dslreports logo

    «« DSL Hurdles Share Tool


how-to block ads

4.0 Prevention

Get the free tool Microsoft Baseline Security Analyzer (MBSA) to analyze your PC security for prevention purposes. MBSA Version 2.2 supports Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows XP, Windows Server 2003, Windows Vista, but MBSA 2.2 is not supported on Windows 8 or Server 2012.

MBSA will scan for missing security updates, rollups and service packs using Microsoft Update technologies. MBSA will also scan for common security misconfigurations (also called Vulnerability Assessment checks) using a known list of less secure settings and configurations for all versions of Windows, Internet Information Server (IIS) 5.0, 6.0 and 6.1, SQL Server 2000 and 2005, Internet Explorer (IE) 5.01 and later, and Office 2000, 2002 and 2003 only.

Get the download here: Microsoft Baseline Security Analyzer.

For Windows users, there is a free tool that does some of the same things called Belarc Advisor. Get the download here: Belarc Advisor.
Belarc Advisor runs on Windows 8, 2012, 7, 2008 R2, Vista, 2008, 2003, XP, 2000, NT 4, Me, 98, and 95. Both 32-bit and 64-bit Windows are supported.

Scan and follow the directions to make the necessary corrections.

The following topic was written by AntiSpyware Expert Tony Klein and has been posted in numerous Security Forums.

Hopefully, these tips and tools will help you understand how to stay safe and prevent any future infections. I have added some additional information at the end.

said by TonyKlein:


You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

1) Watch what you download!
Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself.

Pre-Scan downloaded files for viruses and malware at one of these multi-engine single file scan sites for free! Each one uses a dozen or more well-known AntiMalware scanners in one quick easy scan with a report of results from all.

Virus Total (10mb limit)
»www.virustotal.com/xhtml/index_e ··· _en.html

Jotti's Malware Scan (15mb limit)

2) Go to IE > Tools > Windows Update > Product Updates, and install ALL Security Updates listed.
It's important to always keep current with the latest security fixes from Microsoft.
Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.

Windows Update:

3) Adjust your security settings for ActiveX

Go to Internet Options/Security/Internet, press 'default level', then OK.

Now press "Custom Level."

In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option/security.

So why is activex so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
Would you run just any random file downloaded off a web site without knowing what it is and what it does?

And some more advice:

4) Install Javacool's SpywareBlaster.

»www.javacoolsoftware.com/spyware ··· ter.html

SpywareBlaster will protect you from all spy/foistware in it's database by blocking installation of their ActiveX objects. Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer)
Press "select all", then "kill all checked", and you're done.
The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer.
Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
Don't forget to check for updates every week or so. Let's also not forget that SpyBot Search and Destroy has the Immunize feature which works roughly the same way.
It can't hurt to use both.

5) Another brilliant program by Javacool we recommend is SpywareGuard.
It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

»www.javacoolsoftware.com/sgdownl ··· oad.html

An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware! And you can easily have an anti-virus program running alongside SpywareGuard.
It now also features Download Protection and Browser Hijacking Protection!

6) You can use a customized HOSTS file to block known bad sites. This is accomplished by blocking these sites through the hosts file. For more information and recommended sources see here:
»Security »What is a Hosts file and where can I get it?

said by CalamityJane:
To add to Tony's excellent advice above, you many find the additional programs and Security Sites helpful in malware prevention and removal:

7. These free programs are available to remove spyware from your system:

Windows users (English versions only):
Download, Update and Scan with Windows Defender (free)

Download here:
»www.microsoft.com/athome/securit ··· ult.mspx

Complete instructions on using Windows Defender can be found here:
Using Windows Defender
»www.microsoft.com/athome/securit ··· ult.mspx
*Validation of genuine Microsoft Windows Required*

8. Scan for Viruses and common trojans online and free

»Security »What are some web based virus scanners and encyclopedias?

9. If you still have problems and think you are infected after following the various scans and help above...... See: »Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance before posting in our »Security Cleanup forum for assistance:

10. Some Security Sites worth reading and bookmarking for reference and to help you get started in your PC Security.

Security At Home:protect your computer

Home Computer Security

Protecting Your Home Network

Home Network Security

Malicious Code Propagation and Antivirus Software Updates

National Institue of Standards and Technology
Computer Security Resource Center

Stay Safe Online

Protecting Your Privacy & Security on a Home PC

IE-SPYAD: Restricted Sites List for Internet Explorer
»www.spywarewarrior.com/uiuc/reso ··· #IESPYAD

»Microsoft Application Tips and Tweaks »Concerning Internet Options Security, what do some of the settings mean

Internet Explorer 9 for Windows is available now
»www.microsoft.com/windows/ie/def ··· ult.mspx
Internet Explorer works with Windows Defender to help prevent spyware from sneaking onto your computer in common ways, such as part of a larger software download

by CalamityJane See Profile edited by TheJoker See Profile
last modified: 2013-02-02 09:43:11

»www.lavasoft.de/company/newslett ··· cks.html
Beware - Desktop Hijacks on the Rise Again
Security Forums have been deluged with daily cries of help from victims of the "Smitfraud" desktop hijackers that are using fake codec to infect their prey.

Watch out for the Zlob Trojan that poses as a codec needed to view a video, then installs a fake virus and urges its victims to download a rogue anti-spyware program to remove it. Lavasoft has also confirmed that this malware takes advantage of unpatched systems using exploits on web pages. Visit Microsoft Update to ensure that ALL of your critical Windows security pages are updated.

Other victims have been infected by a fake e-card greeting, or even a spoofed e-mail that claims to be Windows Update (Microsoft never sends updates via e-mail). Still more unassuming victims received an e-mail asking them to open a link to see the message (these can be fake e-mails, intended only to infect), or even a link from your 'buddy' in instant messages - but don't trust it if you aren't expecting it. Even your buddy could be infected without his/her knowledge and the virus on their computer is sending you the link with one purpose, and one purpose only - to infect you!

A few of the fake codecs out there include:

braincodec (added 28 Nov2006)
EliteCodec (added 08 Nov 2006)
eMedia Codec
Gold Codec (added 23 Nov 2006)
HQ Codec
PerfectCodec (added 15 Nov 2006)
PornPass Manager
PornMag Pass
QualityCodec (Added 08 Nov 2006)
SilverCodec (added 23 Nov 2006)
Supercodec (added 15 Nov 2006)
X Password Generator
X Password Manager

We urge you to be aware and watch out for fake codecs. This is one of the favorite methods used by the authors of malware to lure you into downloading a file that infects your computer. If you receive a link for a video that says you need a certain codec in order to view it, be careful! Today, it could be a fake codec that is actually a Trojan just waiting to infect your system.

New variants are being released daily, even faster than Security Products companies receive new samples for detection. And because it does take time for due diligence on detection for the newer variants, it is important to remember that prevention is the key!

A screen shot of what one of the fake codecs looks like:

Click for full size

Discussion thread is here:
»Beware Fake Codecs - it could be a trojan

Edited for new variants: 23 Nov 2006 by CalamityJane
Last edited for new variants: 15 Nov 2006 by CalamityJane
Edit 08 Nov 2006 by CalamityJane: List of codecs updated for new variants

Last edited for new variants: 15 Nov 2006 by CalamityJane

by CalamityJane See Profile
last modified: 2006-12-05 14:41:10