Hi Marcus - As I pointed out before, install this hotfix for the CWS
exploit, and any other outstanding "critical" fixes from Windows update:
http://support.microsoft.com/?kbid=816093
There are other types of problems which can be fixed by appropriate firewall
settings, such as spam from Windows Messenger exploitation and certain
viruses. Here are some general observations about "Defensing Your Machine"
(if that isn't too pretentious):
If you want to take steps to defend your machine, there are a number of
things which need to be considered. I would suggest the following:
The minimum necessary to start with are a good hardware or software firewall
and an AV.
For the general hijack case, the best way to start is to get Ad-Aware 6.0,
Build 181 or later, here:
http://www.lavasoftusa.com/support/download/.
UPDATE and run this regularly to get rid of most "spyware/hijackware" on
your machine. If it has to fix things, be sure to re-boot and rerun
AdAware again and repeat this cycle until you get a clean scan. The reason
is that it may have to remove things which are currently "in use" before it
can then clean up others.
Another excellent program for this purpose is SpyBot Search and Destroy
available here:
http://security.kolla.de/ SpyBot Support Forum here:
http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi. I recommend
using both normally. After UPDATING and fixing things with SpyBot S&D, be
sure to re-boot and rerun SpyBot again and repeat this cycle until you get a
clean "no red" scan. The reason is that SpyBot sometimes has to remove
things which are currently "in use" before it can then clean up others.
Note that sometimes you need to make a judgement call about what these
programs report as spyware. See here, for example:
http://www.imilly.com/alexa.htm
Next, courtesy of Mike Burgess:
"--Recommended Minimum Security Settings--
Close all instances of IE and OE
Control Panel | Internet Options
Click on the "Security" tab
Highlight the "Internet" icon, click "Custom Level"
1) "Download signed ActiveX scripts" = Prompt
2) "Download unsigned ActiveX scripts = Disable
3) "Initialize and script ActiveX not marked as safe" = Disable
4) "Installation of Desktop items" = Prompt
5) "Launching programs and files in a IFRAME" = Prompt
Click on the "Content" tab
Click the "Publishers" button
Highlight and click "Remove" any unknowns, click Ok
Click on the "Advanced" tab
Uncheck: "Install on demand (other)", click Apply\Ok
Prevent your "HomePage" setting from being Hijacked
http://www.mvps.org/winhelp2002/ietips.htm
_____________________________
Mike Burgess
Information isn't free if you can't find it!
http://www.mvps.org/winhelp2002/"
Note the Publisher setting - this vector is often overlooked.
Then, from me:
You might want to consider installing the SpywareBlaster and SpywareGuard
here to help prevent this kind of thing from happening in the future:
http://www.wilderssecurity.com/spywareblaster.html (Prevents malware Active
X installs) (BTW, SpyWare Blaster is not memory resident ... no CPU or
memory load - but keep it UPDATED) The latest version as of this writing
will prevent installation or prevent the malware from running (887 parasites
as of this date) if it is already installed, and it provides information and
fixit-links for a variety of parasites.
http://www.wilderssecurity.net/spywareguard.html (Monitors for attempts
to install malware) Keep it UPDATED. Both Very Highly Recommended.
Next, install and keep updated a good HOSTS file. It can help you avoid
most adware/malware. See here:
http://www.mvps.org/winhelp2002/hosts.htm
(Be sure it's named/renamed HOSTS - all caps, no extension)
Lastly, with regards to cookies: Courtesy of Mel's Spyware Tools, here:
http://homepage.cooketech.net/~cybermel/Mel's Spyware Tools and Ad Blockers.html
XML-Menu for IE6 - (
http://www.staff.uiuc.edu/~ehowes/main.htm, click on IE6
Tools on website) "This package contains a full menu of custom Import XML
files that can be used to manipulate IE6's handling of cookies in the
Internet and Trusted zones (the Privacy tab controls only the Internet
zone). The files are divided into three sets: one "short list" of
recommended files, and two "advanced" lists containing a wide range of
possible Privacy configurations. The ReadMe covers the basics of using
custom XML Import files and details all the files that are available. A
..REG file that can be used to restore the default Privacy tab settings is
included."
This is the technique that I use and, while I do very infrequently have to
override on some sites that don't have a Privacy Policy in place, I've found
it almost infallible in stopping bad cookies (I use 1-e, BTW) FWIW, Eric
Howes site, above, is one of the very best on the net with regard to
anything having to do with security. Very Highly Recommended.
--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
In
