Tech has answered that and I agree, PC tools possibly being a little more user friendly for the newer complex firewall user.
There are times when you need to have administrator privileges but for most you don’t but it can be a pain. But is handy for Kids accounts, etc. so they have limited permissions.
You can run some things as the administrator when necessary, right clicking on the file you want to run in windows explorer and selecting Run As Administrator (that option is only there if you aren’t running as an administrator. I don’t use Vista but if something needs Admin privileges you can enter the admin password and you are in business. I believe all Vista accounts are Standard even those with admin privileges as the UAC would still challenge some functions and you would still be prompted for the admin password (something which you should also consider changing). Unfortunately I can’t be a lot of help in regard of Vista as I absolutely have been avoiding it like the plague, so yuo probably have more experience than I in that regard ;D
Well you guessed right, my answer is yes, especially where is concerns money or the ability to pass themselves off as you, which I guess takes care of them all.
The reason I say this is because of the debit on your credit card, if you didn’t get the details of you then somehow they got off your system and the most likely is a key logger. This can log all your keystrokes and sites you visit, etc. and can then pass that information to the crooks that place the key logger malware (why its important to have a firewall to challenge unauthorised outbound internet connections).
Though from the detections made in all the scans you did there didn’t appear to have been a key logger, but I’m airing on the side of safety based on the unknown/unauthorised debit on your credit card.
UPDATE NUMBER 2. I have also just verified the charge on my credit card. It is legitimate.
Apologies David, I made what in hindsight is an unclear statement back in post #16. I did, in fact, legitimately use my card for that amount with a trading company of another registered as THG Enterprises. I went through my bookmarks sifting through some sites until I came to one I recognised (they never sent an email confirming purchase) and I called them. Had I done that first rather than google the name then I would have coasted on not attending to my “housekeeping” until a real disaster happened. The owner of the company said that they hadn’t put their registered name on the internet and when asked if it could be possible that their security was comprised I got an emphatic NO.
So in the light of this it would be OK to assume that my passwords are uncompromised afterall (I have already changed some so no bad thing there). Would you keep changing them, though?
GOOD that you got user accounts set up
Then the Firewall
there will be a learning curve but worth it
there are several other low impact steps we can take but let’s walk before we try and run
We got a clean second opinion from SAS which is really good news
a second AV opinion can be done at any time
as to your credit cards and bank info
the 2008 virus is not known as a stealer
however it is hard to be sure nothing else was installed
you can either change all of your passwords
or monitor closely
some people overact and reformat their hard drive and reinstall their os
in your case, without getting a firewall in place, there would be no long term benefit in that
I’m going to list a few steps - for later
1 LOCK DOWN INTERNET EXPLORER- there are guides- after you do your firewall we can find one
2 install Javacool Spyware blaster http://www.javacoolsoftware.com/spywareblaster.html
(Tony Kline maintains a list of CLSID- Active X baddies, several people use Tony’s list plus their own to make blocklists. The Atribune VUNDOFIX program I mentioned checks for the presence of several hundred as do many other programs
Spywareblaster sets a “Kill bit” in a list of ActiveX identifiers If something tries to run them- well they Can’t)
a reasonably foolprof tool
Enough already
I was not going to post the above till I saw your post about passwords
DAvidR may have additional info
but I do not see where we are in panic mode here
Well that is much better news as it doesn’t appear your credit card security was compromised by something like a key logger or phishing site. It has been quite a long topic so it is possible that you made it clear at that time, but I simply didn’t remember it.
With the additional scans that you have done is also no bad thing as you can be reasonably confident your system is clean, so it isn’t time wasted as you have to have confidence in your system.
Whilst there is not so much of a risk, it is worthwhile to change your passwords now and again, but now the urgency isn’t such a high priority.
It has been a journey, but one that hopefully you have learned a lot.
Ready to try sending that file in the chest to avast ?
Open the chest, User Files section, Right click on the file and select email to Alwil Software.
You should get a pop-up window (leave any default settings), type ‘Undetected Malware’ in the text window, give a brief description that it was found by MalwareBytes AntiMalware and give the malware name given by MBAM.
I downloaded PCTools Firewall Plus which came with ThreatFire. I hope these are the correct selections. Anyway both are now running
Learning curve statement is noted!!!??!! with the following query to which I couldn’t find assistance in the quickstart help guide
A PCT Firewall Plus window has appeared with “bonjour service” is trying to act as a server and accept incoming connections. I googled it (safely this time) and it appears it came with Photoshop CS3 and as I don’t have version Cue I don’t need it. This link gives instructions to delete it http://www.ajuaonline.com/2007/10/02/how-to-remove-bonjour-service/ OR
if I OK the block offered by PCTFplus will that deal with it superficially so that it doesn’t pop up again?
wyrmrider – Even with a firewall in place I am really reluctant to reformat (knowing full well the benefits of the procedure) because I discovered recently that the Adobe CS2 programme I have is a forgery and Adobe have told me (kindly I might add) that if I ever need to do reformat it will be impossible to register the CS3 upgrade again. I don’t fully understand how their system allowed the upgrade registration in the first place but it works and of course now I don’t want it not to work.
David, I have just read your post and will perform the avast action and report back. I agree it has been a journey and I really am grateful for the help I have received along it especially from you.
wyrmrider, was not suggesting that you reformat, in fact the reverse.
some people [b]overact[/b] and reformat their hard drive and reinstall their os
[b]in your case[/b], without getting a firewall in place, [b]there would be no long term benefit in that[/b]
I have made bold the relevant parts of the statement.
right
do not panic and reformat-
David and I are users like you- volunteers however he has been at avast much longer than I have
I have been doing Windows security for over 10 years but not avast. It is really hard to keep up with all the latest threats when you are supposed to be retired
What I was trying to say was without a firewall you are so vulnerable that reformatting would be a big waste of time
The firewall will take some getting used to but it will settle down and be a background issue soon
grin and bear it
I like the way you google and ask questions
Like the Carpenter measure twice -cut once
wyrmrider : I googled Lock Down IE and perused a few sites. Am I correct in thinking that this prodedure is specific to those who use IE as their browser? My preferred browser is Firefox and until yesterday there was only one programme installed on my computer that defaulted to IE automatically - Picasa (to upload photos). Now I notice that PCTFplus also defaults to IE when the upgrades tab is clicked. What I would like to do is default these to Firefox if such a setup step is possible.
I am a bit confused by further suggestions of anti spyware stuff. On my system I currently have
avast!, SuperAntiSpyware, PCTools Firewall Plus (incl. ThreatFire), Malwarebytes and RogueRemover. Some of which automatically run and others need regular activation to perform their tasks. Are your suggestions for running in conjunction with the programmes insitu OR to replace the ones I have?
Can antispyware programmes like SuperAntiSpyware and SpywareBlaster run together, for example.
As for CLSID - Active X baddies etc etc I confess that sounds way over my head even after a quick read on some google links. I fear that that level of control/operation is way out of my league.
my post here was in full composition while your posts came in…
Thank you for your compliment wyrmrider
I didn’t mean to sound as though I was panicking (on the contrary I have felt in safe hands since this all began). I just wanted to state my reasons upfront should it be suggested again now that the Firewall is in place.
FREE super-antispyware, rogue remover,malwarebytes (and ad-aware et all) all are passive- the provide no prevention - they only scan when you run them
threat fire is active but I am not that familiar with it
Threat-fire- should compliment your Avast AV
let someone else speak on this If it works fine on your system it could help
I did not know you were using firefox
Now you can Really lock down IE
Why?
because some malware will start IE and then exploit it
Most do not uninstall IE but keep it around for windows update and those programs that require it
(although ther are now work-arounds for firefox)
however spyware blaster it totally inert- works with everything else but we can discuss it later as IE is not your primary browser
Not right away, and I would like DavidR to comment on this
but I think the installation of a hosts file would be next after you have digested the Firewall experience
personally I would download Spybot Search and Destroy and use the built in Immunize feature
The Spybot Scanner is similar to the other passive ones
there are other hosts file -I use MVPS hosts but there is also HPHosts
Well there is something else cleared up for me. I thought SAS was on in the background.
Do SpywareBlaster and Spybot Search and Destroy do different things? I have looked over them generally but I am not sure if they perform identical services or not.
I am at a complete loss with the rest of your information, wyrmrider (even after a brief read on Wikipedia I could see “hosts” is a concept that needs more understanding than I have available). I would love to be able to discuss moderately knowledgeably the steps necessary to safeguard my computer. However I confess that I am increasingly seeing things in a very fuzzy befuddled manner.
....I think the installation of a hosts file would be next after you have digested the Firewall experience
I am unsure about the above statement…
…am I to familiarise myself with Firewall first (oh boy I love reading manuals) before other steps like locking down IE, installing Spybot and/or SpyBlaster and all those other things referred to your last few posts are carried out. I don’t think you would mean that but I am confused as to where to go next (start?).
I can see that I was actually delusional because I thought things were close to being sorted out.
Spybot Immunize and Spywareblaster are Complementary
Only the PAID version of SAS runs in background
Host file concept can take some time to understand
but you do not have to REALLY understand it
It just plain WORKS- the program loads a list of bad places into your C:\Windows\HOSTS file
your browser looks at HOSTS first before going out to the internet and since it’s in hosts it NEVER goes to the internet- returns an empty file to whoever asked- SIMPLE
just watch for blank spots that say “site not found” that’s a clue your Hosts has blocked something
just remember that if something your really want wants to load and does not it might be HOSTS but most likely something else
If a bad program like- you know what- gets into your computer it can’t phone home and invite all of its friends to the party- send off your personal info, etc
Download Spybot and Spywareblaster now so that I have the proper antispyware operating whilst I am surfing.
Then at leisure and in good time
Lock down IE
Set up Host File
Do this?
(Tony Kline maintains a list of CLSID- Active X baddies, several people use Tony’s list plus their own to make blocklists. The Atribune VUNDOFIX program I mentioned checks for the presence of several hundred as do many other programs Spywareblaster sets a “Kill bit” in a list of ActiveX identifiers If something tries to run them- well they Can’t)
a reasonably foolprof tool
And what about another weapon mentioned in post #10 by DavidR –
OpenDNS
I think that covers all the (unused) suggestions made by contributors to this thread.
Congratulations on getting your PC cleaned. It can be a lot of work. I’ve been following this thread since I posted just once on the first page about the pop-ups you were seeing. DavidR and wyrmrider have been really helpful. (I just love this forum in how the user helps other users.)
When ever you get around to it and want to add a ‘HOSTS’ file, you can learn how they work by visiting this site:
I’ve been using the “MVPS Hosts file” for about 4 years now. They update it about every two weeks and it’s free. If you subscribe (also free), they’ll send you an email telling you it’s been updated and provide you with a few links. One of which is a link for direct download with batch file so you can install it easily. You can read how it works on that site which explains it pretty well.
Thanks Rick F for your comments and good wishes. It is comforting to know that my problems/progress have been under the watchful eye of other concerned and caring forum members albeit from the sideline.
not familiar with this site but the idea is sound
there are several add ons which will alert if going to a bad site or in this case if a site is redirected
#1 great places to start- not perfect but easy to use
Spybot is not real time unless T-timer is turned on
when installing allow SD-Helper T-timer is optional try it and see if it is compatible with your system
how much memory did you say you have?
#4 Tony Klein is a comment on the Spywareblaster Technique of blocking Active X sites (since you are using fierfox as primary browser SPywareblaster is not as a high priority as Hosts
I am suffering from information overload at present. The firewall keeps asking me questions about programmes and I am clueless as to whether to allow them or not. At present I uncheck the ‘remember this setting’ box then I click on “block” assuming that at the next start up the same question will be asked and that by then I will have discovered something new and can make an informed choice.
I would like to give it a rest, as you have suggested too, for a period and try to come up to speed. This will probably include checking out the PCTFW forum for tips etc. In this case to ensure safe surfing would my immediate priority be to download and install Spybot S&D (selecting the options you suggest)? And then when I come back attend to the Hosts issue?
memory on C-drive = 14.5 GB (not an awful lot I know) NB - hard drive is partitioned with 65.8GB free on E-drive
Leading on from the quote above what I am prompted to wonder is how the operating speed of the computer might be affected with the installation of the current safeguards combined with those suggested in previous posts? What I mean is should some slowing down be expected or should its normal operation continue. (I am very happy with its operation speed). I ask this as some titles of forum threads (no necessarily at avast!) have made me curious about this. So far there has been no noticeable difference.
Every time you try and use a new program or download your firewall is going to ask if it’s ok
If you know what you are doing it’s ok
if not click no and google whatever it is
there are people around who know that firewall better than I or try the firewall vendor forum
as to slowing your system down
you have
Avast
Firewall
so far nothing you are doing should matter
If you do the other suggestions one at a time you can see if they lead to unacceptable performance
(which must be balanced against having to clean your system again)
Right now getting your firewall into shape is enough
one thing at a time
