How Did My Computer Get Infected?

A FREE DIY Computer Security Guide

Ideal for protecting home / public access computer systems

A guide to help secure your computer(s) from online threats.

Corporate / Education / Non-profit users should check the licence agreements and use the paid for equivalents where required / appropriate.

Preparation:

Before you make ANY changes to your system it is very advisable to create some sort of restore point

XP Users:

Create a new System Restore Point easily with SysRestorePoint

Also create a Registry Backup with ERUNT

Download and double click to Run / Install with Defaults then launch ERUNT

Portable / No Installer / easier to use version here

Create a Registry backup using the following options:

Vista / 7 Users:

Create a New System Restore Point automatically with:

Quick Restore Point Maker

Or do it manually by:

Clicking Start then Right Click on Computer then select Properties, Now choose System Protection (Top left)

Make sure that System Protection is monitoring your C: Drive

If it's NOT then place a check in the box next to C: Drive

Then select Create

Once you have created a Registry backup / Restore Point you can proceed with the next 10 steps

Basic / Essential PC Protection:

Complete each of the following 10 Steps as a security bare mimimum.

Step 1:

• Clear your Temp Files:

• *IMPORTANT* SKIP THIS STEP OF YOUR START MENU ITEMS / DESKTOP ICONS ETC ARE MISSING / DO NOT WORK

• This will make anti virus / malware scans run quicker and reduce the risk of viruses / malware hiding in your temp files

• Clean your temp files regularly and easily by:

• Downloading TFC then double click to Run. When finished reboot if prompted to do so

• Save and Close any Unsaved work BEFORE running TFC as it will close EVERYTHING

 

Step 2:

• Install Malwarebytes Anti-Malware  - Protection against malware / scareware / rogue security programs

• The FREE version is fine but for real time protection, automatic updates and scheduled scanning (set it and forget it) we recommend purchasing a lifetime consumer license at £15. Use the Buy Now button below:

• Business Users MUST use the paid subscription version which we can supply at discounted rates
  
  
  

• FREE version users will have to carry out the following manually atleast once a week:

• Once installed navigate to the Update tab and select Check for Updates

• Once updated, navigate to the Scanner tab and check Quick Scan then select Scan as shown:

Malwarebytes will now scan your system - Should it find anything then:

Click Show Results then select Remove Selected - Reboot if / when prompted

 

Step 3:

• Too many people think that because they have an Anti-Virus installed that they are protected. Sadly this is NOT the case!

• Other's go in the opposite direction and install multiple Anti-Virus programs which only end up conflicting and cancelling each other out

• Follow the advice below for advice on using Anti-Virus software

• Scan your system with a valid / NON expired and up to date Anti-Virus program. If you don't have one or it has expired then here are some decent FREE Anti-Virus Programs:

• UNINSTALL ANY OLD ANTI-VIRUS PROGRAMS AND REBOOT BEFORE INSTALLING A NEW ONE

• Microsoft Security Essentials - Home / Small Office Home Office (SOHO) use for up to 10 users

• AntiVir

• Avast

• Only install ONE Anti-Virus program as more will cause conflicts

• Don't think that because you have an Anti-Virus program installed that you don't need to do anything else. You need more than Anti-Virus protection so please continue with the rest of the steps in this guide.

 

Step 4:

• Run ESET Online Scanner regularly with the following settings:
• 
  
• Disable any current realtime anti-virus programs BEFORE you run ESET Online Scanner

• How to temporarly disable your Anti-Virus / Malware / Firewall software

• Once ESET Online Scanner has downloaded the latest virus definintions it might be a good idea to disconnect from the internet and reconnect once it has finished

 

Step 5:

• Never go online WITHOUT some sort of Firewall software present

• The same as Anti-Virus software - Only use ONE software Firewall

• The built in Firewall in XP wasn't up to much though the one in Vista / 7 is a lot better

• If you are using the Firewall built in to Windows make sure it's TURNED ON

• Everything you need to know about the Windows Firewall In Windows XP

• Everything you need to know about the Windows Firewall In Windows Vista

• Everything you need to know about the Windows Firewall In Windows 7

• If you cannot turn on Windows Firewall due to Error Code 0x80070424 then:

• Download bfe.reg and double click to import in to the registry then

• Download firewall.reg and double click to import in to the registry then

• Restart the system

• Now type: services.msc into the Search or Run box and press Enter

• Check that the Base Filtering Engine and Windows Firewall services are Turned On and Started

• Click here to Contact Us if you are having problems with Windows Firewall

• Or you can use a FREE 3rd party Firewall program such as: Comodo Personal Firewall

• Download and Install Comodo Personal Firewall

• You will be presented with the following screen:

• Enter your email address if you want to receive info on updates etc

• Check Change my DNS servers to COMODO SecureDNS servers

• Enable Cloud Based Behavior Analysis

• Click Agree and install

• Reboot when prompted

• Optionally test your firewall online with ShieldsUP

 

Step 6:

• If you use Google Chrome then skip this step

• Install SpywareBlaster - IE / Firefox protection / immunisation against bad Active X

• The FREE version requires Manual updating as shown below:

 

Step 7:

• Install ThreatFire- Compliments Anti-virus software against Zero Day / unknown malware attacks

• PCTools ThreatFire Tutorial

• PCTools ThreatFire FAQ

• Do NOT install ThreatFire on an infected machine or a machine you suspected to be infected

 

Step 8:

• Install KeyScrambler FREE Version - Ideal for protecting Online transactions such as Ebay / Paypal against keyloggers when using Firefox, Internet Explorer and Flock web browsers.

 

Step 9:

• People who exploit computers usually do so via outdated or "end of life" programs - So called "Security Loop Holes". So make sure you are running the latest version of the programs you need or use. Pay special attention to web browsers, PDF programs, media players, Office Suites, Java etc.

• You can do this easily by:

• Keeping all your programs and patches up to date with: Secunia PSI - FREE for home use. Try to maintain a 100% score at all times.

 

Step 10:

• Make sure your Windows operating system is up to date. Click Start > Programs > Windows Update

• Select Check for updates (top left) until it cannot find anymore

Once you have completed the above steps you should now secure your internet browsing software:

Browser Protection:

• Internet browsing software will more than likely be most people's point of contact with the internet so you will want to make sure that your web browser is protected as much as possible.

• Install / use the latest version of Chrome Firefox or Opera or instead of Internet Explorer

• If your privacy is a concern or you want to run a portable web browser then use: Browzar

• However If you still want or need to use Internet Explorer MAKE SURE it's version 9 - Vista / 7 Users Only

• XP Users are restricted to Internet Explorer 8

• We now recommend Google Chrome due to its built in Sandbox feature.

• As Internet Explorer holds the biggest share of the browser market - which browser do you think malware writers target? Although expect this to change constantly!

• Or consider running a virtual version of your favourite browser, see below:

• As we are now in the days of Application Virtualization, there is NO need to actually install a browser on to your system anymore. Just run a virtual, Sanboxed copy of your favourite web browser. Make sure to use the latest, most secure version of the browser.

• Spoon.net will let you run virtual copies all the top browsers including Chrome, Firefox, Safari and Opera as well as other desktop apps via the web.

 

• Google Chrome Protection / Add-ons:

• Use the built in Sandbox feature - Turn ON by default

• Use the Adblock Plus add-on for Chrome- User guide on same site

• Anti-Porn - Extension

• Webfilter - Extension

• 15 Security Extensions for Chrome

• Web of Trust (WOT) Add-on for Google Chrome - Tells you whether a site is safe or not

• KB SSL Enforcer - Force encryption on websites wherever possible

• NotScripts - Chrome alternative to NoScript

 

 

• Firefox Protection / Add-ons:

• Use the NoScript add-on for Firefox - Ideal for Facebook clickjacking / dodgy links

• Use the Adblock Plus add-on for Firefox - User guide on same site

• EasyList Subscription (FREE) - Blocks adverts from Enlish websites - Add to Adblock Plus

• EasyPrivacy Subscription (FREE) - Removes all forms of tracking from the internet - Add to Adblock Plus

• Research files / processes / services for Malware with the Malware Search Addon for FireFox

• Anti-Porn

• Webfilter

• Mozilla Plugin Check - Check your plugins for security and make sure they are up to date

• HTTPS EVERYWHERE - Encrypt your communication between websites

 

 

• General Protection / Add-ons for ALL browsers:

• Install McAfee Site Advisor - Award-winning, free protection that uses intuitive icons to give you safety and phishing advice BEFORE you click on a risky site.

• WOT - Web of Trust - Shows users which sites are safe BEFORE opening the site

• Test your browsers security with ScanIT

• BrowserCheck - Check your browser and it's plugins security

• Browserscope - Another browser security check tool

 

Further PC Protection:

Complete the steps in this section to further secure your PC

Limited User Accounts (LUA):

• It might be tempting to set yourself up as an Administrator but if you can do everything so can malware and other possibly inexperienced or even malicious users. So create a separate Standard User Account and use this for everyday use or other users of the computer instead of the Administrator Account in Windows Vista / 7. You can always enter the Administrator credentials for any system changing tasks.

• More info on using Standard Accounts by Microsoft

• In Windows XP use: Drop My Rights instead

 

Disable Autoplay / Autoruns:

Your computer might get infected when you attach an infected portable device such as a USB drive. So it is better to have the autoplaying of these disabled. You can have Microsoft do this for automatically.

• Disable Autorun feature in all Windows versions

• Scroll down until you see the Fix It icons then choose Disable Autorun icon

• Select to Run the dowload

 

Web Content Filtering:

• DNS services are usually supplied via your Internet Service Provider (ISP) however these can be both slow and insecure.

• Use a dedicated, faster and more secure DNS service to surf the web faster, block malware infected and known harmful sites:

• Please choose only ONE DNS Service

• OpenDNS

• Norton DNS

• ClearCloud DNS

• Secure DNS

• Parents - Control what children view online via a web content filtering program such as:

• K9

 

System Restore Points:

• It's a common practice for people to use System Restore whenever they get a virus. But what they don't realise is that System Restore points can get infected too. So they will always roll back to an infected machine. Create a new system restore point with one of the following tools:

• XP / Vista Users - Create a new System Restore Point easily with SysRestorePoint

• Windows 7 Users -  System Restore Manager or Quick Restore Point Maker

• Get rid of all old, possibly infected system restore points. XP guide here. Vista / 7 guide here. 

• Or use System Restore Manager above to delete old, possibly infected restore points.

Once you have completed the above steps then work through the additional section below implementing any security step that applies to your online situation and usage.

 

Additional Security:

Keep Passwords Safe:

Got multiple passwords for websites, email, social networks etc? Then keep them organised with:

• Keepass

 

 

Social Networking (Twitter / Facebook etc)

Everybody and their dog is using social networking and it's a great route for viruses / malware as well as ID theft fraudsters. So here are some tips to stay safe when using social networking sites:

• Implement the security steps in this guide especially the basic steps above

• Check where shortened URLs actually link to with Long URL Please

• Read Facebook Best Practices guide by security experts Sophos

• Check with the person who sent you the link BEFORE opening it.

• Use HTTPS in Twitter - Go to Settings > Account then scroll down to HTTPS Only and enable Always use HTTPS then Save

• Install Safego anti-scam protection from Bitdefender for Twitter and Facebook

 

 

Instant Messaging:

• DO NOT click any links sent via MSN etc. Check with the person who sent it.

• Use Miranda or Digsby instead. These are less virus prone than MSN and let you use all your IM clients such as MSN, AOL, ICQ, IRC Yahoo etc in ONE application

 

 

Cracked / Pirate Software:

• It may seem a great and cheap idea to install cracked or pirate software, however most of these programs come with keygens / cracks which are usually infected with tojans / backdoor programs.

 

 

Email Attachments / Spam:

• DO NOT open attachments from people you do not know not matter how tempting they look especially ones with .exe, .bat, .com extensions.

• Spam is a nuisance as well as a threat. Install a FREE Spam protection program such as: Spamfighter or Comodo Antispam

 

Rogue Anti-Virus / Malware Programs:

• Make sure that you are NOT running a rogue anti-virus / malware program

• This list is a bit dated now but you get the idea!

More Advanced PC Protection:

This section will secure your computer even further but requires some reading, learning and configuration etc. This section is especially useful for securing computers in public access systems such as libraries, cafes, schools etc. Home users CAN still implement these steps as well.

Sandbox / Virtualization Programs:

• Sandboxing:

• Sandboxing a program prevents the program from making / saving any changes to the system. Any files or changes get trapped in the Sandbox. This is useful for internet facing applications such as web browsers or email programs.

• For simple yet effective Sandboxing use Google Chrome web browser with built in Sandbox feature

• Get Google Chrome Web Browser

• For more advanced Sandboxing or for Sandboxing more than your browser use:

• Sanboxie

• Sanboxie Getting Started Guide

 

• Virtualization

• Run a virtual version of your operating system and any changes to the system are discarded on reboot. Ideal for public access systems.

• Returnil System Safe 2011

• Returnil Virtual System Pro

• As we are now in the days of Application Virtualization, there is NO need to actually install software on to your system anymore. Just run a virtual of your favourite web browser / desktop application. This way there is NO software to maintain / update or install and you can always select the latest most secure version.

• Spoon.net will let you run virtual copies all the top browsers including Chrome, Firefox, Safari and Opera as well as other desktop apps via the web.

 

Software Exploit Protection via EMET:

• Microsofts Enhanced Mitigation Experience Toolkit (EMET) - Designed to prevent hackers gaining access to your system via software exploits / loopholes in Browsers, Java, Adobe, Office or any internet facing application.

• Protecting your Windows PC with EMET Guide

 

 

Host File Protection:

• The host file is used to map hostnames to IP addresses and it is not uncommon for malware / spyware etc to alter this file. You might enter http://www.google.com into your browser and malware alters the hosts file to redirect Google to some unwanted page or nothing at all. This is known as a redirect.

• Use MVPS Hosts to protect againsts Ads, banners, parasites etc

• Use HostsXpert to protect and restore your Hosts File

• Use WinPatrol to lock and monitor changes to your Hosts File

• HostsMan - HostsMan is a freeware application that lets you manage your Hosts file with ease.

 

Once you have done ALL the above DO NOT forget to backup!

There is NO point in completing the above steps, which will take time only to restore your system to it's factory settings and therefore Undo everything you have done leaving your computer insecure again!

Backup Solutions:

• You have 3 different options / types of backup - File / Folder backup, System Image backup and Online Backup. It is a good idea to implement ONE of each backup type.

 

• File / Folder Backup:

• Simply put - If your files are important to you then please back them up. There are many ways to lose your data including virus attacks, hard drive failure, operating system will not boot etc. Reformatting, reinstalling Windows or restoring your system to Factory Settings will also wipe your files. So you need to have a method of backing up your files regularly so that you can recover them in case of disaster. Some good file backup software below:

• Comodo Backup FREE Version - Includes 5 GB FREE Online Backup - Recommended

• FBackup

 

 

• System Image Backup:

• Once you have your operating system installed with ALL your required programs, settings, updates etc then create a system image backup. This will create a snap shot of your system and allow you to reinstall ALL your programs, settings, updates in ONE go. This is much better than System Restore or restoring to Factory Settings.

• Paragon Backup and Recovery 2012 FREE Edition - Recommended
  

• Easeus Todo Backup - Another good imaging solution
  

• DiscWizard (FREE for Maxtor / Seagate drives)

• Drive Image XML

• Online Backup:

• Back up your precious files to an online backup service:

• FREE Online Backup

Implementing the above simple, FREE steps should help keep your computer from getting infected or greatly reduce the risk of it. Plus provide you with a means to secure and recover your files should disaster strike.