Post Reply 
Tips for dealing with and avoiding viruses/spyware etc [Windows]
Author Message
ZiNgA BuRgA
Smart Alternative

Posts: 17,022.2988
Threads: 1,174
Joined: 19th Jan 2007
Reputation: -1.71391
E-Pigs: 446.1274
Offline
Post: #1
Tips for dealing with and avoiding viruses/spyware etc [Windows]
Since a lot of people seem to fall victim to these things, here's a few tips on how to avoid and prepare yourself for them.

Know how they work
The first thing you need to know, is how viruses work (spyware is a little different).
Viruses and the like, 99.999% of the time, don't simply "just appear".  Actually, almost always, they only exist because the user authorized the virus to wreak havoc on the computer.  Thus, the primary aim of the virus developer is to trick unsuspecting users into letting their code run on their computers.
The majority of viruses in the wild are very poorly coded.  Viruses can potentially do lots of harmful things (including messing up your drivers etc), but rarely will you ever see such viruses (the primary exception would be when someone with more intelligence is trying to direct a DDoS attack perhaps).

Viruses typically need to execute something - that means, you can pretty much dismiss a TXT file as being a virus.  Common "executable" formats are EXE, SCR, BAT and VBS.

Get used to your running processes
The majority of viruses will run as a process - very few will hide their presence (with something like a rootkit).  Thus, knowing exactly what each running process is, will allow you to identify if there's a virus executing on your machine.
You can ditch Task Manager.  Get Process Explorer NT (PENT).
When you run PENT, the list of running processes should be displayed in a nice tree.  There should be two primary trees, generally - one under the SYSTEM process, and another under explorer.exe (usually).  The former are generally system processes and services, and the latter are generally the programs you are running.  Typically, badly coded viruses will execute under the explorer.exe process tree, so it's advisable that you know what every process does, which is under the explorer.exe tree.

I also think a firewall is useful, as it can help block any attempts the virus makes to contact the outside world.  This can also assist in spyware, though applications which do connect to the net and contain spyware, will still usually go through.

Oh, and if anyone hasn't done this yet, show all file extensions!!!  I've seen a number of viruses which make their EXE icon the default folder icon, or similar.  Don't be so stupid to fall to that trick.

I've identified something suspicious
Double click on the process in PENT and see the path of the EXE.  If you're not too sure whether it's a virus or not, check the folder and see what the other files contained there do.
If it appears to be a virus, remember the path, and kill the process, then rename the EXE file (for example, to goodupdates.exe.virus), leave it for a while, and see if your computer operates fine.  Also recheck to see if the virus appears again on the next restart - if it does, you may need to look and try to identify things through startup entries.

Startup Entries
Examining your startup entries can also aid in finding viruses.  Most viruses will load themselves up when you start Windows.  Stuff msconfig and get Autoruns (note, be careful with this application - willy nilly disabling stuff can screw up your Windows installation).  With autoruns, look through the Login tab (viruses rarely touch the other tabs), but do be careful before deleting or disabling anything.  Disabling something like <windowsdir>\system32\userinit.exe can make your life a pain...



Now of course, viruses which use rootkits, for example, won't get detected this way (in fact, if you have a virus which installs a rootkit, the only sure way to get rid of it is to do an "offline scan" (boot into another OS and run a virus scan) - though even that may not necessarily work (there are methods to evade virus scanners))




Now, some common sense tips to avoid getting viruses/spyware:
  • If you get some email with an attachment, although the majority of webmails (Hotmail etc) scan the files for you, they're not perfect, so don't rely on that.  Use your common sense.  Were you expecting an attachment?
  • Get your applications from trusted sources.  If someone attaches a copy of a program, either in an email or a forum, "for your convenience", how hard can it be to search Google for it?  For example, if someone says something along the lines of "use Winamp" and attaches it, don't download it from there.  Spend an extra 5 seconds and type "download Winamp" into Google, and you'll get a source you can trust more.  Similar issue with torrents or other legally questionable packages that bundle applications into stuff like videos etc.
  • To protect against spyware, only get applications which have been recommended by a number of people.  Chances are, an application which you found by clicking on some random ad, is primarily a load of spyware.  Some websites (make sure it's got a bit of credibility) such as Softpedia will have "100% spyware free" guarantees if the application doesn't have spyware (I don't know what they actually do, but in practice, it's been accurate to me).  If you find some dodgey application, spend the little extra time to check it up on such a database.
  • If there's a mysterious file posted on a forum, especially one which promises something unlikely, don't rush to get it.  Wait and see what responses appear first.

Of course, use your common sense above all this.  If there's a package posted on a forum by a responsible member, for example, chances are it's not some malware.


For the paranoid, you can install dodgey applications you find onto a virtual computer (get something like VirtualBox).  If it appears dodgey after installing/running it, at least it doesn't harm your main Windows installation.
Alternatively, roberth has recommended Sandboxie.  I haven't tried it myself, but it looks promising, and should be more convenient to use.


Hope that helps someone.  If you have any further tips/suggestions to make, feel free to do so :P
(This post was last modified: 12/06/2008 05:31 AM by ZiNgA BuRgA.)
12/06/2008 02:57 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Assassinator
...

Posts: 6,646.6190
Threads: 176
Joined: 24th Apr 2007
Reputation: 8.53695
E-Pigs: 140.8363
Offline
Post: #2
RE: Tips for dealing with and avoiding viruses/spyware etc [Windows]
ZiNgA BuRgA Wrote:Viruses typically need to execute something - that means, you can pretty much dismiss a TXT file as being a virus.  Common "executable" formats are EXE, SCR, BAT and VBS.

A lot of them are also .DLL files.
12/06/2008 03:10 AM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA
Smart Alternative

Posts: 17,022.2988
Threads: 1,174
Joined: 19th Jan 2007
Reputation: -1.71391
E-Pigs: 446.1274
Offline
Post: #3
RE: Tips for dealing with and avoiding viruses/spyware etc [Windows]
You can't execute DLL files without some effort...
12/06/2008 03:38 AM
Visit this user's website Find all posts by this user Quote this message in a reply
S7*
Sweet Dreams

Posts: 16,689.4373
Threads: 1,056
Joined: 3rd Apr 2007
Reputation: 14.29926
E-Pigs: 383.2289
Offline
Post: #4
RE: Tips for dealing with and avoiding viruses/spyware etc [Windows]
ZiNgABuRgA just Voided (most of) the point of me doing my 10 Week Course "Vandalism in Cyberspace" with the OU.

LOL
12/06/2008 04:16 AM
Find all posts by this user Quote this message in a reply
roberth
Resident Full Stop Abuser.....

Posts: 4,580.2098
Threads: 200
Joined: 18th Jun 2007
Reputation: -5.5814
E-Pigs: 43.8419
Offline
Post: #5
RE: Tips for dealing with and avoiding viruses/spyware etc [Windows]
May i add to that, and recommend Sandboxie

Its similar to a virtual machine, in that it provides a barrier between your actual OS, and the one your using, but imo is more convienient, its free, but has a nag screen after a while if you don't pay to register. Still works, though theres a small amount of options missing (nothing major)

But, yeah, like Sensei said, you pretty much voided my next module (computer security)

(This post was last modified: 12/06/2008 04:44 AM by roberth.)
12/06/2008 04:39 AM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA
Smart Alternative

Posts: 17,022.2988
Threads: 1,174
Joined: 19th Jan 2007
Reputation: -1.71391
E-Pigs: 446.1274
Offline
Post: #6
RE: Tips for dealing with and avoiding viruses/spyware etc [Windows]
Computer security course voided?  Lol, nah, it's just a basic tips thread.
This is very responsive to what's happening, whereas a course will probably be a lot more theoretical.  But thanks for the flattery anyway :P

Thanks for the suggestion roberth - never heard of that actually.  Sounds very interesting :)
12/06/2008 05:28 AM
Visit this user's website Find all posts by this user Quote this message in a reply
feinicks
One day... we Fly...

Posts: 6,124.6050
Threads: 531
Joined: 27th Mar 2008
Reputation: 2.35695
E-Pigs: 210817.3958
Offline
Post: #7
RE: Tips for dealing with and avoiding viruses/spyware etc [Windows]
ZiNgA BuRgA Wrote:Computer security course voided?  Lol, nah, it's just a basic tips thread.
This is very responsive to what's happening, whereas a course will probably be a lot more theoretical.

I find that course are usually outdated. In the fact that they refer to books that are now old editions. A linux course in a college here uses Fedora 3.. and wee're in the world of the Nine!
ZiNgA BuRgA Wrote:Thanks for the suggestion roberth - never heard of that actually.  Sounds very interesting :)

◄◄••• 天使たちの夢か? •••►►

[Image: ewualizer.gif]
My works!
12/06/2008 05:42 AM
Find all posts by this user Quote this message in a reply
S7*
Sweet Dreams

Posts: 16,689.4373
Threads: 1,056
Joined: 3rd Apr 2007
Reputation: 14.29926
E-Pigs: 383.2289
Offline
Post: #8
RE: Tips for dealing with and avoiding viruses/spyware etc [Windows]
feinicks Wrote:
ZiNgA BuRgA Wrote:Computer security course voided?  Lol, nah, it's just a basic tips thread.
This is very responsive to what's happening, whereas a course will probably be a lot more theoretical.

I find that course are usually outdated. In the fact that they refer to books that are now old editions. A linux course in a college here uses Fedora 3.. and wee're in the world of the Nine!

I noticed this with the one I'm doing with the OU at the moment, some bits a quite dated... meh... 10 Points if I pass.... lol
12/06/2008 06:14 AM
Find all posts by this user Quote this message in a reply
u_c_taker
hacks=drama

Posts: 3,185.2011
Threads: 102
Joined: 29th Jan 2007
Reputation: -1.03084
E-Pigs: 36.7855
Offline
Post: #9
RE: Tips for dealing with and avoiding viruses/spyware etc [Windows]
Nice tips zinga  and viruses can be avoided by using common sense most of the time lol i might try out the other program t mentioned to be used instead of task manager
12/06/2008 07:07 AM
Find all posts by this user Quote this message in a reply
roberth
Resident Full Stop Abuser.....

Posts: 4,580.2098
Threads: 200
Joined: 18th Jun 2007
Reputation: -5.5814
E-Pigs: 43.8419
Offline
Post: #10
RE: Tips for dealing with and avoiding viruses/spyware etc [Windows]
ZiNgA BuRgA Wrote:Computer security course voided?  Lol, nah, it's just a basic tips thread.
This is very responsive to what's happening, whereas a course will probably be a lot more theoretical.  But thanks for the flattery anyway :P

Thanks for the suggestion roberth - never heard of that actually.  Sounds very interesting :)

yeah, that's the long and short of the module...its a very poo poo course

12/06/2008 07:32 AM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 3 Guest(s)

 Quick Theme: