PDA

View Full Version : Windows ARRRG


kgoerz
03-05-2012, 19:22
Is there a way to keep your home page from being high jacked every time you download something new. Seems to happen a lot more often. Checked all my security settings and they are all on.

Dusty
03-05-2012, 19:37
Got Norton?

Snaquebite
03-05-2012, 19:38
You've been hijacked...if you have a spyware or malware program run it to remove the hijacker file/program.

Edit to add:
http://www.microsoft.com/security/pc-security/browser-hijacking.aspx

kgoerz
03-05-2012, 19:41
Yes have Norton. It's not every time. Just one of those annoying things that happen. They ask permission to do it. But it's often in the super fine print no one reads. Wondering if there was an easy fix. I hate the way consumers do crap like this.

Snaquebite
03-05-2012, 19:49
Well those porn sites are notorious for adding hijacker files to your computer:rolleyes::D

Kyobanim
03-05-2012, 19:52
there should be a setting in your browser options to prompt you prior to installing something or changing your settings. if you're getting this from apps you're downloading, you just have to becareful and read all the options and windows befor clicking ok.

BOfH
03-05-2012, 23:19
QP kgoerz,
A few things to note:

1. Your anti-virus/anti-malware package is only as good as its last signature update, make sure it is up to date, and is configured to update automatically.
2. That said, AV/AM software catches anywhere from %20-%40 of all malicious software. If you download a file that you are suspicious of, but is not flagged by your A/V, try running it through Virustotal(www.virustotal.com).
3. Most malware these days is installed via vulnerabilities in popular and largely deployed software such as: Adobe Reader, Java, Adobe Flash and Shockwave players. Keep these applications and plugins up to date. Secunia PSI(http://secunia.com/vulnerability_scanning/personal/) can make that process a whole lot easier. Most importantly, make sure that your operating system is set to receive updates and install them automatically.
4. If you believe your machine has been compromised, it is best to rebuild it from scratch, backup whatever data that you need from the system, make a list of installed applications, and then format, reinstall the operating system and any necessary applications. Most malicious software will generally bundle other software, usually rootkits like TDL/TDSS 3/4, which are difficult, if not impossible to remove.
5. Consider running yourself and/or your children as a non-privileged user(Control Panel --> User Accounts --> Create a new user --> Remove the user from the Administrators group and add them to the users group) when browsing the internet . As annoying as they are, do not ignore the UAC/Elevation prompts, or turn them off, read what is trying to run, and Google if you don't recognize the application.

Thats all for now. My apologies in advance if this came off a bit patronizing, that was not my intention. In my line of work I do get these types of questions often, so this piece is a bit practiced. ;)

v/r
BOfH

CloseDanger
03-06-2012, 00:36
What he said. But I have had great success with Spybot S&D (http://www.safer-networking.org/en/download/)

badshot
03-06-2012, 06:21
Yes have Norton. It's not every time. Just one of those annoying things that happen. They ask permission to do it. But it's often in the super fine print no one reads. Wondering if there was an easy fix. I hate the way consumers do crap like this.


Contrary to what some techs say, Google Chrome appears to cause less issues than IE or Firefox. The interface takes a little getting used to but in many environments its faster in most aspects. (ie. You can say yes more in less time!)

I can safely say before all the posts to the contrary, they build their stuff fundamentally better (ie. what you don't see), and have a better understanding of how things get from a to b over the wire. It also hasn't been reverse engineered as much as either of the other two. Meaning fewer less experienced losers can mess with it.

JJ_BPK
03-06-2012, 06:56
I have had several hi-jacks, along with in-laws & out-laws.

The common thread is not that they bypass your security,, but rather they ask you for permission to by-pass security by implying they want to install or show you something.

After they get in they are a bear to dump,, WITH ONE EXCEPTION...

I have our systems set to do a "System Restore" check point every day when the system is started.

Sooo,, As soon as I see a hi-jack. I restart the system in Safe Mode and restore the system to the last good check-point. Then run a complete system security scan.

To date this has been the easiest way to clean them out, although it may take a couple hours because of the deep scan...

My cuz had one last week, it was different. It hid all their data files & pictures using a DOS mode ATTRIBUTE command (Attrib *.jpg /s +h +s +r) . It looked like the system had been erased and they would need to start from scratch.

I got suspicious because only their data and JPG files were missing. No system libraries were touched.

Took a couple of hour, had to use a restore point that was three days old(not sure why).

BUT after I had the restore complete, I had to manually use WIN folder attributes to change the attributes back..

Luckily they had mucho pina-coladas, otherwise they would have been SOL... :D

badshot
03-06-2012, 14:01
I have our systems set to do a "System Restore" check point every day when the system is started.


That's a smart point.

Thing is, many of those issues (malware, etc) purposely stay hidden for varied periods. Meaning: stay dormant. So the Check Point may save them while they are dormant, Restore may restore them, as you have discovered.

My father in-law used to be so bad at saying yes that I set his user ID to have little or no privileges and I was the only admin. He'd still be able to catch all sorts of things (wasn't supposed to) on Windows XP. The solution was he started from scratch every three months, user ID and all. A poor solution for most.

Personally I'll say no to everything (cat and being curious comes to mind). Even saying yes to sites like Trend Micro can end badly down the road. Did it twice, and paid for it bty.

Thing is in the past I've caught stuff and spent many hours fixing some of them (or starting from scratch) but its like crashing a good car, most are never exactly the same after an event and it usually hurts in more ways than one.

kgoerz
03-07-2012, 01:40
I learned a long time ago about backing up. When my last lap top died. I didn't lose one piece of data. Had the hard drive ghosted. So setting up the new lap top like I wanted. Took a few clicks and just the wait.
Ill take a look into my settings. It's just annoying as crap. What do they think. I'm just going to start using there web page as my new home page because it popped up one time.
But if it means keeping the internet free of government laws and interference. Ill put up with the petty stuff.

fasteddie565
03-07-2012, 05:19
If you are installing legitimate software, there is probably a switch somewhere in the install process that says change my homepage as www.XXXX.com. Sometimes it is in the user agreement that none of us read. They are very sneaky strategically placing these radio buttons so no one notices them until you open your browser. If nothing else, it gives them a legitimate visit to the page and adds to their google headcount.

BOfH
03-07-2012, 11:21
That's a smart point.

Thing is, many of those issues (malware, etc) purposely stay hidden for varied periods. Meaning: stay dormant. So the Check Point may save them while they are dormant, Restore may restore them, as you have discovered.

My father in-law used to be so bad at saying yes that I set his user ID to have little or no privileges and I was the only admin. He'd still be able to catch all sorts of things (wasn't supposed to) on Windows XP. The solution was he started from scratch every three months, user ID and all. A poor solution for most.

Personally I'll say no to everything (cat and being curious comes to mind). Even saying yes to sites like Trend Micro can end badly down the road. Did it twice, and paid for it bty.

Thing is in the past I've caught stuff and spent many hours fixing some of them (or starting from scratch) but its like crashing a good car, most are never exactly the same after an event and it usually hurts in more ways than one.

System Restore is a great feature, case in point :D It's enterprise comparison would be the Shadow Copy feature, which has saved me more than once from restoring from tape.

Bear in mind that some malicious software, especially rootkits(like TDSS/TDL 3/4) hook the Master Boot Record(MBR) and a simple restore in time will not make them go away. Actually, to correct my previous advice, a format will not make them go away either. The MBR needs to be overwritten, DBAN[1] is good for that (as well as sanitizing that drive before you "hand me down" your laptop, and your *deleted* porn stash is accidentally undeleted :D )

I learned a long time ago about backing up. When my last lap top died. I didn't lose one piece of data. Had the hard drive ghosted. So setting up the new lap top like I wanted. Took a few clicks and just the wait.
Ill take a look into my settings. It's just annoying as crap. What do they think. I'm just going to start using there web page as my new home page because it popped up one time.
But if it means keeping the internet free of government laws and interference. Ill put up with the petty stuff.

Nothing beats a good backup. I finally bit the bullet and went with a cloud backup solution, utilizing Amazon's S3[2] storage service and a client from Cloudberry software[3]. The thing that sold me on the client was support for client side encryption and compression, meaning that even if my Amazon account is compromised, the data is still secure; most online backup services utilize Amazon's SSE(Server Side Encryption) which means that the key is stored with Amazon and the backup provider, if they are compromised, so is your data. And at about $1/month for the 20GB(compressed) or so I back up, you can't beat it. Last but not least, pictures for insurance and scans of important documents are offsite, so in the event of a local disaster, I still have those for claims purposes.


[1]http://www.dban.org/
[2]http://aws.amazon.com/s3/
[3]http://www.cloudberrylab.com/amazon-s3-microsoft-azure-google-storage-online-backup.aspx

badshot
03-07-2012, 20:12
hook the Master Boot Record(MBR) and a simple restore in time will not make them go away

Absolutely, as well as many other hooks. A simple change of the jmp (for bios/asm geeks) instruction during the initialization could ruin your day.

If your Anti-Virus offers boot scans, use them.

Also make sure your browser's Plugin's (like Yahoo) are updated or disabled, some buttheads are exploiting outdated ones very recently. kgoerz your box comes to mind on this note.

kgoerz
03-08-2012, 09:47
What he said. But I have had great success with Spybot S&D (http://www.safer-networking.org/en/download/)

I'm using it. But it tells me I don't have admin rights to fix all the problems it finds. I'm the only user on this lap top.

badshot
03-08-2012, 11:18
Right click on the icon or menu listing, then left click on 'Run as Adminstrator'.