some of the known songs within these folders. Nothing! I opened the only folder that was still shown as shared and found 8 songs in a folder that normally has 250 or more.

I used Norton's "recover erased files" function and found most of the music that was missing from the one folder and restored them but there was nothing from the other 3 missing folders.

Norton had all of these songs as deleted but with no date stamp (unknown). Songs that I had manually deleted were also found with the correct date stamp on them.

I ran Norton virus scan, Ad-Aware and Spy-Bot no indication of problems.

I immediately contacted a local guru who has many years experience in computer security. He suggested running scandisk and restoring from a previous day in case some of the system32 files were corrupted and had lost track of the files. I did, to no avail.

The only thing unusual that I can recall is that there was a Bearshare user downloading from one these folders. LW said it was downloading but there was 0% and no time remaining. Not that unusual for a short time but this situation remained for maybe 1/2 hour and then showed download as completed. Still 0%.

The only way I know of to completely erase files from the computer is with programs designed to write zeros over the file names. Maybe I shut LW down before this process had completed zeroing out the files I did find and recover.

I never download zip or exe files with LW. My anti-virus and spyware is always up to date. I'm wondering if this is just a hijacker playing or an attempt to punish LW users.

I will definitely investigate the software identified in this thread that may thwart this kind of effort. I may be paranoid but I have no other explanation for what happened.

Any Ideas?

Thanks Hank

guff August 28th, 2005 10:00 PM

it works
 
banmicrosofttoo,

I wanna say thanks for all the help you have given me after reading your post. I am now running Tor and Privoxy. They are both great and work really well together.

Much appreciated

guff


All times are GMT -7. The time now is 02:41 PM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2015 Gnutella Forums.
All Rights Reserved.