Antivirus thread - preventing trojans and keyloggers

Discussion in 'Backup and Security' started by Ken_DTU, Oct 6, 2002.

  1. Ken_DTU

    Ken_DTU

    Hi - let's share some software, tools, ideas on how to best protect against viruses.. they've been causing me a lot of problems lately, how about you folks?

    Of concern is things like netspy trojans (I was infected by a backdoor trojan that came in on a .jpg file! how do you protect against dropper trojans on images? - tough one).

    These trojans have keyloggers and can capture your logins/passwords into online banking, brokerages etc sites, which is a major concern for obvious reasons.

    Interested in hearing from you all, re what you've found works best on a win2K system....let's cover both recommended (and bad) software, as well as best practices..

    So far, favorites are:


    FIREWALL:
    zonealarm pro
    sygate
    tiny

    ANTIVIRUS:
    norton a/v (misses a lot tho; good for email checking)
    panda
    mcaffee
    others to check: kaspersky, avg

    note that many, eg norton and mcafee, can't work together at same time on the system

    info sites for virii:
    http://vil.nai.com/vil
    http://www.sarc.com
    http://www.symantec.com


    ANTITROJAN:
    anti-trojan www.anti-trojan.net
    pestpatrol www.pestpatrol.com
    tauscan
    ad-aware http://www.lavasoftusa.com/aaw.html


    FREE ONLINE VIRUS SCANNERS:

    www.trendmicro.com
    www.sarc.com


    PORT SCANNERS:
    ostrosoft (something like that) and the anti-trojan.net program are good for scanning for open ports via which trojans can be accessing your pc

    also sites like glocksoft.com


    BACKUP:

    Roxio's GoBack (excellent too, to test out new software drivers and new programs etc, then revert the drive to 20 mins ago etc if they hose your pc etc)


    FILE ENCRYPTION:
    I like the blowfish program, great 128-bit encryption for files, integration with explorer menu etc.


    O/S UPDATES:
    be sure to check microsoft frequently for service pack and various other (eg buffer overrun exploit) updates to windows


    SYMPTOMS:

    -REGISTRY changes -- reading through a bunch of the virus symptoms at www.symantec.com 's site is helpful, you get to see the HKLM/software/microsoft/windows/run type of changes that viruses make, like the new bugbear one

    -DISABLING ANTIVIRUS/SCANNING PROGRAMS: most of the new virii try to terminate smc.exe and other firewall/antivirus programs' processes without you seeing it.. this lets another virus get through..

    -REBOOTING on scans: I've had this, with the latest one, my scans terminate midway and reboot the pc


    Best Practices:
    CD-rom backups, weekly mirror hard drive backups, unplug the cable modem when not using it ..


    What's bad is, the new viruses can terminate processes, run silently so you can't see them in task manager, and re-write core processes like csrss.exe and others, so that they look like normal windows system files, but aren't ...


    Current headache:

    something got through and rewrote part of the boot sector on my hard drive, so I can't run defrag, or even re-install win2K.. my files and programs are still working, but I am in the process of backing up data files to cd-roms, so I can reformat the drive, reinstall win2K + apps etc..


    Major worry:

    That someone with a trojan (I got this last one from a mere image file!) will use a keylogger to see my online banking or broker account logins/passwords as they're typed in, and paypal themselves $$ or wire transfer out money from my accounts etc.. maybe I worry too much.

    Loss of data from a destructive virus is bad enough, but loss of money/capital from a hacker running a RAT (remote access terminal) using a keylogger to transfer funds out, etc, is a major concern.


    Let me know if any of you have a good solution, it seems that running a couple of firewalls and antivirus, anti-trojan programs isn't enough anymore.




    thanks,

    ken




    p.s. - fwiw, I've never had a virus til this year, have been very careful.. it seems the new blended threat ones, trojans on image files etc, are much tougher to prevent ... not a newbie here w/antivirus work.. just, these latest ones are very tough to prevent against .. eg got my first one from some #@$ ebook that norton didn't catch, this latest one, from a trojan on an image file! that nothing caught til too late.




     
  2. Do any anti-virus programs check registry changes? The one way a virus can run safely on a computer is to change the registry and pretend to be a properly installed program. I think lavasofts ad-aware plus is supposed to do this while running in the background.
     
  3. I really dislike the fact that anti-virus programs specifically are not anti-trojan in order to not offend the adware and spyware developers whose programs function as a trojan.
     
  4. I have my brokerage account and one email account for statements on a separate computer and am using zonealarm. Nobody else has this email account. I do not use this computer for anything else. I have my datafeed and general email on another computer and keep no critical information on it.
     
  5. I don't want to be a pain in the ass, but I don't think you can get a virus through a .jpg file. Please explain why you think you were infected by a data file. The infection probably occurred when you ran an executable, not by downloading raw data.

    Carl
     
  6. Corona

    Corona

  7. you CAN get a virus from a "fake" .jpg file though

    such as: chart.jpg....................exe
     
  8. Carl - actually there is a special class of virus that McAfee showed about 4 months ago related to the Perrun virus. It infects JPG files. There are limitations and I haven't heard of any actual non-lab infections, but McAfee believes it's possible for a variation of the Perrun virus to eventually be built without the current limitations that could directly infect JPG and other documents.

    In the absence of such a mutated/enhanced virus strain, the current JPG virus implementation requires the presence of a Perrun precursor infection on the machine.
     
  9. Andover had our office go from a software firewall to a hardware firewall for added protection. This means a port scanner can't find us as our true IP addresses aren't even available to the public since the firewall hides them . We run Norton AntiVirus on all our computers and have it updated daily as well as any Windows Updates.

    If we have any sort of problem ever with a virus we dont' even f with it just format the hard drive, install a new operating system and within 2 hrs are ready for that computer to trade again.

    Robert
     
  10. Folks,

    Go to the following for an anti-keylogger program:

    www.anti-keyloggers.com

    and the following for an anti-spyware that can block spyware from getting into your system:

    www.itcompany.com and click on the SpyStopper link.

    Other anti-spyware can only remove spyware and adware after they get into the system.


    Stock.
     
    #10     Oct 6, 2002