mysearchweb/lop.com etc - having got rid of them how to keep them out?

Discussion in 'Virus Information' started by Steve, Aug 18, 2004.

  1. Steve

    Steve Guest

    Thanks to helpful advice from Malke and others I can now do a decent job of
    cleaning up the malware of the machine.

    However, after a day or two, back they come - I don't browse what might be
    considered to be "dodgy" sites.

    I've tried by a process of elimination to identify which of my popular
    websites might be causing the problem and I think www.ebay.co.uk might be a
    culprit. Pop up ads appear as part of the ebay homepage (integral to,
    rather than independant of) and certain of these cause the mywebsearch to
    re-appear, or so it seems.

    I tried S&D "immunize" but that has protected the browser.

    I'd be grateful for ideas and info on how to prevent the attack in the first
    place, rather than do a cleanup job afterwards.

    I'm running an external firewall (in the ADSL router) and NIS2004 on an XP
    SP1 setup. NIS is uptodate.

    Best Regards

    Steve
     
    Steve, Aug 18, 2004
    #1
    1. Advertisements

  2. Steve

    Chuck Guest

    Steve,

    Please start by posting a link to the forum discussions where you had your
    HijackThis log analysed.

    Remember AdAware, CoolWebShredder, HijackThis, and Spybot S&D are detection /
    removal tools.

    Improve your chances for the future.

    Harden your browser. There are various websites which will check for
    vulnerabilities, here are three which I use.
    http://www.jasons-toolbox.com/BrowserSecurity/
    http://bcheck.scanit.be/bcheck/
    https://testzone.secunia.com/browser_checker/

    Block Internet Explorer ActiveX scripting from hostile websites (Restricted
    Zone).
    <https://netfiles.uiuc.edu/ehowes/www/main.htm> (IE-SpyAd under Popular
    Downloads on the left)

    Block known dangerous scripts from installing.
    <http://www.javacoolsoftware.com/spywareblaster.html>

    Block known spyware from installing.
    <http://www.javacoolsoftware.com/spywareguard.html>

    Make sure that the spyware detection / protection products that you use are
    reliable:
    http://www.spywarewarrior.com/rogue_anti-spyware.htm

    Harden your operating system. Check at least monthly for security updates.
    http://windowsupdate.microsoft.com/

    Block possibly dangerous websites with a Hosts file. Three Hosts file sources I
    use:
    http://www.accs-net.com/hosts/get_hosts.html
    http://www.mvps.org/winhelp2002/hosts.htm
    (The third is included, and updated, with Spybot (see above)).

    Maintain your Hosts file (merge / eliminate duplicate entries) with:
    eDexter <http://www.accs-net.com/hosts/get_hosts.html>
    Hostess <http://accs-net.com/hostess/>

    Secure your operating system, and applications. Don't use, or leave activated,
    any accounts with names or passwords with trivial (guessable) values. Don't use
    an account with administrative authority, except when you're intentionally doing
    administrative tasks.

    Use common sense. Yours. Don't install software based upon advice from unknown
    sources. Don't install free software, without researching it carefully. Don't
    open email unless you know who it's from, and how and why it was sent.

    Educate yourself. Know what the risks are. Stay informed. Read Usenet, and
    various web pages that discuss security problems. Check the logs from the other
    layers regularly, look for things that don't belong, and take action when
    necessary.

    Cheers,
    Chuck
    Paranoia comes from experience - and is not necessarily a bad thing.
     
    Chuck, Aug 18, 2004
    #2
    1. Advertisements

  3. Steve wrote on 18-Aug-2004 12:12 PM:
    1) turn on Automatic Updates to stay up-to-date with critical Windows
    updates and IE updates
    2) a good AV is essential. update it daily.
    3) a firewall is good. The Windows firewall in SP2 is more configurable.
    A personal firewall will help you find malware that is "phoning home"
    4) there are extra protections required for IE:
    a) I recommend Quik-Fix from www.pivx.com
    b) SpywareBlaster and Spybot can innoculate against bad extensions
    c) there are lists of bad sites to put in the Restricted Zone
    d) clamp down on the Internet zone settings and put your favorite
    sites in the Trusted zone

    An alternative that many are recommending is to switch your browser to
    avoid activex. Easier to disable activex in the Internet zone and stay
    with what you know.
     
    Kent W. England [MVP], Aug 19, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.