I run XP SP2, wireless connecction via Belkin adapter/extender to Belkin
router.
After having problems with the connection, it seems to be sorted after
repairing Windows and re-installing Belkin software. I also run Norton
Systemworks
Now downloads, incl Norton and MS updates, start off fine and then crash
after quickly decreasing download times.
I have tried to repair XP, Belkin re-install , and new network connections.
I have tried the Firewall/Anti-virus on/off. I have put in the IP address
manually as well as auto. I have tried Dial-a-Fix, System Mechanic, and a
Winsock repair.
Emails seem to download ok but webpages and updates slow the system to a
crash. I did manage up update Ad-Aware, which found 3 minor bits, but nothing
serious. The same with Defender tho I was unable to update its definitions.
Oddly, I found that Ad-Aware, Defender and even Wireless Services disabled
themselves, tho I could put them back to Auto.
What do I have left to do other that an XP clean re-install? I have wasted
so much time.
1. The retail version of Norton can play havoc with your pc. Uninstall it
using Norton's own uninstall tool:
http://service1.symantec.com/suppor...5033108162039?OpenDocument&seg=hm&lg=en&ct=us
and get a refund
2. CCleaner - Free
Cleans temporary internet files, cookies, history, recent urls, application
MRUs, etc. ...
http://www.filehippo.com/download_ccleaner/
If Windows Defender is utilized go to Applications, under Utilities
uncheck "Windows Defender".
3. Download David H. Lipman's MULTI_AV.EXE from the URL:
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
To use this utility, perform the following...
Execute; Multi_AV.exe {Note: You must use the default folder C:\AV-CLS}
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{or Double-click on 'Start Menu' in C:\AV-CLS}
NOTE: You may have to disable your software FireWall or allow WGET.EXE to
go through your FireWall to allow it to download the needed AV vendor
related files.
C:\AV-CLS\StartMenu.BAT -- {or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in
Normal Mode.
This way all the components can be downloaded from each AV vendor's web
site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and
Reboot the PC.
You can choose to go to each menu item and just download the needed files
or you can download the files and perform a scan in Normal Mode. Once you
have downloaded the files needed for each scanner you want to use, you
should reboot the PC into Safe Mode [F8 key during boot] and re-run the
menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal
Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help file.
Additional Instructions:
http://pcdid.com/Multi_AV.htm
The average homeuser operating a stand-alone computer can get by with good
quality (freely available) software.
Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning engine!
Disable the e-mail scanning function during installation (Custom
Installation on some AV apps.) as it provides no additional protection.
Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tutorials/email-scanning/index.htm
Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
http://www.free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html
http://www.free-av.com/antivirus/allinonen.html
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/disable_antivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in class
GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)
or
Kaspersky® Anti-Virus 7.0 - Not Free
http://www.kaspersky.com/homeuser
or
ESET NOD32 Antivirus - Not Free
http://www.eset.com/
A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging and
oftentimes a collection of scanners is best. There isn't one software that
cleans and immunizes you against everything. That's why you need multiple
products to do the job i.e. overlap their coverage - one may catch what
another may miss, (grab'em all).
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free (build-in in Vista)
http://www.microsoft.com/athome/security/spyware/software/default.mspx
WD monitors the start-registry and hooks registers/files to prevent spyware
and worms to install to the OS.
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which detects
changes to key areas of the system without having to know anything about
the actual threat."
A clarification on the terminology: the word "malware" is short for
"malicious software." Most Anti-Virus applications detect many types of
malware such as viruses, worms, trojans, etc.
What AV applications usually don't detect is "non-viral" malware, and the
term "non-viral malware" is normally used to refer to things like spyware
and adware.
Rootkit Removal applications.
The effectiveness of an individual Rootkit removal application are
wide-ranging and it is recommended utilizing a collection of
detection/removal tools; You are encouraged to try all of them (join
relevant fora for additional support i.e. interpretation of scan results):
DarkSpy
http://www.antirootkit.com/software/DarkSpy.htm
http://www.antirootkit.com/forums/viewforum.php?f=18
F-Secure BlackLight (Download Trial)
http://www.f-secure.com/blacklight/
http://www.antirootkit.com/forums/viewforum.php?f=13
GMER - is an application that detects and removes rootkits.
http://www.gmer.net/index.php
http://antirootkit.com/forums/index.php?sid=9e746bb696ac0bb38781ffe4361c3a17
IceSword
http://www.antirootkit.com/software/IceSword.htm
http://www.antirootkit.com/forums/index.php
RAIDE
http://www.rootkit.com/project.php?id=33
download:
http://www.rootkit.com/vault/petersilberman/RAIDE_BETA_1.zip
http://www.rootkit.com/boardm.php
Rootkit Revealer
http://www.microsoft.com/technet/sysinternals/Utilities/RootkitRevealer.mspx
http://forum.sysinternals.com/forum_topics.asp?FID=15
RootKit Hook Analyzer
http://www.softpedia.com/get/Security/Security-Related/RootKit-Hook-Analyzer.shtml
http://www.antirootkit.com/forums/viewforum.php?f=17
RootKit Hook Analyzer
http://www.resplendence.com/hookanalyzer
http://www.antirootkit.com/forums/viewforum.php?f=17
RootAlyzer
http://forums.spybot.info/showthread.php?t=24185
http://www.spybotupdates.com/files/rootalyz.zip
Sophos Anti-Rootkit - Free tool for rootkit detection and removal
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
Direct link:
http://www.sophos.com/support/cleaners/sarsfx.exe
http://www.techsupportforum.com/net...irewalls/113585-free-sophos-anti-rootkit.html
System Virginity Verifier
http://www.softpedia.com/get/System/System-Info/System-Virginity-Verifier.shtml
http://www.antirootkit.com/forums/viewforum.php?f=25
System Virginity Verifier
http://www.antirootkit.com/software/System-Virginity-Verifier.htm
http://www.antirootkit.com/forums/viewforum.php?f=25
VICE
http://www.rootkit.com/project.php?id=20
download:
http://www.rootkit.com/vault/fuzen_op/vice.zip
http://www.rootkit.com/boardm.php
"Make sure you always read the current user instructions for your scanning
tools to see what special steps you need to take before, during and after
the clean-up process. Then, after you've found and cleaned a rootkit,
rescan the system once you reboot to double-check that it was fully cleaned
and the malware hasn't returned."
Avoiding Rootkit Infection.
"The rules to avoid rootkit infection are for the most part the same as
avoiding any malware infection however there are some special
considerations:
Because rootkits meddle with the operating system itself they *require*
full Administrator rights to install. Hence infection can be avoided by
running Windows from an account with *lesser* privileges" (LUA in XP and
UAC in Vista).
AntiHook
http://www.infoprocess.com.au/AntiHook.php
DiamondCS ProcessGuard
http://www.diamondcs.com.au/processguard/
http://www.diamondcs.com.au/processguard/download.php
Educational viewing!
Mark Russinovich - Advanced Malware Cleaning
http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=359
Some more useful applications:
SpywareBlaster - Free
SpywareBlaster is not a scanner application.
It prevents the installation of ActiveX-based spyware, adware, browser
hijackers, dialers, and other potentially unwanted software.
Blocks spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
Restricts the actions of potentially unwanted sites in Internet Explorer.
http://www.javacoolsoftware.com/spywareblaster.html
["SpywareBlaster is not a scanner application. It blocks the installation
of most ActiveX-based spyware, adware, browser hijackers, dialers and other
unwanted programs from the user's computer (it does so in real-time).
SpywareBlaster works by blacklisting the CLSID of known malware programs,
effectively preventing them from infecting a protected computer and also
allows the user to prevent privacy hazards such as tracking cookies."]
WinPatrol
It helps keep your system tray free of clutter and warns you when a program
insists on loading at system boot-up.
http://www.winpatrol.com/
CW Shredder - Free
Is a premier tool to find and remove traces of CoolWebSearch – the name for
a wide range of insidious browser hijackers – from your PC.
http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/CWShredder.shtml
AutoRuns
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
ProcessExplorer
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
TCPView
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
Sysinternals Suite
http://technet.microsoft.com/en-us/sysinternals/0e18b180-9b7a-4c49-8120-c47c5a693683.aspx
WALLWATCHER - Collect, View, and Analyze Router Logs
http://sonic.net/wallwatcher/
For the average homeuser, the Windows Firewall in XP SP 2 does a fantastic
job at its core mission and is really all you need if you have an
'real-time' anti-virus program, [another firewall on your router or] other
edge protection like SeconfigXP and practise safe-hex.
The windows firewall deals with inbound protection and therefore does not
give you a false sense of security. Best of all, it doesn't implement lots
of nonsense like pretending that outbound traffic needs to be monitored.
Activate and utilize the Win XP SP2 built-in Firewall; Uncheck *all*
Programs and Services under the Exception tab.
Read through:
Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
Using Windows Firewall.
http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx
How to manually open ports in Internet Connection Firewall in Windows XP.
http://support.microsoft.com/kb/308127
How to Configure Windows Firewall on a Single Computer.
http://www.microsoft.com/technet/security/smallbusiness/prodtech/windowsxp/cfgfwall.mspx
Troubleshooting Windows Firewall settings in Windows XP Service Pack 2.
http://support.microsoft.com/default.aspx?kbid=875357
PFW Criticism.
http://en.wikipedia.org/wiki/Personal_firewall#Criticisms
"Personal Firewalls" are mostly snake-oil.
http://www.samspade.org/d/firewalls.html
Why your firewall sucks.
http://tooleaky.zensoft.com/
"But I quickly realized the truth: The added protection provided by
outbound filtering is entirely illusory."
At Least This Snake Oil Is Free.
http://msinfluentials.com/blogs/jesper/archive/2007/07/19/at-least-this-snake-oil-is-free.aspx
Deconstructing Common Security Myths.
http://www.microsoft.com/technet/technetmag/issues/2006/05/SecurityMyths/default.aspx
Scroll down to:
"Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe."
Exploring the windows Firewall.
http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
"Outbound protection is security theater—it’s a gimmick that only gives the
impression of improving your security without doing anything that actually
does improve your security."
In conjunction with WinXP SP2 Firewall use:
Seconfig XP 1.0
http://seconfig.sytes.net/
(
http://www.softpedia.com/progDownload/Seconfig-XP-Download-39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139
and 445 (the most exploited Windows networking weak point) closed.)
Good luck
