Virus And Account Security

Hopefully you are reading this because you want to be educated and informed before a problem exists... not because I forcibly sent you here. 99% of the people who need this are probably windoze users... :-/

Why did I write this? A couple years ago I finally got tired of getting spam'd by compromised accounts and getting asked to clean up other people's disasters for free. I have better things to do with my time. With some simple proactive measures, most virus problems can be easily avoided. Reactive measures means hours and days wasted on a full system salvage and rebuild. I would like for this to be a "Wake Up" proactive document. It really is too bad this isn't taught in computer classes.

* So you got a virus and/or your account got compromised in some way. Sucks to be you and it's probably your own fault. You shouldn't be using a complex piece of equipment without first understanding how it works and what the vulnerabilities are. At the very least, RTFM and GIYF. You could have saved yourself a lot of time and embarassment (and maybe even your bank accounts).
RTFM: http://en.wikipedia.org/wiki/Rtfm
GIYF: http://www.google.com/search?hl=en&q=how+to+secure+my+computer&btnG=Google+Search

* If you think I'm being scary or mean, you're WRONG. The Internet is not the super friendly, happy go lucky place it is made out to be by sales & marketing. One little screw up can trigger a series of chain reactions that can totally mess you over and end your life in disaster. Trust me on this. I've been doing network security for a long time now. I've learned the "why's" behind the "what's" that most people (who should know better) tend to ignore (these people should be fired). Hopefully you'll learn before disaster strikes and this won't be a kick in the pants to make start paying attention.

* What could have been done? That depends on the level of compromise. It's usually a combination of this list. If your account login and password was stolen, anything that account has access to. If this was a social networking site, "you" probably just posted a lot of hate mail, spam, some porn, and got banned. If this was your bank account, you're seriously screwed. Call your bank and the 3 credit reporting bureaus and report fraud sooner than later (you'll still have this nightmare for a month... if you're lucky). If a keyboard logger was installed on your computer, the cracker has everything you typed (including other logins/passwords, other financial info, private & business emails, your personal diary, private chats, what web sites you go to, etc.). Some viruses will start searching your hard disk and harvesting important files (like financial info, those naked pictures you took of yourself, music, videos). Some viruses are adware/spyware for web marketing. These will spam you, harvest your information, and often make false clicks on pay-per-click sites to artifically inflate someone's wallet. Some viruses install a type of web server so illegal files and kiddy porn can be served off your computer without you knowing (the FBI may come visit you). Some viruses form a larger "bot" network used to attack other sites (like the Pentagon, once again, expect the FBI to drop by and say "Hi!"). A lot of bot networks are used by spammers to flood your inbox with trash (fake Viagra anyone?). Some viruses install remote access software on your computer. This means the cracker is essentially sitting right beside you, using your computer without your permission, and doing something bad.

* What might have done this? You probably did something stupid. Do not go to warez or porno sites. Do not install their "task bar/tool bar" plug-ins. Do not install freeware games, plug-ins, utilities, or applications that haven't been proven trustworthy. If something is too good to be true, it is. Do not let your friends on your computer and them do this behind your back. Replace IE with FireFox (adding the AdBlock and NoScript plug-in's). Micro$oft has yet to learn what a security model is. Your Significant Other or "friend" may have been looking over your shoulder when you were logging in and typing your password. Keep better people around you and learn touch typing. Do not install unknown programs, applications, or plug-in's. These are often trojan'd. Do not open spam mail. These are often triggered to run on open. If you are using LookOut, you deserve this (replace it with Thunderbird for free). Do not use public computers (like at the library) to make purchases or do banking. These often have keyboard loggers installed. Do not run open WiFi access points (which these often default to out of the box because consumers are too dumb to RTFM). Radio frequency signals don't magically stop at your walls. With a good WiFi card, antenna, and reflector dish, someone could attack you a mile away if they have line of sight. Even if the AP is "secured", these can still be broken by many different means. Do not allow your "promiscuous" friends to plug their USB sticks into your slot (auto-run/boot block viruses). You don't know where they've been. Same goes for home burnt CD's/DVD's. Don't take candy from strangers. There are some more, but by now you should get the idea to use common sense.

* What can I do to remove the virus? The first step is to go to http://housecall.antivirus.com. Navigate through to their free web virus scanner. I normally have to use IE for this since the java version keeps failing to load. :-P Be sure to allow the plugin when the browser asks for verification. Make sure the browser really went to a Trend Micro web site and wasn't intercepted and redirected to a fake site. A fake site could make this far worse. The web scanner isn't a super fix-all, but it normally does pretty good job at finding the obvious things. If it finds something bad, follow the removal instructions.

* Once the web scanner is done, go to http://www.download.com and look in the "popular" list for AVG Anti-Virus (Avast is also good). It's normally at the top. Also get "Ad-Aware" which is also high on the list. There are other programs people may recommend, but they aren't as good as they should be (Norton is the worst). Install AVG and AdAware. Run each one at a time. Make sure to hit the update button somewhere in each so they have the latest virus/spyware definitions. Run each in deep scan mode. This will take a long time so be patient. Follow removal instructions if something bad is found.

* If your system is too screwed to run the virus scanners, you're in trouble. In windoze you can try a system restore to restore before the virus got installed. If that fails (and it probably will), the best you can hope for is to back up all your personal data (which you should have been doing anyways, be sure to deep virus scan these, too) and FULLY wipe the hard disk. This isn't some puny format but a full wipe. You can get some free utilities from http://www.UltimateBootCD.com. This means you are going to have to reinstall your OS from scratch since EVERYTHING was lost. If you're running windoze, this is guaranteed to be a pain.

* On a side note, Norton and McAfee are weak and tend to slow your system down from bloat. It's sad so many prebuilt systems come with these. You're better off uninstalling them and putting AVG or Avast on.

* Once the virus scans finish successfully, it's time to run update for your operating system. Odds are that there is a patch or a fix for whatever allowed the virus on your system to begin with. ALWAYS run an OS update on a regular basis to patch the holes.

* Lock down the rest of your system and turn off any fluff services. The more you have running, the more likely it is that something can go wrong. Micro$oft often leaves Remote Desktop and Remote Registry running. Both of these are rarely used and a disaster waiting to happen. Use Google to search for ways of streamlining your OS. It will run much faster after you do. That topic is way too big for this paper.
http://www.google.com/search?hl=en&q=how+to+make+my+operating+system+faster&btnG=Search

* Now that the holes have been plugged and fixed, change ALL of your passwords. A good password is not easily guessable (like your dog's name or birthday). It should be complicated and have lower and upper case characters with numbers. This will help prevent successful dictionary attacks. Do NOT keep your passwords on a sticky tab on your monitor. That's just asking for disaster. If you have to keep a password list, keep it somewhere that isn't obvious and burn the old ones (shredding often isn't enough).

* As a regular maintenance point, you should be running a deep virus scan and OS updates on a regular basis (at least every couple weeks). The Internet isn't the friendly place it is made out to be.