Professional Soldiers ®

Professional Soldiers ® (http://www.professionalsoldiers.com/forums/index.php)
-   KnuckleDragger Questions (http://www.professionalsoldiers.com/forums/forumdisplay.php?f=60)
-   -   Windows ARRRG (http://www.professionalsoldiers.com/forums/showthread.php?t=37045)

kgoerz 03-05-2012 18:22

Windows ARRRG
 
Is there a way to keep your home page from being high jacked every time you download something new. Seems to happen a lot more often. Checked all my security settings and they are all on.

Dusty 03-05-2012 18:37

Got Norton?

Snaquebite 03-05-2012 18:38

You've been hijacked...if you have a spyware or malware program run it to remove the hijacker file/program.

Edit to add:
http://www.microsoft.com/security/pc...hijacking.aspx

kgoerz 03-05-2012 18:41

Yes have Norton. It's not every time. Just one of those annoying things that happen. They ask permission to do it. But it's often in the super fine print no one reads. Wondering if there was an easy fix. I hate the way consumers do crap like this.

Snaquebite 03-05-2012 18:49

Well those porn sites are notorious for adding hijacker files to your computer:rolleyes::D

Kyobanim 03-05-2012 18:52

there should be a setting in your browser options to prompt you prior to installing something or changing your settings. if you're getting this from apps you're downloading, you just have to becareful and read all the options and windows befor clicking ok.

BOfH 03-05-2012 22:19

QP kgoerz,
A few things to note:

1. Your anti-virus/anti-malware package is only as good as its last signature update, make sure it is up to date, and is configured to update automatically.
2. That said, AV/AM software catches anywhere from %20-%40 of all malicious software. If you download a file that you are suspicious of, but is not flagged by your A/V, try running it through Virustotal(www.virustotal.com).
3. Most malware these days is installed via vulnerabilities in popular and largely deployed software such as: Adobe Reader, Java, Adobe Flash and Shockwave players. Keep these applications and plugins up to date. Secunia PSI(http://secunia.com/vulnerability_scanning/personal/) can make that process a whole lot easier. Most importantly, make sure that your operating system is set to receive updates and install them automatically.
4. If you believe your machine has been compromised, it is best to rebuild it from scratch, backup whatever data that you need from the system, make a list of installed applications, and then format, reinstall the operating system and any necessary applications. Most malicious software will generally bundle other software, usually rootkits like TDL/TDSS 3/4, which are difficult, if not impossible to remove.
5. Consider running yourself and/or your children as a non-privileged user(Control Panel --> User Accounts --> Create a new user --> Remove the user from the Administrators group and add them to the users group) when browsing the internet . As annoying as they are, do not ignore the UAC/Elevation prompts, or turn them off, read what is trying to run, and Google if you don't recognize the application.

Thats all for now. My apologies in advance if this came off a bit patronizing, that was not my intention. In my line of work I do get these types of questions often, so this piece is a bit practiced. ;)

v/r
BOfH

CloseDanger 03-05-2012 23:36

What he said. But I have had great success with Spybot S&D

badshot 03-06-2012 05:21

Quote:

Originally Posted by kgoerz (Post 438174)
Yes have Norton. It's not every time. Just one of those annoying things that happen. They ask permission to do it. But it's often in the super fine print no one reads. Wondering if there was an easy fix. I hate the way consumers do crap like this.


Contrary to what some techs say, Google Chrome appears to cause less issues than IE or Firefox. The interface takes a little getting used to but in many environments its faster in most aspects. (ie. You can say yes more in less time!)

I can safely say before all the posts to the contrary, they build their stuff fundamentally better (ie. what you don't see), and have a better understanding of how things get from a to b over the wire. It also hasn't been reverse engineered as much as either of the other two. Meaning fewer less experienced losers can mess with it.

JJ_BPK 03-06-2012 05:56

I have had several hi-jacks, along with in-laws & out-laws.

The common thread is not that they bypass your security,, but rather they ask you for permission to by-pass security by implying they want to install or show you something.

After they get in they are a bear to dump,, WITH ONE EXCEPTION...

I have our systems set to do a "System Restore" check point every day when the system is started.

Sooo,, As soon as I see a hi-jack. I restart the system in Safe Mode and restore the system to the last good check-point. Then run a complete system security scan.

To date this has been the easiest way to clean them out, although it may take a couple hours because of the deep scan...

My cuz had one last week, it was different. It hid all their data files & pictures using a DOS mode ATTRIBUTE command (Attrib *.jpg /s +h +s +r) . It looked like the system had been erased and they would need to start from scratch.

I got suspicious because only their data and JPG files were missing. No system libraries were touched.

Took a couple of hour, had to use a restore point that was three days old(not sure why).

BUT after I had the restore complete, I had to manually use WIN folder attributes to change the attributes back..

Luckily they had mucho pina-coladas, otherwise they would have been SOL... :D

badshot 03-06-2012 13:01

Quote:

Originally Posted by JJ_BPK (Post 438234)
I have our systems set to do a "System Restore" check point every day when the system is started.

That's a smart point.

Thing is, many of those issues (malware, etc) purposely stay hidden for varied periods. Meaning: stay dormant. So the Check Point may save them while they are dormant, Restore may restore them, as you have discovered.

My father in-law used to be so bad at saying yes that I set his user ID to have little or no privileges and I was the only admin. He'd still be able to catch all sorts of things (wasn't supposed to) on Windows XP. The solution was he started from scratch every three months, user ID and all. A poor solution for most.

Personally I'll say no to everything (cat and being curious comes to mind). Even saying yes to sites like Trend Micro can end badly down the road. Did it twice, and paid for it bty.

Thing is in the past I've caught stuff and spent many hours fixing some of them (or starting from scratch) but its like crashing a good car, most are never exactly the same after an event and it usually hurts in more ways than one.

kgoerz 03-07-2012 00:40

I learned a long time ago about backing up. When my last lap top died. I didn't lose one piece of data. Had the hard drive ghosted. So setting up the new lap top like I wanted. Took a few clicks and just the wait.
Ill take a look into my settings. It's just annoying as crap. What do they think. I'm just going to start using there web page as my new home page because it popped up one time.
But if it means keeping the internet free of government laws and interference. Ill put up with the petty stuff.

fasteddie565 03-07-2012 04:19

If you are installing legitimate software, there is probably a switch somewhere in the install process that says change my homepage as www.XXXX.com. Sometimes it is in the user agreement that none of us read. They are very sneaky strategically placing these radio buttons so no one notices them until you open your browser. If nothing else, it gives them a legitimate visit to the page and adds to their google headcount.

BOfH 03-07-2012 10:21

Quote:

Originally Posted by badshot (Post 438300)
That's a smart point.

Thing is, many of those issues (malware, etc) purposely stay hidden for varied periods. Meaning: stay dormant. So the Check Point may save them while they are dormant, Restore may restore them, as you have discovered.

My father in-law used to be so bad at saying yes that I set his user ID to have little or no privileges and I was the only admin. He'd still be able to catch all sorts of things (wasn't supposed to) on Windows XP. The solution was he started from scratch every three months, user ID and all. A poor solution for most.

Personally I'll say no to everything (cat and being curious comes to mind). Even saying yes to sites like Trend Micro can end badly down the road. Did it twice, and paid for it bty.

Thing is in the past I've caught stuff and spent many hours fixing some of them (or starting from scratch) but its like crashing a good car, most are never exactly the same after an event and it usually hurts in more ways than one.

System Restore is a great feature, case in point :D It's enterprise comparison would be the Shadow Copy feature, which has saved me more than once from restoring from tape.

Bear in mind that some malicious software, especially rootkits(like TDSS/TDL 3/4) hook the Master Boot Record(MBR) and a simple restore in time will not make them go away. Actually, to correct my previous advice, a format will not make them go away either. The MBR needs to be overwritten, DBAN[1] is good for that (as well as sanitizing that drive before you "hand me down" your laptop, and your *deleted* porn stash is accidentally undeleted :D )

Quote:

Originally Posted by kgoerz (Post 438475)
I learned a long time ago about backing up. When my last lap top died. I didn't lose one piece of data. Had the hard drive ghosted. So setting up the new lap top like I wanted. Took a few clicks and just the wait.
Ill take a look into my settings. It's just annoying as crap. What do they think. I'm just going to start using there web page as my new home page because it popped up one time.
But if it means keeping the internet free of government laws and interference. Ill put up with the petty stuff.

Nothing beats a good backup. I finally bit the bullet and went with a cloud backup solution, utilizing Amazon's S3[2] storage service and a client from Cloudberry software[3]. The thing that sold me on the client was support for client side encryption and compression, meaning that even if my Amazon account is compromised, the data is still secure; most online backup services utilize Amazon's SSE(Server Side Encryption) which means that the key is stored with Amazon and the backup provider, if they are compromised, so is your data. And at about $1/month for the 20GB(compressed) or so I back up, you can't beat it. Last but not least, pictures for insurance and scans of important documents are offsite, so in the event of a local disaster, I still have those for claims purposes.


[1]http://www.dban.org/
[2]http://aws.amazon.com/s3/
[3]http://www.cloudberrylab.com/amazon-s3-microsoft-azure-google-storage-online-backup.aspx

badshot 03-07-2012 19:12

Quote:

Originally Posted by BOfH (Post 438561)
hook the Master Boot Record(MBR) and a simple restore in time will not make them go away

Absolutely, as well as many other hooks. A simple change of the jmp (for bios/asm geeks) instruction during the initialization could ruin your day.

If your Anti-Virus offers boot scans, use them.

Also make sure your browser's Plugin's (like Yahoo) are updated or disabled, some buttheads are exploiting outdated ones very recently. kgoerz your box comes to mind on this note.


All times are GMT -6. The time now is 11:23.


Copyright 2004-2022 by Professional Soldiers ®