I got a virus

[Fencesitter]

At the time I got it, I was using Trend Micro and Firefox with Adblock Plus. I didn't think I was invincible, but I wasn't thinking I was so vulnerable either. Last year, when I purchased the Trend Micro software, I was grumbling about the cost because I was hearing about all the free resources around.

But when my computer looked like all my programs disappeared, I was in no mood to clean that up. It was nice to have people walk me through the steps. Also, I stopped at Best Buy and talked to the Geek Squad to see what it would take to get the infection off my computer. They told me it would cost $199 and ten (10!) days at the minimum that I'd have to leave my computer with them. At that point, I was happy for the people at Trend Micro to help me for free in a few hours.

But now I'm feeling vulnerable, like there's stuff crawling out there everywhere.

Two questions:
1) Can you suggest anything to beef up my computer security? I mostly surf the web.

2) Is there any way to tell if there's anything still lurking on my computer in the background?

*Just to make me feel a bit more paranoid, right after I composed this note and when I hit preview, FF decided to display a database error for about a half hour, making me feel like someone really doesn't want me to post this.

[BrotherMan]

The most important thing is to know where you're going on the internet and know what you're downloading. Most of the time this means be careful with the porn. In second place be careful with where you download programs. Failing that, there are programs that can help you avoid most of the annoying bullshit things that happen.

If you've picked up something and you know the name of it, Google is a handy source for figuring out how to get rid of it. A lot of times this may mean doing things on your computer that you have not done or may be anxious about. Get over it.

Microsoft Security Essentials - Free, lightweight, often updated virus protection. Lightweight in this instance meaning it doesn't hog resources even when it's running a full scan.

Malwarebytes can be a powerful tool, but do not be cavalier with its use. The more aggressive settings can hose your OS.

[Doctor X]

--J.D.

[Ymir's blood]

The NoScript addon for Firefox is useful as well. You'll find yourself granting permissions a lot, since so many web pages rely on scripts. But at least it puts the choice in your hands whether or not to trust a site. Frequently visited and trusted pages can be granted permanent permissions so after awhile, it will only be noticed when surfing the web.

[LadyShea]

I got some kind of rogue/fake anti-virus virus without downloading anything. All I did was click on a website from a search result.

I was able to clean it up using Malwarebytes, coincidentally, but to this day that pisses me off because I didn't do anything...and hubby refuses to believe me.

[Waluigi]

On question #2:

Most AV programs will eventually catch the run-of-the-mill exploits. Definitely keep signatures up-to-date, and run a full system scan once a week for the next month, to catch anything that earlier signature databases may have missed.

On rootkits, you can use this: GMER - Rootkit Detector and Remover If you have WinXP, you can use Microsoft's RootkitRevealer that is part of their SysInternals suite. Unfortunately, this program does not work on newer and 64-bit versions of Windows.

On question #1:

You can avoid most trouble by staying away from the types of sites that are known to host exploits: porn, warez, , etc. Disable Flash and Java if you don't use them a lot (then just enable when you need them). If you are going to browse for porn, use a private browsing feature, like Chrome's incognito mode.

Make sure Windows Update is turned on and checking regularly for updates, and use your browser's auto-update feature if it has one. Ditto for Flash and Java.

Even being super careful, and following all of the above advice, you may still get snagged every now and then. If a legitimate site is hacked and is serving drive-by downloads, you might get infected that way. But those infections are few and far between.

[Waluigi]

Quote:

Originally Posted by LadyShea

I got some kind of rogue/fake anti-virus virus without downloading anything. All I did was click on a website from a search result.

It probably won't surprise you to learn that there is an entire industry dedicated to getting sites that are serving drive-by malware downloads to show up in the first page of Google search results. This is big money for the malware authors, because people trust their search engine, and the sites the search engine is linking to inherit that trust.

Keeping Flash and Java disabled, and keeping one's browser up-to-date, may help prevent some things like you experienced, but not all of them.

Google has a project called the Safe Browsing Initiative, which is their program to try to identify sites hosting malicious code so they can exclude them from search results. It's quite the cat-and-mouse game between the site administrators and Google. For instance, once an IP address is known to be associated with Safe Browsing's crawler, a site may return non-infected pages to requests from that IP, in an attempt to fool it into thinking the site is legit.

[LadyShea]

That makes sense. Also, it was something totally mundane, that even a careful browser like me would't think not to trust...recipes or crafts or some shit I don't remember exactly but it wasn't a high risk search like for porn or game cheats or anything.

[Waluigi]

Quote:

Originally Posted by Doctor X

--J.D.

New OS X malware variant attacks unpatched Macs | ZDNet

Mac OS X Malware is Here For Real - F-Secure Weblog : News from the Lab

Flashback OS X malware variant disables XProtect | MacFixIt - CNET Reviews

Mac Defender - Wikipedia, the free encyclopedia

[specious_reasons]

Quote:

Originally Posted by LadyShea

That makes sense. Also, it was something totally mundane, that even a careful browser like me would't think not to trust...recipes or crafts or some shit I don't remember exactly but it wasn't a high risk search like for porn or game cheats or anything.

Usually, it's not the site itself, but the ads on the page.

I'll recommend NoScript, too. Yes, it's sometimes annoying, even major online retailers often use services from other websites, and so I wind up having to permit a whole lot of things when I buy something online, but once that's set up, it's not an issue again.

[Doctor X]

Quote:

Originally Posted by Waluigi

Quote:

I do not know the different between malware and a virus.

Apparently.

--J.D.

[Waluigi]

I'm sorry, I didn't realize the only type of malicious code that matters is a virus. I'll bet the leaders of Iran's nuclear program would beg to differ.

[Doctor X]

Quote:

Originally Posted by Waluigi

I'm sorry, I didn't bother to read the OP. Hitler.

--J.D.

[Fencesitter]

Quote:

Originally Posted by LadyShea

I got some kind of rogue/fake anti-virus virus without downloading anything. All I did was click on a website from a search result.

That's EXACTLY what happened to me. No downloads. No pr0n involved. No links clicked.

I was searching some sewing websites. (It's the innocent-looking ones that get you all the time. ) And then I did a google search for a psychological term. I clicked the google link to the page, and stuff starts disappearing from my desktop. Or it looked like it did anyway. It was all retrieved later, well, hopefully all of it.

Doctor X, it didn't matter if Waluigi read the virus part of the OP since I don't know the difference between malware and a virus and don't know which one hit my computer.

Everyone, thanks for all the helpful tips. It sounds like Noscript is something I should try. And I might look into Chrome's incognito mode. Not that I'm going browsing for pr0n, but it's good to know.

[Doctor X]

Quote:

Originally Posted by Fencesitter

Doctor X, it didn't matter if Waluigi read the virus part of the OP since I don't know the difference between malware and a virus and don't know which one hit my computer.

In all seriousness, it rather does with respect to protecting your computer. The was a joke, since I do not expect you to run out and buy a new Mac--though, then, all of your dreams will come true and women will start finding your lint attractive.

But some cannot take a joke apparently.

--J.D.

[Fencesitter]

I just installed Noscript as a Firefox add-on. It slows things down considerably. On the plus side, I don't see youtube videos embedded in posts. On the minus side, it makes even forums like this one more time-consuming to navigate. On the plus side again, it does make me more aware of how many scripts are running all the time, even in places where you don't think about them, like for instance, you can't show spoilers or show new threads without the scripts unblocked.

[Joshua Adams]

Since Incognito mode was mentioned, I just thought I'd explain that Firefox has the same thing, called Private Browsing (it's under Tools). However, as far as I know, it provides no protection from any kind of attack. It merely hides your browsing activity from other people who may be using your computer.

I'm surprised to hear that Firefox is noticeably slower with NoScript installed. I don't know if it's worth the hassle, but I use a browser called Pale Moon, which is actually still Firefox, but with several components removed that most people don't need (thus making it faster). If you're unhappy about the performance drop, maybe switching to Pale Moon would make up the difference? I can't say I've done a careful comparison, but they claim it's faster in tests. And I can't recall it crashing ever, though vanilla Firefox did so often.

[Doctor X]

Quote:

Originally Posted by Fencesitter

I just installed Noscript as a Firefox add-on.

Quote:

It slows things down considerably. On the plus side, I don't see youtube videos embedded in posts. On the minus side, it makes even forums like this one more time-consuming to navigate.

You can selectively set NoScript to run particular scripts on pages you trust. You can also do this to allow things like YouTube to play without all of the tracking scripts. Another Add-On I suggest is Ghostery and Do Not Track. Things will run much faster.

I will leave it to the PC users to recommend a good $$$$ antivirus program. Returning to my the critical difference between a virus and a trojan on a Mac is . . . there are no viruses for Mac still and you have to physically load the Mac trojans.

However, in both cases it depends on you--how and what you surf:

Quote:

It . . . it makes no difference to me what business a man does . . . but yours . . . is a little dangerous."

--Don Vito Corleone

The main evil Mac Trojan DNS Changer came from Liv Historical Pr0n Sites [Stop that!--Ed.] where you would be informed you needed to load a "codec" to view those . . . fine . . . architectural videos. So, again, you have to load the damn thing, give it permission to run, et cetera. IF you are the type to do that . . . well . . . NO antivirus software or "PC sucks111! NO MAC SUCKS!" argument will help you.

I have never had that trojan. Though I have encountered those who have . . . and then sheepishly admit that, well, yeah, they really are interested in early Italian frescoes . . . and . . . stuff.

I do get PC Trojans. For fun and boredom, I will investigate/report phishing sites and one of my crap e-mails serves to collect the 419 Scam and the latest "I found these picks of you and ChuckF's Mom" attachment. Obviously, surfing to the former will try to load a trojan--which NoScript will not block necessarily. On a Mac, it sort of . . . sits there . . . does nothing.

But, if you do not surf such places, stay in safe neighborhoods . . . you should get far less "wee beasties." Still, you only need to mess up once or twice.

--J.D.

[Fencesitter]

Quote:

Originally Posted by Joshua Adams

Since Incognito mode was mentioned, I just thought I'd explain that Firefox has the same thing, called Private Browsing (it's under Tools). However, as far as I know, it provides no protection from any kind of attack. It merely hides your browsing activity from other people who may be using your computer.

Thanks, I wondered about that. I've looked at private browsing before, but as you noted, it doesn't protect my computer from anything.

Quote:

Originally Posted by Joshua Adams

I'm surprised to hear that Firefox is noticeably slower with NoScript installed. I don't know if it's worth the hassle, but I use a browser called Pale Moon, which is actually still Firefox, but with several components removed that most people don't need (thus making it faster). If you're unhappy about the performance drop, maybe switching to Pale Moon would make up the difference? I can't say I've done a careful comparison, but they claim it's faster in tests. And I can't recall it crashing ever, though vanilla Firefox did so often.

It's really slow after adding NoScript. I can see things now that probably moved too quickly to be seen before.

Thanks for the recommendation of Pale Moon. I took a look at it, but haven't tried it yet.

[Fencesitter]

Quote:

Originally Posted by Doctor X

You can selectively set NoScript to run particular scripts on pages you trust. You can also do this to allow things like YouTube to play without all of the tracking scripts. Another Add-On I suggest is Ghostery and Do Not Track. Things will run much faster.

Thanks. I added Ghostery. It's interesting to see all the tracking stuff in the top right hand corner.

I don't understand why things would run faster after installing Ghostery. They run even slower actually. I haven't actually blocked anything. Is that why? I'm afraid to block everything because I don't know what would stop running if I did that. I was amazed at how many things didn't work with NoScript going.

[Fencesitter]

Quote:

Originally Posted by Waluigi

On rootkits, you can use this: GMER - Rootkit Detector and Remover If you have WinXP, you can use Microsoft's RootkitRevealer that is part of their SysInternals suite. Unfortunately, this program does not work on newer and 64-bit versions of Windows.

I forgot to respond to this part. I have Windows 7 64-bit. It there a rootkit detector that works for that?

[Doctor X]

Quote:

Originally Posted by Fencesitter

I don't understand why things would run faster after installing Ghostery. They run even slower actually. . . . I was amazed at how many things didn't work with NoScript going.

No, what I meant is when you add scripts you trust to the NoScript "white list"--simply click on the icon and allow scripts you can trust--like the on from --you will browse faster. Do this for pages you trust.

Ghostery will help show you which ones are tracking scripts.

--J.D.

[BracesForImpact]

Sheesh that's a lot of trouble to go through. I'd just use a sandbox program like sandboxie. Always run your browser in that and any code that hits your computer through link, download, video, etc. runs in the vitual machine of the sandbox instead of the real environment of your computer. If you pick up something nasty, dump the box. Problem solved.

I personally hate having to able/disable flash, cookies, scripts, pop-ups and half dozen other damn things just to surf the internet. Sandboxie is free. The only caveat, like anything else is, you have to use it.

[Fencesitter]

I read somewhere on another message board that if you've ever had malware, you can't trust that computer and should do a reinstall before ever doing online banking again.

Do people agree with this?

LadyShea, if you're reading this, would you do online banking with your computer after you removed the malware that you talked about in this thread?

I've been holding off on doing some sensitive stuff, but it's a real inconvenience not to use online resources.

[livius drusus]

When I was cleaning malware off people's computers for a living, I didn't do complete rebuilds unless I just couldn't get rid of a specific infectious agent, or if the computer was hopelessly slow and laggy even when cleaned.

I agree that you shouldn't trust your computer on general principle, but that's why you've installed remedies and additional protections. Until you have reason to believe you've been infected again, I vote you use your PC as you always have.