TryWareDk

Windows Knowledgebase
Virus, SpyWare, Trojans/Backdoors, Firewall, Patches/hotfixes.
How to protect your computer
Document created: April 7, 2004
Document updated: February 7, 2005

ß Back www.TryWare.Dk

There are thousands of SpyWare-programs out there, but your computer is now searched
automatically for about 240 of them ...

You should use at least one of each of the following 7 issues:

Protect against:

What is it ???

1. Virus

2. SpyWare

3. Trojans/backdoors

4. Internet connection

5. Firewall

6. Patches/hotfixes

7. Spam

2. What is SpyWare ???

This document was granted points on www.experts-exchange.com

Virus: Malicious programs that harms your computer

You should purchase a good antivirus solution with many updates a week. An old antivirus program without automatic/manual updates doesn't protect you at all.

Also remember to scan your hard drive each month. Maybe you got infected the day before, your update knows about a new virus.

If you are running Windows XP or Me, you should temporarily disable system restore, while removing the malware:

How to Disable the System Restore Configuration User Interface
http://support.microsoft.com/default.aspx?scid=kb;en-us;283073&Product=winxp

How antivirus software and System Restore work together
http://support.microsoft.com/default.aspx?scid=kb;en-us;831829&Product=winxp

AVG Anti-Virus 7.0 free edition for home users. Combine it with:

AVG Specialized Utilities for Virus Removal and Handbooks for Manual Virus Removal

Use this free online Trend Housecall scanner to find and clean every known virus/rootkits/backdoors:
http://housecall.trendmicro.com/housecall/start_corp.asp

If you get's an ActiveX error, when loading the Trend HouseCall scanner:
http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=4317

Some viruses can't be removed by housecall. If so, use the free Trend Micro system cleaner:
http://www.trendmicro.com/download/tsc.asp

If you want to secure your own home computer, consider to purchase Trend PC-cillin with built-in firewall:
http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm

If you want to secure your company's workstations, consider to purchase Trend OfficeScan:
http://www.trendmicro.com/en/products/desktop/osce/evaluate/features.htm

If you can afford it, you can get an url-scanning engine installed on a server with workstation, server-, email and url-scanning engine from Trend Micro
http://www.trendmicro.com/en/products/global/enterprise.htm

Virus Information Alliance (VIA)
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/virus/via.asp

Review of the best antivirus solutions:
http://www.cnet.com/software/1,11066,0-806174-1202-0,00.html?tag=dir-av&pn=1&ob=3&qt=&qn=&F2=0&F3=0&sm=0

SoftScan puts an end to virus and spam threats from the Internet
http://www.softscan.dk/english/index.asp

How to Protect Boot Sector from Viruses in Windows
http://support.microsoft.com/default.aspx?scid=kb;EN-US;122221

SpyWare: Malicious programs that collects your internet browsing for advertising purposes, and installs lots of garbage programs.

SpyWare is going to be the new great security issue after virus and spam.
The reason is, that many antivirus programs don't remove SpyWare, because some of them are only installed if the user (you) is answering yes to "fantastic free programs" like Hotbar.

What is SpyWare ??? (Screenshot examples included)

After studying all the anti-spyware programs below, I decided to purchase …

Pest Patrol
http://store.ca.com/dr/v2/ec_main.entry25?page=PestPatrolReviews&client=ComputerAssociates&sid=35715

… because:

1. The program is not installed on the computers. Scanning is run or scheduled by a central management console on server. Nothing is visible for the users, and they don't have to start a program to scan their hard disc. A log is saved in the management console, and an email to administrator if nessessary.

2. Ad-Aware og Spybot are currently the most welknown anti-spyware-programs known on technical communities, but PestPatrol found 4 spyware-programs on my company-computer, after I "cleaned" it with Ad-Aware.

You can use the FREE online pestscan from PestPatrol

Free 30 days Trial License from Pestpatrol

If no result with your first choice, you should try more than one of these programs

Ad-Aware Standard Edition is THE award winning, free, multicomponent AdWare detection and removal utility:
http://www.lavasoft.de/software/adaware/

Bazooka AdWare and SpyWare Scanner v1.13.01
http://www.kephyr.com/SpyWarescanner/

Bullet Proof Soft - Spyware Remover
http://www.bulletproofsoft.com/spyware-remover.html

Doxdesk - Automatic check of your browser for parasites, AdWare and SpyWare (about 240)
http://www.doxdesk.com/parasite/

PCHell removal
http://www.pchell.com/support/SpyWare.shtml

Spy-Buster
http://www.spy-buster.com/features.htm

Spybot:
http://security.kolla.de/index.php

SpyFerret detects & removes SpyWare
http://www.onlinepcfix.com/SpyWare/SpyWare.htm

SpyWareBlaster - Prevent SpyWare from installing in the first place
http://www.javacoolsoftware.com/SpyWareblaster.html

SpyWareGuard - A real-time protection solution against SpyWare
http://www.javacoolsoftware.com/SpyWareguard.html

SpyWareGuide
http://www.spywareguide.com

SpyWareInfo: The SpyWare and hijackware removal specialists
http://www.SpyWareinfo.com

X-Cleaner: Scanning and cleaning functions are ultra-fast
http://www.xblock.com/download-freeware.shtml

XoftSpy v3.2: The latest and most advanced Spyware detection and removal application on the Internet
http://www.paretologic.com

Trojans/backdoors: Unwanted access to your computer

Many of them is found and removed by antivirus programs, but if you aren't got your system patched up with latest hotfix, and have installed a firewall, you'll really get in trouble.

List of known Trojan/Backdoors and the TCP/UDP ports on which they operate
http://research.pestpatrol.com/WhitePapers/About_Ports_And_Trojans.asp - portlist

List of known Trojan/Backdoors and the TCP/UDP ports on which they operate
http://www.onctek.com/trojanports.html

Internet Storm Center - Input port number and press GO
http://isc.incidents.org/port_details.html?port=

The Distributed Reflection DoS Attack
http://grc.com/dos/drdos.htm

Internet connection - check security

Are you already in trouble? Didn't you update your firewall and antivirus protection?

PestPatrol free port checker: Find out which ports are used for malware.

http://research.pestpatrol.com/Downloads/PortChecker/PortChecker.exe

CERT Coordination Center: How to recover an already compromised system
http://www.cert.org/tech_tips/win-UNIX-system_compromise.html

HACKYOURSELF scan: TCP Scan (65534 ports),UDP scan (800+ ports), and Netbios Scan
http://www.hackerwhacker.com/

IPEye is a freeware TCP port scanner
http://www.ntsecurity.nu/toolbox/ipeye/

Port scan: Get an instant security analysis now. You don't even need to know your own IP address!
http://www.dslreports.com/scan

Shields UP! quickly checks the SECURITY of YOUR computer's connection to the Internet.
https://grc.com/x/ne.dll?bh0bkyd2

Sygate free scanning your security: quick, stealth, trojan, tcp, udp, icmp
http://scan.sygatetech.com/

If you DO NOT NEED to share files across the Internet
http://grc.com/su-fixit.htm

Security Features of Internet Connection Sharing
http://support.microsoft.com/default.aspx?scid=kb;en-us;q241570

Firewall: Protect yourself from unwanted use of your internet connection.

With a firewall you are warn, and protected, when unknown/unwanted programs tries to use your internet connection from the outside or from the inside.

BlackICE pc protection and firewall
http://blackice.iss.net/product_pc_protection.php

Cisco PIX 500 Series Firewall - the industry-leading solution
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/index.html

Net Nanny - block porn - purchase it for safety and security for your computer
http://www.netnanny.com/products/index.html

CC Proxy is an easy-to-use proxy software
http://www.youngzsoft.net/ccproxy/

Sygate personal firewall - free version
http://smb.sygate.com/support/documents/spf/default.htm
http://smb.sygate.com/download/download.php?pid=spf

ZoneAlarm firewall - free version
http://www.zonelabs.com/store/content/company/zap_za_grid.jsp?lid=ho_za

Getting a personal Firewall
http://www.zensecurity.co.uk/default.asp?URL=personal

Comparative reviews of personal firewall software:
http://www.firewallguide.com/software.htm

Firewall Product Selector - Choose yourself which one to compare
http://www.spirit.com/cgi-new/report.pl?dbase=fw&function=view

The Internet Connection Firewall Can Prevent Browsing and File Sharing
http://support.microsoft.com/default.aspx?scid=kb;en-us;298804

Patches/hotfixes from Microsoft: Lots of security holes fixed each week.

Security holes and fixes are found by Microsoft and others, and Microsoft often solves the problem with patches/hotfixes to the Windows operating system files.

You definitely should install the automatic update feature called SUS.

How to configure and use Automatic Updates in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;EN-US;327850

IIS-vulnerability MS03-007:

Here's Microsoft's warning - Impact of vulnerability: RUN CODE OF ATTACKERS CHOICE:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-007.asp

But they only talks about IIS (Internet Information Server). Here some more stuff about this problem:
http://www.nextgenss.com/papers/ms03-007-ntdll.pdf

As you can see, they warn about this for every Windows 2000 workstation and server, even if the don't run IIS. Problem is, that attacker can run code through port 80 that you use to gain access to internet.

Spam: Emails that you don't want to receive

Spam is emails that you don't want to receive, and you don't know why you gets these emails.
About half the emails sent through the internet is spam. Thus spam is very annoying and costs a lot of the bandwidth on the internet

SoftScan puts an end to virus and spam threats from the Internet
http://www.softscan.dk/english/index.asp

Online Resources for Spam Mail Testing and Information
http://support.microsoft.com/default.aspx?scid=kb;en-us;249266

Beating Messenger Spam
http://www.practical-tech.com/infrastructure/i11042002.htm

This document was granted points on www.experts-exchange.com
025:	Advise on Anti-virus software	Comment from trywaredk Date: 06/13/2004 01:23PM CEST	Accepted Answer from trywaredk Date: 03/08/2004 10:56AM CET
024:	Which are virus?		Accepted Answer from trywaredk Date: 05/24/2004 08:40AM CEST
023:	What a good way to refuse services/actions on a public pc?		Assisted Answer from trywaredk Date: 05/19/2004 08:57AM CEST
022:	SpyWare, the best product		Assisted Answer from trywaredk Date: 05/21/2004 09:40PM CEST
021:	I want to Divorce Long Term Relationship with Intruder.		Assisted Answer from trywaredk Date: 05/20/2004 03:44PM CEST
020:	How do I put a condom on a student's unsafe PC now on my LAN?		Accepted Answer from trywaredk Date: 05/17/2004 09:02AM CEST
019:	dubolom hijack	Comment from trywaredk Date: 05/24/2004 08:41AM CEST	Accepted Answer from trywaredk Date: 05/24/2004 08:42AM CEST
018:	Harmless Intruder or Sleeping Giant Sitting on PC in Restricted Zone		Accepted Answer from trywaredk Date: 04/30/2004 12:18PM CEST
017:	Games and screensaver are automatically minimizing?		Accepted Answer from trywaredk Date: 05/17/2004 09:21AM CEST
016:	revop.C Virus	Comment from trywaredk Date: 05/13/2004 12:37PM CEST	Accepted Answer from trywaredk Date: 05/13/2004 12:40PM CEST
015:	Uninstalling Hotbar.comprogr ammes		Assisted Answer from trywaredk Date: 05/11/2004 11:23PM CEST
014:	Securing/Locking down Windows 2000 server.		Assisted Answer from trywaredk Date: 05/10/2004 10:32PM CEST
013:	Please help, I have backdoor.winshell on a windows NT back office small business server system.	Comment from trywaredk Date: 05/06/2004 05:42PM CEST	Assisted Answer from trywaredk Date: 05/06/2004 05:44PM CEST
012:	Remote Procedure Call shutdown while using dial-up.		Assisted Answer from trywaredk Date: 04/30/2004 12:16PM CEST
011:	Npam Scan		Assisted Answer from trywaredk Date: 04/28/2004 10:15AM CEST
010:	How to detect non-process virus (trojan)		Accepted Answer from trywaredk Date: 04/26/2004 10:35AM CEST
009:	What virus turns apps off?		Assisted Answer from trywaredk Date: 04/23/2004 11:43AM CEST
008:	IIS keeps crapping out		Assisted Answer from trywaredk Date: 04/22/2004 09:43PM CEST
007:	Norton's stopping system		Accepted Answer from trywaredk Date: 04/21/2004 09:28AM CEST
006:	(Urgent Help) Sky net Virus is u sing ISA Firewall Client		Accepted Answer from trywaredk Date: 04/19/2004 03:57PM CEST
005:	norton systemworks will not load		Assisted Answer from trywaredk Date: 04/13/2004 08:56AM CEST
004:	scm.exe accessing must fear-us		Accepted Answer from trywaredk Date: 04/12/2004 02:49PM CEST
003:	Unwanted visitor on Windows2000 professional		Accepted Answer from trywaredk Date: 04/10/2004 10:45PM CEST
002:	Remote access connection manager will not start		Accepted Answer from trywaredk Date: 03/10/2004 10:27PM CET
001:	Zestyfind -- Getting Rid of as home page		Accepted Answer from trywaredk Date: 07/17/2003 09:33PM CEST

Top of this page

:o) Your brain is like a parachute. It works best when it's open

w2k local admin group windows 2000 permissions

local admin group W2k: Your colleague's got total power of Your pc from his own computer on Your corporate Network: Read TryWareDk's Website - Microsoft Windows 2000 HTML Securityhole Member Local Administrators Group Hotfix Admin Admins Administrator Groups Members Security Office program programs software freeware shareware Outlook Distributionsliste Email Adressbook Adressebog Mandatberegning

event eventlog intranet event-id event-source applications system security error warning information