Virus Infestation

[Buck]

This weekend I visited a new customer. They were having problems with their system acting slow, and whenever they attempted to start IE, multiple windows would open, and open, and open. The setup was what I normally come across: Dell system, Windows OS, IE as only browser, Outlook Express as the email client, MSN Messenger used daily, Norton Anti-Virus updated and running, and Spybot as their official 'cool tool' for finding spy stuff. So, I start the system, attempt to use IE by double clicking the IE icon and get to see the problem first hand. Let's see, no other browser? I clicked on the Windows Update option, this of course opens IE, but it prevents the use of the official IE icons. This allowed only four extra windows to open, and I was able to access the Internet. I downloaded two programs, NOD32 and Ad-aware 6.0. I installed NOD32, it found 4 different Trojans infecting 12 files plus one Trojan in operating memory. I then rebooted, let NOD32 run again, and the remaining virus infections were deleted. One problem solved, two more to go. The customer was watching this, which made me happy. They could see first hand the fallibility of Norton -- and the next demonstration folks, will show the uselessness of Spybot. I run Spybot, it finds 5 suspicious files – wow. Then I run Ad-aware, it find 171 suspicious files, 25 were programs, the remaining were tracking cookies. Those are deleted, and the computer is back to normal. Next, I start the Windows Update process, great gobs of goose eggs! None, and I repeat, none of the updates had been done. I ask the user and owner, and they didn’t know the feature was there. So I proceeded to show them how the process worked, had them do a few updates on their own, got paid and left them with several remaining Critical updates and 44 other updates to be run.

I spent time explaining why the appropriate anti-virus/anti-advert software was necessary, which they could obviously see and agree with. Then I also explained about the dangerous mix of IE, OE, & MSNM. Regrettably, they will continue to use that software. However, they did purchase and install NOD32, plus they will use Ad-aware instead of Spybot from now on. Hopefully they’ll pass along some of this experience to their MSNM buddies and we can teach a few more people the need for the appropriate application protection.

 

[Mercutio]

<Those with weak Sarcast-o-meters should turn them up now>
NAV/McAffee didn't find all the viruses? Say it ain't so!
<OK, I'm done now>

 

[Buck]

Of course I had to explain that in a more serious tone to the customer.

 

[mubs]

I guess it's pretty safe to assume Buck uses NOD32 himself.

What does Merc use?

And others here?

Am I the only one (shame, shame) using NAV? It's never let me down so far. Of course, I'm careful in how I use the Internet/mail etc. I have never (and still don't) use any Outlook variant, instant messenger, and have stopped using IE. Been using Zonealarm since it came out.

Should I hang my head in shame? Should I shave my head?

 

[blakerwry]

monthly visit to the doctor @ http://housecall.antivirus.com

no realtime slowing of the computer for me.

 

[Santilli]

monthly visit to the doctor @ http://housecall.antivirus.com

Weekly, and I use AdAware.

I'm careful, but I do get cookies, and a trojan or two, recently.
s

 

[ddrueding]

I use Firefox for everything except windows/office update.

I use Outlook 2003 for 3+ each POP3 IMAP and Exchange accounts.

I use Spybot and Ad-Aware, neither with their respective TSRs.*

I use Housecall, no other antivirus.

*I've found that no matter which spyware app I use first, the other still finds more. I always use both.

 

[timwhit]

I use Adaware every couple weeks. I only run housecall if I suspect that I actually have a virus.

Also check out www.ravantivirus.com, their free online scanner finds many things that housecall and other scanners never see. Most of the time you have to delete the detected files manually because the Rav scanner's autoclean tool is broken.

 

[HellDiver]

Computer "security" today is not really about what antivirus software you use - it's a whole bunch of things, antivirus choice being only a minor part of it.

1. Patch. On a regular basis. Overwhelming majority of worms/viruses/trojans/spyware released in the last couple of years exploited vulnerabilities that were fixed by software authors (<cough!> M$ <cough!>) long before the exploits showed up.
2. Follow a couple of very simple and very logical usage guidelines : opening attachments, installing crap while browsing, installing crap spyware-packed "free solitaire" just because your brain-dead colleague sent it to you by email during lunch break with subject "you simply must try it!", etc.
3. Run a personal firewall, even if your LAN is sitting behind a corporate FW-1. Yes, a free edition of <whatever> commercial firewall will do, and yes, even the Win-XP built-in disgrace of a firewall will do. Make sure to block everything and then to unblock the ports you explicitly need.
4. Whenever possible - try to avoid using the crap M$ software. Chances are you'll find perfectly acceptable - and way more secure - substitutes for the majority of your desktop needs (and that you'll be surprised how little functionality of that 650MB, $400 software package you really use!). Unfortunately, this one is not always up to you.
5. Don't let dumb (and/or computer illiterate) people have unrestricted access to your rig. If you happen to be one yourself - make up your mind whether you choose to suffer or to educate yourself.

By the time you're done with 1-5 from the above, the choice of antivirus and anti -spyware/-adware software becomes not that much of an issue. You probably should cling to something in the top-5 - top-7 products (based on independent comparisons on the web, not manufacturers' brochures!), but beyond that... Who cares, really?!? :roll: Just make sure to either manually scan the files, or to have the AV in "auto-protect" mode, or both. And definitely update your virus defs!

 

[Fushigi]

Some good points from HD. My basic home security is like this:

1. Firewall in the Netgear router.
2. MAC filtering & 128 bit WEP in the wireless portion of the router. No WPA so far as I'd have to replace a wireless NIC to get the feature.
3. Personal firewalls on all PCs. Tiny Personal FW, XP's internal, etc.
4. AV on all PCs. Scanner is resident, update runs daily; scans run weekly. AVG on my boxes; McAfee on the work laptop.
5. Wife uses Yahoo mail, which scans messages & blocks the majority of spam.
6. I use Outlook 2000 / POP and Spamihilator for my 3 POP accounts. Spamihilator is religously updated to block domains that send spam.
7. Spy Bot & Ad Aware on all machines. As ddrueding said, neither seems to be all-inclusive but between the two I feel reasonably safe.
8. End Popups on all machines.
9. Check Windows Update for patches at least twice a month & apply all security-related patches (and most others as well).
10. IE set with reasonable security (ActiveX disabled, etc.)

But the most important thing is not technological; it is education. Neither my wife nor I open email from unknown sources. We also don't open questionable attachments even if from known sources. We only buy from reputable etailers. We don't (typically) surf to questionable sites. If something odd happens (rare), we'll stop what we're doing & run an AV scan & the spyware apps.

No virus / trojan / worm in years. No spyware beyond cookies in years either. All machines are up 24x7 (F @ H) and problems are virtually non-existent.

 

[Will Rickards WT]

Am I the only one (shame, shame) using NAV?

Unfortunately not, it still gets rave reviews from the PC mags so a lot of people use it. Some people don't like symantec in general.
It is on my work computer, but at home I use NOD32.

Should I shave my head?

If you do, be sure to post some pics.

 

[Mercutio]

I don't use AV software on my home machines. I check my machines with housecall about once a month. I don't use IE or Outlook. I keep all my PCs patched. I have a solid internal firewall in place.

I sell Symantec AV to customers. Mostly 'cause I hate McAffee even more, hate dealing with the Norton subscription requirement and most of my business clients see AV software as an being a choice between one or the other. I've tried to support f-prot and NOD32, but every client I've gotten to install it has come back at some point and said they wanted one of the ones they see in stores.

 

[Buck]

Yes, I do use NOD32, along with CWShredder, SpyAssassin, and Ad-aware.

It just seems to always be the case, people have virus problems, and they're running Norton or McAffee. They usually don't switch back to those programs once NOD32 is installed and it solves their problems. Basically, I'm trying to get the best fire-retardant clothing available for people who insist on playing with fire (IE, OE, MSNM).

 

[time]

Computer "security" today is not really about what antivirus software you use - it's a whole bunch of things, antivirus choice being only a minor part of it.

Agreed. However, I'd like to rearrange your priorities:

3. Run a personal firewall, even if your LAN is sitting behind a corporate FW-1. Yes, a free edition of <whatever> commercial firewall will do

If you have a 'hardware' firewall, I don't think using free PFW software is going to help that much. The only thing it can add is detection of trojan outgoing activity, and no PFW product shines in this regard; as a rule of thumb, the cutdown freebies are next to useless.

On the other hand, if you do not have a hardware firewall, the most critical protection you can give your PC is a PFW, no matter how basic. Because no amount of care can protect a user from the sort of attacks easily stopped by a firewall, I rate this as the number one requirement.

4. Whenever possible - try to avoid using the crap M$ software. Chances are you'll find perfectly acceptable - and way more secure - substitutes for the majority of your desktop needs ...

I'm with you, brother. If you can convince someone of this, the next item becomes less critical.

2. Follow a couple of very simple and very logical usage guidelines : opening attachments, installing crap while browsing, installing crap spyware-packed "free solitaire" just because your brain-dead colleague sent it to you by email during lunch break with subject "you simply must try it!", etc.

Encouraging such an attitude is a vital part of security, but the success rate will always be less than expected. Don't underestimate people's fundamental foolishness when it comes to computers.

1. Patch. On a regular basis. Overwhelming majority of worms/viruses/trojans/spyware released in the last couple of years exploited vulnerabilities that were fixed by software authors (<cough!> M$ <cough!>) long before the exploits showed up.

If you have a firewall and don't use Interent Explorer, even the "critical" patches aren't that necessary. Automatic updates - especially from M$- can create their own problems.

Still a part of the security plan, but IMO it should always come after the previous three steps.

5. Don't let dumb (and/or computer illiterate) people have unrestricted access to your rig. If you happen to be one yourself - make up your mind whether you choose to suffer or to educate yourself.

I'd like to visit you in Shangri La some time.

By the time you're done with 1-5 from the above, the choice of antivirus and anti -spyware/-adware software becomes not that much of an issue ... Just make sure to either manually scan the files, or to have the AV in "auto-protect" mode, or both. And definitely update your virus defs!

I used to talk like this once ... but then, like Buck, I wised up. There are significant variations in effectiveness amongst competing products. As he says, people with problems often seem to be running NAV, although it's not as bad as it used to be (i.e. completely bloody useless). However, my main objection to Symantec products is their inordinate tendency to interfere with normal system operation or not work as expected.

I never use 'resident' protection myself, but I now enable it for every single customer I see. It's a life saver.

Finally, THERE IS NO POINT IN ANTIVIRUS SOFTWARE WITHOUT UPDATES! If I do nothing else, I make this point to people. My homily is that they are better off disabling their A/V software; if they feel unprotected, then perhaps they will use greater caution instead of relying blindly on crippled software!

 

[Handruin]

At work we have to use McAfee. Not having a large exposure to the different AV vendors, how do most of them set the priority for their active scan? (TSR service)

At work, mcshield is set to run at high priority. This REALLY drives me nuts. I have a decent machine at work 2.8 GHz), and it is crippled by McAfee...especially with Java apps. Everytime I open a java app, my machine becomes useless for a couple minutes because I CAN'T do anything until McAfee is done scanning the jar files...and it takes bloody forever. I mean, you want to talk 2nd in line for most CPU time, it's mcshield.exe. (second to the idle process) I've tried using sysinternals proc explorer to force the priority to normal, but it always resets itself after a couple minutes.

In the past we used Norton AV, and I never had this issue. I typically don't care for Norton/symantec products, but their AV software didn't intrude as much on my PC as McAfee.

Has anyone else had a similar experience, or is it a McAfee thing?

 

[HellDiver]

time :

However, I'd like to rearrange your priorities:

Well, actually, I didn't list those in any particular order. That's, kind of, the problem here : priorities list implies you can occasionally skip the "low priority" measures. I, on the other hand, can easily demonstrate enough realistic (up to a point of happening to some people whom I happened to talk to/help out in the last couple of years) scenarios in which skipping even one of those "best practices" would have (and did!) put one's rig in harm's way.

If you have a 'hardware' firewall, I don't think using free PFW software is going to help that much.

Been there, done that. One sales guy plugging his laptop (which was previously used out there in the wild) into the corporate LAN is enough to bring the company to its knees. See "Blaster" et al.

The only thing it can add is detection of trojan outgoing activity, and no PFW product shines in this regard...

Generally speaking, in my original post I only mentioned the "5 steps" in the context of choosing "best antivirus". But since we're at it... I totally agree with you, the majority of current breed of PFWs do quite a lame job of application monitoring, and there's nothing much to do about it until they start implementing proper sandboxing. Until then... Well, there's always System Safety Monitor. :wink:

4. Whenever possible - try to avoid using the crap M$ software... <snip>

<snip>...If you can convince someone of this, the next item becomes less critical.

Well, initially I was inclined to think that way as well. But a couple of drive-by XPI download attempts in Fx convinced me otherwise... And clearly things will only get worse in this respect as alternatives to M$ crap will gain popularity...

Don't underestimate people's fundamental foolishness when it comes to computers.

I don't! Unfortunately, until the software industry comes up with the ultimate bulletproof breed of software (read : never!) there's nothing much I can do, except to try to hammer these things down people's heads...

If you have a firewall and don't use Interent Explorer, even the "critical" patches aren't that necessary. Automatic updates - especially from M$- can create their own problems.

Totally agree with your second sentence, but only partially - with your first.

Indeed one of my rigs happens to run an almost totally unpatched Win-2k (no SPs at all, but with an antivirus and a firewall on full alert!) in a very hostile environment - for about 4 years now, without a single accident. But that's a hand-tweaked machine that no one but me is allowed to touch, so it's more of an exception than a rule.

Generally, I wouldn't advise ignoring patches and relying solely on AV/PFW combo, especially for less experienced users. One's luck might run out exactly 2 hours after a new worm/virus combo hits the web, 1 second before one's colleague sends this worm/virus combo over by email, but 3 hours before Symantec/McAfee/<whatever> update their virus definitions and full 17 hours before LiveUpdate equivalent fetches those virus defs... In a corporate environment the consequences can be simply devastating.

There are significant variations in effectiveness amongst competing products. As he says, people with problems often seem to be running NAV, although it's not as bad as it used to be (i.e. completely bloody useless). However, my main objection to Symantec products is their inordinate tendency to interfere with normal system operation or not work as expected.

There are certainly variations, but once you minimize the chances of rig getting infected the importance of AV as means of discovering/combating infection drops down significantly.

As far as Symantec products are concerned... I've had mixed results with NAV/NIS, but somewhat positive ones with the Corporate SAV. So, I can't honestly say that Symantec totally suck arse. They have their highs, they have their lows, on some rigs it works like a charm, on others normal system operation ceases being normal and turns into a nightmare. (Given a chance, I'd certainly physically harm whomever designed and coded NIS configuration routines and dialogs, but that's a different story.) Unfortunately I am not aware of any "silver-bullet-does-it-all-and-never-fails" AV product...

 

[Will Rickards WT]

Has anyone else had a similar experience, or is it a McAfee thing?

Yes back when I used mcafee it slowed down my system noticably. After a while I got sick of it and looked for alternatives and found nod32. The best thing about nod32 is its low impact on system performance.

NAV isn't as bad, but I still notice it. I really don't notice nod32.

You don't know how many people I see with NAV and it is the 3 months free version that came with the PC.

 

[ddrueding]

You don't know how many people I see with NAV and it is the 3 months free version that came with the PC.

The number of people I see with 1-year old computer that never extended their subscription and still insist they have anti-virus protection is insane. I don't even ask, I just uninstall it and then ask if they want virus protection. If they say they don't need it, I run housecall.



As a side note, what do people here charge for the most cursory ad-aware/housecall/defrag? Not even looking at their PC, just running those 3 in that order? I can't bring myself to ask more than $20-$40 unless they don't have a NIC in their PC.

 

[blakerwry]

If it's a friend it's free... or for a favor. For example I helped a hair stylist and she gave me a free haircut and a dye (normally goes for about $40 for the cut alone and about $100 or so for both)

I dont really do private work unless it's for a friend so I wouldnt know.. but i would have a hard time with more than $40 even if it was a bad experience...

On the other hand I see computer stores charge $60 for the same thing and they don't make housecalls... I do.

 

[Buck]

I don't have a flat rate for those types of things DDR. Every case seems to be different and requires varying amount of time, so I just charge by the hour. The above visit that I described took two hours plus another 50 minutes of driving time. I charged $130.00 and they wrote me a check for $135.00 with big grins and plenty of gratitude. Although I must add, that I had made a previous visit in January because their power supply went out. Their Dell only took Dell power supplies (non-standard motherboard connectors), so I told them the bad news and that they should contact Dell. The visit was free - I didn't fix anything.

 

[timwhit]

When I was working for a repair shop a couple years ago they were charging $59/hour for labor. House calls were $59 to drive there and $59/hour with a 1/2 hour minimum. So the minimum amount of money that a house call would cost would be $88.50, even if I only had to drive 2 minutes. Even at those prices we were overly busy almost all the time.

Most repair shops charge even more than that. I have seen $75/hour all the way over $100/hour.

 

[Mercutio]

If someone can convince me to do a home job I usually either bill $65/hr or $100 flat-rate. Sometimes I even let them pick.

 

[ddrueding]

Yeah, I do charge more for housecalls ($50/hr drive time+labor).

But recently I've had quite a few people bring their towers into my shop, complaining of the usual "popups and slowness". So while they're sitting down playing games I'm fixing their computer and doing a dozen other things. Actual time on their computer? 15 minutes tops. I charge $20 plus the $14 for the game time plus an average of $3 in drinks and candy. I know I'm low, but I've already sold 3 of my gaming systems due to referrals...and the margin there is very nice.

 

[e_dawg]

Am I the only one (shame, shame) using NAV? It's never let me down so far. Of course, I'm careful in how I use the Internet/mail etc. I have never (and still don't) use any Outlook variant, instant messenger, and have stopped using IE. Been using Zonealarm since it came out.

Should I hang my head in shame? Should I shave my head?

Nope. I use NAV from 2001 but with updated virus def's. It has never let me down either. (use free AVG lite on auxilliary PC's) No personal firewall, but I have a hardware firewall. No adware protector. I use IE and Outlook exclusively. Never had a problem.

Patch every now and then, don't leave your ports open like every other idiot (enable Windows' built-in TCP/IP filtering or use a hardware firewall), keep your virus def's up to date, and you are more than protected.

As for this new scourge of adware... if you have adware on your computer, the only person you can blame is yourself. Any reasonably experienced PC user should not have adware on their computers even without Ad-Aware or any other such programs. Novices I can understand, but nobody on this forum should have this problem.

 

[Buck]

So, if I were to run Ad-aware on your system right now, we wouldn't find any advert programs like Alexa or any tracking cookies? Why don't you give it a try, and let's see what it finds.

 

[mubs]

e-dawg, I have to agree with Buck. There's more crap out there than anybody can keep track of. A program associated with a recommendation made in this forum (Daemon tools) has malware in it (I've mentioned it in the tools section; Daemon tools itself is clean).

The purpose of posing my original question in this thread was to show that even with NAV, if the user is savvy enough, he/she will be protected. I viewed the original assertions as blanket statements I did not agree with. The originally unsaid words have now been spoken by multiple people, so let there be peace.

 

[e_dawg]

I'm sure it would find its share of cookies, as it's been the greater part of a decade since I stopped trying to maintain my privacy and selectively block cookies. Programs, well I doubt there are any significant offenders on my system. I don't have Kazaa or the usual suspects. I must say that I was thinking more of spyware and "obvious" ad programs, and less about undercover tracking programs advertisers use.

So how about it: let's make a game of it. Place your bets on how many things Ad-Aware will find on my system? Some of you could guess pretty good from running Ad-Aware so many times. Keep in mind I have never run it before. Once I get everybody's entries, I'll install Ad-Aware and report back.

 

[Buck]

I suspect it will identify three, nay four, different programs and an untold amount of tracking cookies if you have never deleted them (possibly 150 or more).

4

 

[ddrueding]

15

 

[GMac]

6 to 8 (plus a shed-load of tracking cookies and a few registry entries that shouldn't be there).

GM

 

[e_dawg]

As promised, here are the results of my virgin Ad-Aware scan:

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Alexa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}


Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"


Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 2



¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Tracking Cookie Object recognized!
Type : File
Data : shawn@247realmedia[1].txt
Object : F:\Documents and Settings\Shawn\Cookies\

Created on : 5/17/2004 2:20:34 AM
Last accessed : 5/24/2004 5:26:29 PM
Last modified : 5/17/2004 2:20:50 AM

[...] 76 cookies later [...]

Tracking Cookie Object recognized!
Type : File
Data : shawn@~~local~~[1].txt
Object : F:\Documents and Settings\Shawn\Cookies\

Created on : 4/4/2004 7:51:23 AM
Last accessed : 5/24/2004 5:26:35 PM
Last modified : 4/4/2004 7:51:23 AM


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Deep scanning and examining files (F
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 80


1:26:49 PM Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:01:13:0
Objects scanned :43097
Objects identified :80
Objects ignored :0
New objects :80

 

[e_dawg]

I guess I did better than everybody expected. There was only 1 program. The about:blank possible browser hijack attempt is not a real threat because I always set my browser to use about:blank as the start page.

78 tracking cookies is probably a little low because I moved my Temp Internet Files a couple weeks ago and had to delete a lot of stuff to fit it into a 64 MB folder.

Comments?

 

[e_dawg]

BTW, what do you guys mean by programs? Registry objects or running processes? I have 32 running processes:

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
#:2 [winlogon.exe]
#:3 [services.exe]
#:4 [lsass.exe]
#:5 [ati2evxx.exe]
#:6 [svchost.exe]
#:7 [spoolsv.exe]
#:8 [svchost.exe]
#:9 [navapsvc.exe]
#:10 [npssvc.exe] (NAV)
#:11 [regsvc.exe]
#:12 [mstask.exe]
#:13 [stisvc.exe]
#:14 [winmgmt.exe]
#:15 [svchost.exe]
#:16 [alertsvc.exe]
#:17 [ati2evxx.exe]
#:18 [explorer.exe]
#:19 [symtray.exe]
#:20 [poproxy.exe] (NAV)
#:21 [jusched.exe] (Java 2 RE)
#:22 [atiptaxx.exe]
#:23 [internat.exe] (MS Intl Lang support)
#:24 [acrotray.exe]
#:25 [navapw32.exe]
#:26 [ud.exe]
#:27 [outlook.exe]
#:28 [winamp.exe]
#:29 [ud_1396140.exe]
#:30 [ud_ligfit_release.exe]
#:31 [taskmgr.exe]
#:32 [ad-aware.exe]


Ad-Aware settings for your reference:

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Monday, May 24, 2004 1:25:35 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R310 23.05.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry

 

[Buck]

E_dawg, Alexa and about:blank would have been the "programs" I was refering to, and the number of tracking cookies is normal considering you had recently deleted a boat load of them. So, I was off by half - bummer.

 

[Tea]

Systems that really matter:

I use the best anti-scum package of them all: a non-Microsoft operating system (OS/2). These systems are also protected by a hardware firewall, but it's the choice of operating system that makes the real difference.

Systems that don't matter as much:

I use a hardware firewall, avoid the Microsoft Unholy Trio that Buck mentioned (Outbreak Express, Intenet Exploder, MSN Massacre), apply the appropriate security patches when I reember to (which is most of the time), scan with Ad-Aware when I suspect a problem or just get bored (maybe every couple of weeks), visit Housecall about as often.

Should I run a software firewall as well? Maybe it would be a good thing to have on my laptop, which could possibly connect direct (rather than through a Smoothwall) once in a blue moon. Maybe it's better just to trust in my CD backups.

 

[Tea]

Standard workshop charge for a spyware and virus scan: AU$55.

That includes whatever it takes: Ad-Aware, Housecall, buggerising around in the registry if required, install Mozilla and Netscape Messenger, plus Tannin's well-worn 10 minute lesson in basic security skills.

What do we charge if we don't find anything nasty? Good question. It doesn't happen often enough to be an issue - we nearly always find nasties.

On-site: you don't get me, Tannin or Kristie on-site. Not unless it is (a) very urgent, and (b) we can't get hold of Mutiah or the Soup Nazi on the day. Or possibly unless one of us full-timers is really bored.

For either one of the on-site guys, you pay $45 for the first half-hour and $20 per half hour after that. If it turns out to be a long job, they will usually cut you a deal. Tannin is cool with that, just so long as he doesn't actually loose money on the job.

 

[Tea]

Oh, for AV software, I recommend PC-cillan. It seems to be about as effective as the only other one I see regularly (the unlovely NAV) and way easier to own and use. It just works. Doesn't buggerise about all the time telling you how clever it is, just works.