Be carefull out there

[MadAmos]

I was looking for some information for a project I am working on today and did a search on Yahoo, the third link I clicked on immediately tried to install the winantivirus malware on my system no request to do anything else. It was stopped dead by my NAV 2009 and I then ran ccleaner, superantispyware and malwarebytes all looks good. This happened using a fully up to date XP sp3 with FF 3.03 and behind a hardware firewall that comes up all green/stealth on the port scan at shields up but Norton showed it was using port 2792.
This is a mostly a heads up and a warning to anyone who thinks they are safe w/o good A/V protection you can be infected. I am re-evaluating some of my choices and will be making changes to how I do business on the interwebs in the future.

 

[mechBgon]

Also consider using a (yes) non-Admin user account if it would work for your needs, and check your riggie with Secunia's Personal Software Inspector if you haven't already, to close as many known vulnerabilities as practical.

If your Data Execution Prevention isn't already fully enabled, that helps against some types of exploits too. Right-click My Computer, choose Properties, go to the Advanced tab, click the Performance > Settings button, and do what's shown in this pic :camera:.

:beer:

 

[raildogg]

Is that the Antivirus XP 2009? I got that yesterday and it messed up my computer quite a bit. Actually, I did it myself because after this so-called anti-spyware program scanned my computer, I thought it was legit and deleted many important files. So I restored my system back to a few days ago using the backup. But for some reason, my hard drive seems a little more noisier or maybe it is just me.

 

[MadAmos]

Originally posted by: raildogg
Is that the Antivirus XP 2009? I got that yesterday and it messed up my computer quite a bit. Actually, I did it myself because after this so-called anti-spyware program scanned my computer, I thought it was legit and deleted many important files. So I restored my system back to a few days ago using the backup. But for some reason, my hard drive seems a little more noisier or maybe it is just me.

Yes I believe it is.... and from what I have seen it is a SOB fortunately it was never was able to infect my system as the NAV 2009 that I am using blocked it before it could even try. I am fully up to date according to PSI I have been lazy/remiss about setting this unit up on a non admin account as I use it for a couple things that wont run on a non admin account, This is being corrected this week. I have DEP enabled on all my systems and I check it on any I work on as well.

malwarebytes seems to have a good record on cleaning up the antivirusxp infections if you have not already done so I would scan using it as well as superantispyware just to be sure all is clear. You might also want to post a hijackthis log at virtualdr or similar to have it checked for leftovers.

 

[balloonshark]

Another good idea would be to run your internet facing applications in a sandbox program like Sandboxie. When your finished with your browsing session, you can delete or recover the contents manually or automatically. It can also be setup to only allow certain apps to run in the sandbox therefore blocking malware to run. http://www.sandboxie.com/

Another option would be to use a light virtualization application like Returnil. It can virtualize your C: or system partition and after a reboot all changes good or bad are gone. Of course if you need to save any data during a session, it would have to be to an alternative partition, another device or to the optional Virtual Partition which you can create during the installation of Returnil. http://www.returnilvirtualsystem.com/

Both Sandboxie and Returnil have free limited versions available. I use Sandboxie daily with a few custom rules and turn Returnil's "Session Lock" on manually when visiting the dark side or when trying new programs. Returnil's protection can be turned on without a reboot but needs a reboot to turn off protection. Both are really cool geek toys and they have truly changed the way I think about security.

You can also perform Google searches with http://www.scandoo.com/ and it may help weed out potential nasty links. I also agree in keeping all important programs up to date with the online Secunia scanner.