More Security

squidgy · 19 Jan 2012

I had a backdoor trojan on my machine. Never can be sure its really gone so its a fresh install for me. (and image it this time) I want to harden it this go since it will be from the ground up. What should be on my of list of steps to take, beyond the usual AV? For that Im currently using Mbam, Panda Cloud, superantispyware and Sandboxie. I try to keep an eye on connections and ports with TCPview,Tcpcon and NetLimiter but not religiously, and it can be time consuming.

It doesnt have to be like NORAD at Cheyenne Mountain, but relatively screwed down.

AlvitrValkyrie · 20 Jan 2012

HitmanPro. I've been recommending it to a bunch of people on the forums. I've used it, and it's great. It uses cloud scanning technologies that let it do absolutely amazing things. Also, if you have a rootkit or an especially pesky malware, it'll boot up before they do (certain malware boot before windows in order to have total control) and securely clear them. It scans your boot sectors, everything.

squidgy · 24 Jan 2012

Sorry for the delay. Thanks for the recommendation. I will check it out.

Any other opinions as to whether I should reformat or not?

koolkat77 · 24 Jan 2012

Malwarebytes and MSE, but you could keep Hitman Pro too. And a fresh install is always a good idea. More over when its a virus that came from the Back Door

(JK)

:) I would say yes, for a fresh install :)

zapp22 · 24 Jan 2012

I'm not a fan of piling on tools. ONE of each type, don't use IE9 or any of its predecessors - Chrome, FF, maybe Safari. No 3rd party cookies, no toolbars unless you are 100% DEAD CERTAIN that it cannot be compromised.

I use/reco AVAST free edition for xpp and 7, not vista. MSE is apparently pretty good though I would love to see full detail of real, rigorous testing on it
see this, its recent: Best Free Antivirus Software

I don't see the point in re-installing unless you have reason to believe you have OS file damage - it can/does happen with rootkit infections but usually not with Trojan-class.
If you do reinstall, be sure to scan the media from which you wish to do the reinstall.

you can turn off Defender.

It usually does not get mentioned in these 'security' discussions, but I'll throw one "ringer" into the mix here and explain.
"WinPatrol" Download WinPatrol 24.0.2012.1 - FileHippo.com
It has a unique sort of role to play. For tech-novices or simply for those who do not want to visit nerd forums to learn of the latest steps to keep tidy etc etc, winpatrol, once the initial setup is done [that takes a little work, just like Autoruns does] sits unobtrusively in the background and monitors for any new executable that happens along and tries to fire itself up. My instruction to the user is simple: "if you are not 100% sure what it is that is newly trying to insinuate itself in your stack, say 'no' ".
In real use, people click all sorts of phony links, load up IE with toolbars, gimmicks, games, "coupon deal of the day" - endless dangerous things. WP can greatly reduce the risk and clutter if the user will just let it do its job.

squidgy said:

Sorry for the delay. Thanks for the recommendation. I will check it out.

Any other opinions as to whether I should reformat or not?

Golden · 26 Jan 2012

Hi,

Some of the things that are commonly forgotten include ensuring that Adobe products such as FlashPlayer and Java are always up-to-date. Malware has an increasing propensity to use these for piggybacking onto systems.

You can use this tutorial to help you scan for the most common software vulnerabilities:

https://www.sevenforums.com/tutorials...inspector.html

Regards,
Golden

squidgy · 19 Feb 2012

Havent gone for the fresh install yet. I updated Java 6 to update 31 and FF Java Console 6.0.31, set the automatic update downloads. Flash Player plugin version already is 11.1.202.55, only beta versions after that. Adobe is such a pain finding the updates you want. No, I dont want a debugger! Didnt see an update for Flash Player ActiveX, have 10.3.187.3 now.

The only FF add-ons Im using now are:

Greasemonkey 0.9.17
Imgur uploader 1.0.3
MeasureIt 0.4.10
My Homepage 1.2
Open With Photoshop 1.8
SortPlaces 1.9.1

NO silly toolbars!

I didnt run Secunia. It says it doesnt check Firefox 10, Chrome 17 or WMP 12. Dont think it checks full Acrobat. So I dont have anything it checks.

I ran HitmanPro35 from a flash drive. It found a bunch of things but the only ones that werent false positives were some tracking cookies.

I dont use IE unless I absolutely have to. I have 8.0.7601.17514

SuperAntiSpyware rarely catches anything with Real-Time BTW.

WinPatrol looks very comprehensive, I went with the defaults. Is the Plus version worth getting? It popped this up at installation, dont know why:

Seemed to me the right answer was no (as in 'is it ok to change it from yes to no'), checking exe signatures sounds like a good thing. Is that HKLM or HKCU?

Infinite · 19 Feb 2012

You could also use FlashBlock, WOT and McAffee SiteAdvisor (what: McAffee? Yes I know but this plugin seems alright to me.