Updated 1-stop answers: Spyware, Secret Installs, Virus and related [Archive] - Glock Talk

PDA

View Full Version : Updated 1-stop answers: Spyware, Secret Installs, Virus and related


SamBuca
01-09-2005, 18:25
Preface

The previous 1-stop thread is so outdated that you can actually damage your system by using it...and a lot of the programs/advice given is no longer relevant.

I do this for a living...I sit in my 2 bedroom apartment and make websites, program, and spend the majority of my day fixing virused/cracked/spyware-ridden systems (call me for help in the central PA area ;)). This isn't my opinion or some nonsense I'm regurgitating from reading online....this is what actually works in the real world time and time again.

Please note...you do not have to be a computer genius to fix and/or protect your system. These easy instructions will provide you with a few key programs to handle things---not 10 different programs that are confusing and use terminology you've never heard of.

Whether you're infected or not, it's a good idea to start at the beginning and work your way down. As we approach the bottom, things will get more complex and will change your system...you may stop at the designated places if you're not comfortable with "going all the way."

Spyware/Adware

Spyware (http://en.wikipedia.org/wiki/Spyware) and Adware (http://en.wikipedia.org/wiki/Adware) are defined as "...products [that] perform many different functions, including the delivery of unrequested advertising (pop-up ads in particular), harvesting private information, re-routing page requests to illegally claim commercial site referral fees, and installing stealth phone dialers," and "...any software application in which advertisements are displayed while the program is running," respectively.

Symptoms:


Popup advertisements that appear when you're not browsing the web
Search bars that appear in Internet Explorer (IE)
The default page in IE changes without your knowledge
Slow system performance
Browser crashes
Worst case scenario: total browser failure and inability to access websites at all


Solution:

Microsoft (http://www.microsoft.com) released a new anti-spyware product called MS Anti-Spyware (they bought out another company's product and made improvements). It's currently in beta, but is stable enough for use from the general public. Lab tests as well as my own tests "in the field" show an amazing result compared to other products like Ad-Aware (http://www.lavasoftusa.com), Spybot (http://www.safer-networking.org/en/index.html), or even a commercial product like Pest Patrol (http://www.pestpatrol.com). The product detects programs the others miss, offers a nice interface, system restore capability, real-time agent for detecting stuff as it happens, and auto-updating.

This program is FREE for valid copies of Windows 2000, Windows XP or Windows 2003 Server. If you don't currently have at least Windows 2000, you should consider upgrading as support for previous operating systems is being phased out.

Download:


Microsoft Anti-Spyware (http://www.microsoft.com/athome/security/spyware/software/default.mspx)


Install:

The install is very straightforward and asks easy questions. You can say "yes" to pretty much everything--however I do not say yes to being part of the SpyNet Community. Not interested. All in all, it's important to say yes to the following:


Real-time agent
Auto updates


Usage:

After your intial scan, make sure you click "create restore point" on the bottom right...this is to be sure you don't damage your system and can undo everything.

A browser hijack window may open...you may reset your browser's settings to the default by clicking the blue arrows.

The program will automatically scan your system every night at 2:00am and leave you with a status window in the morning. You can change the time by clicking on "manage schedule." It was HIGHLY recommended you leave this feature turned on in conjunction with the real-time agent.

A word on cookies...

"Cookies (http://en.wikipedia.org/wiki/HTTP_cookie)" have become a buzzword and their function blown completely out of proportion. Anti-spyware companies inflate the "cookie problem" to the point of idiocy in order to promote their product (it may detect 3 spyware programs...but it can say it detects a TOTAL of 800 items when counting cookies it finds from advertisers). A cookie is defined as "...a packet of information sent by a server to a World Wide Web browser and then sent back by the browser each time it accesses that server."

Yes, advertisers track usage across multiple sites by using cookies. So does every other real-world business. Do you complain to your credit card company about privacy when it takes the buying habits of your card number to its promotions/marketing department in order to figure out where you're eating so it knows whose flyer to put in your bill? What about the "bonus card" craze at the food stores tracking your food habits? What about the 460 terabytes of data (http://developers.slashdot.org/article.pl?sid=04/11/14/2057228&tid=187) (read: 471,040 gigabytes...what do you have, an 80 gig in your PC?) Wal-Mart collects on its shoppers?

You're safe. Don't worry about the cookies...it's all a bunch of nonsense to take advantage of the ignorance of the public.

Virus

A virus (http://en.wikipedia.org/wiki/Computer_virus) is defined as "...a self-replicating program that spreads by inserting copies of itself into other executable code or documents." In more recent times, viruses are becoming rare...what we're actually seeing are worms (http://en.wikipedia.org/wiki/Computer_worm), which are "self-contained and [do] not need to be part of another program to propagate itself. They are often designed to exploit the file transmission capabilities found on many computers." In other words, the things you get via email and such.

Symptoms:


Unusual network, drive or CPU activity (not to be mistaken for adware/spyware activity mentioned above)
Frequent system crashes (different from 3rd party program crashes like IE or other software you install)
Unexpected shutdowns
Loss of network connectivity due to your internet provider cutting you off
Slow system performance


Solution:

This is where it gets tricky...there are several well-known and good anti-virus vendors.


McAfee (http://www.mcafee.com) (HIGHLY recommended - get Online VirusScan v9.0)
Norton Security (http://www.norton.com) (difficult to configure properly, consumes too many system resources, annoying updates)
Trend Micro (http://www.trendmicro.com/en/home/us/enterprise.htm) (one of the little guys)


It's NOT recommended that you use one of the free virus programs.

Installation/Usage:

Since each product differs so greatly, follow the manufacturer's installation procedure...just be sure to ENABLE AUTOMATIC UPDATES and ENABLE A NIGHTLY SCAN.

Windows Updates

It is absolutely essential that you make sure you're up-to-date and enable automatic updates.

Go to Windows Update (http://windowsupdate.microsoft.com) (it may ask to install some stuff...that's ok) and click "Scan for updates."

If you have Windows XP, you should install Service Pack 2 immediately and then re-run Windows Update.

After your first boot in service pack 2 the following will be presented to you:


Turn on the firewall
Turn on automatic updates


At this point, you may stop. You've cleaned and disinfected your system as well as taken precautions against future infection.

Browser Replacement

Yes, it's annoying when some computer saavy person says "you should run this other program because it's better." Most of the time they neglect to take your novice skill into effect. However, one replacement browser in particular has grown to the point where it's easy enough to use that ANYONE can use it...and it's fairly simple to get going. We call it...Mozilla Firefox (http://www.mozilla.org).

Installation:


Firefox download page (http://www.mozilla.org/products/firefox/)


Simply run the install program...upon running it for the first time, you can import all of your IE favorites, history, cookies, etc, then you can set it as your default browser. If you're missing a plugin, an easy interface will pop up letting you install it.

It's understandable if you don't want to switch from your beloved IE...but Firefox is written by people who actually care about your computer's well being. It will completely uninstall as if it was never there. Doesn't hurt to try it. Give tabbed browsing a try.

Email Replacement

A lot of people use Outlook for email...and with Outlook comes exploits. The majority of people get viruses and worms through email. From the same people who brought you Firefox also comes a program called Thunderbird. It operates almost identical to Outlook...except for the exploits.

Installation:


Thunderbird download page (http://www.mozilla.org/products/thunderbird/)


Upon running it for the first time, you can import your email messages and contacts from Outlook. There's even a calendar (http://www.mozilla.org/projects/calendar/) program that operates like the one in Outlook.

There are a few more tricks, but they're very nerdy...I'll edit this post to add them a little later on. Just got a call to fix a PC ;)

Zoolander
01-09-2005, 21:47
Great effort! Thanks.

you should install Service Pack 2

I have the SP2 disk in my hand but I'm reluctant to load it on my puter. I heard some people whine that it messed up some of their other programs and such.

4sarge
01-10-2005, 04:03
Thanks SamBuca, I loaded the MS program last evening after reading your post and it successfully removed spy-ware that Ad Aware and Spy-Bot (my favorites)couldn't rid me of. I hope MS continues this program as a freebie or at least incorporates this in an OS.

MB-G26
01-10-2005, 04:13
The previous 1-stop thread is so outdated that you can actually damage your system by using it...and a lot of the programs/advice given is no longer relevant.

If you feel like being a little more specific I'd be happy to make changes via editing when time permits.
MS Anti-Spyware (they bought out another company's product and made improvements). It's currently in beta, but is stable enough for use from the general public.

Er... personally, I would not be comfortable using any MS product that's still in beta. Even with final releases, when it comes to MS, I let the rest of the world beta test whatever it is for a while - and then keep any eye out for posted results on a variety of sites. Much better, for us anyway, than finding out the hard way about conflicts and problems.
Do you complain to your credit card company about privacy when it takes the buying habits of your card number to its promotions/marketing department in order to figure out where you're eating so it knows whose flyer to put in your bill?
Actually, I don't have to complain because I have always been since the inception of any of my accounts, and continue to be, in full "opt out" status at my request. I must be in the generic insert category, because I see the same inserts in my bills in the bills of friends who have cards from the same companies or lenders.
What about the "bonus card" craze at the food stores tracking your food habits?
I have not provided personal information when obtaining those cards, which I would prefer to do with out but truly need the cost savings result (unfortunately, seems they just hike up the other prices to compensate for the "sales"). I have also contacted the individual offices of the stores that issue them - to have all database info removed and to insist that I am completely "opted out" of their data collection (on the assumption they they pair up personal info vis-a-vis traceable payment methods, with purchase info).
What about the 460 terabytes of data (read: 471,040 gigabytes...what do you have, an 80 gig in your PC?) Wal-Mart collects on its shoppers? Probably not a lot I can do to control the Wal-Mart Corporation, but I have done everything knowingly within my control to opt-out of all data collection and marketing by/from whatever source.

Windows Updates
It is absolutely essential that you make sure you're up-to-date and enable automatic updates.

If you have Windows XP, you should install Service Pack 2 immediately and then re-run Windows Update.

After your first boot in service pack 2 the following will be presented to you:

Turn on the firewall

Turn on automatic updates

I would certainly agree that keeping up-to-date with applicable updates and patches is a good computing policy. I do not, however, allow auto updates of the OS, for example, until the rest of the world has done the real-time beta testing. I have yet to be advised by anyone in the security end of things that this is a bad practice. I'd cite as examples the incidents where MS itself has provided infected patches, as well as patches that have wreaked havoc on system with certain configurations, hardware, and/or other sw products.

I think SP2 was a good example of how an upgrade, patch set, etc., is not necessarily a blindly good thing for all systems; at least, not unless the user knows in advance of the problems that will likely be caused on their invidual system and configuration.

Some upgrades include automatic overwrites of other programs, like the MS browser version for example. Upgrading and patching for security purposes is certainly good, but I think it is not always a good idea to simply blindly accept whatever is being sent down the pike to one's machine. There is also the matter of new EULAs to consider, and not just for MS products. I have on occassion chosen NOT to upgrade from one version of sw to the next specifically because of changes to or new provisions in a certain EULA.

It's my understanding that XP's "firewall" is not a true sw firewall for the reason that it does nothing to stop OUTgoing connections which are undesired. Also, it's my understanding that it is NOT advised to run XP's "firewall" at the same time as a sw firewall product because, basically, 'the two will fight'. Personally, I prefer to use a reliable sw firewall that handles traffic from both directions, not just 'incoming'.

In any event, I'd be happy to bring the existing stickie current as soon as time permits, and certainly remove information that is actually damaging advice - but you'll have to be a little more specific as to those sections you object to :)
m

4sarge
01-10-2005, 04:28
Well, I actually should have thanked both article authors to be PC ;) I have used computer techniques and suggestions successfully from both posts. I do not necessarily think that MS is always the evil empire that some do, I have not downloaded the complete SP2 fixes (pick & choose) and I also do not like sharing my personal data with ?

Thanks to everyone who contributes :)

Washington,D.C.
01-10-2005, 09:39
Microsoft recommends installing XP SP2 in safe mode.Clean up and defrag first.

g29andy
01-10-2005, 19:03
Just curious,why do you recommend not using free antivirus programs, I'm specifically thinking of AVG? I recently dropped Norton(resource hog), and switched to AVG.

Washington,D.C.
01-10-2005, 19:42
The free antivirus programs don't always stay as up to date as the big ones.Being up to date is important.

Washington,D.C.
01-10-2005, 19:45
Just exactly is a resource hog?PC's are so much than last year .They are so fast these days there should be resources to spare.Safe internet requires some of your resources,it's just one the prices you pay to protect your data.

g29andy
01-11-2005, 12:09
Your point is taken, but in addition to my new desktop, I also run a 4 year old P3 laptop maxed out at 512 mb RAM. Wish I could justify upgrading all my PC's.

I run Adaware, spybot, ZoneAlarm (free, free, and free)
I run Firefox and Thunderbird (free, free)
Also OpenOffice (free again)

Although they have their critics, these programs are not too shabby.

Washington,D.C.
01-11-2005, 12:20
Year I run a 4 year old Pent III too.it's plenty fast for the internet.I have Norton on it.I have only 256mb of ram.

David_G17
01-11-2005, 13:36
Originally posted by SamBuca

It's NOT recommended that you use one of the free virus programs.


i disagree. the best free antivirus programs: http://linuxiso.org

MB-G26
01-12-2005, 04:53
Re Windows XP and installation of Service Pack 2, and Windows Update

Note that XP SP2 is about 80MB in the "mini version", the full distro is around 250MB, a difficult option for dial-up users. Some users have eventually received theirs on CD from MS by ordering same. See http://www.microsoft.com/windowsxp/downloads/updates/sp2/cdorder/en_us/default810.mspx http://www.microsoft.com/windowsxp/downloads/updates/sp2/cdorder/en_us/default.mspx
("...you may have to loosen your security settings to use this site. You may need to allow Active Scripting if you have it disabled. Don't forget to put things back the way you had them once you are finished before you leave the site and go someplace else.")

http://www.lurkhere.com/forum/DCForumID17/460.html; see also http://www.lurkhere.com/forum/DCForumID4/555.html
("SP2 wrinkles" Aug-09-04, 04:12 PM (EDT)" )
(http://www.lurkhere.com/forum/DCForumID17/460.html "You know I ordered the SP1 CD back in Feb 04 .... we are now in Aug, and I am still here waiting for the damn thing.")
--------------
http://www.lurkhere.com/forum/DCForumID4/555.html
A quote from MSKB 878461 (Perhaps read the MORE INFORMATION section--at the bottom--first.)
"Note By default, the value of the FEATURE_LOCALMACHINE_LOCKDOWN subkey is set to 1 in Windows XP SP2.
To do this, follow these steps:
Quit all Windows-based programs.
Click Start, click Run, type regedit in the Open box, and then click OK.
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN

In the FEATURE_LOCALMACHINE_LOCKDOWN subkey, follow these steps:
Click Iexplore.exe.
On the Edit menu, click Modify.
In the Value data box, type 0, and then click OK.
Click Explore.exe.
On the Edit menu, click Modify.
In the Value data box, type 0, and then click OK.
To quit Registry Editor, click Exit on the File menu.
Restart Windows.
MORE INFORMATION
When the value of the FEATURE_LOCALMACHINE_LOCKDOWN subkey is set to 1, the following restrictions are enforced by Windows XP SP2 for both Microsoft Internet Explorer and Microsoft Windows Explorer:
Disallow ActiveX.
Disallow binary behaviors.
Disallow Java.
Prompt for script running.
Prompt for cross-domain data "
-------------------------------
Re XP SP2 problems, related posts, related resolutions

See also: http://www.windowsbbs.com/showthread.php?t=33849
regarding problems, and this:
Arie
Administrator
Microsoft MVP
Originally Posted by Welshjim
P.S. I also heard somewhere that getting SP2 through Windows Update (rather than the SP2 download site) will usually result in a smaller download. Can't remember whether WU tailors the Update to your PC or whether it was something else, like an incremental install over SP1.

Yes, I've addressed that in my article. MS is actually encouraging people who only have 1 PC to upgrade NOT to download the 266 MB Network Install file. A typical XP install will require around 75 MB to upgrade to SP2. If you are running an SP2 preview, the upgrade would only be around 30 MB to download.
--- -- --- --- --- --
Quote:
Originally Posted by shadowhawk
(quoted in post) I'm waiting AT LEAST a month. And how do you disable that XP firewall? I don't need their krappy firewall. I have my Kerio. (end)

(reply re quoted text) There's a new entry in Control Panel for 'Windows Firewall' and you can turn it off in there. I've decided to give their firewall a chance. (end)
-----------------------------------------

http://isc.sans.org/xpsp2.php?startmsg=2676&isc=613dcba03437e09a6b74ddaf03c6db92
Windows XP Service Pack 2 Experiences
Please use this page to post your experiences installing the Service Pack 2 for Windows XP.
Please only use this page to post factual experiences related to Windows XP Service Pack 2. Do not post opinions about the service pack in general. The intent is to help others that may run into similar problems, or to tell people what conflicts may or may not exist.

...Another machine would not obtain a IP address from my router, after
the reboot at the end of SP2, I had no internet access. Repair
connection does not work,I even tried (Q299357 netsh int ip reset
resetlog.txt). I had to undo SP2, luckily the uninstall did work,
and I had internet after. I finally ended replacing the ethernet
card with a new one and tried SP2 again which worked.

Why did SP2 turn its nose up on the old ethernet card???

one more computer had strange video driver problems like reverting
back to 640X480 every time I boot now. ...
-- --- --- --- --
Only minor issue is that printing on our lan towards a print server
goes horribly wrong. The spool fills up & the print servers
doesn't process the cancel commands anymore. Ironicly enough turning
off the Windows Firewall solves this issue, creating an exception for
the print services does not...
-- --- --- --- --
Some problems with random games most likely related to the NX flag.
Nothing major though, worked around some errors via driver updates
and rollbacks, overall satisfied.
-- --- --- ---
Date: 2005-01-07 04:37:56 (Msg ID: 2669)
I installed SP2 in the morning and instead of restart i shut down the
computer. In the evening i couldn't start Windows and get the notice
that my computer may not be safe because i have no antivirus (Norton
is installed). Since i can't do nothing, even can't format the hard
drive from DOS because: Invalid Drive !!!!!!
-- --- --- --- --
Posted by: !!! Twenty Hours of configuration and no Email !!!
Date: 2005-01-07 02:06:35 (Msg ID: 2668)
The install was a fresh Home XP, updated to SP2.
After uninstalling the Service Pack, Norton Antivirus 2005 was
installed, and was allowed to manage the windows firewall.
After all of this, the Thunderbird mail client (V 1.0, uinstalled
& working before SP2) stopped contacting thensmtp server to send
mail, and gave a "bad password" error message (ethereal showed
*no* traffic to the smtp server). Mail retrieval via POP3 was fine.
After hours of checking settings and calling ISP technsupport
to check for outages, NAV was uninstalled, & windows firewall
was turned off. Tried Thunderbird .9. Nope, no workey
(Outlook Express send and received mail perfectly, with same
settings).

Solutions:

.... wiped off winxp home, reinstalled w/ windows 2000 sp4,
along w/ NAV 2k5. Thunderbird 1.0 works fine, for now...;)
-- -- --- -- --
Date: 2005-01-06 21:08:56 (Msg ID: 2666)
SP2 made my taskbar disappear. Uninstalled SP2. No help. Ran
recovery. No help. Ended up reformatting and reinstalling.
Disgusted with M$ for doing this to me, and disgusted with myself for
trusting them...
-- --- --- --- ---
Date: 2005-01-05 07:20:32 (Msg ID: 2664)
I have no idea how these issues are caused by SP2, but I
can't see any other reason.

After installing SP2, I couldn't watch any video clips. All
mediaplayers froze the whole computer, only reset-button
worked. Tried the latest ATI drivers, Control Centers,
Catalyst... Also tried the older driver that worked fine
earlier, but no.

Soon I tried to update to the USB 2.0 driver, since my
mobo supports 2.0. The setup program couldn't finish due
to several different reasons, and the 2.0 didn't work.
Tried general VIA USB 2.0 drivers, and finally the whole
USB stopped working. I use an USB mouse, so that was
quite a learning process to solve problems with keyboard
only. When I got the USB back to work, it didn't
automaticly install any hardware connected to the USB but
asked for drivers. The drivers are not available, since
XP should recognize them automatically!

Uninstalling SP2 didn't solve anything, so I had to
rebuild my system to get even the mouse working!
Although, I still do have irregular non-solved problems
with my ATI.

Needless to say, I do not recommend SP2... :P
-- -- -- -- -- --
Date: 2005-01-04 07:40:43 (Msg ID: 2660)
I run a new Dell Inspiron 8600 laptop and XP SP1. Registry is clean,
regularly change oil in it (use Norton Disk Doctor and jv16
PowerTools 1.4.1). The status of the machine is immaculate. Never
had any serious issues with XP.

Why did I need this nightmarish SP2? I run Opera, sit behind a
firewall and have a dozen spyware-killers installed. Anyway, SP2
installed fine, said "Installation successful... do you want to
restart?" OK. This is when my life as I know it ended.
Windows would not restart. "File ???krnl.exe is missing or
corrupted. Please copy and reinstall." OK. I do not have a
bootable disk (bad, bad idea), except the XP installation disk. To go
to "Restore", it needs admin password. I forgot it for the
6 months of the use of my laptop. Found a utility which boots the
machine (http://www.nu2.nu/pebuilder/). Beautiful thing -- but did
not help, because all files that were "missing or
corrupted" were still there, in their places and intact since
July or before. I have been trying to restore my registry for three
days, and I will certainly have to reinstall XP. The data is not
lost, but when I think of reinstalling the 200 programs that I have
on my machine, I feel very angry with Microsoft.
-- -- -- -- --
Date: 2005-01-03 22:35:32 (Msg ID: 2659)
GUI portion of SP2 install went ok.
install then prompted for reboot.
After POST, a blue text screen indicated SP2 was performing some
tasks.
Compter then rebooted to the 'safe mode' menu.
No safe mode options resulted in usable computer. All options caused
spontaneous reboot back to the safe mode menu.

Booted with XP CD to recovery console and following MS tech support's
direction, did manual uninstall of SP2 to no avail -- still 'safe
mode' menu.

MS Research advised to perform parallel install of OS to access
computer, then as soon as possible, perform a reformat and
reinstall.

After reformat and reinstall of XP and all patches (except SP2), a
sucesfull install of SP2 was completed.
-----------------------------------
end part 1

MB-G26
01-12-2005, 04:54
Re: SP2 Resources
-------------
These resources are listed on the MVP website and are the initial resources for
people interested in SP2.
Consumer: www.microsoft.com/protect

IT Pro:
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.mspx

PSS SP2 Support Center:
http://support.microsoft.com/default.aspx?pr=windowsxpsp2
"From another (non-MS source) I heard it was a 220MB download. If so even those with broadband are in for a wait.
- ------ -------- -----
the Fatwallet HotDeals forum...................
Date Posted: Aug/25/2004 10:07 PM by RShea
peachee said:
---------------------------------------------------
Does SP2 include everything SP1 has and more?
Or do I need to install both?
---------------------------------------------------
SP2 is a smart update, if you are fully updated and patched then the download is about 60 meg (or off the CD). If you are not then it can be as large as 240 meg of data. So no, you do not need to do SP1 first if you have not yet installed that one, you can go straight to SP2. Warnings: backup important data, order the CD if you have a slow connection, check the software list of packages that do not work or are broken with SP2 (including a few MS packages still, some 3rd party firewalls and even some older anti-virus packages)

Here's the link to the apps having a problem with SP2.......

http://support.microsoft.com/default.aspx?kbid=884130&product=windowsxpsp2

More links posted there........

AMD64 chipsets (uh oh!) - http://www.theinquirer.net/?article=18094
....which leads to - http://support.microsoft.com/default.aspx?scid=kb;en-us;878474

http://www.thechannelinsider.com/article2/0,1759,1636811,00.asp
--- ------ ---- ---
... take a look at all the links and related links that Ghouldini posted. There are some programs that, until they are updated/enhanced, are not going to work with Sp2....and Virus Scan is one of them as are several versions of Zone Alarm. Additionally, it is also possible that once these programs are "fixed" they are not going to work properly with Sp1 any more. Don't know that to be the case, but it is possible.
--- ----- -- -------
FWIW--Here is MS' list of "fixes" included in SP2
http://support.microsoft.com/default.aspx?kbid=811113
- --- ---- --- -

http://www.lurkhere.com/cgi-bin/forums/dcboard.cgi?az=read_count&om=649&forum=DCForumID4
"SP2 Security Center"
Dec-07-04, 11:37 AM (EST)

http://www.lurkhere.com/cgi-bin/forums/dcboard.cgi?az=read_count&om=637&forum=DCForumID4
"Update for XP (KB887742)"
Nov-22-04, 11:37 PM (EST)
You receive the Stop error "Stop 0x05 (INVALID_PROCESS_ATTACH_ATTEMPT)" in Windows XP Service Pack 2 or Windows Server 2003

http://www.lurkhere.com/cgi-bin/forums/dcboard.cgi?az=read_count&om=634&forum=DCForumID4
"Update for Windows XP (KB886677)"
Nov-19-04, 05:33 PM (EST)
This update addresses an issue where double-byte character set (DBCS) characters may appear corrupted in Internet Explorer on Windows XP when you browse a Web site that uses Shift-JIS character encoding.

http://www.lurkhere.com/cgi-bin/forums/dcboard.cgi?az=read_count&om=623&forum=DCForumID4
"Page Not Found"
Oct-31-04, 07:06 PM (EST)

... From what I've been able to discover most of the problems related to SP2 have something to do with the "beefed up" firewall portion of the package. Again speculation on my part...

http://www.lurkhere.com/cgi-bin/forums/dcboard.cgi?az=read_count&om=617&forum=DCForumID4
"My XP Disaster"
Oct-24-04, 02:00 PM (EDT)
I had a total disaster with XP a few days ago. I am told by Dell that SP2 caused this....

http://www.lurkhere.com/cgi-bin/forums/dcboard.cgi?az=read_count&om=615&forum=DCForumID4
"Windows XP, SP2 and Windows Media Player"
Oct-15-04, 08:11 PM (EDT)
Before Windows XP SP2 came to town I had Windows Media Player 9 and I loved it.
When Windows XP SP2 came out I downloaded and installed it. My computer then wouldn't load Windows XP, wouldn't do anything at all so Microsoft helped me to take SP2 off of my computer.
Then I saw "NEW" Windows Media Player 10. To make a long story short, I thought if Media Player 9 is great Media Player 10 must be greater.
Now the Windows Media Player 10 freezes or something and becomes nonresponsive when I try to use it.
I tried every way I know of to uninstall it and use Media Player 9. but everytime I download and try to install Media Player 9 my Computer says, "Windows has found a more recent version of Windows Media Player on your computer. Media Player 9 will now exit."
And I can never get it to install. So now I am without a player. I don't like the other players.
http://www.lurkhere.com/cgi-bin/forums/dcboard.cgi?az=read_count&om=611&forum=DCForumID4
"windows media"
Oct-08-04, 02:21 AM (EDT)
hi lurkers, once again I have to ask your help,since updating XP home I can,t get media player to work when I D/L either 9 or 10 I get the same error message,(this version incompatable with this version of windows).I,ve tried Win dows XP news group ,but no help there,plenty of others in the same boat. but no answers on how to fix it
-- - - - - -
I assume this is related to SP2 update? You really didn't say, but if it is here is what might be your fix.
http://www.mcse.ms/message1119953.html
-- -- -- --- --
sorry about not explaining better ,it was the SP2 update I ment,Now I have to work out how to play Media 10.
---------------------------------------------------------------------
http://www.lurkhere.com/cgi-bin/forums/dcboard.cgi?az=read_count&om=568&forum=DCForumID4
"XP SP2 -tongue in cheek!"
Aug-20-04, 08:30 AM (EDT)
(quotes the following)
Here we go again, fully patched systems, even with SP2 allow this bug to slip through:
http://secunia.com/advisories/12321/
The vulnerability is caused due to insufficient validation of drag and drop events issued from the "Internet" zone to local resources. This can be exploited by a malicious website to e.g. plant an arbitrary executable file in a user's startup folder, which will get executed the next time Windows starts up.
--- --- --- ---
In addition:
http://www.heise.de/security/artikel/50051
------------------------------------------------------------
http://www.lurkhere.com/cgi-bin/forums/dcboard.cgi?az=read_count&om=564&forum=DCForumID4
"XP SP2 - Programs incompatabilities"
Aug-16-04, 10:10 AM (EDT)
Programs which may ...er...'behave differently' with WinXP SP2
(Check the version numbers of the programs too). Quite a few MS products included.
http://support.microsoft.com/default.aspx?kbid=884130&product=windowsxpsp2
--- --- --- --- ---
Some more along those lines.
"To help provide security for your Windows XP SP2-based computer, Windows Firewall blocks unsolicited connections to your computer. However, sometimes you might want to make an exception and permit someone to connect to your computer. For example, the following scenarios describe occasions when you might want someone to be able to connect to your computer:"

Some programs seem to stop working after you install Windows XP Service Pack 2 http://support.microsoft.com/default.aspx?kbid=842242
-- --- --- --- --
MS update pack is very much like force-feeding a fat goose
One: They can keep their FW
Two: How good is a release that doe not deal with current market programs?
Three: That thing is causing as much if not more troubles than the first install of a brand new XP as an update on 98
I wonít touch it

Think about being in the position where re installing the OS is required Now thatís double jeopardy

No wonder why Linux and Mac are growing
-- --- --- --- ---
Henry--Wise decision. This is what will happen when you install SP2
http://www.pibmug.com/files/WindowsSP2%20.swf
-- --- --- --- --- --- ---
People running EZTrust antivirus are having problems with auto-download after applying SP2. It won't work. There's an MS fix to open ports, and someone reported that didn't work. I've also heard you should open print and file sharing in addition to the port - I don't think that's very secure.
-- --- --- --- ---
"RE: XP SP2 - Programs incompatabilities"
Aug-20-04, 07:51 AM (EDT)
FYI
MS is starting to patch the patch today again!

http://www.lurkhere.com/cgi-bin/forums/dcboard.cgi?az=read_count&om=567&forum=DCForumID4
"XP SP2 Support Tools"
Aug-20-04, 00:47 AM (EDT)
Read complete overview at link below.
http://www.microsoft.com/downloads/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&DisplayLang=en

Windows XP Service Pack 2 Support Tools

The Windows Support Tools for Microsoft Windows XP are intended for use by Microsoft support personnel and experienced users to assist in diagnosing and resolving computer problems. ...
-----------------------
http://www.lurkhere.com/cgi-bin/forums/dcboard.cgi?az=read_count&om=561&forum=DCForumID4
Is Microsoft's Firewall Secure?
FYI http://www.pcworld.com/news/article/0,aid,117380,00.asp
---- ------ ------ ----- -----
Well that isn't much of a supprise. No Firewall is completely secure, but it doesn't supprise me that M$'s isn't even close to being up to par.
--- ------- ----- - - - - -
Henry--AS you have read, the biggest negative with the SP2 Firewall (as it was with the original XP Firewall) is that it does nothing to monitor or stop outgoing traffic.
---------------------------------------

FYI http://www.pcworld.com/news/article/0,aid,117380,00.asp
Is Microsoft's Firewall Secure?

Some say Win XP SP2 enhancements cause conflicts, don't protect as claimed.

Matthew Broersma, Techworld.com
Friday, August 13, 2004
Security experts and vendors this week welcomed the introduction of Windows Firewall, part of Windows XP Service Pack 2 (SP2), as a valuable way of protecting PCs. But while the firewall is an improvement, it falls short of the standard of protection expected of commercial firewalls, according to some industry observers.

Windows Firewall (http://www.pcworld.com/news/article/0,aid,114593,00.asp) --which replaces the old Internet Connection Firewall--marks the first time all up-to-date PCs will have a firewall switched on by default, an important step in stopping the spread of viruses, according to industry analysts. However, the software suffers from two major flaws, critics say: it does not block outbound traffic, and it can be switched off by another application, possibly even by a clever worm.

Jumping the Wall
Most commercial firewalls (http://www.pcworld.com/resource/browse/0,cat,1536,sortIdx,1,00.asp) include a feature to stop all but authorized applications from sending data to the Internet; this stops malicious code from sending unauthorized communications, and also prevents PCs from being hijacked and used to send spam or participate in distributed denial-of-service attacks. Windows Firewall, however, filters only incoming traffic, allowing any application to send outbound packets, a fact which some industry observers have said makes it less useful for serious protection.

"It {XP "firewall"} still isn't as robust as many third-party host-based firewalls," writes Jeff Fellinge, information security officer at media company aQuantive, in a recent analysis of the firewall.

More seriously, rival firewall makers claim that the API used to manage the Windows Firewall could also be used by attackers to modify the software or turn it off. Major firewall makers, including Zone Labs, McAfee, and Symantec are preparing SP2-compatible versions (http://www.pcworld.com/news/article/0,aid,115755,00.asp) of their applications which disable Windows Firewall when they are installed, and enable it again when they are uninstalled.

But if an installer can switch off Windows Firewall, so could an attacker, argues Zone Labs, maker of the popular ZoneAlarm firewall (http://www.pcworld.com/reviews/article/0,aid,117072,00.asp). The company says its own products are locked down in such a way that third-party applications can't disable firewall protection without uninstalling the software.

Defining Roles
Microsoft admits that, in some cases, malicious code could indeed switch the firewall off. However, this isn't so much a flaw as a limitation on the role firewalls should play in a company's security system, according to Microsoft.

"An attacker could misuse that (administrative) capability," says David Overton, a Microsoft technical specialist. "But you're already in a compromised state, if you're at that point." He says Windows Firewall is designed to stop malicious transmissions to the PC, rather than protecting the PC once it's been infected.

If malicious code makes it past the firewall, it is the role of anti-virus software to protect the machine, Overton adds. Likewise, it is not the firewall's place to stop malicious code from sending outbound packets--Microsoft contends that companies should use perimeter technologies to examine outbound traffic.

"The firewall is a management process, not a silver bullet," Overton says. He says Microsoft's user testing showed that asking users to approve every application trying to communicate with the Internet tends to backfire.

"If you flood the user with messages like that, they say 'yes' all the time," he says.

Rival firewall makers say they have various ways of dealing with this problem. McAfee (http://www.pcworld.com/news/article/0,aid,104537,00.asp), for example, has a "white list" of trusted applications, designed to reduce the number of messages a user receives.

Related Topics: Windows XP, Software http://www.pcworld.com/resource/browse/0,cat,1216,sortIdx,1,pg,1,00.asp, Security Software http://www.pcworld.com/resource/browse/0,cat,1292,sortIdx,1,pg,1,00.asp
m

mzenzer
01-12-2005, 05:44
Originally posted by MB-G26

Er... personally, I would not be comfortable using any MS product that's still in beta. Even with final releases, when it comes to MS, I let the rest of the world beta test whatever it is for a while - and then keep any eye out for posted results on a variety of sites. Much better, for us anyway, than finding out the hard way about conflicts and problems


I would certainly agree that keeping up-to-date with applicable updates and patches is a good computing policy. I do not, however, allow auto updates of the OS, for example, until the rest of the world has done the real-time beta testing. I have yet to be advised by anyone in the security end of things that this is a bad practice. I'd cite as examples the incidents where MS itself has provided infected patches, as well as patches that have wreaked havoc on system with certain configurations, hardware, and/or other sw products.


First, MS bought their Anti-spyware software from a company called Giant. The software was already well established and in final release. MS made minor changes and released it in "beta", however I would hardly consider it a true first release. I have installed it already on a couple dozen computers, and it FINALLY removed some from PCs that had lingering spyware which Spybot, Ad-Aware, Spysweeper, Pest Patrol, and Hijack This failed to rid. I have yet to notice any bugs or compatibility issues.

If anything, install it, remove the spyware, then uninstall it until a final release comes out.

Second, I personally feel that keeping the systems up to date and secure far outweigh the remote possiblity that a patch could harm the system. All of my client sites run SUS (Software Update Services), which allows us to centrally control updates via Group Policy, and we approve patches on a weekly basis, at minimum. I think that keeping your systems protected from things like RPC viruses is much more important then worrying about a possible "bad" patch.

In my 10+ years in the IT field, I've only downloaded one bad patch. It was on an NT 4.0 server and the update replaced my dual processor kernel with a single processor kernel and I got the pretty little blue screen on next reboot. Other then that I've never had a problem.

Mind you, this advice might not be as important to the average home user, but in the business world security is numero uno, above all else. Keep your systems patched to the very latest.

SamBuca
01-12-2005, 05:47
MS also just released a new malware program which searches for some specific programs and can remove them.

If you haven't run it yet, even if your system appears fine, go do it.

Cinic
01-12-2005, 07:44
Originally posted by SamBuca
MS also just released a new malware program which searches for some specific programs and can remove them.

If you haven't run it yet, even if your system appears fine, go do it.

Ok, so I download and installed the updates from MS yesterday. Where in the world do you find the malware program on your system in order to run it?

Washington,D.C.
01-12-2005, 11:32
http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en

Washington,D.C.
01-12-2005, 11:39
Originally posted by Cinic
Ok, so I download and installed the updates from MS yesterday. Where in the world do you find the malware program on your system in order to run it? http://www.microsoft.com/security/malwareremove/default.mspx

Washington,D.C.
01-12-2005, 11:45
http://majorgeeks.com/download4471.html

Washington,D.C.
01-12-2005, 11:48
http://majorgeeks.com/download4466.html

David N.
01-12-2005, 21:58
Well, against my better judgment and contrary to my usual practice, I decided to be a guinea pi...I mean beta tester for MS's recently purchased program. On my computer (XP with Opera and ZoneAlarm free version), it found two things. (AdAware ad Spybot S&D found only cookies.) Neither of the two were legitimate threats. The first was Kazaa. I installed one of the lite versions that was stripped of the adware/spyware, but it evidently doesn't differentiate between them. To its credit, the default choice was to ignore this "problem" The other thing it found was kontiki, a download manager evidently installed by CNET. Both AA and SS&D used to remove it, but after reevaluating it after the company made changes to the program, both decided it was no longer harmful.

I’ve been using it the last couple of nights to help clean a badly infected computer (30+ viruses/worms/trojans, not to mention actual ad/spyware). It did find things left by AA and SS&D. However subsequent scans with those two found things it had left, including at least one it claimed to have removed. Manual deletion was also unsuccessful, but evidently I or one of the three finally got rid of it. I definitely don’t think it is the be-all end-all of anti-spyware programs, but it seems to be worthwhile to use in addition to the others. I think the always on protection will be beneficial to a lot of people, but I still think a firewall with Opera or Firefox is a better defense. I guess MS can put out acceptable software when they are willing to buy a finished product from someone else.

By the way, does anyone know anything about wcuault.exe (not wuauclt.exe) or iexplorerrs.exe? Trendmicro identified the first as worm rbot.ald, but had no information on it. I pretty sure the second is a worm or virus, too, but none of the av’s I ran caught it. Google returns nothing on either.

SamBuca
01-13-2005, 01:44
They might be new programs or new variants. You can submit the samples to Symantec, McAfee, Grisoft and MS.

Washington,D.C.
01-13-2005, 09:18
For difficult to find/remove spyware/adware try SpySweeper and A-Squared http://majorgeeks.com/download3263.html and http://majorgeeks.com/download4281.html

SamBuca
01-13-2005, 19:43
Once again...the goal is to NOT have 10 programs on your PC. Stick with the basics...if there's really a threat, they'll take care of it more quickly than the time you'd spend learning another program.

proguncali
01-13-2005, 22:45
Sam,

I don't know that it takes time to "learn" spyware software...

I am the managing partner of an IT firm, and have been in the biz for a while....

I am for the most part a Windows Admin. I can say without hesitation that just loading MS stuff because they say it is ok is a recipe for disaster.

We test all major releases, and even then usually wait until there is a major patch to their major release.

Personally I would rather error on the side of safety that killing a production environment... And I have seen that done.


Some common sense and a few free solutions go a long way.

# Don't use IE
# Don't open email that you think is suspicious
# Use free solutions when possible
# Train your user base


Different strokes...

;c

SamBuca
01-13-2005, 23:49
I don't know that it takes time to "learn" spyware software...

I am the managing partner of an IT firm, and have been in the biz for a while....

Precisely my point. YOU wouldn't have spyware. Soccer mom or grandpa has spyware.

Every person in the IT industry forgets the simple fact that not everyone is computer literate. THEY are the ones that need the "1-stop help" texts...not you.

streeter69
01-14-2005, 06:27
Originally posted by SamBuca
Precisely my point. YOU wouldn't have spyware. Soccer mom or grandpa has spyware.

Every person in the IT industry forgets the simple fact that not everyone is computer literate. THEY are the ones that need the "1-stop help" texts...not you.


;z ;z ;z That is ME;f I can build a puter, I like the hardware side of it:) BUT the software side of a computer, I am a total idiot;P

pangris
01-14-2005, 20:40
Man, if you were local I'd take you to dinner. And if you are ever in New Orleans or Baton Rouge, drop me a line.

Paul

m1911a1
01-15-2005, 20:03
i bought a new toshiba with xp-sp1 installed , i will never ever again dwnld anything from monkeysnot for any reason ...
the ****heads have probably ruined more comps than they've ever improved ...
the horror stories i hear/read on a daily basis are surreal ...
i hope bill and the programmers go broke and die in the gutter of some horrific disease ...
no one should have to suffer with monkeysnots products ...'

(and no , you really don't want me to tell you what i feel ):soap: :soap: ;g :( ;f

MB-G26
01-17-2005, 04:26
jfwiw
http://www.lurkhere.com/cgi-bin/forums/dcboard.cgi?az=read_count&om=498&forum=DCForumID17

"Security Basics from MS for the Home PC- with videos"
Jan-11-05, 09:27 AM (EST)
http://www.microsoft.com/athome/security/default.mspx
Videos at http://www.microsoft.com/athome/security/videos/default.mspx

Flash videos requiring Macromedia Flash Player 7.0. One video on Spyware is about 7 Mb.

The MS antispyware advertised in the site (formerly Giant antispyware) is still in Beta (and for WinXP)- Be warned. Quite a few false positives already reported.

Tuesday's monthly update is reported to include 'Titan' - Microsoft's own version of 'Stinger' - Standalone virus remover to cover about 10 most malicious viruses and worms.
m