Viruses, Trojans, Spyware, Cookies, P2P

I hope you don’t mind if I lump together a whole bunch of questions on the above subjects, because I believe they are related.

Regarding P2P file sharing:

• Isn’t a large percentage – perhaps a majority – of the music and video files on Kazaa, Limewire and the like infected with a virus or trojan?

• If that’s true, then anyone who downloads files on such a service regularly will regularly download such malware, won’t he/she?

• Is that not a threat at all if one has good anti-virus/anti-trojan/anti-spyware/firewall/router installed? Do such measures guarantee that clicking to download infected files will not pose a problem?

• If such a file does contain a virus/trojan/worm, will the file still appear to be just a normal music/video file after it’s been downloaded, but behind the scenes the malware is doing its thing?

• Aren’t most files distributed on such P2P services for the purpose of spreading malware? If not, what motivation does a person have for loading a new file onto the service (not sharing a file that’s already floating around out there, but actually being the first person to put it on the network)?

• With regard to P2P porn files, it seems that almost all have completely deceptive subject descriptions (or so I’ve been told) to lure people into downloading them. What is the purpose of such deception – to get people to download malware? Or is there some reason people benefit by having a legitimate file downloaded many times?

Regarding other sources of malware:

• Doesn’t one take a pretty serious risk of getting infected every time one clicks on a link that someone on forumosa has innocently posted for something such as an IQ test, or test your knowledge of X, or a humor website, etc.?

• Is there any way one could know in advance whether clicking on such a link will infect one or not?

Regarding trojans:

My wife shares my computer and yesterday I received a message that my McAffee anti-virus software found and deleted a trojan that was residing on my wife’s temp file (the trojan was called “Exploit-MhtRedir.gen”). That had me very concerned because it’s my understanding trojans can be particularly insidious.

• I was pleased that McAffee Anti-Virus resolved the problem, but today McAffee informed me 3 more times that it had found and deleted the same trojan from the same location. What could that mean? That McAffee incorrectly informed me that it had resolved the problem when it hadn’t, or that the trojan re-appeared for some reason?

• Should one also get anti-trojan software as well as anti-virus?

Regarding cookies:

In addition to running both of my anti-virus programs and my anti-spyware program after receiving the above message (and finding no malware), I also deleted all cookies from my account, my wife’s account and the admin account and was surprised at the source of so many cookies. I had cookies not just from slimey ad agencies and the like, but also from forumosa.com, from miltownkid’s blog, from law firms whose websites I have visited, etc.

• How did they get on my computer? For example, I doubt that miltown arranged for his blog to put a cookie on my computer, did he? If not, then how did it get there and what kind of functions might it perform?

• By deleting all of the cookies, I understand I may suffer the inconvenience of having to reenter my password or other such info at sites I used to visit regularly. Isn’t that correct?

• However, is it also likely that deleting the cookies may benefit me, or does it not really make a difference?

Thanks for your feedback.

http://www.cookiecentral.com/
more on cookies you’ll find here …

Some trojans carry a hidden file that stays on your computer and will later replicate the trojan and as long as this file isn’t removed it will carry on it’s work … I was told

[quote=“belgian pie”]http://www.cookiecentral.com/
more on cookies you’ll find here … [/quote]

But how do I know I won’t get more cookies or a trojan by clicking on your link?

You’ll never know … I’m the cookie monster … hmmm … baker

Just activate the cookie part on your browser and set it to either block or tell me and let me choose if I want it …

[quote=“Mother Theresa”][quote=“belgian pie”]http://www.cookiecentral.com/
more on cookies you’ll find here … [/quote]

But how do I know I won’t get more cookies or a trojan by clicking on your link? [/quote]
Life is full of little risks, right?

Trojans are a sub-type of viruses, and as such, your anti-virus software should locate and deal with them. Why did your anti-virus software keep finding that trojan, after once removing it? My best guess is that whatever “security hole” exists in your system let in the same trojan over and over again. And will continue to do that until that hole is patched. If you’re running Windows, there are frequently piles of security patches to download.

Someone with more current knowledge will hopefully come along and give you more answers.

BTW, cookies will win but it’s up to you to tell what cookies you want … you always can delete them … trojans and malware is up to you too, surf smart and don’t download stuff, i stopped doing that, no more p2p …
things I download come only from official websites and only things I really need, I have a router, a virus program, adware and firlewall protection don’t have any problem yet and … I’m the only on this machine … so buy one for your wife and let her mess it up as much as she wants …

i’ve set my cookie control to tell me first and I decide, some sites they offer me like up to ten cookies they want to put on my machine … and they are not from thet site only but from third party sites … BTW, Forumosa gets them too, with links from pics and avatars.

[quote=“Mother Theresa”][quote=“belgian pie”]http://www.cookiecentral.com/
more on cookies you’ll find here … [/quote]

But how do I know I won’t get more cookies or a trojan by clicking on your link? [/quote]I have mozilla set to reject all cookies except from sites I allow, like forumosa or sites that REALLY insist on it. As for the other stuff, Keep your antivirus updated, and don’t download dodgy stuff, or install stuff you didn’t ask for.

A good program for these self replicating trojans is registry mechanic.

Have a firewall running, install an anti-virus program and have it updated regulary, set up your browser to block cookies and pop-ups (you can allow the ones you use regulary and trust) and run an a program like ad-aware once in a while. Don’t install to many programs and stuff you don’t know and keep your autostart free of everything you don’t need.

That will keep your computer fast, clean and stable.

I am no tech expert, far from it, but when I would used P2P before it was terrible. I then tried the paid service on limewire and never had a problem with viruses (trojans or whatever you call them) and this is after hundreds of downloads and my cpu was still running perfect until it got stolen.

Seems an appropriate place to post this info:

On the topic of viruses and other malware, I want to say something that might be of use to someone else. Although I have a good bit of technical knowledge, it is becoming dated. I haven’t really kept up with things in the last few years. Viruses were not the newest threat, but were the major threat last time I looked carefully. Then along came all other sorts of malware, like spyware for example.

Recently, my computer has been getting slower and slower. Slow to the point that some basic Windows menu displays were starting to lag. I did some basic clean-up of files, etc., but that didn’t really help.

I’ve had anti-virus protection since the beginning. Added firewall software next, but not that long ago. No anti-spyware software until just yesterday. I installed Spyware Doctor 3.2, and I was a bit shocked at what it found: 703 infections.

No typo – 703 infections on a Windows XP Pro system. I simply could not believe the number. After digging into the results a little bit, I figured out that many of those “infections” were ordinary cookies. But a significant number were not.

A few observations or comments for those who might not be aware:

• I watched the “infections found” counter as the scan was in progress. It increased most when scanning cookies. It increased least when scanning Windows system files or other executables or software support files.

• Newer types of malware activity, like spyware and intrusion attempts, are far more prevalent than viruses ever were. When scanning for viruses, I might have found one per occasion in the past. I already mentioned the number of spyware infections that were found. My firewall software shows so many intrusion attempts, per day, that I simply cannot believe it.

• The high bandwidth environments of ADSL and other broadband services seem to have really compounded this problem.

• After running the anti-spyware program and cleaning up after it, the slowness problems seem to be much improved.

• Moral of the Story: If you don’t have firewall and anti-spyware software installed, get them now. If you haven’t disabled cookies without permission, do that now.

Mother Teresa.

Which version of Windows are you running. Is it XP?

[quote=“irishstu”]Mother Teresa.

Which version of Windows are you running. Is it XP?[/quote]

Yes, why?

Here we go:

I have this terrible little piece of malware/spyware on my PC that after multiple attempts of removing it, it still remains. Tutorials and such have not remedied the problem and I tired of seeing it pop up on scans.

38 entries for : smitfraud-c

I’ve cured the blue screen of death and nothing SEEMS to be slowing my pc down but this thing is hard to get rid of.

Any pointers?

As far as I know, there is no such thing as a virus/trojan which can affect normal music/video files. The reason being that music & video is just data, with no executable code attached.

Of course, it is possible that there are security holes in specific media players which could be exploited by virus writers - but i’ve never heard of it. Anyone else know better?

I normally use Linux, but recently had to help my niece set up her new computer and she wants/demands Windows XP. So I had to refamiliarize myself with Windows security issues.

The big security issue that just hits me in the face like a baseball bat is the way that most Windows users are surfing the Internet with the Administrator account (and furthermore, with no Administrator password set). You might as well ride your motor scooter stark naked during rush hour, for all the protection that will give you.

Many people are under the mistaken impression that the purpose behind user accounts and passwords is just to keep their significant other from reading their secret love letters or viewing their porn collection. Thus, if they don’t have secret love letters or a porn collection, they don’t think they need to take this security precaution. Unfortunately, this thinking totally misses the point.

With Administrator privleges, anything you can do while sitting at your computer can also be done by some malicious hacker who can connect to your machine through the network. And if you’re connected to the Internet, the “network” basically means the rest of the world.

So if you care at all about security, set an Administrator password, and then set up a user account (also with password). It doesn’t matter if you use the same password for both, just make sure it’s something not easily guessed and not easily forgotten. You could use your Chinese name in Pinyin (your choice of Tongyong or Hanyu). The longer and more complicated your password, the better, so you could throw in your ARC number too, example:

wangbadanV12345678

I don’t think Windows passwords are case sensitive (could be wrong about that, so somebody correct me). Linux passwords are case sensitive, so you can’t simply ignore that.

It’s OK to write down your password and tape it to your monitor, just as long as you don’t fear that your signifcant other will read your love letters and view your porn collection.

An important point about user accounts is that Windows seems to offer two kinds, one with Administrator privileges and another without. You definitely do NOT want Administrator privileges when you’re surfing the Internet.

You do need Administrator privileges to install new software on your computer or to change system settings. So occasionally you may have to log in with the Adminstrator account. Just try to do this only when you’re offline.

Ignore this advice at your peril.

cheers,
DB

[quote=“Mother Theresa”][quote=“irishstu”]Mother Teresa.

Which version of Windows are you running. Is it XP?[/quote]

Yes, why?[/quote]

I ask for two reasons.
Reason 1.
One of the reasons why things keep on returning in Windows XP is because of its “oh so intelligent” (not) Restore function. This keeps “correcting” the good work you have just done by removing the virus or whatever. If you are still having that problem, I recommend that you go to Control Panel>Administrative Tools> Services, then look for System Restore Service. Double-click on it and choose Stop (if it is not greyed out), then change the Startup Type to “Manual”.
Stop your virus, restart. If it happens again. Restart again. It should stop after this.

Reason 2.
About the best free Anti Spyware software for XP is the one offered by Microsoft. Go to tucows.com/preview/397078 to get it.

Incidentally, if you want to avoid spyware in the first place, start using Firefox instead of Internet Explorer.

Stu

Thanks everyone for all the interesting and useful comments.

Irishstu, I’m no longer having trouble with that trojan. For some reason my McAffee anti-virus program told me 4 or 5 times in a row that it had deleted the trojan, but that was a week ago. It hasn’t returned since.

I’ll check out and probably install the Microsoft antispyware program you refered to. I’ve been using another freebie (adaware?), but I guess it won’t hurt to have two. (I already have two anti-virus programs: McAffee which I paid for and the free Grisoft program).

As for firefox, yea I know my life will be better, but I’m a slow learner with tech stuff and I know Windows. Some day maybe I’ll make the effort to switch over. I’m sure all of you are right about that.

[quote=“david”]
Of course, it is possible that there are security holes in specific media players which could be exploited by virus writers - but I’ve never heard of it. Anyone else know better?[/quote]

www.securityfocus.com is a good site to check for known exploits. You can see what type of stuff people have found.

The next version of Windows will take care of a lot of security concerns. No longer will default accounts have administrative access.

Still, Linux and Mac are a lot safer. I never worry about viruses, malware, or spyware. The potential is there but unix has had security in mind for a long time.

I never worry about cookies. They’re just going to contain stuff I’ve entered a site before. And sites can only read the cookies they’ve made. What harm is there in that?