ZA Trojans & Hijackers

Hi all,

A couple of weeks ago I set my daughters PC up with fresh Windows XP SP2 and installed Zone Alarm (free) and AVG Antivirus.

I thought it was all going OK, but tonight she called me to say that her webpage is being re-directed and Spybot is reporting the following on her system,

Trojan.sbi URL-Blacklist.sbs Hijackers.sbi

Should these have been stopped by ZA ? Could I have missed something when I set it up, I'm fairly sure I just used the default settings for most things.

I guess I'm going to have to go over to her house tomorrow, so I would appreciate and advise on what I am going to need to do.

TIA

Derek ____________________________________________ All email scanned with Norton Internet Security 2004

"Derek" wrote in message news:rlJZd.389$ snipped-for-privacy@newsfe3-gui.ntli.net...

This does seem to be a common misconception :)

Cough, splutter, ughydcb~@:{.

The best advice would be to wipe the hard disk drive and reinstall everything from known clean media. But I know you're not going to do that so here's what I'd do. First I'd download and install hijackthis from this site

the direct download link. Then use that site to analyze the log and fix everything it flags as nasty. Also remove everything listed as unknown if you are not sure what it is. Next restart the PC in safe mode with networking. To do that you press F8 repeatedly after restarting it and before you see the Windows startup screen. Run a virus scanner such as this one and remove anything it finds it again and remove anything it finds Restart the PC normally Check that AVG is up to date (it won't be) and then use it to do a full scan. Re run the hijackthis analysis and make sure it doesn't list anything as nasty. If it lists anything as unknown then find out what it is and remove it if necessary. Next install this if you haven't already sure it is up to date (it won't be) and run a full scan, remove anything it finds Next install this sure it's up to date and make sure it's happy with Internet Explorer's security settings. Next go to Windows update make sure that all critical updates and service packs are installed. Repeat everything until none of the tools find anything wrong. If that proves impossible then find someone with more experience to do it for you. Get a NAT router (a piece of hardware) and put it between the PC and the cable modem. Or get someone else to do this for you. Next install a different web browser such as hide Internet explorer as far as it can be hidden.

You can practice on your own PC.

There are probably many other things I've forgotten to mention.

Aren't broadband connected Windows PCs wonderful :)

Jason

Best thing is to setup a the system again from CD.

Any security software does never provide 100% protection. Most security software can be easily misconfigured when running in default settings because in particular personal firewalls need a lot of assistence of the user (all those pop-up questions). Wrong answer to these can be devastating for the security without any malware close to your system, yet.

A system in default configuration is an easy target if the user is not experienced. For a beginner user most security software is much too complex in default configuration and still the user has to be extremely careful as personal firewall and anti-virus do not detect every malware. And even if it detects something often the user can override the warning if he thinks he needs something (or like people that turn off the firewall for a couple of minutes because some program is not working properly and only when the firewall is turned off)...

Set up the system again. Make sure that your daughter is only using a limited user account and don't give her the administrator password. Enable AutoUpdate for Windows. Install PFW and AV and configure it completely in a way that she cannot change any settings, and that security is as tight as possible. Also enable AutoUpdate for PFW and AV to at least once a day. Only install the software which is absolutely necessary on the computer. Once you have setup the computer, make a complete system backup and take it with you. Next time, it may safe you a lot of time if you have to setup the system again because it still got infected despite all your efforts.

If you want to take it up a notch, you can read yourself into "Software Policies" which allow you to define which programs and DLLs on your system are actually allowed to be used. The easiest way to employ them is after a fresh setup because you know (O.K. you hope) that the system is clean. Everything on the system is O.K. then. Software policies are however quite tricky at times and can be difficult to maintain over the time. So I would really recommend some extensive reading on the subject. But AFAIK they are pretty secure. (If users don't use administrator accounts...)

Also install Firefox and Thunderbird on the system and remove OE and lock down IE (proxy configuration to localhost). Disable extension installation in Firefox and Thunderbird.

Bottom line: if the user wants to get infected (even if he does not know what he is doing) he generally will get infected. There are always holes somewhere there through which something slips undetected.

Gerald

The best thing you can do is install a brain in your daughter. Tell her to think before she installs that must-have-piece-of-freeware. google + name of crap she wants to install + spyware = usually enough information to make an informed decision. Trust nothing. E.

ZA like Avg are tools that can greatly help in securing your daughters pc.However like all tools if she doesnt know how to use them , then they are pretty much useless.The "malware" that your daughter describes are actually spybots defenition files found in the spybot>includes programe folder,so more and clearer information is needed , to judge whther she is infected or not.The redirected webpage could simply be that shes visted that page and made it her default homepage,and perhaps because of her inexperience, may not realize it.If she is indeed inexperienced then placing a url to somewhere like wilders security forums where she could learn about security , would be beneficial in my opinion.Yes you could get firefox , but bear in mind that many sites may not work,or display correctly because they use java or activex.This in itself might cause more problems (if she doesnt know anything about firefox) , because she,ll probably wonder why sites wont open/display properly and may "mess" with settings trying to get it to work. me

Many thanks to you all I've learnt a lot..

Derek

Those are spybot files in the includes directory.