1. Rydian

    OP Rydian Resident Furvert™
    Member

    Joined:
    Feb 4, 2010
    Messages:
    27,880
    Country:
    United States
    <div align='center'><!--sizeo:5--><span style="font-size:18pt;line-height:100%"><!--/sizeo--><u>Infection Prevention Guide</u><!--sizec--></span><!--/sizec-->

    This guide will show you how to prevent infections in the first place.

    If you are currently infected, please visit the <a href="http://gbatemp.net/t298763-infection-removal-guide" target="_blank">Infection Removal Guide</a>.</div>

    <ol type='1'><li>Intro/T.O.C.</li><li>Program List</li><li>Future Prevention</li><li>F.A.Q.</li></ol>
    <div align='center'><!--sizeo:5--><span style="font-size:18pt;line-height:100%"><!--/sizeo-->Program List<!--sizec--></span><!--/sizec--></div>

    There's multiple classifications of infection in the computer world, just like there's multiple classifications of infections in the real world (for example viruses versus bacteria versus fungal infections). These infections work in different ways, and are often removed in different ways as well.

    There's two main common categories for computer infections because of this. The first is "viruses", this generally includes viruses, worms, trojans, and malicious modifications to core system files. The second is "malware", which generally includes spware, adware, rogue software, and malicious system settings changes.

    Often a scanner for one category won't aim for the other category due to the major differences, so it's recommended to have two programs. One antivirus and one antimalware, unless you have an antivirus that specifically includes antimalware instead (such as one of the paid anti-virus programs.)

    It's important to only keep one anti-virus program installed at a time. Antivirus programs aren't normal programs, they hook into core parts of the system (such as filesystem I/O) and expect to be the only things doing so. Having multi antivirus programs can actually cause them to perform worse, or actually damage your system under rare circumstances.

    <ul><li>Anti-virus
    <ul><li>Free
    <a href="http://www.avast.com" target="_blank">Avast!</a> - Has a boot-time scanner which can be really helpful to remove infections.
    <a href="http://www.microsoft.com/Security_essentials" target="_blank">Microsoft Security essentials</a> - Good at staying out of your way unless there's an issue. Updates definitions along with Windows Update, is light on requirements.
    <a href="http://antivirus.comodo.com" target="_blank">Comodo</a> - Includes a software firewall and other such additional protections, but may be too restrictive for power users.
    <a href="http://www.avira.com/free" target="_blank">Avira</a> - Standard antivirus, but the free version displays an ad when it updates.
    <a href="http://free.avg.com/" target="_blank">AVG</a> - Light on requirements, but can be seen as a little behind the times.
    </li><li>Paid
    <a href="http://www.kaspersky.com" target="_blank">Kaspersky</a> - Big focus on Heuristics, so it can often catch infections before other AV programs can.
    <a href="http://www.eset.com" target="_blank">NOD32</a> - Low amount of false positives.
    <a href="http://www.bitdefender.com" target="_blank">Bitdefender</a> - Big focus on phishing protection, includes various other things such as parental controls (but the controls are easily bypassed).
    <a href="http://www.f-secure.com" target="_blank">F-Secure</a> - Very fast and lightweight, but weak anti-malware protection.
    <a href="http://www.trendmicro.com" target="_blank">Trend Micro</a> - Website blocker, modern firewall, and a spam filter. Not the best malware protection.</li></ul>
    </li><li>Anti-Malware
    <ul><li>Free
    <a href="http://www.malwarebytes.org" target="_blank">MalwareBytes</a> - Excellent, takes steps that other programs don't in order to remove stubborn infections.
    <a href="http://www.superantispyware.com" target="_blank">SUPERAntiSpyware</a> - Light on resources when scanning.
    <a href="http://www.safer-networking.org" target="_blank">Spybot S&D</a> - And old standby, but can be considered deprecated. The TeaTimer component should not be installed or used.</li></ul></li></ul>

    <div align='center'><!--sizeo:5--><span style="font-size:18pt;line-height:100%"><!--/sizeo-->Future Prevention<!--sizec--></span><!--/sizec-->

    How did I get that infection in the first place?
    What can I do to prevent it?
    Where do infections come from?
    How can I spot bad programs?

    An ounce of prevention is worth a pound of cure.</div>

    <ul><li><b>Q - How do I avoid getting viruses and spyware and all that other bad stuff?</b>
    A - Here's a list of preventative measures you can take.
    <ul><li>Turn windows update on and leave it on! It's very important that your version of windows is kept up to date!</li><li>If you are in windows Vista/7, <a href="http://windows.microsoft.com/en-US/windows-vista/Turn-User-Account-Control-on-or-off" target="_blank">make sure UAC is on</a>.</li><li>Make sure to allow your antivirus to update automatically.</li><li>make sure your web browser is always updating, It doesn't matter if you like the look if Firefox 0.9 better, if it's way out of date you shouldn't be using it as the security holes in it will not be fixed. There's often methods and options to make new programs look or function like old ones, so just update and get used to it. Running an older browser is just asking for infections.</li><li>Make sure that your antivirus is set to automatically scan every file that's created/modified. Any good antivirus software will have what's known as an "active guard" or "resident shield". What that does is scan every file before it enters your computer, like a robot security guard at the door of a nightclub. If it detects an infection, it can stop it from doing anything, and alert you.</li></ul>
    </li><li><b>Q - Why did my current program not protect me?</b>
    A - Here's some possible reasons.
    <ul><li>It was not fully updated.</li><li>It was a pay program, and you stopped paying for it, so it stopped protecting you.</li><li>It was a scanner for a different type of infection then you got. Virus scanners usually will not scan for spyware/adware, and the same goes the other way way around.</li><li>The virus managed to break your protection program.</li><li>What you thought was your protection program could have been a rogue program that actually doesn't protect you and was just scamming you for money by giving you false error reports.</li><li>What you think is an infection is actually on your computer legally. Increasingly now programs that are normally good may also install other software that displays ads. <i>If it's in the EULA and you click the "agree" button, then it's on your computer legally, so virus scanners often won't pick it up!</i> You need to be very careful because installers will use all sorts of tricks to get you to agree to install additional software! They'll swap what buttons do what, hide the "do not install" option unless you click certain areas, and more.</li></ul>
    </li><li><b>Q - Where do infections come from?</b>
    A - Many, many places.

    <ul><li>Advertisements
    Yes, random advertisements on websites can attempt to infect your computer. <a href="http://news.cnet.com/8301-27080_3-20000898-245.html" target="_blank">You can even get infected by good sites like The New York Times</a>. Almost any site that displays advertisements could possibly give an infection, this is partially why it's so important to keep some protection that's always on.
    </li><li>Rogue Software
    Sometimes you might see a random popup or a page claiming it's scanning your computer, and showing you hundreds of problems it's finding that claims it can fix. THESE ARE FALSE. It is not scanning your computer, it is not detecting issues, all it's trying to do is scare you into buying it.
    </li><li>Crack/Serial/Warez Sites
    These are absolutely packed with infections and should be avoided. Their advertisements are rarely monitored and often contain infections, and the cracks and warez on the site itself often hide keyloggers and other such infections.
    </li><li>P2P/Filesharing Programs
    <i>When you use programs like Frostwire, you are downloading files directly from other people's computers, and other people are downloading files from your computer</i>. That's why it's called "file sharing"! If anybody has an infection on their computer, you could catch it since your computer connects to theirs in order to get the file. Every single one of these programs has a very high risk of infection, you should try to avoid these. The Done To Death sticky has lists of where to get free music safely and legally.</li></ul>
    These are just a few of the places to pick up infections. The people who make them are always looking into new ways to infect a large amount of machines, so if you're not sure on something look it up before you use it!</li></ul>

    <div align='center'><!--sizeo:5--><span style="font-size:18pt;line-height:100%"><!--/sizeo-->F.A.Q.<!--sizec--></span><!--/sizec--></div>

    <ul><li><b>Q - A lot of the steps in the Removal Guide seem useless, do I still need to do it all?</b>
    A - Every step has a purpose. Far too often people will skip steps, only to find they are still infected later. By the very nature of many infections, it's best that they remain hidden. After all, if you KNOW there's an infection you're going to try to remove it, right? Most actual viruses and bad infections will do all they can to prevent you from finding them, because they don't want you to try to remove them. Some steps you're told to follow may seem excessive, but they will catch stuff a simple virus scan won't.

    </li><li><b>Q - Why not just format when you get infected?</b>
    A - At least once a month, windows receives automatic security updates. These fix security holes that viruses and other types of infections can use to get into your computer and mess it up. When you format and reinstall windows, you are taking it back to a time before all the updates, meaning <i>you are just opening the door for even more infections to get in</i>! Most of the time it's better to remove the current infection and then take steps (listed in the "future prevention" post) to prevent reinfection. Formatting is a last resort, some people may have 50 gigabytes of personal files on their computer, and some people have their computers set up a very specific way that would take hours or days to restore to working order after a format. Just because formatting is your choice does not mean it should be the first suggestion to somebody else.

    </li><li><b>Q - Why doesn't the Removal Guide specifically list (name of infection here)?</b>
    A - There's thousands and thousands of computer infections, but most infections can be categorized into groups based on how they work, so a few tools and instructions can remove most of the computer infections people get. Furthermore the same infection can often call itself multiple names in order to try to disguise itself. This is most often true of infections that pretend to be virus scanners and try to scare you into "buying" them.

    </li><li><b>Q - I found this (verified legit) program that I installed and it scanned my computer and says it found the problem and is only asking me $30 to remove it, isn't that a good deal?</b>
    A - No, these programs are often just out for your money. If the program has scanned and found issues, that's the hard part. The actual fix should be easy, so the fact that it's waiting until then to make you pay shows that it's just after your money. This is especially true if the program doesn't actually tell you what and where the problems are, this shows that <i>the makers of the program don't want you going and fixing it yourself. They're not interested in actually fixing your problem, they just want to scare you out of your money</i>.

    </li><li><b>Q - A scanner is telling me that something I know is clean (for example, a game like Maple Story) is an infection, why?</b>
    A - Either it really DOES have an infection (remember that viruses infect other programs in order to reproduce!), or the scanner you're using is doing "heuristics" scanning. That's where it takes the program, and basically puts it in a virtual environment and tests how it reacts to certain actions, and if it does anything the scanner finds suspicious (that the scanner thinks it has no right doing, like a fast food employee carrying a gun), the scanner will mark it with a generic alert based on what type of infection the scanner thinks it is.

    <a href="http://www.virustotal.com/" target="_blank">http://www.virustotal.com/</a> - Go there, upload the file it says is infected, and it will scan it with many virus scanners. There you can see what the results are. If only a small percentage of the scanners mark it as bad, and they use generic terms, like just "spyware" or "trojan" or "keylogger", then you can assume that the file is really clean. Real viruses are given codenames, like "Fojack" or "Hidrag.a".

    </li><li><b>Q - What is all this stuff about DNS and HOSTS?</b>
    A - DNS means "Domain Name Server". A DNS server keeps information which web address relates to which IP address on the internet (like how google.com is 74.125.45.100). It's sort of like how "Jack's house" means "123 Oak Tree Lane" in the real world. Unfortunately, sometimes an infection will misdirect your computer, sending it to the wrong websites. The HOSTS file is a file on windows that holds information about DNS entries on your own computer, it's usually used to bypass a normal DNS server for whatever reason. Unfortunately infections will add entries that make real sites redirect to fake sites.

    </li><li><b>Q - What's a tracking cookie?</b>
    A - <i>A tracking cookie is not a virus</i>, it will not hurt your computer. They are used by ads on websites for marketing purposes. They record what "genre" of sites you generally visit (such as anime sites, military sites, car sites) so that the advertisements on a site know which types of ads to show you. They do not record any personal information about you, they do not know who you are.

    A cookie is a text file created by a website on your computer to store information about what you've done there. A text file is several kilobytes, which is one thousandth of a megabyte, which in turn, is one thousandth of a gigabyte. It would take millions of cookies to amount to anything that might slow down your computer.</li></ul>
     
    3 people like this.
  2. This topic should be merged with the Infection Removal Guide and be turned into a Infection Prevention and Removal Guide.

    There are way too many stickies in this forum.

    Good guide, BTW.
     
  3. Rydian

    OP Rydian Resident Furvert™
    Member

    Joined:
    Feb 4, 2010
    Messages:
    27,880
    Country:
    United States
    If a guide appears to have too many instructions people will get scared and not even attempt to follow it.

    I've been doing this shit for years, and it's a sad fact I've had to come to terms with.
     
  4. pistone

    pistone GBAtemp Advanced Fan
    Member

    Joined:
    Feb 18, 2010
    Messages:
    507
    Country:
    Albania
    before i always used avira.
    the updates where regular and also the ads where not to much ........and the thing i liked the most it doesnt kill all your ram
    i never downloaded p2p files and also i didnt visited "bad" sites ,i always scaned the pc 1/2 a week and still a lot of viruses
    then i passed to linux and every virus is gone
     
  5. Zekrom_cool

    Zekrom_cool I respect faith, but doubt is what gets you an edu
    Member

    Joined:
    Apr 17, 2011
    Messages:
    915
    Country:
    India
    How useful is Norton?
     
  6. Rydian

    OP Rydian Resident Furvert™
    Member

    Joined:
    Feb 4, 2010
    Messages:
    27,880
    Country:
    United States
    Debatable. It has a terrible reputation from the past, and while the latest versions are a lot better it's still sub-par. I would not recommend the purchase if that's what you're asking, but it is better than nothing.
     
  7. PaullyG

    PaullyG Member
    Newcomer

    Joined:
    Apr 23, 2011
    Messages:
    28
    Country:
    As a virusbtn member since 1998 and someone who has become a bit of a specialist with viruses and malware over the last 18 years, with many many new submissions to various vendors (generally whoever was giving best value to my customers at that point in time). I will say that Symantec has always been up there with the best over the years on the detection rate, but the real time scan engine was for a very very long time a dog slow resource hog and more of a pain in the rear end to have on a system than not. It has become a lot better now and is actually a good product these days to the point where I'd be willing to say (as much as I hate the company) that they're easily one of the best in the industry currently. A lot of us old schoolers love to rubbish Symantec, they bought out Norton back a long time ago and turned their products into complete garbage, which in turn made a lot of work for us lowly IT plebs. It's been hard to trust them again, but the anti-virus software has been very good for a few years now and they've had a proven track record of almost never missing anything on the wildlist since 2000. They've got a better handle on the spyware, malware and ad-ware side of things than most of the other anti-virus companies (something the industry has struggled to catch up with for a number of years now). So if you're willing to shell out for a product it's worth the money. It's relatively quick for how comprehensive it is and has proven itself to be a superior product time and again in independent testing. Personally I'd keep away from the 360 suite though, I still have no faith in their PC Tune-up stuff as I've seen enough trashed partitions in the past from their utility products, though it may be relatively trouble free these days. Their corporate product "Endpoint" is an absolute dream to use, should be their standard product imho. Is a shame it has a 5 license minimum, worth a look if you want to deck out a heap of systems though.

    With all that being said, there is one worthy (in my opinion superior) alternative that is both competitive in price and trustworthyness and that's Kaspersky. The only other contender I'd consider at the moment is F-secure but their pricing is a rip-off for home users.

    Download the trials, see which you get along with better (only have one installed at a time).

    Lavasoft have entered the comprehensive anti-virus market recently and their product has performed very impressively so far, but they don't have the proven track record yet, another new player which is causing quite a buzz lately is BullGuard, definitely ones to watch over the next couple years.

    If money is tight though you can get pretty comprehensive protection by using an alternative to Internet Explorer for browsing, and installing a free version of Avira or Avast (Both solid wildlist performers but lacking on the spyware/adware/malware front) in combination with Lavasoft's Ad-aware (Free version) as well as Spybot Search & Destroy (Don't forget to do a system scan with the latter two regularly).

    I'll probably get flamed if I don't mention ESET, who were once the be all and end all of anti-virus companies, with a track record nobody could touch. Sadly they've been slow to respond to the malware/ad-ware/spyware side of things and are only recently catching up, they did make far and away the best product in the industry for a very long time, but sadly they haven't been king of the hill for a while now. I do however suspect they'll be back on the throne before long as they've really started to get their act together lately.
     
  8. Rydian

    OP Rydian Resident Furvert™
    Member

    Joined:
    Feb 4, 2010
    Messages:
    27,880
    Country:
    United States
    For the average user viruses are not the only issue (in fact they're a minor issue), it's various malware that's the main cause of headaches, and Norton's not very good at removing it. I thought it was just my experiences, but I recently joined with my college's IT staff as a work study and found they have the same issue, it seems to not do jack crap against fake AV malware and they've contacted Norton and just gotten excuses (because they're not technically viruses).

    Given that stance I don't think I can recommend them as a paid product until that improves.
     
  9. shadowmanwkp

    shadowmanwkp Your roms are on another rom site
    Member

    Joined:
    Apr 17, 2008
    Messages:
    486
    Country:
    Netherlands
    Rydian, you might want to cover firewalls as well, they can provide a lot of protection for your computer. Even though windows has its own firewall, it is f'ing terrible, with a simple probe you can easily see that it provides nearly no protection, therefore it is sensible that some external firewalls like zonalarm should be included in the first post.
     
  10. Rydian

    OP Rydian Resident Furvert™
    Member

    Joined:
    Feb 4, 2010
    Messages:
    27,880
    Country:
    United States
    I honestly do not believe a software firewall is any benefit for the average user with any sort of router/gateway, and they often do more annoyance than actual prevention.
     
  11. shadowmanwkp

    shadowmanwkp Your roms are on another rom site
    Member

    Joined:
    Apr 17, 2008
    Messages:
    486
    Country:
    Netherlands
    Point taken, they can actually be a big annoyance... I can be quite a power user sometimes, so I don't always think about the average user....
     
  12. Rydian

    OP Rydian Resident Furvert™
    Member

    Joined:
    Feb 4, 2010
    Messages:
    27,880
    Country:
    United States
    Yeah, the original point of a firewall (closing ports) is already done by default in any situation with a router (unless a DMZ/+ was set up or you forward the ports but in either of those cases you'd need to open them on your router as well anyways), a router is not additional protection against infections since networking is non-critical while I/O is critical so if an infection is fucking with your AV it's already past your firewall, and then there's the issues software ones can cause with disabling javascript and all that crap in an attempt to raise the number of "protection features" they have.

    Hell, I've even seen one disable CSS.
     
    1 person likes this.
  13. Zetta_x

    Zetta_x The Insane Statistician
    Member

    Joined:
    Mar 4, 2010
    Messages:
    1,844
    Country:
    United States
    One thing we have ran into at my IT job is the rootkit.win32.TDSS.tdl4 and other such malicious coding. It attempts to poison the network so when people connect to the school's network it configures the targeting computer's DHCP server to the IP of the infected computer and configures the DNS server to an outside source.

    I am not sure if you have seen it, but I like to call it the policeman browser update. Basically, it's like a TDSS.tdl4; it infects one computer and that one computer poisons the network so when multiple staff members connect to the network, they will first notice that they get no internet. Any attempt to use any browser will load up a page (hosted by the infected computer) that says your browser is not up to date, please update *update button here*. When you click on the update button, it re-directs to a PHP script that sets up a download link saying it's from google.com. Of course, when you run this file, it spreads the infection and we have another computer poisoning the network.

    From the IT standpoint, when we see a computer that is routed to an infected computer, we open up command prompt and see what the IP address is of the infected computer. Then nbtstat -a IP ADDRESS to locate the infected killer and run a TDSS killer.

    However, this happens when you connect to a network with automatic DNS and DHCP settings. You can prevent the infection from being spread by identifying whether or not you are connected to the correct DNS server. Command >> ipconfig /all. If your DNS server or DHCP server is not looking right, this is the first step to preventing anything. Of course you could manually assign the DHCP and DNS server to the correct one, but it's better to find the infected computer

    ---

    Also "Q - Why not just format when you get infected?", another good reason is because some objects like the TDSS.tdl4 attaches itself to the MBR and formatting it may not remove it.
     
  14. Rydian

    OP Rydian Resident Furvert™
    Member

    Joined:
    Feb 4, 2010
    Messages:
    27,880
    Country:
    United States
    Wasn't aware TDSS affected the MBR. I knew about motherboard infections but last I checked nothing that'd survive wipes was actually in the wild.

    And the "advanced removal" section of the removal guide is all about getting as much info as possible and posting it so that people can personally help with a fix or suggestions.
     
  15. PaullyG

    PaullyG Member
    Newcomer

    Joined:
    Apr 23, 2011
    Messages:
    28
    Country:
    Pretty much all the AV companies have been subpar on the malware front, and yes the "it's not a virus" excuse has been one I've heard back from them many times. Symantec and Kaspersky have been getting their act together bigtime lately on this front though as well as few others, as they're now specifically stating they are anti-malware as well as anti-virus. Lavasoft Total is probably the best performer out there at the moment, but I have a bit of a hard time recommending such a new player until they have a bit of proven consistency. You can check how the big players are performing on the Malware front these days at Virusbtn & Av-test. A lot of the problem is malware with updating downloads, meaning that by the time the signature hits the database it's already outdated. Unfortunately the only way to kill these is to spend the time checking load points in the registry, looking in the usual locations for suspect files etc. frequently sorting by date is helpful. Wireshark is also a very handy tool for picking them out by network traffic they generate. I've seen plenty of these that every AV and Anti-Malware specific program in the arsenal will miss when they're fresh and being maintained.
     
  16. Sir VG

    Sir VG GBAtemp Advanced Fan
    Member

    Joined:
    Jun 26, 2004
    Messages:
    847
    Country:
    United States
    To the question on Norton: Norton is overbloated. It will eat up WAY too many system resources and has for the last 7 or 8 years.

    About software firewalls: The all suffer from the same problem that all Windows programs have - they can crash. They take a while to start up. Get yourself a hardware firewall - typically by having a router between your internet modem and computer, even if you only have 1 computer. Hardware routers trump ALL software firewalls.

    Plus Windows firewall is a jerk. It likes to prevent common tasks from working, even stuff like sharing a printer over a network. [​IMG]
     
  17. Sucks for them, then.

    If there are too many stickies, nobody will see this thread.
     
  18. person66

    person66 If it isn't edited, it isn't a true person66 post
    Member

    Joined:
    Jun 16, 2009
    Messages:
    1,108
    Country:
    Canada
    BUMP!

    So, I wanted an opinion on this, but didn't want to start a new thread. Anyway, I have Shaw as my internet provider, and because of that, I get Shaw Secure for free. Shaw Secure use to be powered by F-Secure, but I switched to avast (free version), because it was taking up far too much of my computers resources. Well now Shaw has switched to McAfee, so what I want to know is, should I just stick with avast, or would you recommend me switching to the new Shaw Secure, which is powered by McAfee. Will it be just as resource heavy as it was before, or should it not too bad?

    Basically, Avast or McAfee?
     
  19. omgpwn666

    omgpwn666 Guy gamer and proud!
    Member

    Joined:
    Jun 14, 2008
    Messages:
    2,549
    Country:
    United States
    Thanks for making this, honestly will come in handy. The most I can do is toss you a like and say thanks again.
     
  20. Zerosuit connor

    Zerosuit connor Baby I'm Back ♥
    Member

    Joined:
    Sep 17, 2010
    Messages:
    1,848
    Country:
    Thankyou, great guide.
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - Prevention, Infection, Guide