Spyware, Viruses, & Security forum

Question

Hacked: MSSE maimed,

by robb7thurston / March 17, 2012 11:02 AM PDT

Operating System: WinXP SP3, Dell Dimension 3000,
Also, MSSE Antivirus. I have Spyware Doctor, MBAM,SAS (each turned off) retained for second opinion scans. I was using XP SP2 (one-way) firewall.
I woke up Wednesday morning with five trojans on my hard disk in a system I scan every day and presume it is clean. SAS cleaned the trojans.
My MSSE still functioned, but definitions were ruined, they did not function. I uninstalled MSSE and reinstalled, and the definitions came back and were on the proper date. I installed AVast free antivirus and OnlineArmor free firewall with hips etc. MSSE is remaining active on my OS.
QUESTIONS: (1) Are MSSE, Avast and OA adequate to basically impede viruses (yes, I know, you can't win but you can impede). (2) Do MSSE, Avast and OA play nice together? (3) There is a process-slips off my tongue for a moment-you can tell an anti-virus not to scan an application, file, etc. Should I tell MSSE, Avast and OA to ignore (not scan) each other ? (4) Should I eliminate something or add something?. Remember I have Spyware Doctor, MBAM,SAS reserved and can turn them on at will for a second opinion.
Finally I have a streaming radio program over the Internet, which helps my nerves. I play it constantly. Can that cause viruses? The music isn't very risque,it comes from a very low profile therapy site. Do I need to shield a perpetual streaming Internet Radio--and how is that done?
Best!

Answer This Ask For Clarification
Discussion is locked
You are posting a reply to: Hacked: MSSE maimed,
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Hacked: MSSE maimed,
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Clarification Request
Spyware, viruses, & security forum: Hacked: MSSE maimed
by robb7thurston / March 17, 2012 11:14 AM PDT
In reply to: Hacked: MSSE maimed,

by robb7thurston - 3/17/12 6:02 PM
I apologize. I need to ask one more item,please. Thanks,here it is.
Online Armor, Avast, Spyware Doctor all want to be part of start up. This makes things very bad and slow. Can I disable them from startup, or is there a way to get moving fast at startup? Advise.

Collapse -
You appear, according to ...
by Edward ODaniel / March 17, 2012 7:55 PM PDT

what you have told us in the two posts, be running BOTH Avast and MS Security Essentials and BOTH the Native XP Firewall and Online Armor. You are going to have problems.

Select either MSSE or AVAST as your AV and uninstall the other and if you use Online Armor disable the native firewall.

Your problems with suddenly discovering "five trojans" might even be as simple as software conflicts. Read this:
http://answers.microsoft.com/en-us/protect/forum/protect_start/check-list-for-installing-microsoft-security/bf757e6a-e320-4a67-92bc-767e6acb26c4

What were the names of these trojans? Where were they located? Conflicting apps can result in false positives.

The MSSE definitions could easily have been corrupted by one of the conflicting anti-malware apps.

Since Avast and MSSE both include anti=malware scanning in addition to anti-virus it is best to avoid having other anti-malware apps running resident (in the background) EXCEPT when performing a specific scan - helps avoid conflict.

You could set up exceptions for the various apps BUT that still will not avoid conflict if all are running as the conflict will be with multiple apps all accessing or trying to access a file at the same time.

You also ask "Online Armor, Avast, Spyware Doctor all want to be part of start up. This makes things very bad and slow. " -- You could but if your firewall and AV are not running when files start getting accessed they can't do what they are designed to do. Spyware Doctor on the other hand could easily be disabled and used only as needed.

Collapse -
Hacked: Advice from E. ODaniel
by robb7thurston / March 18, 2012 6:09 AM PDT

Dear Edward ODaniel;
I am deeply obliged. I thank you very kindly.
I will comment on your very kind advice--again,much grateful thanks!
"(1)Since Avast and MSSE both include anti-malware scanning in addition to anti-virus it is best to avoid having other anti-malware apps running resident (in the background) EXCEPT when performing a specific scan - helps avoid conflict.

(2)You could set up exceptions for the various apps BUT that still will not avoid conflict if all are running as the conflict will be with multiple apps all accessing or trying to access a file at the same time.

(3)You also ask "Online Armor, Avast, Spyware Doctor all want to be part of start up. This makes things very bad and slow. " -- You could but if your firewall and AV are not running when files start getting accessed they can't do what they are designed to do. Spyware Doctor on the other hand could easily be disabled and used only as needed.

My comments: (1) I totally turned off MSSE, all functions were turned off such as realtime protection, scanning, etc. It's still downloaded but it remains dormant, as a portion of my "second opinion" scanners.
Avast, on the other hand is scanning and I specially configured it. (3) Avast and OnlineArmor are re-established in start-up. MSSE is removed from from startup.
After I followed your very kind instructions, including establishing Avast and OA at start up, I did a boottime scan with Puran Defrag to clean and defrag the hard disk. When it was finished, I rebooted again,to observe how quick the system was,using just Avast and OA as resident scanners. It was very fast. There is no science here,but to my eyes, the OS seems fully fast. I scanned again last night with SAS
for viruses and none were detected. Hence, your hypothesis that I was, to some degree victimized by application conflicts, is provisionally confirmed. Thanks for that suggestion.
TWO NEW QUESTIONS: (1) I have bad nerves and listen to classical music streaming from an Internet radio Station, KFUO in St. Louis MI. I have used VLC and also Microsoft Media Player. I tend to leave KFUO going while I sleep as it helps me. Question: can i get hacked by hackers and viruses? Will Avast and OA be adequately protective from streaming and getting attacked? Advise;
(2) Do Avast and OA play nice together? Advise.
I send thanks and my kindest regards!

Collapse -
VLC Media Player New Security Update
by mchainmchain / March 19, 2012 6:20 PM PDT

See Carol's posting (11th post down) down re VLC Player Security Updates here: http://forums.cnet.com/7723-6132_102-558764/news-march-19-2012/?tag=contentBody;threadListing

You can use a free security vulnerability scanning program from Secunia (Secunia PSI) to keep all your software up-to-date to reduce the chances of malware and viruses being introduced by exploits in out-of-date (vendor has an updated newer version) or obsolete programs (vendor no longer supports program or provides updates) on your computer.

Here: http://secunia.com/vulnerability_scanning/personal/

Be sure to use the latest stable version of PSI (Download button only), not the 'Try PSI 3.0' button as 3.0 is a beta (under testing, not final) version.

Let us know how the PSI scan went.

I will step aside and let Edward ODaniel answer your question about Avast! and Online Armor.

Collapse -
In Reply to: Hacked: mchainmchain by robb7thurston
by robb7thurston / March 20, 2012 7:40 AM PDT

I am extremely obliged. Yes,I did as you kindly suggested: "See Carol's posting (11th post down) down re VLC Player Security Updates here: http://forums.cnet.com/7723-6132_102-558764/news-march-19-2012/?tag=contentBody;threadListing." I downloaded the proffered VLC. and also http://secunia.com/vulnerability_scanning/personal. I have used File Hippo for downloads but I am very obliged to you and downloaded Secunia. There is one severe problem I have,by the way, with Flash Player 11.1.102.62, revealed by Secunia. Now,pardon my French, but I had a terrific tussle getting that to download on my PC. In this fashion: I uninstalled my previous Flash Player, and the Flash player site kept telling me the newest version, which I was trying to download, was incorrect and would not down load it. I accidentally discovered that YouTube offered a Flashplayer and allowed its installation. Jeez, a total agony. Now I face getting another new flashplayer. PLEASE SUGGEST A LESS AGONIZING WAY TO GET MY PRESCRIBED FLASHPLAYER.
Many Thanks!

Collapse -
For your Flash Player problems
by MarkFlax Forum moderator / March 20, 2012 7:45 AM PDT
Collapse -
Well,
by mchainmchain / March 20, 2012 6:43 PM PDT

I do feel for you, and you should know that Secunia 2.0.0.4003 (the version you may have downloaded and installed) can automatically update a program like Adobe Flash. When a program in Secunia is detected as insecure that has automatic updating enabled, it will do all the work for you, and tell you when it is successfully completed.

There is a setting in Secunia that will allow you to turn this feature on; forget at the moment where, but I think it is in the Settings section. There is also a tick box for automatically downloading and installing or download but do not install unless permission is given. I would choose to have it automatically download and install, as you tend to leave your system on all night.

So, once you follow MarkFlax's advice, and get that straightened out, change the settings in PSI, a few programs will automatically update and install for you. Version 2.0.0.4003 will not do all of them, but the newest beta version, 3.0, now undergoing testing by beta testers, is said to do more programs this way.

PSI will certainly let you know when you have an insecure program on your computer, something you most likely did not know before you got it.

I do not recommend installing 3.0 until all testing is done, and the final release is made. Even then, I would wait a month or so until all bugs and quirks are worked out. You certainly will be in a better position than you were before if you successfully follow Mark's advice to get the Flash problems worked out.

Collapse -
To my knowledge ...
by Edward ODaniel / March 20, 2012 3:15 AM PDT

Avast and Online Armor work just fine together assuming that you are only using either the Free Avast or the Avast Pro but NOT Avast Internet Security (because it has a firewall).

I generally advise installing Malwarebytes and Super Anti-Spyware (free versions) and only running them for "insurance" every few days or weeks just to make sure nothing is slipping by my Avast. These will almost always find quite a few tracking cookies so go ahead and delete them but do not get worried about their being there as tracking cookies are most often just a method for making your visit to any specific web site easier and more enjoyable.

If you keep your Operating System and your applications updated you should not worry overmuch about getting "hacked", as most of the updates are for problems that could allow someone access IF certain other conditions were also met.

One thing you could do is create a limited user account for running the media players and streaming audio and limit what other applications it has access to.

Collapse -
To my knowledge ... - New! by Edward ODaniel - 3/20/12 10:1
by robb7thurston / March 20, 2012 7:59 AM PDT
In reply to: To my knowledge ...

I am very obliged. Many thanks. "create a limited user account for running the media players and streaming audio and limit what other applications it has access to." Your idea is excellent. Please note very kindly:
I use Comodo Dragon (this is just Chrome's brother) exclusively for videos because it prevents buffering issues which are apparently due to slow speed. For streaming audio, I use the Enigma Browser, which is a skin for IE which is designed for very strong stability. Also VLC or Microsoft Media Player. Enigma has never crashed after several months of usage. For browsing I have IE 8 and Firefox. I do not need Comodo Dragon and Enigma except for media.
QUESTION: can I sandbox Comodo and Enigma or use otherwise isolate them from scripting? I need a good tutorial,hopefully with screen shots or drawings or something. I can slog through tutorials but I am not clever--but I get by. Summary: please suggest a limited usage account or sandbox etc. Please supply a tutorial,or ADVISE IN GENERAL.
Very kindest regards

Collapse -
To my knowledge- New! by Edward ODaniel - 3/20/12 10:1
by robb7thurston / March 23, 2012 11:34 AM PDT

Dear Edward ODonald. Well,we seem to have broken up. So I am sending your last answer,with respect. I need some clarifications,please,and I thank you. You answered me:
"One thing you could do is create a limited user account for running the media players and streaming audio and limit what other applications it has access to." E ODaniel.
Here was my reply. Is this clear enough for you? Tell me to make it clearer if necessary.
"I am very obliged. Many thanks. "create a limited user account for running the media players and streaming audio and limit what other applications it has access to." Your idea is excellent. Please note very kindly:
I use Comodo Dragon (this is just Chrome's brother) exclusively for videos because it prevents buffering issues which are apparently due to slow speed. For streaming audio, I use the Enigma Browser, which is a skin for IE which is designed for very strong stability. Also VLC or Microsoft Media Player. Enigma has never crashed after several months of usage. For browsing I have IE 8 and Firefox. I do not need Comodo Dragon and Enigma except for media.
QUESTION: can I sandbox Comodo and Enigma or use otherwise isolate them from scripting? I need a good tutorial,hopefully with screen shots or drawings or something. I can slog through tutorials but I am not clever--but I get by. Summary: please suggest a limited usage account or sandbox etc. Please supply a tutorial,or ADVISE IN GENERAL.
Very kindest regards. Robb Thurston

Collapse -
While the way you already have things set up ...
by Edward ODaniel / March 23, 2012 10:09 PM PDT

should be sufficient Sandboxing would add another layer of security to protect the PC.

Here is a link to a tutorial for sandboxing with Comodo Internet Security, Avast, or Sandboxie
http://www.pcworld.com/article/247416/how_to_keep_your_pc_safe_with_sandboxing.html

Here is a CNET video on Avast Sandboxing (uses Avast 6 but the info is pretty much the same with Avast 7)
http://download.cnet.com/8301-2007_4-20035077-12.html

Here is more info on Avast Sandboxing:
http://www.avast.com/pr-avast-software-new-avast-7-extends-virtualization-sandbox

Of course you do need to be aware that there are differences between the auto sandboxing of the Free Avast (which must first be turned on and configured) and the more fully featured Sandboxing available in the paid version of Avast.

You might also want to take a look at the actual Sandboxie utility which can be tried free but offers a lifetime license for $40 plus change and it does have a good tutorial for getting started as well as Tips for its use, a user manual and a section on known conflicts and fixes at http://www.sandboxie.com/index.php?HelpTopics

Collapse -
While the way you already have things set up: E.ODaniel
by robb7thurston / March 24, 2012 2:40 PM PDT

Dear Edward O Daniel;
I am very grateful to you for coming back on line after we broke up. You are too kind to me.
I made some changes. Avast was acting peculiar. I could not access the virus chest,so I uninstalled Avast and returned to using Online Armor for the Firewall/HIPS component,and MSSE for Antivirus etc. I also scan every evening when I sleep with either MBAM or SAS on alternative nights without missing a day. So far, so good.
However, I wanted to sandbox potentially insecure applications:my browsers, and also my streaming radio, which is coming through VLC. I have also Microsoft Media Player (or whatever name they are now using) which is not used, but which needs securing. I downloaded Comodo IS.
QUESTION CONCERNING COMODO IS. I am using OA Firewall, and I believe that Comodo Firewall is a negative in that circumstance,considering that 2 firewalls conflict. Comodo Firewall is totally unchecked in every box. It appears to be not functioning, which is my intention.
"Appendix 1 CIS - How To... Tutorials: Run an untrusted program inside sandbox -"
I do not know how to sandbox insecure applications such as browsers and media. I can locate the Windows Explorer, but then I do not know where to find an icon which sandboxes the applications.
PLEASE ADVISE: (1)Help me find an icon which sandboxes the applications. I need to sandbox the applications,and also,please, ASCERTAIN that they are securely sandboxed.;
Do you see any faults I have made so far?
Reminder: OS: Win XP, SP3, MSSE antivirus, OA hips, etc.
Best!

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Big stars on small screens

Smosh tells CNET what it took to make it big online

Internet sensations Ian Hecox and Anthony Padilla discuss how YouTube has changed and why among all their goals, "real TV" isn't an ambition.