RE: [Declude.Virus] OT: Online file check?

[Colbeck, Andrew]

Oh, yes, and a few more tips:   Configure the IE preferences on the Tools, Options, Advanced tab:   In the Browsing section: UNCHECK "Enable Install on Demand (Internet Explorer)" UNCHECK "Enable Install on Demand (Other)" UNCHECK "Enable 3rd party browser extensions (requires restart)"   In the Security section: CHECK "Empty Temporary Internet Files folder when browser is closed"   I've never seen the first two settings conflict with anything or prevent legitimate software installations. The third doesn't prevent software from being installed, it stops IE from loading such software that has been installed.  In addition to malware, this includes the Google Toolbar, or the Yahoo! toolbar that so many people get installed incidentally with Adobe Acrobat et al.   The fourth setting is great, because much of the malware is dropped in the IE temp folder, so when you close IE or reboot, poof, it's gone.   And of course, make as many trips as necessary to Windows Update in order to add patches.  You also have to look at other software on the computer that might be older with holes, e.g. Real Player, WinAmp, and the Microsoft and Sun Java runtimes.   Remove the now defunct Microsoft JVM altogether with their removal tool.  Either call Product Support or Google for "unmsjvm.exe" and then go to http://www.java.com and download Sun's implementation, and let it periodically go to the Internet to check for updates.   Hope that helps,   Andrew 8)       From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Monday, July 25, 2005 1:12 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] OT: Online file check? To scan a file with a bunch of different scanners and get a single report from all of them, use this site:   http://www.virustotal.com/   And if you want to see what a malicious file does, use this site:   http://sandbox.norman.no/live.html   And the best way to get rid of a file like that is probably to boot in Safe Mode, then edit all the usual registry places to get rid of the malware, and delete each instance of the file.  Also check that the hosts. file has no bogus entries.  If you can't delete a file because it's running, rename the file on the drive.  If you want to terminate a process that Task Manager won't let you terminate, use pskill.exe from http://www.sysinternals.com/ as an Administrator-equivalent userid.   It won't hurt to also, as the user, install http://www.javacoolsoftware.com/ which will tighten up their Internet Explorer settings, and turn on the "kill bit" for many CLASSIDs of known malware.  If you don't mind fetching updates interactively, Spyware Blaster is free for personal use.   For a general perusal and interactive utility to see what applications are set to start from where, check out HijackThis from http://www.spywareinfo.com/~merijn/downloads.html   And for the next week, I think the best interactive tool to ferret out start all the startup applications and places is still Microsoft Antispyware.  They've taken a hit recently because although they continue to find several Adware vendors' software, they now suggest an action of "Ignore" instead of "Remove".  http://www.microsoft.com/athome/security/spyware/software/default.mspx     Andrew 8)   p.s. You might guess that I've had to remove, oh, just one or two bits of malware from users' workstations... From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of William Stillwell Sent: Monday, July 25, 2005 12:05 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] OT: Online file check? At one time i saw a post about a site that you can upload and it will scan it with the "popular" scanners and check it..   I have this evil little program that i can't remove from a users computer, and i have done everything.. It keeps "Renaming" itself on termination..   It spawns under explorer, rundll32, svchost and just totally takes over, and once its connected to an internet connection, downloads just about every peace of malware/spyware it can..   Thanks-