Looks like I got snagged by the audiohd.exe trojan on my very last day in NY :-(
I'll ask my son about better protection of a WiFi connection.
I'm manually removing this particular crap, but, for the future, what do you all recommend for anti-virus?
Thanks!
(I scuttled Symantec long ago... turns systems into slugs :-( ...Jim Thompson
-- | James E.Thompson, CTO | mens | | Analog Innovations, Inc. | et | | Analog/Mixed-Signal ASIC's and Discrete Systems | manus | | Phoenix, Arizona 85048 Skype: Contacts Only | | | Voice:(480)460-2350 Fax: Available upon request | Brass Rat | | E-mail Icon at
formatting link
| 1962 | I love to cook with wine. Sometimes I even put it in the food.
Ditto on MSE. You can also run the malicious removal tool.
I used to run Avast and would laugh at the fishing attacks and malware attachments it would miss for weeks. Then suddenly all alarms would go off telling me that it saved me from something nasty that I had been deleting all along.
Run Ubuntu. Load VirtualBox. Install two or more XP VDI files. Make one a general browser with email, Flash, javascript, etc and all the normal stuff that gets infected. Keep the file small, such as 3 GB so it is easy to back up to another hard disk.
Load all your working data files to backup storage on Ubuntu. Keep good backups. When the main working vdi gets infected, copy a known good backup over the infected file. Copy the working files from Ubuntu and you are back in business.
Keep the other VDI file for banking, PayPal, and all other financial transactions. Erase Flash, your email client, Microsoft Office, LAN, and all the other files and functions that are prone to infection. Disable or erase all other features and services that are not required to log on to your banking site.
Install Sticky Password manager or some other program. Put all the passwords and logon info in Sticky. Keep the main password in a very safe place. Make backups and keep them current.
You can only copy files from one VDI to the other through Ubuntu, either as plain ascii or in bin format. This prevents malware from transferrng itself to the banking vdi. It also has no way to know that the banking vdi even exists.
The banking vdi cannot get infected online since it doesn't go anywhere except to the financial sites. It cannot be afffected by phishing attacks on the main working vdi since there is no way an infection can cross the boundary.
Virtual installations are used in honeypots to analyze malware. Most of the dangerous malware programs will detect if they are running in virtual mode and shut down to protect the authors against arrest. This works in your favor, since they have no choice but to quit as soon as they arrive at your installation.
There are a couple of attacks that can still affect you. DNS poisoning, attacks against the lan router and dsl modem, and a few others. So always stay alert and never trust the system.
You can help reduce the cost of a banking trojan getting your logon credentials.
Many people and companies lose hundreds of thousands of dollars to keyloggers that wipe out their bank and credit card accounts.
If you try to set up another account, it will have the same profile as your other accounts and will appear online. It will have the same access rights as the other accounts. Thieves can drain it as well.
To prevent this, set up a spare account that is blocked from online or atm access. Put all your funds in it except what you need for daily or weekly expenses. Make sure that to transfer money in or out of the account, you have to go to the bank and present your identification in person. Verify you cannot access the account online.
Now if you get infected, you can only lose what is in the working accounts. The blocked account should remain safe.
The next thing is to change all the answers to the various security questions that banks ask from time to time.
Instead of answering "John" to "who is your favorite uncle?", simply give a long string of garbage characters - "lop09eudgh1waxzlo9". Do the same for all the other questions. Save the strings in Sticky Password Manager.
Now even if someone knows you personally, they will not be able to answer the questions since there is no one named "lop09eudgh1waxzlo9".
There are many other method of preventing infection. Proxomitron is a proxy that filters the incoming html. You can add scripts that control what is allowed to pass to the browser, so you can stop infections before they have a chance to get started. One example is to kill IFRAMES so they never appear in the browser. Proxomitron will change the tag and show it on screen, so you can go there if you wish. But that decision is up to you, and no longer under the control of a thief.
Firefox has some excellent protection add-ons. Certificate Patrol will monitor the SSL certificates and alert you if they have changed, for example, if a thief somehow managed to get you to go to a false banking site he controls. The certificate won't match, and you will be alerted that something is seriously wrong. Don't log on.
Download rootkit analyzers. There are many good ones, such as RootKit Revealer.
Get the System File Checker from Win98. This is very different from the SFC in XP. It allows you to check any file extension and any folder you wish. It alerts you if a file has been modified or changed in any way. It also tells you if a new file has appeared that you didn't know about.
I have shut down the automatic updates from Microsoft. They are useless for preventing malware from using zero day attacks. Antivirus software is also ineffective, and simply drains your system resources.
SFC and Rootkit Revealer will catch most infections. As Jim says, Microsoft Security Essentials is also useful. But watch out for zero day attacks.
The solution is to make it easy to back up your main operating vdi file, and to monitor for rootkits and other infections. When you get hit, don't worry about trying to remove the infection. Lots of times you cannot be sure everything is gone.
Just write over the infected file with a known good backup file and restore your working files.
Lots more good stuff, but these basic concepts should go a long way to keeping you safe online.
First of all using the computer from a so called 'limited or restricted user' helps a lot. I use AVGfree on most computers and that seems to work fine.
--
Failure does not prove something is impossible, failure simply
indicates you are not using the right tools...
nico@nctdevpuntnl (punt=.)
--------------------------------------------------------------
Bullshit. I have used AVG Free for over five years and have never seen that. It will refuse to do daily updates if you don't update the program, which is free.
--
You can't have a sense of humor, if you have no sense.
Bullshit. I have used AVG Free for over five years and have never seen that. It will refuse to do daily updates if you don't update the program, which is free.
--
You can't have a sense of humor, if you have no sense.
Running Comodo anti-virus and firewall combo. It's free. I've noticed it attack patches, cracks, keyword generators for pirated software. Which can be bad for some. I can run without antivirus. (Drive is imaged. I only run trusted sources for code.) Firewall is a must! Why mess up someone's computer when you can steal useful information? Imagine if LTSpice had spyware and collected all the schematics people made.
Well, I did uninstall it when it ceased to function, and that was after
1 year. I was a Bitdefender fan too, but it had the same outcome. (actually BD had very low resource use) I can see no updates, but being disabled is going too far.
But MSE has faired well so far. and Many others agree.
The most recommended full price product was Norton.
Free stuff was Malwarebyte's Antimalware, PC Tools Internet security and AVG antivirus
BUT I would never recommend AVG I have seen it trash too many systems (at least 5) including a recent (1 month ago) new, clean, install of XP Home SP3.
So they got their act back together ?:-) ...Jim Thompson
--
| James E.Thompson, CTO | mens |
| Analog Innovations, Inc. | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| Phoenix, Arizona 85048 Skype: Contacts Only | |
| Voice:(480)460-2350 Fax: Available upon request | Brass Rat |
| E-mail Icon at http://www.analog-innovations.com | 1962 |
I love to cook with wine. Sometimes I even put it in the food.
That's the way I did it this summer on my new Dell Precision laptop. The few CAD programs I don't have for Linux run in a Virtual Box under XP. That, was used to be the D: partition with my designs is now a directory under /d in the Linux file system, visible to XP as a network drive. Other than that, XP lives happily in its own autistic world. There is no internet (simply switched off), not even a virus checker.
Thunderbird and Firefox simply run in Linux, where the usual .com, .exe and .dll simply have no meaning.
The Dell came with Win7 installed and I added Microsoft Security Essentials. Within a few days, MSE complained about some worm after booting and 2 minutes later it declared proudly that the worm had been killed. Same on the next boot, and the next.. That went on for two weeks, seems like someone has won, either security essentials
--- or the worm. No more complaints now.
I don't care. Now that everyting is stable, the Win7 partition will have to go completely. 60 GB with nothing installed but Thunderbird and Firefox, 5 GB remaining :-(
I can run exactly the same virtual machine image on the laptop, at home or in my lab. It is very comfortable once it's set up and I can keep everything synchronized with rsync.
BTW the Dell has now a Solid State Disk, OCZ Vertex3, 240 GB. I get a transfer rate of 500 MBytes/s. Not bad for a laptop!
The SSD had awful firmware bugs resulting in unreliable, or really no operation at all. But with the firmware as of 2 months ago the problems are gone. (The smaller disks are slower.)
That, indeed, is the American way! ...Jim Thompson
--
| James E.Thompson, CTO | mens |
| Analog Innovations, Inc. | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| Phoenix, Arizona 85048 Skype: Contacts Only | |
| Voice:(480)460-2350 Fax: Available upon request | Brass Rat |
| E-mail Icon at http://www.analog-innovations.com | 1962 |
I love to cook with wine. Sometimes I even put it in the food.
I am concerned about trojans and other malware on Linux. They do exist.
It is extremely difficult to detect malware on Linux. Tripwire is similar to Win98 System File Checker, but it is much more difficult to use, and very difficult to remove malware if you get infected. So I just use Ubuntu as a host to run VirtualBox, and never use it to browse the web.
The idea is to use the readily available and very effective Windows malware detection, such as rootkit revealer, Win98 SFC, and MS Security Essentials, then simply write over an installation if it becomes infected. That way you never have any worries about completely eliminating any trace of infection.
[...]
That is an extremely important feature of VirtualBox. You can run a byte- identical copy of your Windows installation anywhere you want. VirtualBox uses generic hard disk, video, sound, and lan interfaces. So Windows never even knows it is running on a completely different computer.
WOW! I top out at 78MB/sec to a spare drive on the same host, and much slower over the lan. It runs around 28MB the first pass, then drops to
Yes, but the malware goes after the biggest crowd of computer illiterates and that is among win users.
You don't need to swim faster than the sharc, it's enough if you can swim faster than your neighbour ;-)
That was the physical transfer rate as measured with CPU-Z or sth. like that. Reading the image when you start a virtual machine is a snap. But, what is more important is the short seek time of 2 or 3 MICROseconds.
It makes me angry every time I hear the *marketshare* argument. Have you EVER seen a criminal leave easy money on the table? The reason that there aren't drive-by exploits for the Linux kernel is because it is MORE DIFFICULT to exploit Linux.
OTOH, MICROS~1 has the least-impressive security model ever; M$ is always completely in *reactive* mode. Bad software design isn't any less stupid than bad circuit design.
...and FOSS gets patched QUICKLY when holes are discovered
--in contrast to Patch Tuesday and M$'s multi-month patch latency.
There are Android/Linux users who will pay for, download, install, and give executable permissions to
*any* shiny crap--even from the dodgiest of sources. The only cure for stupidity is death.
At the rate of 750,000 new Android/Linux users per day, it won't be long before Linux users are the majority. A percentage of those will continue to **purposely** acquire and run trojanware. Stupidity follows the bell curve; Linux isn't a panacea for that.
...and while a fully-vetted all-Open-Source-app ecosystem would mitigate the rate of Android trojans, even that has points of failure--though fewer of those.
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.