|
|
Custom Search
|
|
|
Join the PC homebuilding revolution! Read the all-new, FREE 200-page online guide: How to Build Your Own PC! |
|
NOTE: Using robot software to mass-download the site degrades the server and is prohibited. See here for more. Find The PC Guide helpful? Please consider a donation to The PC Guide Tip Jar. Visa/MC/Paypal accepted. |
Exalted Grand Master Geek
I just got back from a client. Now this is a great story. Client went away for vacation. Had a teenager house sit. When client came home it was clear the teenager had visited various porn sites. The computer had several spy ware programs installed, dialer software, the favorites had various porn sites added to it.
Uninstalled the software. fixed the favorites and ran spy-bot to get rid of the software. Teenager swears he did not add anything to favorites or allow any installation of software. Ran a virus can and found the backdoor.jeem worm.
Went to the history and visisted some the sites listed an lo and behold the process repeates itself.
Went back to my place and the same thing happened on my computer.
Are there security settings in IE that would have prevented these web sites from installing software without user consent. Make changes to the registry. Are these active x controls that can be blocked?
I know the best medicine is not to visit these sites, but teenage boys and a broad band connection is an open invitation.
I'd like some thoughts from the IE experts
Geek Adept
Best way is to make sure all ActiveX in Internet Options are set to prompt at least. Unsafe unsigned set to disable. At least you'll know what tries to install...
Then, you can get Spyware Blaster. It'll act as a kill bit for these crappy drive-bys. It doesn't need to be running, it adds these "kill-bits" to the registry and effectively kills them before they even get on your pc.
http://www.javacoolsoftware.com/spywareblaster.html
I amar prestar aen. Han mathon ne nen. Han mathon ne chae. A han noston ne 'wilith. - Galadriel
'The world is changed; I can feel it in the water, I can
feel it in the earth, I can smell it in the air.'
Supreme Exalted Grand Master Geek
Well, firstly I believe the kid...this crap can and does do all sorts of things, including but not limited to...
1. Changing your homepage/search engine
2. Add themselves to Favorites/bookmarks, "Trusted Zone" in IE Security
3. Add listings to the HOSTS file to redirect sites
4. Add/change DNS settings, default URL handling
5. Write themselves to obscure auto-runlocations in the registry and reinstall themselves if not completely removed.
In other words, trojan like behavior.
Basically, yes there are security settings in IE to help....disable ACtiveX (set it to a least prompt, not only for unsigned controls but singed as well....yes a lot of that crap is signed!!!!!!!)
But running Spywareblaster provides a much better method....it prevents several hundred of these bad boys from installing.
Please post a HijackThis log from the infected machine.
Also some more info.... http://www.spywareinfo.com/rd/faq
AV, Anti-Trojan List;Browser and Email client List;Popup Killer List;Portable Apps
“When men yield up the privilege of thinking, the last shadow of liberty quits the horizon.” - Thomas Paine
Remember: Amateurs built the ark; professionals built the Titantic."
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote