Windows 8 is more secure than what? Itself outdated? I sure would hope so. Put Windows up against any other OS and the entire way things are run/setup is a joke. 
I wasn’t swearing directly at anyone trying to help me.
@rhat0: Use Linux if you want to be secure to 95% of malwares, but dont forget Flash and
Java Malware.
There are no real time antiviruses for Linux at the moment.
No real time Linux protection?
http://www.comodo.com/home/internet-security/antivirus-for-linux.php
http://www.eset.com/us/home/products/nod32-for-linux/
http://support.kaspersky.com/4317
I would most probably get some sort of browser plugin that blocks flash/java unless I trusted the website. Thanks for the tip though. I had already planned switching to Linux, I just haven’t been tossing the word around, because a lot of people get offended when you try to tell them that for some miraculous reason Linux has better security than Windows. ;D
http://www.pcworld.com/article/204423/why_linux_beats_windows_for_servers.html
Anyways, that ComboFix software is a joke. I’ve run it with Administrator mode and only the first time it ran in a bluish looking command prompt window/terminal. It worked, but never created any type of log file. Now even after uninstalling it… it won’t even budge. Nothing is happening, I’m just going to wipe clean and toss a Linux distro on where I will securely store my personal files.
I’ve also noticed that ComboFix wipes out files without asking.
http://i.imgur.com/AHGF6GJ.png
Oh, you’re a leet forum user now too!! Wooop lol.
Comodo has some real time protection, but mostly for detecting windows Malware so that Linux
is not spreading them.
Which Linux Distribution do you want to use?
So that Linux isn’t spreading it? Windows is the number one spreader in the world. Linux real time protection is mainly just in case and not necessary. The scans are more for in case you use a USB with a Windows device and the USB gets infected. Rarely is it going to be the other way around. After reading your reply twice, I believe you meant to say that Linux real time scanning is mainly to prevent Windows from spreading to Linux via USB or blocking malicious websites?
“In fact, in a hacking competition, Windows and Mac OS X machines were defeated while an Ubuntu machine was still chugging away.”
I’ll probably go with Fedora and a couple Linux hardening guides. I would setup Windows and attempt hardening it, but that would mean disabling about 90% of the bloated system crap. And hoping that my closed source system isn’t setup with a backdoor crawling in code that I cannot see. It is scary to know that your entire system and currently mine is mostly closed source. The code is not visible to our eyes, so we don’t know what is really going on in the background. 
I decided to resurrect this thread because now I’m not sure if this is even isolated to just Skype. I just powered up my laptop today which has never had issues and the same exact thing is happening to my Google Chrome browser. I launch Chrome and then a chrome.exe runs at 1,500 K usage and idles at about 50 CPU for a while.
Whatever this is I’m pretty pissed off. I’ve not used a USB device on my laptop in a very long time, so I’m not thinking I’ve spread it that way. Whatever this is, I’m thinking it has network spreading capabilities and it targets random apps that are most used on the device/system.
I’ve concluded that I’m formatting every damn device. I’m going to wipe a huge 2 TB external to back up all of my files and to keep this hell torched demon of a worm in the grave, I won’t be using the external anywhere except for on my soon-to-be Fedora systems. Screw Windows hard, tempered glass Windows with porcelain… ahahahaaaa. I wonder if anyone will get that? If you have any understanding of physical security, you should. 8)
I was hoping to be able to get this into the AV database so other people can be protected from this, because this thing is quite nasty from what I’m seeing… but it appears that people just want to do the standard old school annoying tests which include doing a basic scan of services, startup files and such. If someone made it a goal to avoid those scans, what helps then? None of those typical old school scanners that appear ancient and ignore newer types of malicious software that behave much differently and hide themselves in other ways.
What if the infectious software automatically deleted the log files people request here and even more importantly, what if the infectious software disallowed these scanners from running or working properly? I could probably do it without a whole lot of effort. Also, relying on all of these third party softwares to diagnose issues is somewhat laughable as I don’t think they’re all open source, forgive me if I am wrong. Anyways, thanks all for trying to help out… but Windows just sucks too bad for my interest. I used to be a Windows fanboy, now I’ll gladly flush it down the toilet. After all, they have indirectly(accidentally) flushed me and the potential confidentiality, integrity and availability of my system right down the poop shoot. I will enjoy a computer lifestyle without living in fear of being the 80% of computer users that are approximately.
“Windows XP is considerably more prone to malware infection than newer operating systems, Microsoft has said.”
Well this is what I say, Windows totally sucks and no matter what special “security” issues they add, they suck and all they do eventually is lock your damn system down to a dog in the cage. They just can’t get security right, it is either overkill stupid(still penetrable) or lackluster and vulnerability prone in just about every orifice. My OS will not be a dirty slave… soon. xD
Meanwhile my trustworthy Windows just told me that wiping my 2 TB drive would take 7 minutes, which not many minutes ago it said 7 hours. shakes head
While I’m at it, didn’t you love those 99% finished downloaded files in dreadful internet explorer. Not to mention Microsoft’s own website not working in their latest version of Internet Explorer. And I don’t even need to finish off this 4 letter acronym B***. No one likes those ugly blue screens that look freaky. Every time that screen comes up I get some sort of rush wondering if it will be a half hour before I get things started back up or if it will just behave and start back up normally.
How much I will miss Windows: 0%, I will no longer have a toy of an operating system, but a system that works well as a production environment.
Here is an example of how horribly sucky Windows is: Let’s say you have a web server up and running with PHP?? If there is any exploit in that and your server allows for connecting to RDP without being prompted for login before seeing the login screen. If you’re able to clone cmd.exe to sethc.exe = shift 5 times and now you’re into a command prompt window with system level access. What kids created Windows? Seriously…
Whatever this is I'm pretty pissed off.[b] I've not used a USB device on my laptop in a very long time[/b], so I'm not thinking I've spread it that way. Whatever this is, I'm thinking it has network spreading capabilities and it targets random apps that are most used on the device/system.
MCShield USB protector http://mcshield.net/ and it is free
Or for free you could just modify some configurations quickly in Windows to greatly restrict the chance of spreading. Another thing that would greatly suppress USB/removable device spreading is requiring verification/acceptance of accessing or writing to the device by X service or X process except for of course trusted services/processes. Then again, the more that you trust… the more gaping wide open your security policy is. I’d prefer that nothing get on my USB other than what I write to it, only makes sense.
http://support.microsoft.com/kb/967715 <— Just disable autorun on each Windows system.
http://www.net-security.org/article.php?id=958
Another good idea is to use TrueCrypt, which offers the ability to hide encrypted documents inside of hidden partitions(passworded): http://www.instructables.com/id/How-to-Secure-Your-USB-Drive/
Also, with that software not being open source and me switching to Linux… that software will be of no use to me. Not trying to be mean or anything, but who needs extra software? What people need now days is to understand how they are infected and how to prevent it, not how to lay back in their chairs relaxing while artificial intelligence saves their tails from stupid decisions. Running Windows is a stupid decision. I feel stupid right now for installing it when I got my custom system.
A successful infection is somewhat of a balance between human stupidity and system stupidity. By this I mean that the system lacks basic security principles/abilities and the human makes a wrong choice that leads to their system being compromised. The only thing that an AV does is climb on top of an operating system lacking default system security. This allows for personal users to remain lazy when it comes to security and feel blanketed from attacks, when really they’re just protected from already known attacks, not new ones(by the time a new large scale spread exe moves around, plenty of passwords have been stolen not limited to just email accounts, bank account information, credit cards and so on) or even crypted old ones. Things such as EasyPass and other password dictionaries are perfect for attackers too, because what happens when it gets hooked and requested to drain out all credentials? waves goodbye to all accounts stored
MCShield will clean you usb device if infected, not only stop it from spreading that some other tools do
if you have time and interest you may red this topic (it is 13 pages now) as it explain/answer many questions about MCShield http://forum.avast.com/index.php?topic=104046.0
specially see the posts from argus / magna86 and dr_bora the creator of the program
also, exept for the 2 hour update check (default) the program use no resource, i is dormant until a usb device is connected
I have Outpost removable media protection set to block autorun.inf and block any application from launching that does not have a digital signature. Plus I use a usb immunizer from a different source since avast doesn't provide this.Avast should release their own usb immunizer so users do not need to go to other sources. This would help to protect any computer that you plug a usb into from autorun based malware.
Commonly exploited:
* autorun.inf * Desktop.ini/comment.htt/ActiveX * user * Windows Shell-LNK exploit (newest method)
Good thing I won’t be running Windows soon, lol.
This may be helpful for other individuals that may continue to use Windblows:
“disable script for all drives except file system drive,make new software restriction policy dude!!”
And: http://labs.bitdefender.com/projects/usb-immunizer/overview/
I’ve looked around and see a lot of self promotion of MC Shield. I’m not saying MC Shield is bad, but why not just implement the core functionality/features right into Avast if it works so well?? =//
I have Outpost removable media protection set to block [b]autorun.inf [/b]and block any application from launching that does not have a digital signature. Plus I use a usb immunizer from a different source since avast doesn't provide this.this is only one vector used for spreading (it is explained in the topic i linked to) and the usb device will still be infected
Disabling all scripts from running/executing except for on your file system drive(usually C) would likely solve most of the issues when it comes to USB infection(s). This would be inside of security policies. There are several ways to solve security issues, one is installing software that does it on the fly and one is sometimes changing one setting that magically fixes the issue. I see MC Shield is dodging the issue rather than actually fixing the issue. In fact using any sort of live scanner is not necessary if the system is properly configured.
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
The OWASP Top 10 - 2013 is as follows:
A1 Injection
A2 Broken Authentication and Session Management
A3 Cross-Site Scripting (XSS)
A4 Insecure Direct Object References
A5 Security Misconfiguration
A6 Sensitive Data Exposure
A7 Missing Function Level Access Control
A8 Cross-Site Request Forgery (CSRF)
A9 Using Components with Known Vulnerabilities
A10 Unvalidated Redirects and Forwards
“A5 Security Misconfiguration” fix the misconfiguration if possible, if not possible then use something like MC Shield. I strongly believe there is a way to properly fix the USB infection issue by using security policies which is a one time fix rather than a constant on-going live scan. I’m sure MC Shield works, but things can always work better. 
I wonder how come you’re infected when you know so much about security?
Just kidding, just kidding… 
You made some good points there, but you’re forgetting one small detail.
Freedom. A computer is a machine and you own it. It should serve you, not the other way around.
That kind of approach you’re suggesting would diminish the user experience. It would cripple the functionality.
Windows sucks? How are you going to play games on your future non-Win machine? Or; how are you going to run your fancy new hardware on a non-Win machine? Or…
You mention USB drives: sure, disable the damn stuff completely. Any reason not to do that?
Prevent exe files from running? Any reason not to do that? Or anything else of this kind?
You know, people just want their PCs to work without a lot of hassle and with as little limitations as possible.
Security doesn’t really go along well with that. So, it’s about balance - raising the security to a level where you still have the desired functionality.
Tell me, do you drive? You know that people die in accidents. Belts, airbags, ABS, STC, … All of this is just dodging the issue. Isn’t it?
What do we do? Stop driving? Get a bike instead of a car? Walk? Stay home?
Anyway, if Tux racer is all you need, ok, but don’t be fooled by the open source security myth.
Ask yourself: is it easier to exploit a code that you can see or the one you can’t see?
Cheer up, it’s just a worm. 
You sir, are a very funny guy … :
ComboFix joke ;D
The funnies and the dumbest thing I’ve ever heard ;D
Yeah, I have to agree with Magna and Twin. Combofix has the potential to literally destroy your computer if used incorrectly… Someone want to give me a script so I can demonstrate? Or shall I launch some worms, file infectors and other viruses to prove it’s agility in removing malware?
THanks for whoever removed my Posts and his. Can you Lock it?
I work with a security research team. Here is a final conclusion with self-moderated language and a harness on my psychosis.
Use Linux as your primary production environment(system). Only use Windows for unclassified things with an expectation that everything on your Windows system can be viewed by the eyes of all including passwords(unless you go out of your way to harden it, the reasoning is because Windows is the most used operating system in the entire world, making it the biggest target also).
Antivirus software does not actually secure your system, it just puts a security blanket around your system. It is simply a wrapper and rather than solving the problem of insecure configurations, it just protects those insecure configurations. It is much like dodging the problem rather than solving it with a real solution.
It is proven and commonly accepted that a Linux system is generally more stable, secure and overall more of a professional system whereas Windows is a place to fly and float adrift the net like a butterfly (Okay, so I added my own touch to it).
Running software in a virtual system or sandbox presents potential security risks, because all that the software inside the sandbox must do is throw the sand around so-to-speak and if it can do so properly it may just execute system commands that were not intended to be and escape outside of it which entirely defeats the purpose of a sandbox.
Most importantly, security is an illusion and for every layer of security that you set down, there is another layer of antisecurity to be created. It is much like a balancing game and will probably be that way until this world ends.
Think about it like this, security is a + and insecurity is a -. For every + that you add(FireWall, Antivirus, https, etc), there are -s out there that can and WILL abuse you to the fullest extent and rather than chill around with improper configurations, people should have at least a basic understanding of security. We all understand a username and a password, that is the bare minimum understanding of security and the same applies to using a lock on your door. It is kind of funny that our car door locks now days typically have much better protection than our house doors. That is the world we live in though.
So in this world of backwards, nonsensical and quite hilarious security attempts more than anything it is important that you understand the attacks, risks and solutions. An antivirus software is NOT a solution, it is you dodging a bullet each time that it works.
If this post gets removed, I will probably cry. I seriously don’t like coming back here to make these posts, but I feel that someone must educate around here of the appropriate way to do things, not the simplest.
havent you repeated the above several times already
If this post gets removed, I will probably cry. [b]I seriously don't like coming back here to make these posts,[/b] but I feel that someone must educate around here of the appropriate way to do things, not the simplest.is that a promise? .... if we dont delete it you wont post anymore ;)
So you’re are saying that w/o us, their’d be more malware then you can guess. Congrats, you just screwed yourself over. Really though, Avast! has some of the best detection ratio’s: http://www.techradar.com/news/software/applications/best-free-antivirus-9-reviewed-and-rated-1057786
Avast!: Ranked #1 For Free AV’s.
Keep in mind, that Linux is vunerable, Mac OS X is vunerable. Everything is vunerable. Hell the Pentagon got hacked sometime ago. W/O us, who would clean the mess up?