Malware Prevention: Prevent Re-infection

From CastleCopsWiki

Jump to: navigation, search

Once your system is satisfactorily cleaned be sure to follow these guidelines to prevent a reinfection.

Contents

[edit] Vista, XP and ME System Restore Points

If you are using Windows Vista, XP or ME, you need to SET A NEW RESTORE POINT with System Restore. This will prevent the possibility of you becoming reinfected by restoring your system with corrupted files.

To set a new restore point:

System Reference
Windows Vista How to Manually Create a System Restore Point in Vista
Windows XP How to Set a System Restore Point
Windows ME

When to Create and Use Manual Restore Points

The new Restore Point will be stamped with the current date and time. Keep a log of this for your records so you can find it easily should you need to use System Restore.

[edit] Windows Updates

To reduce your exposure to infection and ensure your system's security, be sure your computer is set to update your operating system and Internet Explorer, automatically.

Windows ME, 2000 & XP
To do that, right-click the My Computer Icon on your desk top. Click properties and then Automatic Updates.

To enable automatic updating, check either the first or second box:

  1. The first option enables Windows Automatic Updating, meaning it will both download and install updates automatically. This option requires you to set the time for them to install. Make sure this is a convenient time when your computer will be ON.
  2. The second option, will download, and then let you decide when you want to install them.

Select which ever alternative is best for you.

Windows Vista

  1. Right-click on Computer and select Properties
  2. In the left pane under See also, click Windows Update.
  3. Click Change Settings.
  4. Check Install Updates automatically (recommended).
  5. You may change the default scheduled time to install updates, if you wish.
  6. Click OK.
  7. Close the Windows Update dialog.


Occasionally, even though your computer is set to update automatically, you may experience a problem having updates download. There are many reasons this can occur, so to be safe, always check that you have the latest critical updates and patches from the Windows Update Website.

Microsoft releases new updates to patch vulnerabilities that malware may exploit every second Tuesday of each month. So time your visits to the Windows Update site, accordingly.

Recent Releases

The March 11, 2008 update of the Malicious Software Removal Tool (MSRT) has had detection and removal of Virtumondeand Vundo added.

Check to see the latest Security Updates as they become available.

Remember, Window's Updates will improve your system's overall integrity and security, so be sure to verify that the update feature is properly functioning on your computer.

Windows Updates Troubleshooting


If you do find you are unable to download updates automatically or manually from the Windows Update Website, then chances are our Windows Update Fix may remedy that problem. The Fix consists of a few preparation steps and a DOS script that you can download and run, to automatically correct the most common problems associated with being unable to download Windows Updates. It will address and rectify an assortment of documented Windows Update errors, so give it a try.


Windows XP Service Pack 2 is cumulative, meaning it includes Service Pack 1 and all updates predating SP2's release. Although Service Pack 2, was released over a year ago, some of you may not have updated to it yet.

Installing Service Pack 2 should NOT be performed until you have ensured your system is fully cleaned of all viruses and malware. This is the recommended procedure by Microsoft before installing SP2. Some computers lock up when SP2 is installed with certain spyware in residence, and spyware programs can interfere with the new security features that SP2 installs by default. For a complete discussion on all necessary precautions see: What to Know Before You Download and Install Windows XP Service Pack 2

[edit] Updating Your Security Programs

Because new threats are continually introduced, a security application is only effective if it is updated regularly. Checking for updates can be simplified, by using the calendar provided at the Calendar of Updates website which is revised daily.

[edit] Image:New.gif Upgrading to Vista - Ready or not?

If you are considering installing Windows Vista on your current XP SP2 Window system, Microsoft's Windows Vista Upgrade Advisor can help you determine whether your current system is Vista "ready" or not. Windows Vista Upgrade Advisor identifies hardware, program, and device incompatiblities and deficiencies that should be corrected before you upgrade. It also suggests what version of Vista best fits your needs based upon your current system configuration.

Even if you're not planning to upgrade to Vista in the near future, it is still worth running the Update Advisor so you can gradually make the suggested improvements - in preparation for that day. It may also help you decide whether it would be more cost effective to simply purchase a new computer rather than installing Vista on your current system.

The Microsoft NET Framework and MSXML 4.0 are required to run the program. If this software is not already present on your computer, Windows Vista Upgrade Advisor can install it for you automatically during the the installation process. An active internet connection is maintained while the Upgrade Advisor is actively scanning your computer.

Image:New.gif Our Windows Vista Upgrade Advisor example illustrates of what to expect when you run the Windows Vista Upgrade Advisor.

[edit] Blocking Unwanted Parasites with a Hosts File:

Read the discussion about installing a blocking host files and download the #1 rated MVPS hosts file

Another variation on the same theme - What is the Hosts file?

[edit] Installing Preventive Security Programs

Although these first two programs are mentioned elsewhere in our Tips for Safer Surfing, they are important enough to deserve special mention here. Since neither of these programs run in the background, they will not consume valuable system resources, so be sure to install them ASAP:

  • SpywareBlaster SpywareBlaster will block bad ActiveX and harmful cookies from getting on to your PC in the first place. Just download and install the program. Open SpywareBlaster, check for and download updates, then 'select all' to protect against all items checked. That's it! Just return to check for updates every couple of weeks.
  • IESpyads IE-SPYAD adds a long list of sites and domains associated with known advertisers, marketers,and hijackers to the Restricted sites zone of Internet Explorer. Doing this will block driveby downloads, cookies, homepage hijacks, and javascript based advertisements associated with these restricted sites. There are a few different versions, so please refer to the information contained at the developer's website.

Image:New.gif *WinPatrol WinPatrol is a system monitor that runs in the background, like a watchdog, and yet - it is extremely light on resources. All programs whether good or bad, make changes to the file system and registry when they install. WinPatrol monitors your PC for critical system changes and seeks your approval before allowing them. It warns you when new ActiveX, BHOs, and automatic startups are added to the Windows Registry. It also informs you when changes are made to important settings such as Windows Update or the Windows Host File. When a new threat invades, WinPatrol may be the first security program on your system to let you know it's there. This is very important so you can take steps to contain it before it becomes entrenched. WinPatrol enables you to monitor resource consumption because it even notifies you when programs that you have chosen to install insinuate themselves into your startup programs and add icons to the system tray.

[edit] Image:New.gif HIPS (Host Intrusion Prevention System) and IDP (Instrusion Detection & Prevention) Programs

HIPS and IDP are valuable protective programs that can block intrusion attempts, and prevent modification of key system components. There are an assortment of HIPS/IDP solutions available with many different protection features and price points (some are even freeware).

HIPS/IDP programs/services offers a comprehensive comparision of the features of the most popular HIPS//IDP programs, including mini reviews, and program download links. HIPS can be used right alongside your Antivirus and Firewall, and they will expand upon their protection.

[edit] Using Site Advisor to Help You Surf Safely

Site Advisor is a browser Plug-in that assigns a safety ranking to the domains listed in your search engine results. A simple three color system is used to indicate the safety level of a website:

  • Red (Warning)
  • Yellow (Use caution)
  • Green (Safe).

According to the Site Advisor website, 95% of websites have been tested.

A website's safety assignment is made on the basis of the following criteria:

  1. Spam generated from filling out forms on the website.
  2. Safety of site downloads
  3. Popup advertisements and nuisance behavior encountered
  4. User feedback

To install Site Advisor, just download the Plug-in for Internet Explorer or the Plug-in for FireFox

Additional information on a given website may be obtained by requesting a more detailed report, such as the Sample Report provided. You may research any website by entering the domain of your choice in the Look up a site report box on the [http://www.siteadvisor.com/ Site Advisor Homepage , without even downloading the brower plug-in.

Site Advisor makes you informed surfer while still preserving your right to access the websites you choose to visit.

[edit] Don't Forget to Backup!!

You should backup your Documents and Settings folder, and any other important data files that you have on a regular basis. You should store your backups on a removable CD, DVD, or a USB flash drive. Better yet, purchase an external hard drive to prevent size from becoming a limitation. An external hard drive allows you to store an entire image of your hard drive, also known as an ISO image, so you can quickly recover yor entire installation in the event of hard drive failure.

  • To back up files and folders:
    Karen's Replicator is a fantastic freeware backup program that's easy to use, and it allows scheduled backups.
  • To create a backup image of your entire hard drive:
    Acronis True Image is a very attractive and reasonably priced hard drive imaging program, that can save you in the event your hard drive fails unexpectedly. Acronis supports Microsoft Windows Vista and offers a 15 day trial version.

[edit] Tips for Safer Surfing

  1. Read Tony Klein's So how did I get infected in the first place?
  2. ALWAYS surf with an active internet firewall. The XP Windows firewall does not provide outbound protection, but Online Armor Free, ZoneAlarm® FREE, the Comodo Personal Firewall FREE and the Sygate Personal Firewall 5.x - FREE will block both inbound and outbound traffic.
  3. Use only reputable Antispyware and Security Programs: Consult the Malwarebytes’ RogueNET™ Suspicious Applications Database (SAD)and the Rogue/Suspect Anti-Spyware Progam List first - before you download.
  4. Do not click on any random solicitations to "Scan your system for spyware".
  5. Do not download any attachments from unsolicited email or even unexpected attachments from known contacts
  6. Never provide sensitive personal information (SSN, financial account numbers) in response to an email request.
  7. Do not enter any sensitive personal information into a public computer.
  8. Never click on a link within an email; right-click & copy the link, paste it into your browser address bar - and watch where it takes you as it loads.
  9. Do NOT click on popups ads or download any anonymous software - google it first and read reviews
  10. Download all software from the vendor/developer site whenever possible (3rd party sites may distribute bundled adware)
  11. If you are a Skype user, please read the Tips on how to safely use Skype on the bottom of the page and pay particular attention to Article 4 - Permission to Utilize section of the EULA (end user license agreement).
  12. Set Safe Configurations for Internet Explorer and acquaint yourself with the Internet Explorer Security Zones
  13. Read these suggested Safe Configurations for Firefox
  14. Read about Cookie Management in The Unofficial Cookie FAQ
  15. Wireless Network Security For The Home
  16. Browse thru PC Magazine's 80 Super Security Tips
  17. Although CastleCops does NOT condone or recommend the use of peer-to-peer file sharing software for sharing copyright protected material, if you must use it, use it wisely:
  1. Please read these recommendations provided by Mike Healan regarding the safest P2P filesharing programs available.
  2. You may also refer to this list compiled by the Malware Removal Forum which details Clean/Infected P2P Programs
  3. Remove any adware/spyware programs which were bundled with your file-sharing program
  4. Adjust your file-sharing program settings so it does NOT automatically run at Windows Startup
  5. Adjust your file-sharing program settings so it does NOT allow others on the P2P network to openly access downloads from you computer.
  6. Close your filesharing program when you are not actively using it

[edit] Roll your own Free Security Suite

The most important step, is to secure your system against future malware attacks. And it doesn't have to be costly. You can actually Roll your own Free Security Suite!

[edit] Image:New.gif Become an Informed Surfer

There is a very important resource which will help you to avoid becoming a victim of cyber fraud. The latest Security Labs Trends report will make you fully aware of what cyber scams are out there and what you should be on the lookout for to protect yourself in 2007.

[edit] HijackThis Tutorial - for those who want to know more

Now that you are clean, if you are fascinated with how this powerful tool, HijackThis works, you may read this excellent HijackThis Tutorial It describes what each of the individual HijackThis log entries mean. Gaining knowledge is great and there is a lot of information there, but when it comes to actually fixing entries in your log, it is best to remember that it is a still a job better left to the experts in the HijackThis forum.


Before you leave, a well-deserved congratulations!!

This article is part of the Malware Removal and Prevention series
The series was developed as the key deliverable of the
Cleaning Malware Project.
Malware Removal and Prevention Overview
Malware Prevention
edit this template
Retrieved from "http://wiki.castlecops.com/Malware_Prevention:_Prevent_Re-infection"
Personal tools