how to stop viruses for good

[adrenalin]

Im sick of getting viruses. I have AVG (auto-updated) and I also run Trend
antivirus. Despite this, and the fact that I am careful to NEVER run
attachments on emails, I still seem to get viruses from time to time, often
requiring manual deletions.

I suspect I have a virus now, as my keyboard is playing up (some symbols are
swapped over with other characters, and replacing the keyboard doesnt help.
Also, although AVG and Trend do not pick up the virus, I had an email
bounced back as it contained 'mutant Bagle 0 virus'. So i tried some new
virus software, 'Stop Sign' and this reported that I had foo virus! I have
tried to find out how to disinfect this virus but not come up with anything.

Any ideas how I am catching these viruses? I use email a fair bit, so I was
wondering whether I might be able to use email exclusively on web-based
email pages. Does this eliminate the virus threat? I assume that code cannot
run unless I select it, when using web based email. Alternatively, is it
possible to force OE to work as a text only emailer? The problem is, it
takes weeks for me to work out how to clean the virus off, maybe email is
just too much trouble?.....

 

[Heather]

Im sick of getting viruses. I have AVG (auto-updated) and I also run Trend
antivirus. Despite this, and the fact that I am careful to NEVER run
attachments on emails, I still seem to get viruses from time to time,

often requiring manual deletions.

One statement here.......never run two on-access antivirus programs
together.....too much chance of conflict.

Question.....do you have a firewall, such as Zone Alarm. If not, then
chances are you are getting viruses/worms thru open ports.

Just my thoughts.....Heather

 

[Sunny]

Update Outlook Express would be a good start. then,
Stop "auto update" for anti virus and go manual so you know what is going
on.
Install a firewall like Zone Alarm

 

[null]

Im sick of getting viruses. I have AVG (auto-updated) and I also run Trend
antivirus. Despite this, and the fact that I am careful to NEVER run
attachments on emails, I still seem to get viruses from time to time, often
requiring manual deletions.

I suspect I have a virus now, as my keyboard is playing up (some symbols are
swapped over with other characters, and replacing the keyboard doesnt help.
Also, although AVG and Trend do not pick up the virus, I had an email
bounced back as it contained 'mutant Bagle 0 virus'. So i tried some new
virus software, 'Stop Sign' and this reported that I had foo virus! I have
tried to find out how to disinfect this virus but not come up with anything.

Any ideas how I am catching these viruses? I use email a fair bit, so I was
wondering whether I might be able to use email exclusively on web-based
email pages. Does this eliminate the virus threat? I assume that code cannot
run unless I select it, when using web based email. Alternatively, is it
possible to force OE to work as a text only emailer? The problem is, it
takes weeks for me to work out how to clean the virus off, maybe email is
just too much trouble?.....

Here's some "safe hex" recommendations:

http://www.claymania.com/safe-hex.html

You didn't mention which version of Windows you use and whether or not
you use a properly configured firewall ...or if you're on a LAN. You
didn't mention whether or not you use P2P, IRC, MIRC, etc. These
things can bite the unaware.

There's no reason to not use POP3 email. Consider using Mozilla for
browsing, email and usenet:

http://www.mozilla.org/


Art
http://www.epix.net/~artnpeg

 

[Geese_Hunter]

Im sick of getting viruses. I have AVG (auto-updated) and I also run Trend
antivirus. Despite this, and the fact that I am careful to NEVER run
attachments on emails, I still seem to get viruses from time to time, often
requiring manual deletions.

I suspect I have a virus now, as my keyboard is playing up (some symbols are
swapped over with other characters, and replacing the keyboard doesnt help.
Also, although AVG and Trend do not pick up the virus, I had an email
bounced back as it contained 'mutant Bagle 0 virus'. So i tried some new
virus software, 'Stop Sign' and this reported that I had foo virus! I have
tried to find out how to disinfect this virus but not come up with anything.

Any ideas how I am catching these viruses? I use email a fair bit, so I was
wondering whether I might be able to use email exclusively on web-based
email pages. Does this eliminate the virus threat? I assume that code cannot
run unless I select it, when using web based email. Alternatively, is it
possible to force OE to work as a text only emailer? The problem is, it
takes weeks for me to work out how to clean the virus off, maybe email is
just too much trouble?.....

The only way to make certain that you do not get a virus is to stay off
the Internet & do not put any media in your machine
A. Not only are you using Outlook Express, but you are using version 5.5
B. Go to Microsoft & get all of their critical Update patches as well as
IE 6.o sp1, that will fill a lot of holes.
C. Download another browser & E-mail program, I'm using Firefox as a
browser & I like it, but you'll have to download certain extensions to
get everything to work

Depending on your OP system there are holes that can be filled unplug n
pray, DCOMbobulator & shot the messenger if you are above 98se.

Also, a Firewall program will shut down traffic on incoming & outgoing
ports, spywareguard will help prevent spyware from entering your
machine.
If you are on XP go to majorgeeks.com & get the above mentioned
programs. Also do a search on google.com to tighten up your IE settings.
But if you don't have the latest patches, or aren't going to get them,
I've just wasted a few minutes typing this.

 

[Geese_Hunter]

Im sick of getting viruses. I have AVG (auto-updated) and I also run Trend
antivirus. Despite this, and the fact that I am careful to NEVER run
attachments on emails, I still seem to get viruses from time to time, often
requiring manual deletions.

I suspect I have a virus now, as my keyboard is playing up (some symbols are
swapped over with other characters, and replacing the keyboard doesnt help.
Also, although AVG and Trend do not pick up the virus, I had an email
bounced back as it contained 'mutant Bagle 0 virus'. So i tried some new
virus software, 'Stop Sign' and this reported that I had foo virus! I have
tried to find out how to disinfect this virus but not come up with anything.

Any ideas how I am catching these viruses? I use email a fair bit, so I was
wondering whether I might be able to use email exclusively on web-based
email pages. Does this eliminate the virus threat? I assume that code cannot
run unless I select it, when using web based email. Alternatively, is it
possible to force OE to work as a text only emailer? The problem is, it
takes weeks for me to work out how to clean the virus off, maybe email is
just too much trouble?.....

Also, are you running both Anti-virus programs at the same time on your
machine, or is the trend the housecall? If they are both active &
running on your machine at the same time, I'd say that is 1/2 of your
problems & the other 1/2 not using up to date programs.
Also, are you running peer 2 peer software, kazaa, winmx, e-mule or the
like? If you are you'll be getting virus's & other crap on your machine.

 

[David W. Hodgins]

Any ideas how I am catching these viruses? I use email a fair bit, so I was

From the headers of your post...
X-Newsreader: Microsoft Outlook Express 5.50.4807.1700

This ancient version of lookout distress will autoexecute many email
worms, and other malware, just by viewing a message containing them.
AVG, or any scanner wil not stop new worms or viruses, between when
they're released, and the scanner's definition files are updated.

Update your software. Better yet, switch to an email/newsreader that
doesn't use any M$ malware to view html messages. Better yet, switch
to an operating system that doesn't include any M$ malware period.

See http://www.claymania.com/safe-hex.html for general info, and
links to various scanners, including online ones.

Run an online virus scan of your system.

Download, install, update, and run Adaware, and Spybot Search & Destroy.
http://www.lavasoft.de/support/download/
http://security.kolla.de/index.php?lang=en&page=download

Install Spyware Blaster http://www.javacoolsoftware.com/spywareblaster.html

That should get you started towards keeping your system clean.

Regards, Dave Hodgins

 

[Tara Kostezky]

I suspect I have a virus now, as my keyboard is playing up (some symbols are
swapped over with other characters, and replacing the keyboard doesnt help.
Also, although AVG and Trend do not pick up the virus, I had an email
bounced back as it contained 'mutant Bagle 0 virus'. So i tried some new
virus software, 'Stop Sign' and this reported that I had foo virus! I have
tried to find out how to disinfect this virus but not come up with

anything.

<snip>

And don't use Stop Sign! (have we jumped on this poor fellow enough?

Here's my two cents worth:
http://www.pestpatrol.com/PestResearchCenter/Stats/Lists/Whats_Bad.asp (gets
the big thumbs-down for misrespresentation of intention)
http://www.pestpatrol.com/PestInfo/S/StopSign.asp (full write-up)

It's really not very nice software.

TK

 

[John Coutts]

Any ideas how I am catching these viruses? I use email a fair bit, so I was
wondering whether I might be able to use email exclusively on web-based
email pages. Does this eliminate the virus threat? I assume that code cannot
run unless I select it, when using web based email. Alternatively, is it
possible to force OE to work as a text only emailer? The problem is, it
takes weeks for me to work out how to clean the virus off, maybe email is
just too much trouble?.....

********************* REPLY SEPARATER *********************
As someone already said, the only way to stop virus activity for good is to not
connect to the Internet. Of course, that option is not truly realistic for the
average individual. So the next best thing is to reduce your risks. AV software
is a good backstop, but it CANNOT replace common sense and good operating
practice. I am connected to the Internet 24/7 without a firewall, I have never
used AV software, and I have never had a viral infection. But my situation
cannot be considered the norm, as network security is part of what I do.

So what can the average individual do to reduce the risks associated with
staying connected.
1. Use AV software. It is a good backstop, but don't rely on it entirely.
2. Limit local access to your PC. This is not always possible, but the more
people that access your computer, the greater your risk.
3. ALWAYS, ALWAYS, ALWAYS use the login security provided by your operating
system with reasonable passwords.
4. Limit network access to your computer. Use a firewall. Do not leave open
shares. Keep up to date. Do not leave unused ports open. This last one is
particularly important. For information on how to limit Windows XP, see:
http://server2.yellowhead.com/xpcfg1.htm
5. Use conservative security settings. This one can be a very daunting task for
the average user, because an out-of-the-box Windows installation with all the
defaults is full of holes. The biggest problem is Internet Explorer itself,
regardless of the version. I got so tired of trying to make IE safe that I
finally switched to Mozilla Firebird. The one single thing that makes IE safer
to use, is to turn off active scripting, or at least change it to prompt.
6. Don't use Outlook/Outlook Express, or at the very least turn off HTML. As
fast as Microsoft plugs the holes in these programs, new ones pop up. Since IE
is basically not safe, and because Outlook depends so heavily on it, it will
never be safe to use. HTML DOES NOT BELONG IN A MESSAGING SYSTEM.
7. Think twice before installing new software or plug-ins. Every piece of
software that opens up a port for listening becomes a potential back door to
your computer. If you must use an Instant Messaging service or a P2P service,
make sure that it doesn't install a back door or spyware (News Groups are a
good place to get feedback on these applications). Having said that, everyone
finds themselves in a postion now and then where they want to get rid of
something they didn't really want in the first place. HiJackThis is an
extremely useful tool for getting rid of unwanted auto starts.

These are generalized recommendations for common workstation installs. There is
no single cookbook recipe for setting up a computer, so don't ask.

J.A. Coutts
Systems Engineer
MantaNet/TravPro

 

[Petter Settli]

Also, are you running peer 2 peer software, kazaa, winmx, e-mule or the
like? If you are you'll be getting virus's & other crap on your

machine.

How does that occur? What's the process? I run Kazaa Lite and WinMx
through a dial-up
connection and have never gotten a virus from either of them. But then I
don't download executable files.

--PS

 

[Al Dykes]

Im sick of getting viruses. I have AVG (auto-updated) and I also run Trend
antivirus. Despite this, and the fact that I am careful to NEVER run
attachments on emails, I still seem to get viruses from time to time, often
requiring manual deletions.

FWIW;


1) Hit update.microsoft.com often and apply ALL critical patches
2) Use a mail client other than Outlokk and Outlook Express. I like
FireFox and thunderbird. Both free.
3) Don't use MS IE except to run update.microsoft.com
or if you find a site that is hostile to anything but MSIE.
COnsider taking your business elsewhere.
4) Running two AV products is a bad idea and unnecessary.
5) Stop screwing with no-name AV products. FWIW I've never heard of
"Stop Sign".
6) It may not be causing your problems but runnning a product
like Zone Alarm is a good idea.

I use Trend and AVG on various machines and the both work fine for me.
Given proper updates, the AV products are pretty much alike.

 

[Heather]

the like? If you are you'll be getting virus's & other crap on your
machine.

How does that occur? What's the process? I run Kazaa Lite and WinMx

through a dial-up connection and have never gotten a virus from either of
them. But then I don't download executable files.

--------------------------->
I totally agree, Peter. I have used WinMX to download mp3's ONLY for about
3 years and have never once gotten a virus. However, if you go to Symantec
and put WinMX in the slot, you will be surprised to see there are specific
WinMX ones......but they must only be in the executable/pirated software
files....assuming that they are on WinMX. I have never looked.

As for Kazaa Lite......I have heard it is pretty safe too. But not Kazaa
regular.

Cheers......Heather

 

[FromTheRafters]

machine.

How does that occur? What's the process? I run Kazaa Lite and WinMx
through a dial-up
connection and have never gotten a virus from either of them. But then I
don't download executable files.

That you know of. ;o)

It is good that you don't download (knowingly) any executable files,
but even data files can be dangerous dependent on the program(s)
making use of that data.

 

[someone]

Im sick of getting viruses. I have AVG (auto-updated) and I also run Trend

snip <

A simple solution: download POP3 Scan Mailbox v.1, install it, and then
download its upgrade, POP3 Scan Mailbox v.1.0.4, and install it.

Once you set up your accounts, you can view all your emails' headers on
*all* your ISPs' servers , and Never Again download them to your own PC
unless you want to. Set up a hit list where only the wanted sender's email
address is not deleted on the server. That way, anything you don't want, or
whose name you don't recognize, is not downloaded. Your antivirus program
will have almost no work to do!

Go here:

http://www.kempston.net/smb/index.html

s.

 

[Petter Settli]

That you know of. ;o)

It is good that you don't download (knowingly) any executable files,
but even data files can be dangerous dependent on the program(s)
making use of that data.

Heather's never had a problem, I've never had a problem with either
KazaaLite or WinMx. I download mp3 and wma files...are you saying those
count as data files?
(I'm honestly ignorant here).

--PS

 

[FromTheRafters]

Heather's never had a problem, I've never had a problem with either
KazaaLite or WinMx. I download mp3 and wma files...are you saying
those count as data files?

Yes, and Microsoft has a habit of adding functionality to players
beyond what they need in order to "play" those data files. There
was an OS (XP) feature for mouse rollover (or was it hover) that
gleaned data from the file to display in a "balloon". The problem
with that is there was an unchecked buffer in the program's code.
To the best of my knowledge there wasn't any exploit code capable
of doing much of anything, but it still shows that the safety aspect
of a data file is dependent on the programs that make use of that
data.

Most of the other WMP vulnerabilities seem to deal with streaming
data and skins, but I remember some mention of some MP3 files
with malformed headers causing problems for WinAmp.

A quick search reveals:

http://www.geek.com/news/geeknews/2002apr/gee20020501011465.htm

I'm sure that there are others as well.

The bottom line is - you can't ascertain safety from the data filetype,
only from the operating system and applications that you use.

 

[Heather]

Yes, and Microsoft has a habit of adding functionality to players
beyond what they need in order to "play" those data files. There
was an OS (XP) feature for mouse rollover (or was it hover) that
gleaned data from the file to display in a "balloon". The problem
with that is there was an unchecked buffer in the program's code.
To the best of my knowledge there wasn't any exploit code capable
of doing much of anything, but it still shows that the safety aspect
of a data file is dependent on the programs that make use of that
data.

Most of the other WMP vulnerabilities seem to deal with streaming
data and skins, but I remember some mention of some MP3 files
with malformed headers causing problems for WinAmp.

OK.....first of all, I use WinME, not XP. And I NEVER use WMP because it is
absolutely awful!!!! I have version 7.1 or something. The odd time it will
come up with attachments that have video, but I should disable that, if I
can find it. I use both Roxio 6 and Music Match to play MP3's.

I tried an older version of WinAmp and it didn't sit well on WinME, so
removed it. So not quite sure if this answers what you say, but I
repeat......I have never had a problem with WinMX in 3 years and I won't say
how many downloads (grin).......of mp3's only.

Have I been just lucky?? Or is it quite safe. My view is that WinMX is
quite safe. I am that 1 in a 100 that problems find......so that is my
reason for stating that. (G)

Heather

 

[Petter Settli]

FromTheRafters wrote:

[...]

The bottom line is - you can't ascertain safety from the data
filetype,
only from the operating system and applications that you use.

Thanks for the info.
If a man were the nervous type, your post could be enough to ruin his
day.

As the song goes (worth downloading):

"Paranoia strikes deep
Into your life it will creep"
*For What It's Worth*, Buffalo Springfield

BTW, I try to avoid downloading wma files, because Nero
can't convert them to wave files. Thank you Microsoft, once again

--PS

 

[FromTheRafters]

OK.....first of all, I use WinME, not XP. And I NEVER use WMP because it is
absolutely awful!!!! I have version 7.1 or something. The odd time it will
come up with attachments that have video, but I should disable that, if I
can find it. I use both Roxio 6 and Music Match to play MP3's.

I tried an older version of WinAmp and it didn't sit well on WinME, so
removed it. So not quite sure if this answers what you say, but I
repeat......I have never had a problem with WinMX in 3 years and I won't say
how many downloads (grin).......of mp3's only.

Have I been just lucky?? Or is it quite safe. My view is that WinMX is
quite safe. I am that 1 in a 100 that problems find......so that is my
reason for stating that. (G)

I was not disaggreeing with your assessment on that score, only
that it should not be assumed that dealing *only* with MP3s is
necessarily safe. Choose your applications carefully, and keep
up with any vulnerabilities discovered with those applications, or
the OS, as they are disclosed.