Windows Knowledgebase
Virus, SpyWare, Trojans/Backdoors, Firewall, Patches/hotfixes.
How to protect your computer
Document created: April 7, 2004
Document updated:
February 7, 2005


Back www.TryWare.Dk

There are thousands of SpyWare-programs out there, but your computer is now searched
automatically for about 240 of them
...


You should use at least one of each of the following 7 issues:

Protect against:

 

What is it ???

 

1.     Virus

2.     SpyWare

3.     Trojans/backdoors

4.     Internet connection

5.     Firewall

6.     Patches/hotfixes

7.     Spam

 

 

1.     

2.      What is SpyWare ???

3.     

4.     

5.     

6.     

7.       


This document was granted points on www.experts-exchange.com

 

Virus: Malicious programs that harms your computer

 

You should purchase a good antivirus solution with many updates a week. An old antivirus program without automatic/manual updates doesn't protect you at all.

Also remember to scan your hard drive each month. Maybe you got infected the day before, your update knows about a new virus.


If you are running Windows XP or Me, you should temporarily disable system restore, while removing the malware:

How to Disable the System Restore Configuration User Interface
http://support.microsoft.com/default.aspx?scid=kb;en-us;283073&Product=winxp

How antivirus software and System Restore work together
http://support.microsoft.com/default.aspx?scid=kb;en-us;831829&Product=winxp



AVG Anti-Virus 7.0 free edition for home users. Combine it with:

AVG Specialized Utilities for Virus Removal and Handbooks for Manual Virus Removal

 

Use this free online Trend Housecall scanner to find and clean every known virus/rootkits/backdoors:
http://housecall.trendmicro.com/housecall/start_corp.asp

If you get's an ActiveX error, when loading the Trend HouseCall scanner:
http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=4317

Some viruses can't be removed by housecall. If so, use the free Trend Micro system cleaner:
http://www.trendmicro.com/download/tsc.asp

If you want to secure your own home computer, consider to purchase Trend PC-cillin with built-in firewall:
http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm

If you want to secure your company's workstations, consider to purchase Trend OfficeScan:
http://www.trendmicro.com/en/products/desktop/osce/evaluate/features.htm

If you can afford it, you can get an url-scanning engine installed on a server with workstation, server-, email and url-scanning engine from Trend Micro
http://www.trendmicro.com/en/products/global/enterprise.htm

Virus Information Alliance (VIA)
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/virus/via.asp

Review of the best antivirus solutions:
http://www.cnet.com/software/1,11066,0-806174-1202-0,00.html?tag=dir-av&pn=1&ob=3&qt=&qn=&F2=0&F3=0&sm=0

SoftScan puts an end to virus and spam threats from the Internet
http://www.softscan.dk/english/index.asp

How to Protect Boot Sector from Viruses in Windows
http://support.microsoft.com/default.aspx?scid=kb;EN-US;122221

 

 

SpyWare: Malicious programs that collects your internet browsing for advertising purposes, and installs lots of garbage programs.


SpyWare is going to be the new great security issue after virus and spam.
The reason is, that many antivirus programs don't remove SpyWare, because some of them are only installed if the user (you) is answering yes to "fantastic free programs" like Hotbar.

What is SpyWare ??? (Screenshot examples included)


After studying all the anti-spyware programs below, I decided to purchase

 

Pest Patrol
http://store.ca.com/dr/v2/ec_main.entry25?page=PestPatrolReviews&client=ComputerAssociates&sid=35715

 

 

because:

 

1.      The program is not installed on the computers. Scanning is run or scheduled by a central management console on server. Nothing is visible for the users, and they don't have to start a program to scan their hard disc. A log is saved in the management console, and an email to administrator if nessessary.
 

2.      Ad-Aware og Spybot are currently the most welknown anti-spyware-programs known on technical communities, but PestPatrol found 4 spyware-programs on my company-computer, after I "cleaned" it with Ad-Aware.

 

You can use the FREE online pestscan from PestPatrol

Free 30 days Trial License from Pestpatrol

 

 

If no result with your first choice, you should try more than one of these programs

Ad-Aware Standard Edition is THE award winning, free, multicomponent AdWare detection and removal utility:
http://www.lavasoft.de/software/adaware/

Bazooka AdWare and SpyWare Scanner v1.13.01
http://www.kephyr.com/SpyWarescanner/

Bullet Proof Soft - Spyware Remover
http://www.bulletproofsoft.com/spyware-remover.html

Doxdesk - Automatic check of your browser for parasites, AdWare and SpyWare (about 240)
http://www.doxdesk.com/parasite/

PCHell removal
http://www.pchell.com/support/SpyWare.shtml

Spy-Buster
http://www.spy-buster.com/features.htm

Spybot:
http://security.kolla.de/index.php

SpyFerret detects & removes SpyWare
http://www.onlinepcfix.com/SpyWare/SpyWare.htm

SpyWareBlaster - Prevent SpyWare from installing in the first place
http://www.javacoolsoftware.com/SpyWareblaster.html

SpyWareGuard - A real-time protection solution against SpyWare
http://www.javacoolsoftware.com/SpyWareguard.html

SpyWareGuide
http://www.spywareguide.com


SpyWareInfo: The SpyWare and hijackware removal specialists
http://www.SpyWareinfo.com

X-Cleaner: Scanning and cleaning functions are ultra-fast
http://www.xblock.com/download-freeware.shtml

XoftSpy v3.2: The latest and most advanced Spyware detection and removal application on the Internet
http://www.paretologic.com


 

 

Trojans/backdoors: Unwanted access to your computer


Many of them is found and removed by antivirus programs, but if you aren't got your system patched up with latest hotfix, and have installed a firewall, you'll really get in trouble.


List of known Trojan/Backdoors and the TCP/UDP ports on which they operate
http://research.pestpatrol.com/WhitePapers/About_Ports_And_Trojans.asp - portlist

List of known Trojan/Backdoors and the TCP/UDP ports on which they operate
http://www.onctek.com/trojanports.html

Internet Storm Center - Input port number and press GO
http://isc.incidents.org/port_details.html?port=

The Distributed Reflection DoS Attack
http://grc.com/dos/drdos.htm

 

 

Internet connection - check security


Are you already in trouble? Didn't you update your firewall and antivirus protection?

 

PestPatrol free port checker: Find out which ports are used for malware.

http://research.pestpatrol.com/Downloads/PortChecker/PortChecker.exe


CERT Coordination Center: How to recover an already compromised system
http://www.cert.org/tech_tips/win-UNIX-system_compromise.html

HACKYOURSELF scan: TCP Scan (65534 ports),UDP scan (800+ ports), and Netbios Scan
http://www.hackerwhacker.com/

IPEye is a freeware TCP port scanner
http://www.ntsecurity.nu/toolbox/ipeye/

Port scan: Get an instant security analysis now. You don't even need to know your own IP address!
http://www.dslreports.com/scan

Shields UP! quickly checks the SECURITY of YOUR computer's connection to the Internet.
https://grc.com/x/ne.dll?bh0bkyd2

Sygate free scanning your security: quick, stealth, trojan, tcp, udp, icmp
http://scan.sygatetech.com/


If you DO NOT NEED to share files across the Internet
http://grc.com/su-fixit.htm

Security Features of Internet Connection Sharing
http://support.microsoft.com/default.aspx?scid=kb;en-us;q241570

 

 

Firewall: Protect yourself from unwanted use of your internet connection.


With a firewall you are warn, and protected, when unknown/unwanted programs tries to use your internet connection from the outside or from the inside.


BlackICE pc protection and firewall
http://blackice.iss.net/product_pc_protection.php

Cisco PIX 500 Series Firewall - the industry-leading solution
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/index.html


Net Nanny - block porn - purchase it for safety and security for your computer
http://www.netnanny.com/products/index.html

CC Proxy is an easy-to-use proxy software
http://www.youngzsoft.net/ccproxy/

Sygate personal firewall - free version
http://smb.sygate.com/support/documents/spf/default.htm
http://smb.sygate.com/download/download.php?pid=spf

ZoneAlarm firewall - free version
http://www.zonelabs.com/store/content/company/zap_za_grid.jsp?lid=ho_za


Getting a personal Firewall
http://www.zensecurity.co.uk/default.asp?URL=personal

Comparative reviews of personal firewall software:
http://www.firewallguide.com/software.htm

Firewall Product Selector - Choose yourself which one to compare
http://www.spirit.com/cgi-new/report.pl?dbase=fw&function=view

The Internet Connection Firewall Can Prevent Browsing and File Sharing
http://support.microsoft.com/default.aspx?scid=kb;en-us;298804

 

 

Patches/hotfixes from Microsoft: Lots of security holes fixed each week.


Security holes and fixes are found by Microsoft and others, and Microsoft often solves the problem with patches/hotfixes to the Windows operating system files.

You definitely should install the automatic update feature called SUS.


How to configure and use Automatic Updates in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;EN-US;327850

IIS-vulnerability MS03-007:

Here's Microsoft's warning - Impact of vulnerability: RUN CODE OF ATTACKERS CHOICE:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-007.asp

But they only talks about IIS (Internet Information Server). Here some more stuff about this problem:
http://www.nextgenss.com/papers/ms03-007-ntdll.pdf

As you can see, they warn about this for every Windows 2000 workstation and server, even if the don't run IIS. Problem is, that attacker can run code through port 80 that you use to gain access to internet.

 

 

Spam: Emails that you don't want to receive


Spam is emails that you don't want to receive, and you don't know why you gets these emails.
About half the emails sent through the internet is spam. Thus spam is very annoying and costs a lot of the bandwidth on the internet


SoftScan puts an end to virus and spam threats from the Internet
http://www.softscan.dk/english/index.asp

Online Resources for Spam Mail Testing and Information
http://support.microsoft.com/default.aspx?scid=kb;en-us;249266

Beating Messenger Spam
http://www.practical-tech.com/infrastructure/i11042002.htm



 

This document was granted points on www.experts-exchange.com

025:

Advise on Anti-virus software

Comment from trywaredk
Date: 06/13/2004 01:23PM CEST

Accepted Answer from trywaredk
Date: 03/08/2004 10:56AM CET

024:

Which are virus?

 

Accepted Answer from trywaredk
Date: 05/24/2004 08:40AM CEST

023:

What a good way to refuse services/actions on a public pc?

 

Assisted Answer from trywaredk
Date: 05/19/2004 08:57AM CEST

022:

SpyWare, the best product

 

Assisted Answer from trywaredk
Date: 05/21/2004 09:40PM CEST

021:

I want to Divorce Long Term Relationship with Intruder.

 

Assisted Answer from trywaredk
Date: 05/20/2004 03:44PM CEST

020:

How do I put a condom on a student's unsafe PC now on *my* LAN?

 

Accepted Answer from trywaredk
Date: 05/17/2004 09:02AM CEST

019:

dubolom hijack

Comment from trywaredk
Date: 05/24/2004 08:41AM CEST

Accepted Answer from trywaredk
Date: 05/24/2004 08:42AM CEST

018:

Harmless Intruder or Sleeping Giant Sitting on PC in Restricted Zone

 

Accepted Answer from trywaredk
Date: 04/30/2004 12:18PM CEST

017:

Games and screensaver are automatically minimizing?

 

Accepted Answer from trywaredk
Date: 05/17/2004 09:21AM CEST

016:

revop.C Virus

Comment from trywaredk
Date: 05/13/2004 12:37PM CEST

Accepted Answer from trywaredk
Date: 05/13/2004 12:40PM CEST

015:

Uninstalling Hotbar.comprogr ammes

 

Assisted Answer from trywaredk
Date: 05/11/2004 11:23PM CEST

014:

Securing/Locking down Windows 2000 server.

 

Assisted Answer from trywaredk
Date: 05/10/2004 10:32PM CEST

013:

Please help, I have backdoor.winshell on a windows NT back office small business server system.

Comment from trywaredk
Date: 05/06/2004 05:42PM CEST

Assisted Answer from trywaredk
Date: 05/06/2004 05:44PM CEST

012:

Remote Procedure Call shutdown while using dial-up.

 

Assisted Answer from trywaredk
Date: 04/30/2004 12:16PM CEST

011:

Npam Scan

 

Assisted Answer from trywaredk
Date: 04/28/2004 10:15AM CEST

010:

How to detect non-process virus (trojan)

 

Accepted Answer from trywaredk
Date: 04/26/2004 10:35AM CEST

009:

What virus turns apps off?

 

Assisted Answer from trywaredk
Date: 04/23/2004 11:43AM CEST

008:

IIS keeps crapping out

 

Assisted Answer from trywaredk
Date: 04/22/2004 09:43PM CEST

007:

Norton's stopping system

 

Accepted Answer from trywaredk
Date: 04/21/2004 09:28AM CEST

006:

(Urgent Help)  Sky net Virus  is u sing ISA Firewall Client

 

Accepted Answer from trywaredk
Date: 04/19/2004 03:57PM CEST

005:

norton systemworks will not load

 

Assisted Answer from trywaredk
Date: 04/13/2004 08:56AM CEST

004:

scm.exe accessing must fear-us

 

Accepted Answer from trywaredk
Date: 04/12/2004 02:49PM CEST

003:

Unwanted visitor on Windows2000 professional

 

Accepted Answer from trywaredk
Date: 04/10/2004 10:45PM CEST

002:

Remote access connection manager will not start

 

Accepted Answer from trywaredk
Date: 03/10/2004 10:27PM CET

001:

Zestyfind -- Getting Rid of as home page

 

Accepted Answer from trywaredk
Date: 07/17/2003 09:33PM CEST


Top of this page

 

:o) Your brain is like a parachute. It works best when it's open

 

 

 

 

 

 

 

 

 

w2k local admin group windows 2000 permissions

 

local admin group W2k: Your colleague's got total power of Your pc from his own computer on Your corporate Network: Read TryWareDk's Website - Microsoft Windows 2000 HTML Securityhole Member Local Administrators Group Hotfix Admin Admins Administrator Groups Members Security Office program programs software freeware shareware Outlook Distributionsliste Email Adressbook Adressebog Mandatberegning

event eventlog intranet event-id event-source applications system security error warning information