More Computer Help Needed

Discussion in 'Off Topic' started by FSUfisher, Jun 29, 2009.

  1. FSUfisher

    FSUfisher Well-Known Member

    457
    0
    391
    After a quiet spell, the a-holes developing malware have struck me again. I've got that virus that hijacks my computer when I try do a Google search. So far it's just an annoyance but I'm afraid this one is sophisticated and may get worse.
    I've tried Spyware Doctor and Malwarebyte's after updating them to no avail. I have also tried the system rollback feature, and it won't let me roll back to Monday. Lastly, I searched and found a very suspicious file, ntuser.DAT, that was recently added to my C;\Documents and Settings\Owner directory. It won't let me remove or rename it, not even in safe mode.
    Any help would be greatly appreciated. Also, some elementary computing knowledge would be cool too, like how to spot bad files, directories that are commonly used to store these vicious files, or whatnot. Thanks guys!
     
  2. Brett

    Brett > PRO STAFF <

    I'm guessing you're running some version of Microsoft ?
    If so try Comodo Internet Security free version.
    Antivirus, anti-spyware and firewall all in one.
    Then learn to avoid free anything from the internet,
    and any type of p2p filesharing software like limewire
    or Bit-torrent. Or shift to an operating system that
    hackers don't write code for.

    Install a blocking host file. It tells the computer to find
    a malware sites web address at its own home address, which means
    your computer can't get to the hackers website.
    (127.0.0.1)

    ntuser.dat is a system file, locked down by the microsoft os.

    Burn a live-cd of Damn-Small-Linux, Puppy-Linux
    or one of the Ubuntu flavors. They're free and work well.
    I've made old Windows 98 machines run very well using
    these free operating systems. I'm running Xubuntu right now
    on a Windows Vista machine. The Xubuntu does a better job,
    and runs faster, including boot and shutdown times.
     

  3. tom_in_orl

    tom_in_orl Founder of Microskiff, Member of the Gheenoe Army

    FSUFisher,

    Sorry to hear about your trouble. The best advice is to reinstall. You did good trying to scrub it with Malwarebytes. That is well respected program. If that didn't clean things up then its time to get a fresh start. BTW, you are not the only one who has gotten hit recently. I do this stuff for a living and it appears as if there is a rash of these cases going around. They are mainly associated with social networking sites (Facebook, MySpace, etc) and peer to peer networking (Limewire, BearShare, etc) and p_o-r.n sites. If you can avoid these things or limit your usage to known good parts of those sites like only your friends Facebook or MySpace pages then you will do better. As far as a security program I would recommend a End Point Protection Client. This is the new term that replaces Anti-virus. EPP means that it comes with anti-virus, anti-spyware, firewall, and usually intrusion protection. Sophos, McAfee, Symantec, and Trend Micro are considered the best for business use. Take a look at their web sites and see if they have a consumer EPP product for you. I also like Kaspersky and eEye Digital Security (only on XP) but they are geared more towards power users who don't mind dealing with security prompts. I have also heard good things about Eset and Panda but not personally used them. Good Luck.


    Brett, I didn't know you were a Linux user. My primary Linux use is servers but I keep a desktop running too. I figured I was the only one around here. Ubuntu is cool but I have been using RedHat since 4.0. That was when people were still running Windows 3.11 ::). Servers are now running CentOS for the most part.
     
  4. FSUfisher

    FSUfisher Well-Known Member

    457
    0
    391
    I have Windows 2000 XP. Tom, you basically pinned it. I decided to be sociable and actually went on Facebook for hours on Friday night (I do have a life, just relocated to a small town). I noticed the problem this weekend, along with a notice that I hadn't upgraded my AVG in time and it's defunct. I would've thought FB would be safe. Now more questions, if you all don't mind. One, how do I install a blocking host file? Two, if hypothetically I decide to start all over again, what's the best way to not lose all my songs, old college documents and pictures I have on here? I could care less about anything else, but those have sentimental value, and would require at least a dozen flash drives to store. And how would I go about restoring the computer from scratch? What is the best operating system for someone who just likes to listen to music, play solitaire, and look at boat nonsense all day? No gaming or any of that. Again, thanks for all the help!
     
  5. Brett

    Brett > PRO STAFF <

    best way to backup...add another hard drive
    copy important files over to it.

    best free os... xubuntu (personal preference)

    http://www.xubuntu.org/

    host blocking file instructions

    http://www.mvps.org/winhelp2002/hosts.htm

    best free internet security package for xp or vista

    http://personalfirewall.comodo.com/download_firewall.html

    Restoring the existing os depends on the brand of computer you purchased.
    Some have a dvd to restore to factory programmed setup.
    Others have a separate backup partition which overwrites the primary partition.
     
  6. tom_in_orl

    tom_in_orl Founder of Microskiff, Member of the Gheenoe Army

    IMHO, forget the host blocking file. That's not a good solution. It will end up blocking good content along with a little bit of the bad. If you want to block malicious content I would install Bluecoat K9. Its free. The original use was to help secure kids computers but it works real well as an additional security tool on a XP or Vista (32 Bit Only) computer. When you install it go into the config and block the spyware and malicous categories. Anything after that is personal preference.

    As far as backing up you old files. If the PC still boots then just go buy an external USB harddrive and copy the files over to the extra storage. For me the easy way is to do a search for all file extensions that you use. Here is my list:

    .doc
    .xls
    .xlsx
    .ppt
    .jpg
    .mp3

    You may have a few more. Also remember to grab a back up of you email and you bookmarks if needed.

    If you PC will no longer boot then buy a new hard drive to reinstall your PC and an external USB enclosure to put the old one in. Most mom and pop computer stores will help you install the old drive into the USB enclosure just to have your business. Once you have the new system running attach the old drive and migrate the files over.
     
  7. tom_in_orl

    tom_in_orl Founder of Microskiff, Member of the Gheenoe Army

    Other stuff I didn't mention. There are USB flash drives which are common up to around 2 -4 GB of space. You can buy them in larger sizes but for even larger amounts as USB harddrives. If you don't mind a larger size drive you can get 750 GB for around $85. If you want the smaller size drive then then can be found with 250 GB for $75.

    As far as operating systems. If you are not a geek then stay away from Linux. Its a great server OS but on the desktop its really for people who work in IT (information technology). Apple OSX is great but it comes at a premium. If you don't want to pay big money for a Mac then forget it. Really your only option is Microsoft Windows. If your computer came with Windows XP then stick with it. It really is more stable and less of a pain in the ass then Vista. XP will also run better than Vista on older hardware.
     
  8. tom_in_orl

    tom_in_orl Founder of Microskiff, Member of the Gheenoe Army

    This was published today by SANS. They are a well respected data security organization. I have highlighted what I think is important and relevant to your current problem.

    The Dark Side of Social Networking
    If you are not already engaging in social networking, statistics indicate you will be soon. Visits to social networking sites now account for 10% of the total time people spend on the Internet, according Nielsen Online. Two-thirds of Internet users in the U.S., Europe, Brazil and Australia visit social networking or blogging sites. Internet users total almost 156 million in the U.S. alone. Add in over 29 million in the United Kingdom and over 25 million in Brazil, and the numbers are just too large for the Bad Guys to ignore.

    Ordinary Internet users have fallen in love with social networking.
    While the amount of time users spent on MySpace decreased from April
    2008 to April 2009, the use of Facebook increased by 700% and of Twitter by 3,700% during the same period. Cybercriminals love social networking sites, too, because they have to remain easily accessible in order to grow their memberships. That means social networkers are in effect attending an open party where just about everybody is welcome, and who knows if anybody is watching the door.

    The openness of these sites is an invitation to the Dark Side. No email verification is required, for example, when new users set up a Twitter account. It's hard to imagine an easier system in which to create counterfeit accounts. Social networking sites rely on a username and a password for security, which means that anyone who finds out your username and password can gain access to your account, assume your online identity, use it mischievously or maliciously, and leave you with little, if any, control over the situation. Until social networking site security evolves with time and improves by necessity, here are 12 Tips for Safer Social Networking.

    * Think about how a social networking site works before deciding to join it. Some will allow only a defined community of users to access posted content; others allow anyone and everyone to view postings. Don't join any social network that asks you to share your address book or contacts.

    * Always think before you click. Be wary of visiting the blog or webpage of other members because that other "member" may be a scammer, whose blog or webpage has been rigged to deliver a drive-by download of malware to your computer. If you think you have clicked on the wrong thing, contact your local computer support staff, your Internet Service Provider, or a computer consultant knowledgeable about security.

    * Don't click on shortened (or "condensed") URL's, like those created by TinyURL and Bit.ly. There's no telling where these links lead to, and that makes it easy to funnel you to malicious websites. Watch out for "misspelled" links, like www.yuotube.com. Could be a typo or a trick.

    * Keep control over the information you post. Consider restricting access to your page or postings to a select group of people, like friends, members of your team, your community groups, or your family.

    * Keep your information to yourself. Don't post your full name, or any personal information about yourself or about anyone else. Be cautious about posting information that could be used to identify you or locate you offline, such as where you work or work-out.

    * Make sure your screen name doesn't say too much about you. Don't use your name, your age, or your hometown. Even if you think your screen name makes you anonymous, it doesn't take a genius to combine clues and figure out who you are and where you can be found.

    * Post only information that you are comfortable with others seeing - and knowing - about you. Many people will see your page or postings, including the people who will be interviewing you for a job five years from now.

    * Remember that once you post information online, you can't take it back. Even if you delete the information from a site, older versions are stored on other people's computers and may be archived for years by Web search services.

    * Think hard before posting your photo. It can be altered and broadcast in ways you may not be happy about. If you do post one, ask yourself whether it's one you'd include in your professional resume. Posting pictures of children invites exploitation and could expose them to real-world danger.

    * Flirting with strangers online could have serious consequences. Some people lie about who they are; you never really know whom you're dealing with.

    * Be wary if a new online friend wants to meet you in person. Do some research about them. If you decide to meet them, be smart about it: meet in a public place, during the day, accompanied by friends you trust.

    * Trust your gut if you have sulatin personions. If you feel threatened by someone or uncomfortable because of something online, report it to the police and to the operators of the social networking site. You could end up preventing someone else from becoming a victim.
    More information: http://www.ftc.gov/bcp/edu/pubs/consumer/tech/tec14.shtm
    http://www.pcmag.com/article2/0,2817,2348052,00.asp
    http://en-us.nielsen.com/main/news/news_releases/2009/june/time_on_facebook
    http://www.technewsworld.com/story/67366.html
     
  9. HaMm3r

    HaMm3r Well-Known Member

    FSUfisher....I don't have a lot of time to go into detail right now, but ntuser.dat can be renamed or removed. You just have to login as a different user to do it. If you're logged in as yourself, even in safe mode, your ntuser.dat is in use and essentially locked.
     
  10. FSUfisher

    FSUfisher Well-Known Member

    457
    0
    391
    Thanks for all the help guys, especially you Tom. Right now, she's still booting and running pretty well I guess for her age (almost 9 years!) Just acts fishy sometimes, and I'll keep a close eye. I also like the idea of an external hard drive and the other security stuff. Thanks!