problem with a virus.

[bmetzger]

http://neppy.comcage.com/prob1.JPG
http://neppy.comcage.com/prob2.JPG

.dll is doing that? or something? i dunno..not a big issue. removed the actual link/trojan files. but dunno where that is located. any suggestion?

also, best AV software out? hands down the best? i think norton maybe the most professional? used it in the past, and liked it. but i'm thinking newer trojans for the most part have AV disabling techniques. which would be directed towards norton more than others?

 

[mechBgon]

Kapersky Labs is highly regarded and they have a 30-day free trialware available from here. You can also try free 15-day trialware of McAfee VirusScan 9.0 and Norton Antivirus 2005. All of them are targeted by malware, so it's good to never let your guard down. If you do have a virus, you may need to disable System Restore to fully get rid of it. Scanning while in Safe Mode can be to your advantage too.

Here's another handy free utility I like a lot: Microsoft Baseline Security Analyzer, capable of seeing deeper than Windows Update for missing patches and other weaknesses in your general Microsoft setup.

Also try the Symantec Security Check to see if your system's "answering the phone" when worms and hackers come calling from outside.

 

[bmetzger]

any clue ont he right click menu?

 

[mechBgon]

I see you have the Microsoft AntiSpyware beta there. Did that find anything? Tried one of the three antivirus programs I mentioned yet?

Also, if you're going to run mIRC, can I suggest you do so from a Limited-class user account, not from a Computer Administrator-class user account, to put it "in a cage" where it can't use your account to do nasty stuff very easily.

 

[bmetzger]

tried the other version of the MS AV. haven't tried the latest one that is on my desktop yet. actually forgot it was there =) but i'm going to be using kaspersky, try that on. but uhm.. what problem could i have with mIRC? i'm running behind a router firewall, and irc users can't run anything onmy computer withought me wanting them can they?

only reaosn i got this little problem right now is because i jsut had 2 computer "newbies" bringing up 100+ hentai sites on internet explorer..this happened while i wasn't around :/

 

[mechBgon]

mIRC is not at all exploit-proof. I wouldn't run it from an Administrator-class account. But then again, I don't run ANYTHING from an Administrator-class account if I don't have to. Use Limited where possible, is the idea I keep pimping on people. So much safer.

What I would do here, if it were me? is to back up what matters to me onto CDs or DVDs or another hard drive, then blow away the Windows installation and set it up right this time. Make your first user account called Admin and then make a separate one for yourself, and also one called Visitors. Use Admin to get everything set up, and password-protect it. Make your account Limited, password-protect it, and arm the screensaver to lock at 15 minutes and to show the Welcome screen on resume. Make the Visitors account non-password-protected so your pals can use that one if they come around.

This would (1) keep your pals out of your stuff, since the Visitor account can't get into your account, and (2) ensure that both you and they are "wearing your seatbelt" with Limited accounts. If you really can't stand to use a Limited account, make your own account a Computer Administrator, but use the Limited-class account named Visitor for anything "risky."

/me sees bmetzger slowly backing away and feeling for the door, what have I stumbled into here...

Anyway, /me has a bunch of security suggestions for people who are setting up Windows here. Since you have a router, one other suggestion: lock down all ports that you do not actually need.

20 & 21 for FTP
25 for SMTP email if you use it
53 for DNS
80 for standard Web
110 for POP3 email if you use it
143 for IMAP email if you use it
443 for HTTPS Web (secure sites)
and whatever port mIRC uses, I should know it but I forgot A Google for mIRC Port Firewall will get it for ya

Locking the unneeded ports keeps stuff in, not just out. If your computer gets infected with a Downloader or SDbot or Gaobot or Trojan that is designed to "call home" on a random high-numbered port, this will keep it contained. Closing the IRC ports would be highly desirable, they're a prime target, but you can't do that if you want to use them

Anyway, hope that helps a bit