Another security question please

After being attacked pretty badly a couple of weeks ago, the tech who came installed AVG and Spyware Terminator on my machine.

I've been letting both scan once a day. And the spyware thing has been catching a few things, and the AVG has been mostly finding cookies.

Just now I came back to the computer after it had been left alone a little while (30 minutes?) and there was a dialog box I knew was bogus - asking me to type in letters to prove I was the PC owner. (Letters like when you order concert tickets).

But it wouldn't let me "X" out of the box, it wouldn't let me use the mouse, it wouldn't even let me control alt delete to reboot the machine. I finally turned it off manually.

I'm back on, it caught something called "torrent" again as things booted up, and I'm running scans now. But the total loss of control on this was very scary.

AVG just alerted me to something else and askd me to ignore or put in the vault. I assume vault? That's where it went - hope I'm right.

At any rate - what the heck else am I supposed to be doing? We don't download stuff we shouldn't, we don't really do much but surf the net and basic office functions. But lately, it really feels like I'm under siege!

I'm not really familiar with Spyware Terminator, though I should probably become familiar with it. I tend to recommend Spybot Search and Destroy. It's free, it's good and it doesn't install it's own spyware on the machine. Ditto AdAware. I routinely scan with both when I'm running Windows. (Full disclosure - for the most part I don't run Windows at all, I run Ubuntu Linux and much prefer it to Windows)

I switched my browser to Firefox and added the NoScript add-on. Firefox will automatically make you a little safer simply because it doesn't support Active X, the proprietary Windows programming language that has few, if any, limitations and can be used against you by unscrupulous web programmers. By adding NoScript, the browser will not allow a javascript script to run on your computer via the browser unless you specifically click on the options button to allow it. It's a bit more of a pain in the butt to surf that way, but it helps to keep stuff off your computer you don't want and if something gets installed, it's easier to pinpoint where it came from.

I run a software firewall. Before I upgraded my dual boot machine to Vista I ran Zone Alarm's free firewall. Now I run Comodo. It's free as well.

I scrupulously ensure that I am up to date on all my Windows critical updates. I have automatic updates turned on to go ahead and download the updates and then notify me when they are ready. And I update as soon as something is available (Windows XP SP3 being the lone exception right now at work)

Likewise, I keep my antivirus software updated. Most AV software packages, free and commercial, are set to check for updates daily.

And, though it's not necessary but a sign of my own paranoia, my home network patches the cable from the DSL modem directly into a hardware firewall/router that I then patch out to switches and computers, so bad guys have to navigate through that to get to my computer on a direct attack.

Most attacks are going to come through your browser, though. So, switching your browser to firefox and adding NoScript will go a long way to help cut down on access to your machine via the web.

I don't click on attachments that arrive via email, I'm the only user on my computer so I don't have kids that are compromising my computer for me by clicking on attachments and I back up often so that worse case, I can always wipe the box and reinstall it from a backup that I know worked properly. (I recommend Acronis True Image Workstation and back up my data and my computer image to an external drive)

Paranoid? You betcha. But I also have almost no problems on the computer.

Well said.

It's appreciated.

AdAware is already back on, and I'll go back to running it regularly. (I lost it when we had to reformat after the attack).

I use spybot S&D at work and it seems to catch things... I guess no harm in adding that as well? These things don't fight each other like AV and firewalls do, right?

I'll also look into switching to Firefox. I used it years ago, but when I got this machine, just went back to IE.

I'd not heard of Spyware Terminator either, but the tech liked it because it's live - not something you have to run, but always on. So far, it's grabbed a few things. I guess that's good - always hard to tell - are things getting caught and that's good, or are there just more things than you want to contemplate getting at you?

The AVG scan last night caught some nasties - one in the registry. But it said it had healed or deleted them all.

I'm starting to share some of your paranoia! Ah for the days when I didn't worry about this stuff -- before I started finding all sorts of dangerous stuff attacking my computer!

One of the main reasons AV programs can't work together nicely is that they both are trying to "step in front" of the computer process and check a file before you can actually open and use it. When you have two such programs, they are both trying to grab the same file at the same time.

I also may put on Windows Defender for an active protection. It's from Microsoft and free, or I put on Spyware Blaster, which also helps prevent spyware from being installed in the first place.

Right now, IMO, spyware is a greater threat than viruses, but there are still enough malware out there (worms, virii, trojans, etc) that keeping a good antivirus program is one of my highest priorities. I use Nod32 and am very pleased with it, but as long as you practice safe computing habits the AVG will work fine for you as well.

if you get that pop up again:

1> press ctrl-alt delete to bring up the task manager.

2> click the tab marked "Applications"

3> you should see the pop-up listed. right click it and choose "Go to Process"

4> This will highlight a process on the "processes" tab.

5> click on Start, then Search.

6> enter the name of the file in the search box and make sure "Local Hard Drives" is selected in the "Look In:" box.

This will tell you where it is coming from.

7> next open your browser and search for that same name in Google.

there is probably a post about it somewhere.

go back to the process in the task manager, right click it and chose "end process tree".**

you may have to do this before your searches.

Thanks for posting that

Being a Windows system administrator has it's advantages!

I've done that job too, but you can always learn new fun stuff from others.

again. (Here's hoping it doesn't!)