·How do I prevent Browser Hijacks and Spyware?
·Beware Fake Codecs - it could be a trojan

said by TonyKlein :

---

SO, HOW DID I GET INFECTED IN THE FIRST PLACE?

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

1) Watch what you download!
Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself.

Pre-Scan downloaded files for viruses and malware at one of these multi-engine single file scan sites for free! Each one uses a dozen or more well-known AntiMalware scanners in one quick easy scan with a report of results from all.

Virus Total (10mb limit)
»www.virustotal.com/xhtml/index_en.html

Jotti's Malware Scan (15mb limit)
»virusscan.jotti.org/

2) Go to IE > Tools > Windows Update > Product Updates, and install ALL Security Updates listed.
It's important to always keep current with the latest security fixes from Microsoft.
Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.

Windows Update:
http://v4.windowsupdate.microsoft.com/en/default.asp

3) Adjust your security settings for ActiveX

Go to Internet Options/Security/Internet, press 'default level', then OK.

Now press "Custom Level."

In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option/security.

So why is activex so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
Would you run just any random file downloaded off a web site without knowing what it is and what it does?

And some more advice:

4) Install Javacool's SpywareBlaster.

SpywareBlaster
http://www.wilderssecurity.net/spywareblaster.html

SpywareBlaster will protect you from all spy/foistware in it's database by blocking installation of their ActiveX objects. Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer)
Press "select all", then "kill all checked", and you're done.
The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer.
Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
Don't forget to check for updates every week or so. Let's also not forget that SpyBot Search and Destroy has the Immunize feature which works roughly the same way.
It can't hurt to use both.

Download Spybot Search and Destroy
http://www.safer-networking.org/

5) Another brilliant program by Javacool we recommend is SpywareGuard.
It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

SpywareGuard
http://www.wilderssecurity.net/spywareguard.html

An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware! And you can easily have an anti-virus program running alongside SpywareGuard.
It now also features Download Protection and Browser Hijacking Protection!

6) You can use a customized HOSTS file to block known bad sites. This is accomplished by blocking these sites through the hosts file. For more information and recommended sources see here:
»Security »What is a Hosts file and where can I get it?

Finally, after following up on all these recommendations, why not run Jason Levine's Browser Security Tests.
http://www.jasons-toolbox.com/BrowserSecurity/

They will provide you with an insight on how vulnerable you might still be to a number of common exploits.

---

said by CalamityJane :

---

To add to Tony's excellent advice above, you many find the additional programs and Security Sites helpful in malware prevention and removal:

7. Three free programs available to remove spyware from your system:

Download, Update and Scan with Adaware 2008 (get the free edition).
Download and install Adaware 2008
»www.download.com/Ad-Aware-2008/3···10844457

Reboot your PC after scanning and cleaning with Adaware

Download, Update and Scan with Spybot Search and Destroy. (Be sure to Update the program first)

Download and install Spybot Search & Destroy (free)
http://www.safer-networking.org/

A comprehesive Tutorial by the Author of Spybot Search & Destroy:
http://www.safer-networking.org/index.php?...p?page=tutorial

Windows Server 2003, WinXP users (English versions only):
Download, Update and Scan with Windows Defender (free)

Download here:
»www.microsoft.com/athome/securit···ult.mspx

Complete instructions on using Windows Defender can be found here:
Using Windows Defender
»www.microsoft.com/athome/securit···ult.mspx
*Validation of genuine Microsoft Windows Required*

8. Scan for Viruses and common trojans online and free

»Security »What are some web based virus scanners and encyclopedias?

9. If you still have problems and think you are infected after following the various scans and help above...... get HiJackThis (another free program & diagnostic tool)
NOTE: See: »Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance before posting a HijackThis log and may only be posted in our »Security Cleanup forum for assistance:

Instructions for HijackThis:
* Download Trend Micro Hijack This™
»download.bleepingcomputer.com/hi···tall.exe
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log.
Copy and paste the contents of the log in your next new topic.
NOTE: Most of what it lists will be harmless or even essential, don't fix anything yet. Someone will be along to tell you what steps to take after you post the contents of the scan results.

10. Some Security Sites worth reading and bookmarking for reference and to help you get started in your PC Security.

Security At Home:protect your computer
Spyware

Home Computer Security
http://www.cert.org/homeusers/HomeComputerSecurity/

Protecting Your Home Network
http://www.microsoft.com/windowsxp/pro/usi...tecthomenet.asp

Home Network Security
http://www.cert.org/tech_tips/home_networks.html

Malicious Code Propagation and Antivirus Software Updates
http://www.cert.org/incident_notes/IN-2003-01.html

National Institue of Standards and Technology
Computer Security Resource Center
http://csrc.nist.gov/

Stay Safe Online
http://www.staysafeonline.info/

Protecting Your Privacy & Security on a Home PC
»www.spywarewarrior.com/uiuc/

IE-SPYAD: Restricted Sites List for Internet Explorer
»www.spywarewarrior.com/uiuc/reso···#IESPYAD

»Microsoft Application Tips and Tweaks »Concerning Internet Options Security, what do some of the settings mean

Internet Explorer 7 for Windows XP is available now
»www.microsoft.com/windows/ie/default.mspx
Internet Explorer works with Windows Defender to help prevent spyware from sneaking onto your computer in common ways, such as part of a larger software downloa


Edit 19 Nov 2008 by CalamityJane: Removed IESPYAD and AGNIS (from #6 recommendation to block bad sites). Added link to HOSTS file FAQ to use instead.

Edit 07 Aug 2008 by CalamityJane: Removed CWShredder (obsolete)
Updated HijackThis instructions, Ad-Aware and Spybot versions and download links.

Edit 15 Oct 2007 by CalamityJane: Updated Windows Defender download link. Updated HijackThis download instructions (now available from Trend-Micro). Added IE7 and download link.

Edit 12 Aug 2006 by CalamityJane: Name change for Microsoft Antispyware to Windows Defender

Edit 30 Jan 2006 by CalamityJane: Added Microsoft Antispyware, updated MBSA to v. 2.0; adjusted step 9 to include Security Cleanup Forum rules.

Edit 24 Jan 2006 by CalamityJane: New URL for IESPYAD


feedback form feedback form

Any feedback you provide (corrections, updates or suggestions) are sent to the owner of this FAQ
and anyone else involved in writing or editing this item.

by CalamityJane
last modified: 2008-11-19 19:19:05

quote:

---

Beware - Desktop Hijacks on the Rise Again
Security Forums have been deluged with daily cries of help from victims of the "Smitfraud" desktop hijackers that are using fake codec to infect their prey.

Watch out for the Zlob Trojan that poses as a codec needed to view a video, then installs a fake virus and urges its victims to download a rogue anti-spyware program to remove it. Lavasoft has also confirmed that this malware takes advantage of unpatched systems using exploits on web pages. Visit Microsoft Update to ensure that ALL of your critical Windows security pages are updated.

Other victims have been infected by a fake e-card greeting, or even a spoofed e-mail that claims to be Windows Update (Microsoft never sends updates via e-mail). Still more unassuming victims received an e-mail asking them to open a link to see the message (these can be fake e-mails, intended only to infect), or even a link from your 'buddy' in instant messages - but don't trust it if you aren't expecting it. Even your buddy could be infected without his/her knowledge and the virus on their computer is sending you the link with one purpose, and one purpose only - to infect you!

A few of the fake codecs out there include:

braincodec (added 28 Nov2006)
EliteCodec (added 08 Nov 2006)
Emcodec
eMedia Codec
Gold Codec (added 23 Nov 2006)
HQ Codec
iCodecPack
iMediaCodec
iVideoCodec
IntCodec
KeyCodec
Media-Codec
MediaCodec
MMediaCodec
MPCODEC
PCODEC
PerfectCodec (added 15 Nov 2006)
PowerCodec
PornPass Manager
PornMag Pass
QualityCodec (Added 08 Nov 2006)
SilverCodec (added 23 Nov 2006)
SoftCodec
strCodec
Supercodec (added 15 Nov 2006)
TrueCodec
vaxsetup
Vccodec
VideoCompressionCodec
VideoKeyCodec
VideosCodec,
WinMediaCodec
X Password Generator
X Password Manager
ZipCodec

We urge you to be aware and watch out for fake codecs. This is one of the favorite methods used by the authors of malware to lure you into downloading a file that infects your computer. If you receive a link for a video that says you need a certain codec in order to view it, be careful! Today, it could be a fake codec that is actually a Trojan just waiting to infect your system.

New variants are being released daily, even faster than Security Products companies receive new samples for detection. And because it does take time for due diligence on detection for the newer variants, it is important to remember that prevention is the key!

---

feedback form

feedback form

Any feedback you provide (corrections, updates or suggestions) are sent to the owner of this FAQ
and anyone else involved in writing or editing this item.

by CalamityJane
last modified: 2006-12-05 14:41:10